Changeset 1184 for trunk/lvs/debian


Ignore:
Timestamp:
Jun 9, 2009, 2:32:18 PM (15 years ago)
Author:
quentin
Message:
Change the LVS configuration to use the same source hashing; FWM 1 is the same as before, FWM 2 is Apache-bound traffic, and FWM 3 is Postfix-bound traffic
Location:
trunk/lvs/debian/config/etc
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/lvs/debian/config/etc/ha.d/ldirectord.cf

    r1113 r1184  
    55quiescent=no
    66
    7 virtual=18.181.0.46:25
     7# iptables rules caused SMTP to use FWM 3
     8virtual=3
    89        real=18.181.0.53:25 gate 1024
    910        real=18.181.0.57:25 gate 1024
    1011        real=18.181.0.167:25 gate 512
    11         fallback=18.187.1.128:25 gate
    1212        service=smtp
    1313        scheduler=wlc
    1414        persistent=600
    15         protocol=tcp
     15        protocol=fwm
    1616        checktype=negotiate
     17        checkport=25
    1718
    18 virtual=18.181.0.46:80
    19         real=18.181.0.53:80 gate 1024
    20         real=18.181.0.57:80 gate 1024
    21         real=18.181.0.167:80 gate 512
    22         fallback=127.0.0.1:80 gate
    23         service=http
    24         request="heartbeat/http"
     19# Apache (80, 443, and 444) uses FWM 2
     20virtual=2
     21        real=18.181.0.53 gate 1024
     22        real=18.181.0.57 gate 1024
     23        real=18.181.0.167 gate 512
     24        fallback=127.0.0.1 gate
     25        service=http
     26        request="heartbeat/http"
    2527        virtualhost="scripts.mit.edu"
    26         receive="1"
    27         scheduler=wlc
    28         persistent=600
    29         protocol=tcp
    30         checktype=negotiate
     28        receive="1"
     29        checktype=negotiate
     30        checkport=80
     31        scheduler=wlc
     32        persistent=600
     33        protocol=fwm
    3134
    32 virtual=18.181.0.46:443
    33         real=18.181.0.53:443 gate 1024
    34         real=18.181.0.57:443 gate 1024
    35         real=18.181.0.167:443 gate 512
    36         fallback=18.187.1.128:443 gate
    37         service=https
    38         request="heartbeat/https"
    39         virtualhost="scripts.mit.edu"
    40         receive="1"
    41         scheduler=wlc
    42         persistent=600
    43         protocol=tcp
    44         checktype=negotiate
    45 
    46 virtual=18.181.0.46:444
    47         real=18.181.0.53:444 gate 1024
    48         real=18.181.0.57:444 gate 1024
    49         real=18.181.0.167:444 gate 512
    50         fallback=18.187.1.128:444 gate
    51         service=https
    52         request="heartbeat/https"
    53         virtualhost="scripts.mit.edu"
    54         receive="1"
    55         scheduler=wlc
    56         persistent=600
    57         protocol=tcp
    58         checktype=negotiate
    59 
    60 virtual=18.181.0.43:25
    61         real=18.181.0.53:25 gate 1024
    62         real=18.181.0.57:25 gate 1024
    63         real=18.181.0.167:25 gate 512
    64         fallback=18.187.1.128:25 gate
    65         service=smtp
    66         scheduler=wlc
    67         persistent=600
    68         protocol=tcp
    69         checktype=negotiate
    70 
    71 virtual=18.181.0.43:80
    72         real=18.181.0.53:80 gate 1024
    73         real=18.181.0.57:80 gate 1024
    74         real=18.181.0.167:80 gate 512
    75         fallback=127.0.0.1:80 gate
    76         service=http
    77         request="heartbeat/http"
    78         receive="1"
    79         scheduler=wlc
    80         persistent=600
    81         protocol=tcp
    82         checktype=negotiate
    83 
    84 virtual=18.181.0.43:443
    85         real=18.181.0.53:443 gate 1024
    86         real=18.181.0.57:443 gate 1024
    87         real=18.181.0.167:443 gate 512
    88         fallback=18.187.1.128:443 gate
    89         service=https
    90         request="heartbeat/https"
    91         virtualhost="scripts.mit.edu"
    92         receive="1"
    93         scheduler=wlc
    94         persistent=600
    95         protocol=tcp
    96         checktype=negotiate
    97 
    98 virtual=18.181.0.43:444
    99         real=18.181.0.53:444 gate 1024
    100         real=18.181.0.57:444 gate 1024
    101         real=18.181.0.167:444 gate 512
    102         fallback=18.187.1.128:444 gate
    103         service=https
    104         request="heartbeat/https"
    105         virtualhost="scripts.mit.edu"
    106         receive="1"
    107         scheduler=wlc
    108         persistent=600
    109         protocol=tcp
    110         checktype=negotiate
    111 
    112 virtual=18.181.0.50:25
    113         real=18.181.0.53:25 gate 1024
    114         real=18.181.0.57:25 gate 1024
    115         real=18.181.0.167:25 gate 512
    116         fallback=18.187.1.128:25 gate
    117         service=smtp
    118         scheduler=wlc
    119         persistent=600
    120         protocol=tcp
    121         checktype=negotiate
    122 
    123 virtual=18.181.0.50:80
    124         real=18.181.0.53:80 gate 1024
    125         real=18.181.0.57:80 gate 1024
    126         real=18.181.0.167:80 gate 512
    127         fallback=127.0.0.1:80 gate
    128         service=http
    129         request="heartbeat/http"
    130         receive="1"
    131         scheduler=wlc
    132         persistent=600
    133         protocol=tcp
    134         checktype=negotiate
    135 
    136 virtual=18.181.0.50:443
    137         real=18.181.0.53:443 gate 1024
    138         real=18.181.0.57:443 gate 1024
    139         real=18.181.0.167:443 gate 512
    140         fallback=18.187.1.128:443 gate
    141         service=https
    142         request="heartbeat/https"
    143         virtualhost="scripts.mit.edu"
    144         receive="1"
    145         scheduler=wlc
    146         persistent=600
    147         protocol=tcp
    148         checktype=negotiate
    149 
    150 virtual=18.181.0.50:444
    151         real=18.181.0.53:444 gate 1024
    152         real=18.181.0.57:444 gate 1024
    153         real=18.181.0.167:444 gate 512
    154         fallback=18.187.1.128:444 gate
    155         service=https
    156         request="heartbeat/https"
    157         virtualhost="scripts.mit.edu"
    158         receive="1"
    159         scheduler=wlc
    160         persistent=600
    161         protocol=tcp
    162         checktype=negotiate
    163 
    164 virtual=18.181.0.49:80
    165         real=18.181.0.53:80 gate 1024
    166         real=18.181.0.57:80 gate 1024
    167         real=18.181.0.167:80 gate 512
    168         fallback=127.0.0.1:80 gate
    169         service=http
    170         request="heartbeat/http"
    171         virtualhost="scripts.mit.edu"
    172         receive="1"
    173         scheduler=wlc
    174         persistent=600
    175         protocol=tcp
    176         checktype=negotiate
    177 
    178 virtual=18.181.0.49:443
    179         real=18.181.0.53:443 gate 1024
    180         real=18.181.0.57:443 gate 1024
    181         real=18.181.0.167:443 gate 512
    182         fallback=18.187.1.128:443 gate
    183         service=https
    184         request="heartbeat/https"
    185         virtualhost="scripts.mit.edu"
    186         receive="1"
    187         scheduler=wlc
    188         persistent=600
    189         protocol=tcp
    190         checktype=negotiate
    191 
    192 virtual=18.181.0.49:444
    193         real=18.181.0.53:444 gate 1024
    194         real=18.181.0.57:444 gate 1024
    195         real=18.181.0.167:444 gate 512
    196         fallback=18.187.1.128:444 gate
    197         service=https
    198         request="heartbeat/https"
    199         virtualhost="scripts.mit.edu"
    200         receive="1"
    201         scheduler=wlc
    202         persistent=600
    203         protocol=tcp
    204         checktype=negotiate
    205 
     35# Everything else uses FWM 1 and gets sent only to the primary
    20636virtual=1
    20737        real=18.181.0.53 gate "heartbeat/services", "1"
  • trunk/lvs/debian/config/etc/network/if-up.d/iptables

    r1005 r1184  
    11#!/bin/sh
    22## Joe Presbrey <presbrey@mit.edu>
     3## Quentin Smith <quentin@mit.edu>
    34## SIPB Scripts LVS Firewall marks
    45
    56iptables -F -t mangle
    67
     8# Create a table for regular scripts hosts
     9iptables -t mangle -N scripts 2>/dev/null || :
     10
     11# scripts-vhosts.mit.edu
     12iptables -A PREROUTING -t mangle -d 18.181.0.46 -j scripts
    713# scripts.mit.edu
    8 iptables -A PREROUTING -t mangle -m tcp -m multiport -p tcp -d 18.181.0.46/31 --dports 25,80,443,444 -j MARK --set-mark 2
    9 iptables -A PREROUTING -t mangle -m mark --mark 0 -d 18.181.0.46/31 -j MARK --set-mark 1
     14iptables -A PREROUTING -t mangle -d 18.181.0.43 -j scripts
     15# scripts-cert.mit.edu
     16iptables -A PREROUTING -t mangle -d 18.181.0.50 -j scripts
    1017
    11 # scripts-new.mit.edu
    12 iptables -A PREROUTING -t mangle -m tcp -m multiport -p tcp -d 18.181.0.43 --dports 25,80,443,444 -j MARK --set-mark 2
    13 iptables -A PREROUTING -t mangle -m mark --mark 0 -d 18.181.0.43 -j MARK --set-mark 1
     18# Send Apache-bound traffic to FWM 2 (load-balanced)
     19iptables -A scripts -t mangle -m tcp -m multiport -p tcp --dports 80,443,444 -j MARK --set-mark 2
     20# Send SMTP-bound traffic to FWM 3 (load-balanced)
     21iptables -A scripts -t mangle -m tcp -p tcp --dport 25 -j MARK --set-mark 3
     22# Send everything else to FWM 1 (primary)
     23iptables -A scripts -t mangle -m mark --mark 0 -j MARK --set-mark 1
    1424
    15 # scripts-cert.mit.edu
    16 iptables -A PREROUTING -t mangle -m tcp -m multiport -p tcp -d 18.181.0.50/31 --dports 25,80,443,444 -j MARK --set-mark 2
    17 iptables -A PREROUTING -t mangle -m mark --mark 0 -d 18.181.0.50/31 -j MARK --set-mark 1
    18 
    19 # webzephyr.mit.edu
    20 iptables -A PREROUTING -t mangle -m tcp -m multiport -p tcp -d 18.181.0.49 --dports 80,443 -j MARK --set-mark 2
     25# webzephyr.mit.edu is special because its SMTP needs to always go to the primary (FWM 1)
     26iptables -A PREROUTING -t mangle -m tcp -m multiport -p tcp -d 18.181.0.49 --dports 80,443,444 -j MARK --set-mark 2
    2127iptables -A PREROUTING -t mangle -m mark --mark 0 -d 18.181.0.49 -j MARK --set-mark 1
Note: See TracChangeset for help on using the changeset viewer.