Re: IPv6 Server Load Balancing - DSR
On 2010-08-12 08:32, Leland Vandervort wrote: I'm looking at server load balancing for IPv6 and specifically need DSR (direct server return). Additionally, I need to support both TCP and UDP. This is easily done with OpenBSD. See here for starters: http://www.undeadly.org/cgi?action=articlesid=20080617010016 Simon -- NAT64/DNS64 open-source -- http://ecdysis.viagenie.ca STUN/TURN server-- http://numb.viagenie.ca vCard 4.0 -- http://www.vcarddav.org
Re: IPv6 Server Load Balancing - DSR
Hi Leland, Seems that hardware vendors doesn't like IPv6... for load balancing. I had a look to relayd from OpenBSD, and it seems this can be used a LoadBalancing with DSR... Even if they don't recommand this ... Maybe the is is the time to move from hardware / closed solutions to open ones.. ? Xavier
Re: IPv6 Server Load Balancing - DSR
OpenSolaris ILB is open solution ;) but yea, that's what we've started looking at -- hence LVM / HAProxy as well.. (though LVM is IPv4 only, and HAProxy is NAT only for IPv6) does relayd support UDP as well as TCP or is it layer7 only like HAProxy ? In the case of ILB, I'm not convinced that it's a problem with the LB itself, but rather the idiosyncrasies of ND in IPv6 that is causing the problem.. but I may be wrong... at any rate, something's amiss ... cheers, Leland On 12 Aug 2010, at 15:05, Xavier Beaudouin wrote: Hi Leland, Seems that hardware vendors doesn't like IPv6... for load balancing. I had a look to relayd from OpenBSD, and it seems this can be used a LoadBalancing with DSR... Even if they don't recommand this ... Maybe the is is the time to move from hardware / closed solutions to open ones.. ? Xavier
Re: IPv6 Server Load Balancing - DSR
Hi Leland, Le 12 août 2010 à 15:11, Leland Vandervort a écrit : OpenSolaris ILB is open solution ;) but yea, that's what we've started looking at -- hence LVM / HAProxy as well.. (though LVM is IPv4 only, and HAProxy is NAT only for IPv6) does relayd support UDP as well as TCP or is it layer7 only like HAProxy ? It does everything... :) L2 - L7... In the case of ILB, I'm not convinced that it's a problem with the LB itself, but rather the idiosyncrasies of ND in IPv6 that is causing the problem.. but I may be wrong... at any rate, something's amiss ... Maybe on some setup you should desactivate ND... Xavier
Re: IPv6 Server Load Balancing - DSR
On 12 Aug 2010, at 15:19, Xavier Beaudouin wrote: In the case of ILB, I'm not convinced that it's a problem with the LB itself, but rather the idiosyncrasies of ND in IPv6 that is causing the problem.. but I may be wrong... at any rate, something's amiss ... Maybe on some setup you should desactivate ND... Yea.. well. .that's the point... can't deactivate ND on the real interface of the server as that's required for the server itself.. but it, according to the kernel, deactivated on the dummy interface carrying the virtual IP of the server farm... exactly as is done for IPv4 and ARP manipulation. Hm... L.
Re: IPv6 Server Load Balancing - DSR
On Thu, 12 Aug 2010, Simon Perreault wrote: On 2010-08-12 08:32, Leland Vandervort wrote: I'm looking at server load balancing for IPv6 and specifically need DSR (direct server return). Additionally, I need to support both TCP and UDP. This is easily done with OpenBSD. See here for starters: http://www.undeadly.org/cgi?action=articlesid=20080617010016 And FreeBSD: http://www.freshports.org/net/relayd/ Simon -- NAT64/DNS64 open-source -- http://ecdysis.viagenie.ca STUN/TURN server-- http://numb.viagenie.ca vCard 4.0 -- http://www.vcarddav.org
Re: IPv6 Server Load Balancing - DSR
On Thu, 12 Aug 2010 14:32:25 +0200 Leland Vandervort lel...@taranta.discpro.org wrote: I'm looking at server load balancing for IPv6 and specifically need DSR (direct server return). Additionally, I need to support both TCP and UDP. IPVS has had IPv6 support for a while: http://www.mindbasket.com/ipvs/ We're using it on our mirror site, http://ftp.heanet.ie, with DSR for http, ftp and rsync load balancing. rg -- Rob Gallagher | Public Key: 0x1DD13A78 HEAnet Limited, Ireland's Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin 1. Registered in Ireland, no 275301 T: (+353-1) 6609040 F: (+353-1) 6603666 WWW: http://www.heanet.ie/ HEAnet National Networking Conference, 10-12 November 2010 - Registration is now open at: http://www.heanet.ie/conferences/2010/ signature.asc Description: PGP signature
Re: IPv6 Server Load Balancing - DSR
On Aug 12, 2010, at 6:19 AM, Xavier Beaudouin wrote: Hi Leland, Le 12 août 2010 à 15:11, Leland Vandervort a écrit : OpenSolaris ILB is open solution ;) but yea, that's what we've started looking at -- hence LVM / HAProxy as well.. (though LVM is IPv4 only, and HAProxy is NAT only for IPv6) does relayd support UDP as well as TCP or is it layer7 only like HAProxy ? It does everything... :) L2 - L7... In the case of ILB, I'm not convinced that it's a problem with the LB itself, but rather the idiosyncrasies of ND in IPv6 that is causing the problem.. but I may be wrong... at any rate, something's amiss ... Maybe on some setup you should desactivate ND... Xavier If you're putting the DSR address on an interface other than loopback, you probably need to turn of DAD on the interface with the DSR address otherwise DAD will shut down that address on the interface when it sees other servers with the same address. Sometimes it will shut down all but one, sometimes it will shut down all. Owen
Re: IPv6 Server Load Balancing - DSR
Hi Owen, The DSR address is indeed on a loopback in our case. loLink encap:Local Loopback inet6 addr: ::1/128 Scope:Host inet6 addr: ::x:::xx/128 Scope:Global The mystery continues... Leland On 12 Aug 2010, at 18:28, Owen DeLong wrote: On Aug 12, 2010, at 6:19 AM, Xavier Beaudouin wrote: Hi Leland, Le 12 août 2010 à 15:11, Leland Vandervort a écrit : OpenSolaris ILB is open solution ;) but yea, that's what we've started looking at -- hence LVM / HAProxy as well.. (though LVM is IPv4 only, and HAProxy is NAT only for IPv6) does relayd support UDP as well as TCP or is it layer7 only like HAProxy ? It does everything... :) L2 - L7... In the case of ILB, I'm not convinced that it's a problem with the LB itself, but rather the idiosyncrasies of ND in IPv6 that is causing the problem.. but I may be wrong... at any rate, something's amiss ... Maybe on some setup you should desactivate ND... Xavier If you're putting the DSR address on an interface other than loopback, you probably need to turn of DAD on the interface with the DSR address otherwise DAD will shut down that address on the interface when it sees other servers with the same address. Sometimes it will shut down all but one, sometimes it will shut down all. Owen
Re: IPv6 Server Load Balancing - DSR
Brocade basically sucks when it comes to loadbalancing IPv6, the old serveriron platform is EOL and a complete mess which offers some IPv6 support, but not much. The new ADX platform seems to be in a pre-alfa stage at the moment. So normally I would say stand clear, however we do run a (larger) usenet platform on v6 which uses DSR and that part works on the serveriron, running a pre-relase of the 11.0.0f software. Must admit we don't do anything fancy, it's all unprotected and statically routed, ACLs are all done on the reals and on the Juniper in front of the serveriron etc. But it seems to hold, haven't heard any complains yet. But be warned this is a really specifc subset of features. For regular operations like web we still have loads and loads of issues. Basically the other choice is F5. We are busy setting up a PoC with A10, who claim IPv6 support. Hopefully in a few weeks time they can be added to the list of potential suppliers. Other then these two I haven't come across any dedicated stuff and what's left is Linux/BSD based solutions. MarcoH
Re: IPv6 Server Load Balancing - DSR
Well, Frankly our culture is very much open source, so if we can find something along those lines, then it would be preferred. (Hence looking at OpenSolaris and ILB). -- having said that, we do have both F5 and Foundry kit here, but it's all pre-IPv6 so doesn't have the support built in. Not really looking to replace what is in existence already for IPv4 with something new to do both, so really that reinforces the open-source avenue really. I think the biggest problem is really the DSR aspect for IPv6, since the OS/ILB solution works perfectly in NAT mode, and DSR works perfectly with IPv4 on this solution. So either I'm missing something critical on the real server configuration, or ILB's implementation of DSR for IPv6 doesn't really work. The virtual IP is bound to loopback on the real servers, exactly the same was as for IPv4. So other than something quirky going on with ND, or simply ILB not correctly rewriting the L2 frame, or there's something else more sinister afoot that I'm unable to put my finger on. Back to the drawing board... :) Thanks, Leland On 12 Aug 2010, at 19:23, William Cooper wrote: I know there have been quite a few responses for both h/w and s/w solutions, it's not clear which your preference is of the two. I know there are various h/w vendors that offer a s/w solution (mostly in conjunction with some form of virtualization environment), such as A10. I've been testing A10 for a while now, and they seem very keen on developing parity between v4 and v6 feature sets / performance. DSR is more or less a L2 trick that plays on some inherent weaknesses and constraints that are present with v4 local address resolution (don't mean to preach to the chior); I think most responses here have touched on the primary challenges of DSR with v6. I'll be exploring DSR with dual stack v4/6 in the near future, I'll let you know how that turns out. Hmm... not sure how this helped. Regards, -Tony On Thu, Aug 12, 2010 at 12:40 PM, Leland Vandervort lel...@taranta.discpro.org wrote: Hi Owen, The DSR address is indeed on a loopback in our case. loLink encap:Local Loopback inet6 addr: ::1/128 Scope:Host inet6 addr: ::x:::xx/128 Scope:Global The mystery continues... Leland On 12 Aug 2010, at 18:28, Owen DeLong wrote: On Aug 12, 2010, at 6:19 AM, Xavier Beaudouin wrote: Hi Leland, Le 12 août 2010 à 15:11, Leland Vandervort a écrit : OpenSolaris ILB is open solution ;) but yea, that's what we've started looking at -- hence LVM / HAProxy as well.. (though LVM is IPv4 only, and HAProxy is NAT only for IPv6) does relayd support UDP as well as TCP or is it layer7 only like HAProxy ? It does everything... :) L2 - L7... In the case of ILB, I'm not convinced that it's a problem with the LB itself, but rather the idiosyncrasies of ND in IPv6 that is causing the problem.. but I may be wrong... at any rate, something's amiss ... Maybe on some setup you should desactivate ND... Xavier If you're putting the DSR address on an interface other than loopback, you probably need to turn of DAD on the interface with the DSR address otherwise DAD will shut down that address on the interface when it sees other servers with the same address. Sometimes it will shut down all but one, sometimes it will shut down all. Owen