Advertisment

Linux Virtual Server

author-image
PCQ Bureau
New Update

In our last two issues we saw how to configure network load-balancing clusters for IP

load balancing (Building Server Clusters, page 96, PCQuest June 2003) and failsafe clusters for high availability applications (High Availability systems, page 94, PCQuest July 2003), on windows servers. This time we will see how to build a scalable, network load-balancing server cluster using Virtual Server from the Linux Virtual Server Project. The Linux Virtual Server can be used to build load-balanced network services, such as a scalable Web, mail or media service. The Microsoft Network Load Balancing only allows Windows server nodes to be a part of the cluster, but Linux Virtual Server lets you add any OS node to the cluster that supports TCP/IP.

Advertisment
IP LOAD BALANCING
The load balancer balances IP-load among several Real Servers

The setup consists of a load-balancer server, also called the virtual server, and one or more real servers. The real servers serve content to the Internet clients, whereas the virtual server does IP-level load balancing of incoming traffic to the various real servers. The front-end of the real servers is the virtual server and users of the cluster connect only to the virtual server using its IP address. When the virtual server receives client requests for data, it transfers the request to the appropriate real server using a scheduling algorithm. The real server then replies to the virtual server, which in turn forwards it to the client. In this case, the IP address of the real server is masqueraded by the IP address of the virtual server. So, to the client it seems as if the response comes from the virtual server, whereas it is actually the real server that services the client request.

The virtual server in this case will have two network interfaces, one connected to the Internet for client requests and the other connected to the internal LAN, where all real servers are located. Real servers can be transparently added or removed from the internal LAN thus providing scalability. 

Advertisment

Our setup



In our example, we will use a virtual server running PCQLinux 8.0 and two real servers, one running PCQLinux 8.0 and the other running Windows 2000 Advanced Server. Apache Web server is running on the PCQLinux real server and IIS with HTTP

and FTP services on the Windows server. 

Installing virtual server on PCQLinux 8.0



PCQLinux 8.0 kernel has built-in support for virtual server. To configure PCQLinux as a virtual server you need to have the following RPMs installed on your system: iptables-1.2.6a-2.i386.rpm and ipvsadm-1.21-4.i386.rpm. 

To install the iptables-1.2.6a-2 RPM mount the PCQlinux CD1 and issue the command 

Advertisment



rpm —ivh /mnt/cdrom/PCQuest/RPMS/iptables-1.2.6a-2.i386.rpm 

For ipvsadm-1.21-4 RPM mount the PCQLinux CD2 and issue

rpm —ivh /mnt/cdrom/PCQuest/RPMS/ipvsadm-1.21-4.i386.rpm

Advertisment

IPTables is used to set up, maintain, and inspect IPv4 packet filtering and NAT (Network Address Translation) rules in the Linux kernel. Using it, masquerading will be provided to the real servers. IPVsadm is the administrating utility for the Linux Virtual Server and will be used to set scheduling algorithm and forwarding of client requests to the real servers.

After installing the packages you need to enable IP forwarding on the server. Issue the command

echo > 1 /proc/sys/net/ipv4/ip_forward

Advertisment

But IP forwarding will be disabled the next time you reboot. To enable IP forwarding during system boot, edit the file

/etc/sysctl.conf and set the value net.ipv4.ip_forward = 1.

Next, start the iptables service on your system, which will let the virtual server forward replies from the real servers to the

clients. Issue the following command.

Advertisment

service start iptables

IPChains and IP6Tables services must be stopped to use the IPTables service

service ipchains stop



service ip6tables stop

Advertisment

To make IPTables start by default at system boot and stop IPChains and IP6Tables issue the following command.

chkconfig iptables on



chkconfig ipchains off


chkconfig ip6tables off

Enable masquerading



To enable masquerading for the real servers, we will assume that your external Internet interface is eth0 and the internal LAN interface is eth1. You can change the commands according to your situation. 

iptables —t nat —P POSTROUTING DROP



iptables —t nat —A POSTROUTING —o eth0 —j MASQUERADE

The first command is used so that not every packet is masqueraded on the server and provides extra level of security. The second command enables NAT and masquerades all internal real server IP addresses to the IP of the external Internet interface (eth0).

Configure virtual server using ipvsadm



The next step is to configure the Linux Virtual Server. Before that, assign proper IP addresses to machines on your network.

Put the real servers on your internal network on a private IP address range, like 192.168.2.0/255.255.255.0. Put the internal interface of the virtual server on the same subnet. For all real servers assign the IP address of the internal interface of the virtual server as the default gateway. For the external interface of the virtual server, use a public IP or use the settings provided by your ISP. In our set up we have two real servers with IPs 192.168.2.2 and 192.168.2.3 with the default gateway set as 192.168.2.1, which is the IP of the internal network interface of the virtual server. The external interface of the Virtual server has a public IP, say for example 202.103.106.5. Now configure the virtual server and link a scheduler to it.

ipvsadm —A —t 202.103.106.5:80 —s wlc



ipvsadm —A —t 202.103.106.5:21 —s wrr

This command adds scheduling algorithms, “wlc” for http (port 80) traffic and “wrr” for ftp (port 21) traffic on the virtual server. “wlc” and “wrr” stand for weighted least connection and weighted round robin. There are several other algorithms and choose one according to your requirements. See “man

ipvsadm”.

Now add real servers on this Virtual server to which the client requests will be forwarded.

ipvsadm —a —t 202.103.106.5:80 —r 192.168.2.3:80 —m



ipvsadm —a —t 202.103.106.5:80 —r 192.168.2.2:80 —m —w 2


ipvsadm —a —t 202.103.106.5:21 —r 192.168.2.2:21 —m

All http traffic will be forwarded to 192.168.2.2 and 192.168.2.3 according to the scheduling algorithm. 192.168.2.2 is given a weight 2 for http traffic by the —w 2 switch. The default weight is 1. All ftp traffic will go to 192.168.2.2 only.

Checking the cluster



After this set up, go to a client machine and access the Virtual Server Cluster using its external IP address. Type

202.103.106.5 in the Web browser and you will get a page served by the Web servers running on the Real servers. Open multiple connections to the Virtual Server Cluster and check the current connections on the real servers. You will see that the incoming load is divided among the real servers.

No virtual-server support in kernel



For Linux systems with no support for virtual server built into the kernel, kernel patch and source RPM for the ipvsadm utility have to be downloaded from

www.linuxvirtualserver.org

The site has many different patches for various kernel versions. We will configure a patch for 2.4.x kernel. We will use the kernel patch “linux-2.4.20-ipvs-1.0.8.patch.gz” and “ipvsadm-1.21-6.src.rpm” SRPM, both available on the website.

Choose all options as shown in this figure

To patch the kernel copy the patch file linux-2.4.20-ipvs-1.0.8.patch.gz to /tmp and issue

cd /usr/src/linux*



zcat /tmp/linux-2.4.20-ipvs-1.0.8.patch.gz | patch —p1

This will patch the kernel and after that you need to compile it. Issue the following commands from the /usr/src/linux* directory







make mrproper



make oldconfig


make xconfig


After this you will see a window listing several tabs. Click the Networking options tab, then on the next screen select IP:Virtual Server Configuration. On the new window mark all options as in the figure. Close all child windows and press Save and Exit on the main menu. From the command prompt run

make dep



make clean


make bzImage

This will create a compressed kernel image in the /usr/src/linux*/ arch/i386/boot directory.

make modules



make modules_install

This will create and install all modules for the new kernel. Now create the initrd image.

mkinitrd /boot/newinitrd-image “kernel version”

Substitute “kernel version with your kernel version e.g. 2.4.20-8

Edit your grub.conf or lilo.conf to make your system boot from the new kernel. Boot the new kernel and copy the ipvsadm-1.21-6.src.rpm file to /tmp and issue the command

rpm —ivh /tmp/ipvsadm-1.21-6.src.rpm

This will create two files, ipvsadm-1.21.tar.gz in the /usr/src/redhat/SOURCES directory and ipvsadm.spec file in the /usr/src/redhat/SPECS directory. Got to the /usr/src/redhat/SPECS directory and issue

rpmbuild —ba ipvsadm.spec

This will create a file ipvsadm-1.21-6.rpm in the one of the subdirectories of the /usr/src/redhat/ RPMS directory. Go to that directory and the issue the command

rpm —ivh ipvsadm-1.21-6.rpm

This will install all Linux Virtual Server files in their proper place and you can use the ipvsadm configuration utility as described above. 

This was a virtual-server configuration using a single virtual server and several real servers. The design has the limitation of having the virtual server as a single point of failure. To eliminate this you can use round robin DNS to have multiple virtual servers, each connected to the real servers. 

Anoop Mangla

Advertisment