This article is covering the configuration of the DSR load balancing mode on the Alteon load balancers running WebOS 10 and a couple of Linux systems acting as real servers.
Alteon 180/184 series load balancers is a cheap solution to handle at least 1 Gigabit of load balanced web traffic, when using DSR.
As per Wikipedia, load balancing is a technique to spread work between two or more computers, network links, CPUs, hard drives, or other resources, in order to get optimal resource utilization, maximize throughput, and minimize response time. Usage of multiple components with load balancing, instead of a single component, may increase reliability through redundancy.
DSR is a way for outbound traffic to bypass the load balancer, sending traffic directly to the default router of that network.
DSR uses the loopback interface on a server to spoof the address of the VIP (virtual ip address) on the load balancer when sending traffic out, making it look as the load balancer sent the packet instead of the server, thus eliminating the need for the load balancer to process that traffic. The loopback interface is a special kind of network interface inside the machine. Usually, it is used only by the operating system for internal network communications, but it can be used for other purposes, such as DSR.
Basically, there are four necessary steps for DSR setup:
1. Configure the IP alias on the server loopback interface with the IP address of the load balancer VIP.
On a RedHat/CentOS -like server the config file /etc/sysconfig/network-scripts/ifcfg-lo:0 will look like this:
DEVICE=lo:0 IPADDR=10.0.0.1 NETMASK=255.255.255.255 ONBOOT=yes
On Linux running kernel 2.6 there is one more thing to adjust, because the Linux boxes will respond to the ARP requests for that VIP, when they are not supposed to. This can be prevented by specific kernel arp settings, added to the configuration file /etc/sysctl.conf (2.6 kernel only) and rebooting the server:
net.ipv4.conf.all.rp_filter=0 net.ipv4.conf.all.arp_ignore=1 net.ipv4.conf.eth0.arp_ignore=1 net.ipv4.conf.eth1.arp_ignore=1 net.ipv4.conf.all.arp_announce=2 net.ipv4.conf.eth0.arp_announce=2 net.ipv4.conf.eth1.arp_announce=2
The following commands may be used to change the settings interactively during runtime:
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore echo 1 > /proc/sys/net/ipv4/conf/eth1/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce echo 2 > /proc/sys/net/ipv4/conf/eth0/arp_announce echo 2 > /proc/sys/net/ipv4/conf/eth1/arp_announce Unfortunately, there seems to be no general and simple solution for for kernel 2.4. For additional information about the nature of the problem (and other solutions) check http://linux-ip.net/html/ether-arp.html#ether-arp-flux .
2. Configure the web server to bind to both the real IP address (so the load balancer can still perform health checks) and the new loopback IP address.
A config snippet example for Apache :
<VirtualHost 10.0.0.1 10.0.0.100> ServerAdmin firstname.lastname@example.org DocumentRoot /var/www/html ServerName www1.example.com ErrorLog logs/error_log CustomLog logs/access_log common </VirtualHost> 3. Point the default route on the web servers directly towards the router (rather than through the load balancer).
In this example, run on the Linux server : route add default gw 10.0.0.254
and save this configuration in the init scripts (/etc/sysconfig/network OR /etc/sysconfig/network-scripts/ifcfg-ethX) .
4. Configure the load balancer to enable DSR.
In this test scenario I`m using the following ip addresses :
10.0.0.1 and 10.0.0.2 as web servers RIPs
10.0.0.100 the Alteon VIP
10.0.0.254 the router, acting as gateway for servers as well as for the Alteon.
A sample config of the alteon load balancer with two real servers behind a single VIP address.
The most important advantage of using DSR is performance, because the load balancer handles about one packet in for every eight packets out, depending on the traffic profile, the load balancer does substantially less work.
The disadvantages of using DSR is a most complex setup and because this method may perform only layer 4 load balancing, as layer 7 (URL parsing and cookie persistence) requires the ability to completely proxy a connection.