Load-balancing an SSL-based server farm?

Jarod Wilson jarod at wilsonet.com
Mon Jan 18 17:29:09 EST 2010 

On Mon, Jan 18, 2010 at 4:57 PM, Frank DiPrete <fdiprete at comcast.net> wrote:
>
> question - how many ip addresses can be assigned to one nic?
> (10,000 ?)
> That's an upper limit I haven't had to worry about ....

Yeah, me neither, but this could be helpful:

http://wiki.centos.org/TipsAndTricks/RangeOfIpsOnEthx

Wasn't even looking for it, just stumbled onto it...


> Paul Lussier wrote:
>>
>> Jarod Wilson <jarod at wilsonet.com> writes:
>>
>>> Yes, but it was 4+ years ago. :)
>>
>> Of course it was :)
>>
>>> I assume you've found http://www.linuxvirtualserver.org/Documents.html
>>
>> I have.
>>
>> Frank DiPrete <fdiprete at comcast.net> writes:
>>
>>> yes - lvs will forward https / 443 requests just fine. The only tricky
>>> bit is the certificate itself has to be identified as "www.foo.com"
>>> and the extra Organizational Unit: text field has the name of the
>>> actual machine on which the certificate is installed. This is not lvs
>>> specific.
>>
>> Hmm, okay, I haven't run across this piece of information yet...
>>
>>> http://www.austintek.com/LVS/LVS-HOWTO/
>>
>> Yes, I was just concerned that it is about 4 years old, and possibly out
>> of date.
>>
>>>> The basic scope of the project is this:
>>>>
>>>>  - we have about 10 apache servers handling 10,000 sites over both http
>>>>   and https (for a total of ~20K sites)
>>>>
>>>
>>> This is really about throughput, which is more a function of traffic /
>>> bandwidth and ultimately the hardware lvs is running on.
>>
>> Right, we've got Dell R610s with 4GBs of RAM, and multiple GigE nics, so
>> we shouldn't have a problem there.
>>
>>>> My questions at this point are:
>>>>
>>>> - Is LVS the right tool, or is there something better (OSS) ?
>>>
>>> or is a commercial load balancer (f5) a better choice ?
>>
>> Must be OSS at this point.  f5s are no an option for several reasons.
>>
>>>> - How many sites can LVS scale to serving?
>>>
>>> are these 10,000 IP based virtaual hosts or name based virtual hosts?
>>> I'm guessing that you don't really have 10,000 ip address here.
>>
>> No, we really have 10,000 ip addresses here, and it's expected to grow
>> significantly.
>>
>>>> - Can the LVS config be updated dynamically, on-the-fly, without
>>>>  restarting ldirectord ?
>>>
>>> for LVS, yes (see the 3 packages described above) the user space tool
>>> ipvsadm can setup new rules, add/delete forward rules without
>>> reloading anything. I am not sure about ldirectord. I used mon and had
>>> to restart it when I made a change to its config.
>>
>> Okay, cool, so we can script around ipvsadm fairly easily, then.
>>
>>>> - Is there any recent (w/in the last 2 years) documentation or are there
>>>>  any books on building such an environment with LVS ?
>>>
>>> couldn't find anything myself either ;)
>>
>> Okay, as long as it's not only me, I feel better ;)
>>
>> And, as I said before:
>>
>>>> Many thanks for any information, URLs, pointers, references, etc.
>>
>> Thanks guys!
>> --
>> Paul
>> _______________________________________________
>> gnhlug-discuss mailing list
>> gnhlug-discuss at mail.gnhlug.org
>> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>>
>>
>



-- 
Jarod Wilson
jarod at wilsonet.com

More information about the gnhlug-discuss mailing list