Difference between revisions of "Building clusterized proxy farms using LVS"

From LVSKB
Jump to: navigation, search
Line 19: Line 19:
 
The system architecture of web cache cluster using LVS is illustrated in the following figure.
 
The system architecture of web cache cluster using LVS is illustrated in the following figure.
  
FIXME
 
 
  [[Image:sl-ha-lb-overview-ultramonkey3.png|center]]
 
  [[Image:sl-ha-lb-overview-ultramonkey3.png|center]]
  
* it use LVS with Ultramonkey 3 settings for a [http://www.ultramonkey.org/3/topologies/sl-ha-lb-overview.html Streamline High Availability and Load Balancing] setting.
+
 
* it is base on the usage for Squid + DansGuardian (but could feet for any Squid + *).
+
* it uses LVS with Ultramonkey 3 settings for a [http://www.ultramonkey.org/3/topologies/sl-ha-lb-overview.html Streamline High Availability and Load Balancing] setting.
 +
* it's based on the usage for Squid + DansGuardian (but could feet for any Squid + *).
  
  
 
== Configuration Example ==
 
== Configuration Example ==
 +
To set up this configuration with LVS, just proceed to [http://www.ultramonkey.org/3/installation.html installation] and [http://www.ultramonkey.org/3/topologies/sl-ha-lb-eg.html configuration] as indicated on the Ultramonkey documentations.
 +
 +
Then :
 +
* set up your Squid server, listening on port 3128 (example) and using DansGuardian on port 8000
 +
* set up your DansGuardian server, listening to port 8000
 +
* set up DansGuardian to reject (filter) the "http://proxy.testing.net/" URL (adding this domain/url to the blacklists. Be sure the "URL Filtering" will be returned by the proxy in case of filtering this URL.
 +
* patch /usr/sbin/ldirectord with the FIXME patch
 +
* configure your /etc/ha.d/ldirectord.cf with the following tests (example IP addresses):
  
 +
# /etc/ha.d/ldirectord.cf
 +
# Virtual Server for Proxy Service and Filtering Service
 +
virtual=192.168.0.100:3128
 +
        real=192.168.0.10:3128 gate
 +
        real=192.168.0.11:3128 gate
 +
        real=192.168.0.12:3128 gate
 +
        real=192.168.0.12:3128 gate
 +
        service=proxy_http
 +
        request="http://proxy.testing.net"
 +
        receive="URL Filtering"
 +
        protocol=tcp
 +
        scheduler=wlc
 +
        protocol=tcp
 +
        checktype=negotiate
  
 
== Conclusion ==
 
== Conclusion ==

Revision as of 15:49, 16 November 2005

Introduction

Sometimes, you just need to build a proxy farm with the following needs:

  • you need high-availability, because of your SLA.
  • you need load balancing, because you're serving numerous Kusers.
  • you need caching with Squid.
  • you need extra-services over Squid (URL filtering with DansGuardian/SquidGuard, Antivirus softwares, ...)
  • you need scalability because you want to be able to grow.

In these cas, you've got plenty of answers to proceed. LVS is one of them (probably the best suited anyway).

But as you're doing extra-services over Squid, the base LVS ldirectord tests won't be sufficient.

This page explains how to make some more advanced tests to be sure some extra-services will be checked too, and the corresponding realserver service will be dropped down if one of the extra service (or Squid itself) is not available.

It present a proposed patch to ldirectord to do so.

Architecture

The system architecture of web cache cluster using LVS is illustrated in the following figure.

Sl-ha-lb-overview-ultramonkey3.png



Configuration Example

To set up this configuration with LVS, just proceed to installation and configuration as indicated on the Ultramonkey documentations.

Then :

  • set up your Squid server, listening on port 3128 (example) and using DansGuardian on port 8000
  • set up your DansGuardian server, listening to port 8000
  • set up DansGuardian to reject (filter) the "http://proxy.testing.net/" URL (adding this domain/url to the blacklists. Be sure the "URL Filtering" will be returned by the proxy in case of filtering this URL.
  • patch /usr/sbin/ldirectord with the FIXME patch
  • configure your /etc/ha.d/ldirectord.cf with the following tests (example IP addresses):
# /etc/ha.d/ldirectord.cf
# Virtual Server for Proxy Service and Filtering Service
virtual=192.168.0.100:3128
        real=192.168.0.10:3128 gate
        real=192.168.0.11:3128 gate
        real=192.168.0.12:3128 gate
        real=192.168.0.12:3128 gate
        service=proxy_http
        request="http://proxy.testing.net"
        receive="URL Filtering"
        protocol=tcp
        scheduler=wlc
        protocol=tcp
        checktype=negotiate

Conclusion