Load-balancing an SSL-based server farm?
Paul Lussier
p.lussier at comcast.net
Mon Jan 18 16:06:11 EST 2010
Jarod Wilson <jarod at wilsonet.com> writes:
> Yes, but it was 4+ years ago. :)
Of course it was :)
> I assume you've found http://www.linuxvirtualserver.org/Documents.html
I have.
Frank DiPrete <fdiprete at comcast.net> writes:
> yes - lvs will forward https / 443 requests just fine. The only tricky
> bit is the certificate itself has to be identified as "www.foo.com"
> and the extra Organizational Unit: text field has the name of the
> actual machine on which the certificate is installed. This is not lvs
> specific.
Hmm, okay, I haven't run across this piece of information yet...
> http://www.austintek.com/LVS/LVS-HOWTO/
Yes, I was just concerned that it is about 4 years old, and possibly out
of date.
>> The basic scope of the project is this:
>>
>> - we have about 10 apache servers handling 10,000 sites over both http
>> and https (for a total of ~20K sites)
>>
>
> This is really about throughput, which is more a function of traffic /
> bandwidth and ultimately the hardware lvs is running on.
Right, we've got Dell R610s with 4GBs of RAM, and multiple GigE nics, so
we shouldn't have a problem there.
>> My questions at this point are:
>>
>> - Is LVS the right tool, or is there something better (OSS) ?
>
> or is a commercial load balancer (f5) a better choice ?
Must be OSS at this point. f5s are no an option for several reasons.
>> - How many sites can LVS scale to serving?
>
> are these 10,000 IP based virtaual hosts or name based virtual hosts?
> I'm guessing that you don't really have 10,000 ip address here.
No, we really have 10,000 ip addresses here, and it's expected to grow
significantly.
>> - Can the LVS config be updated dynamically, on-the-fly, without
>> restarting ldirectord ?
>
> for LVS, yes (see the 3 packages described above) the user space tool
> ipvsadm can setup new rules, add/delete forward rules without
> reloading anything. I am not sure about ldirectord. I used mon and had
> to restart it when I made a change to its config.
Okay, cool, so we can script around ipvsadm fairly easily, then.
>> - Is there any recent (w/in the last 2 years) documentation or are there
>> any books on building such an environment with LVS ?
>
> couldn't find anything myself either ;)
Okay, as long as it's not only me, I feel better ;)
And, as I said before:
>> Many thanks for any information, URLs, pointers, references, etc.
Thanks guys!
--
Paul
More information about the gnhlug-discuss
mailing list