Load-balancing an SSL-based server farm?
Dan Coutu
coutu at snowy-owl.com
Tue Jan 19 07:59:43 EST 2010
The last that I knew the limit on the number of IPs that a single NIC
would respond to was 255.
Dan
Jarod Wilson wrote:
> On Mon, Jan 18, 2010 at 4:57 PM, Frank DiPrete <fdiprete at comcast.net> wrote:
>
>> question - how many ip addresses can be assigned to one nic?
>> (10,000 ?)
>> That's an upper limit I haven't had to worry about ....
>>
>
> Yeah, me neither, but this could be helpful:
>
> http://wiki.centos.org/TipsAndTricks/RangeOfIpsOnEthx
>
> Wasn't even looking for it, just stumbled onto it...
>
>
>
>> Paul Lussier wrote:
>>
>>> Jarod Wilson <jarod at wilsonet.com> writes:
>>>
>>>
>>>> Yes, but it was 4+ years ago. :)
>>>>
>>> Of course it was :)
>>>
>>>
>>>> I assume you've found http://www.linuxvirtualserver.org/Documents.html
>>>>
>>> I have.
>>>
>>> Frank DiPrete <fdiprete at comcast.net> writes:
>>>
>>>
>>>> yes - lvs will forward https / 443 requests just fine. The only tricky
>>>> bit is the certificate itself has to be identified as "www.foo.com"
>>>> and the extra Organizational Unit: text field has the name of the
>>>> actual machine on which the certificate is installed. This is not lvs
>>>> specific.
>>>>
>>> Hmm, okay, I haven't run across this piece of information yet...
>>>
>>>
>>>> http://www.austintek.com/LVS/LVS-HOWTO/
>>>>
>>> Yes, I was just concerned that it is about 4 years old, and possibly out
>>> of date.
>>>
>>>
>>>>> The basic scope of the project is this:
>>>>>
>>>>> - we have about 10 apache servers handling 10,000 sites over both http
>>>>> and https (for a total of ~20K sites)
>>>>>
>>>>>
>>>> This is really about throughput, which is more a function of traffic /
>>>> bandwidth and ultimately the hardware lvs is running on.
>>>>
>>> Right, we've got Dell R610s with 4GBs of RAM, and multiple GigE nics, so
>>> we shouldn't have a problem there.
>>>
>>>
>>>>> My questions at this point are:
>>>>>
>>>>> - Is LVS the right tool, or is there something better (OSS) ?
>>>>>
>>>> or is a commercial load balancer (f5) a better choice ?
>>>>
>>> Must be OSS at this point. f5s are no an option for several reasons.
>>>
>>>
>>>>> - How many sites can LVS scale to serving?
>>>>>
>>>> are these 10,000 IP based virtaual hosts or name based virtual hosts?
>>>> I'm guessing that you don't really have 10,000 ip address here.
>>>>
>>> No, we really have 10,000 ip addresses here, and it's expected to grow
>>> significantly.
>>>
>>>
>>>>> - Can the LVS config be updated dynamically, on-the-fly, without
>>>>> restarting ldirectord ?
>>>>>
>>>> for LVS, yes (see the 3 packages described above) the user space tool
>>>> ipvsadm can setup new rules, add/delete forward rules without
>>>> reloading anything. I am not sure about ldirectord. I used mon and had
>>>> to restart it when I made a change to its config.
>>>>
>>> Okay, cool, so we can script around ipvsadm fairly easily, then.
>>>
>>>
>>>>> - Is there any recent (w/in the last 2 years) documentation or are there
>>>>> any books on building such an environment with LVS ?
>>>>>
>>>> couldn't find anything myself either ;)
>>>>
>>> Okay, as long as it's not only me, I feel better ;)
>>>
>>> And, as I said before:
>>>
>>>
>>>>> Many thanks for any information, URLs, pointers, references, etc.
>>>>>
>>> Thanks guys!
>>> --
>>> Paul
>>> _______________________________________________
>>> gnhlug-discuss mailing list
>>> gnhlug-discuss at mail.gnhlug.org
>>> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>>>
>>>
>>>
>
>
>
>
More information about the gnhlug-discuss
mailing list