From owner-freebsd-isp Sun Dec 10 20:45:32 2000 From owner-freebsd-isp@FreeBSD.ORG Sun Dec 10 20:45:27 2000 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mta6.snfc21.pbi.net (mta6.snfc21.pbi.net [206.13.28.240]) by hub.freebsd.org (Postfix) with ESMTP id 7B91037B400 for ; Sun, 10 Dec 2000 20:45:27 -0800 (PST) Received: from fire ([63.194.3.101]) by mta6.snfc21.pbi.net (Sun Internet Mail Server sims.3.5.2000.01.05.12.18.p9) with SMTP id <0G5D004JHZO2DX@mta6.snfc21.pbi.net> for freebsd-isp@FreeBSD.ORG; Sun, 10 Dec 2000 20:40:50 -0800 (PST) Date: Sun, 10 Dec 2000 20:43:08 -0800 From: matt Subject: Re: Load-Balancing - any solutions? To: Stanley Hopcroft , freebsd-isp@FreeBSD.ORG Reply-To: matt Message-id: <002c01c0632c$dcc2d200$6503c23f@XGforce.com> X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MSMail-Priority: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 References: X-Priority: 3 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Did you check the DNS based load balance and fail safe cluster from WWW.XGFORCE.COM. What do you think? ----- Original Message ----- From: Stanley Hopcroft To: Cc: Sent: Sunday, December 10, 2000 7:42 PM Subject: Re: Load-Balancing - any solutions? > Dear Ladies and Gentlemen, > > I am writing with some extra stuff about ways of server load balancing > that haven't been mentioned in other correspondence about this matter. > > The Foundy ServerIron (SI) is a well regarded means of doing Server > Load Balancing (SLB) and a few other clever things also. > > The SLB operates using a battery of health checks on the servers it is > load balancing. The most important of these are layer 7 or content > based checks. The SI can send a GET request to the servers and respond > to > > . content from the real servers using regular expression > pattern matching for a good|bad pattern in the HTML returned by the > server > > . 4xx or 5xx return codes > > . a combination of the above > > There is no necessity to do this in the SI hardware; the general method > of > > - of a third part checking the health of servers and > - reacting to change the selected server according to the results of > the health checks > > can be implemented in other ways. > > The Netsaint network monitor (http://www.netsaint.org) for example, has > had for some time the ability to execute "service handlers" if its > content sensitive health checks reveal faults (it too can use regexps > to check the returned HTML for pattersn of interest) > > A service handler is arbitrary code that could for example via a > secure channel (ssh) reconfigure the rewriting configuation of > an Apache load balancing rewrite box to rewrite requests elsewhere. > > The service handler could achieve the same result by other mechanisms > (as is done by the Foundry Global Server Load Balancing method) such > as using the Dynamic DNS capability to select another (by changing the > address corresponding to the failed name so that all requests for the > failed server will end up at another) server. > > Eliminating manual intervention in bringing on-line a warm duplicate > server may be feasable by a health check triggered change of interface > address or state in the standby duplicate. > > Likewise, routing decisions (in situations where it's undesirable to do > so with a routing protocol, perhaps in a firewall situation) may be > done by a health check leading to a secure channel update of a static > routing table. > > Perhaps a more extreme case is where a network Intrusion Detection > System (IDS)is used to measure health and react with SNMP writes or > traps to reconfigure other infrastructure (IDSs such as the ISS Real > Secure and the Cisco IDS have this capacity already but it is not > difficult to fit to any IDS that has the capacity of running code when > it recognises an attack signature). A host-based IDS need not behave so > radically; it could react to suspicious log messages by calling > someone. > > That said, there are cases where the SIs capacity to collect > comprehensive health indications such as > > - layer 1 (switch or NIC link signal, when the servers are plugged > into the SI) > - layer 3 (network reachability) > - layer 4 (accepting server port connections) > - layer 7 (reacting to a request) > > and react to them blazingly quickly can't be substituted for. > > There are other software methods of doing SLB for specific servers. The > Eddie Mission (?) does so for DNS servers. > > Thank you. > > Yours sincerely, > > > S Hopcroft > > Network Specialist > IP Australia > > +61 2 6283 3189 > +61 2 6281 1353 FAX > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message