Load-balancing an SSL-based server farm?

Dan Coutu coutu at snowy-owl.com
Tue Jan 19 07:59:43 EST 2010 

The last that I knew the limit on the number of IPs that a single NIC
would respond to was 255.

Dan

Jarod Wilson wrote:
> On Mon, Jan 18, 2010 at 4:57 PM, Frank DiPrete <fdiprete at comcast.net> wrote:
>   
>> question - how many ip addresses can be assigned to one nic?
>> (10,000 ?)
>> That's an upper limit I haven't had to worry about ....
>>     
>
> Yeah, me neither, but this could be helpful:
>
> http://wiki.centos.org/TipsAndTricks/RangeOfIpsOnEthx
>
> Wasn't even looking for it, just stumbled onto it...
>
>
>   
>> Paul Lussier wrote:
>>     
>>> Jarod Wilson <jarod at wilsonet.com> writes:
>>>
>>>       
>>>> Yes, but it was 4+ years ago. :)
>>>>         
>>> Of course it was :)
>>>
>>>       
>>>> I assume you've found http://www.linuxvirtualserver.org/Documents.html
>>>>         
>>> I have.
>>>
>>> Frank DiPrete <fdiprete at comcast.net> writes:
>>>
>>>       
>>>> yes - lvs will forward https / 443 requests just fine. The only tricky
>>>> bit is the certificate itself has to be identified as "www.foo.com"
>>>> and the extra Organizational Unit: text field has the name of the
>>>> actual machine on which the certificate is installed. This is not lvs
>>>> specific.
>>>>         
>>> Hmm, okay, I haven't run across this piece of information yet...
>>>
>>>       
>>>> http://www.austintek.com/LVS/LVS-HOWTO/
>>>>         
>>> Yes, I was just concerned that it is about 4 years old, and possibly out
>>> of date.
>>>
>>>       
>>>>> The basic scope of the project is this:
>>>>>
>>>>>  - we have about 10 apache servers handling 10,000 sites over both http
>>>>>   and https (for a total of ~20K sites)
>>>>>
>>>>>           
>>>> This is really about throughput, which is more a function of traffic /
>>>> bandwidth and ultimately the hardware lvs is running on.
>>>>         
>>> Right, we've got Dell R610s with 4GBs of RAM, and multiple GigE nics, so
>>> we shouldn't have a problem there.
>>>
>>>       
>>>>> My questions at this point are:
>>>>>
>>>>> - Is LVS the right tool, or is there something better (OSS) ?
>>>>>           
>>>> or is a commercial load balancer (f5) a better choice ?
>>>>         
>>> Must be OSS at this point.  f5s are no an option for several reasons.
>>>
>>>       
>>>>> - How many sites can LVS scale to serving?
>>>>>           
>>>> are these 10,000 IP based virtaual hosts or name based virtual hosts?
>>>> I'm guessing that you don't really have 10,000 ip address here.
>>>>         
>>> No, we really have 10,000 ip addresses here, and it's expected to grow
>>> significantly.
>>>
>>>       
>>>>> - Can the LVS config be updated dynamically, on-the-fly, without
>>>>>  restarting ldirectord ?
>>>>>           
>>>> for LVS, yes (see the 3 packages described above) the user space tool
>>>> ipvsadm can setup new rules, add/delete forward rules without
>>>> reloading anything. I am not sure about ldirectord. I used mon and had
>>>> to restart it when I made a change to its config.
>>>>         
>>> Okay, cool, so we can script around ipvsadm fairly easily, then.
>>>
>>>       
>>>>> - Is there any recent (w/in the last 2 years) documentation or are there
>>>>>  any books on building such an environment with LVS ?
>>>>>           
>>>> couldn't find anything myself either ;)
>>>>         
>>> Okay, as long as it's not only me, I feel better ;)
>>>
>>> And, as I said before:
>>>
>>>       
>>>>> Many thanks for any information, URLs, pointers, references, etc.
>>>>>           
>>> Thanks guys!
>>> --
>>> Paul
>>> _______________________________________________
>>> gnhlug-discuss mailing list
>>> gnhlug-discuss at mail.gnhlug.org
>>> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>>>
>>>
>>>       
>
>
>
>

More information about the gnhlug-discuss mailing list