- 论坛徽章:
- 0
|
需要翻译的内容目录第一至第三十章
Table of Contents
1. LVS: Introduction
1.1. Thanks
1.2. About the HOWTO
1.3. Nomenclature/Abbreviations
1.4. Minimal knowledge required
1.5. Free Technical Help
1.6. After you've Got Technical Help
1.7. Paid technical help
1.8. Mailing list: subscribing, unsubscribing, searching
1.9. Mailing list: posting to
1.10. Bug Fixes
1.11. Other load balancing solutions, GPL, opensource and commercial
1.12. Books on LVS
1.13. LVS in the news
1.14. Software/Information/HOWTOs useful/related to LVS
2. LVS: What is an LVS? Can I use an LVS?
2.1. What is a VIP?
2.2. Where do you use an LVS?
2.3. Client/Server relationship is preserved in an LVS
2.4. LVS director is an L4 switch
2.5. LVS forwards packets to realservers
2.6. LVS runs on Linux and FreeBSD directors
2.7. Code for LVS is different for each kernel series
2.8. kernels from 2.4.x series are SMP for kernel code
2.9. OS for realservers
2.10. LVS works on ethernet
2.11. LVS works on IPv6
2.12. LVS is continually being developed
2.13. LVS is 64 bit
2.14. Other documentation
2.15. LVS is not simple to install, get going or keep running
2.16. LVS Control (Failure, Thundering Herd, Sorry Servers)
2.17. clients on realservers
3. LVS: Install, Configure, Setup
3.1. Installing from Source Code
3.2. Ultra Monkey
3.3. Keepalived
3.4. ipvsman(d)
3.5. Alternate hardware: Soekris (and embedded hardware)
3.6. LVS on a CD: Malcolm Turnbull's ISO files
4. LVS: Ipvsadm and Schedulers
4.1. Using ipvsadm
4.2. Memory Requirements
4.3. sysctl documentation
4.4. Compile a version of ipvsadm that matches your ipvs
4.5. put realservers in /etc/hosts
4.6. RR and LC schedulers
4.7. Netmask for VIP
4.8. LBLC, DH schedulers
4.9. LVS with mark tracking: fwmark patches for multiple firewalls/gateways
4.10. SH scheduler
4.11. What is an ActiveConn/InActConn (Active/Inactive) connnection?
4.12. FAQ: ipvsadm shows entries in InActConn, but none in ActiveConn, connection hangs. What's wrong?
4.13. FAQ: initial connection is delayed, but once connected everything is fine. What's wrong?
4.14. unbalanced realservers: does rr and lc weighting equally distribute the load? - clients reusing ports
4.15. Changing weights with ipvsadm
4.16. Dynamically changing realserver weights
4.17. feedbackd
4.18. lvs-kiss
4.19. connection threshold
4.20. Flushing connection table
4.21. Thundering herd problem, Slow start code for realserver(s) coming on line
4.22. Handling kernel version dependant files e.g. System.map and ipvsadm
4.23. Limiting number of clients connecting to LVS
4.24. Who is connecting to my LVS?
4.25. experimental scheduling code
4.26. Ratz's primer on writing your own scheduler
4.27. changing ip_vs behaviour with sysctl flags in /proc
4.28. Counters in ipvsadm
4.29. Exact Counters
4.30. Scheduling TCP/UDP/SCTP/TCP splicing/
4.31. patch: machine readable error codes from ipvsadm
4.32. patch: stateless ipsvadm - add/edit patch
4.33. patch: fwmark name-number translation table
4.34. ip_vs_conn.pl
4.35. Luca's php monitoring script
4.36. ipvsadm set option
4.37. ipvsadm error messages
4.38. ipvsadm fast update bug with smp
5. LVS: LVS-NAT
5.1. Introduction
5.2. LVS-NAT bugs
5.3. Example 1-NIC, 2 Network LVS-NAT (VIP and RIPs on different network)
5.4. All packets sent from the LVS-NAT realserver to the client must go through the LVS-NAT director
5.5. Run the configure script
5.6. Setting up demasquerading on the director; 2.4.x and 2.2.x
5.7. rewriting, re-mapping, translating ports with LVS-NAT
5.8. masquerade timeouts
5.9. Julian's step-by-step check of a L4 LVS-NAT setup
5.10. How LVS-NAT works
5.11. In LVS-NAT, how do packets get back to the client, or how does the director choose the VIP as the source_address for the outgoing packets?
5.12. One Network LVS-NAT
5.13. re-mapping ports, rewriting is slow for 2.0, 2.2 kernels
5.14. Two instances of demon running on realserver
5.15. Performance of LVS-NAT
5.16. Various debugging techniques for routes
5.17. Connecting directly from the client to a service:port on an LVS-NAT realserver
5.18. A NAT router has no connections
5.19. Thoughts on extending NAT
5.20. Postings from the mailing list
5.21. LVS-NAT source routing patch (Brownfield, Sawari and Black)
5.22. LVS-NAT FTP Recipe
5.23. LVS-NAT vhosts with apache
5.24. LVS-NAT timeout problem
6. LVS: The ARP Problem
6.1. The problem
6.2. Put the VIP on the realservers lo device
6.3. The Cure(s)
6.4. The Cure: 2.0 kernels - nothing needed
6.5. The Cure: 2.2.x kernels - many options
6.6. The Cure: 2.4.x kernels - arp_ignore/arp_announce
6.7. The Cure: 2.6.x kernels - arp_ignore/arp_announce
6.8. arptables
6.9. The arp problem is on the realserver's VIP not the RIP
6.10. Testing an interface for replies to arp requests
6.11. Normal machines, Solaris
6.12. problems with switches
6.13. The ARP problem, the first inklings
6.14. A posting to the mailinglist by Peter Kese explaining the "arp problem"
6.15. arp bouncing
6.16. Lar's Method
6.17. Static Routing to Director
6.18. iproute2 arp on|off flag
6.19. Is the arp behaviour of 2.2.x kernel a bug?
6.20. The device doesn't reply to arp requests, the kernel does.
6.21. Properties of devices for the VIP
6.22. Topologies for LVS-DR and LVS-Tun LVS's
6.23. Why do all devices broadcast the arp replies
6.24. A discussion about the arp problem
6.25. ATM/ethernet and router problems
6.26. Same IP on multiple NICs
7. LVS: LVS-DR
7.1. LVS-DR example
7.2. How LVS-DR works
7.3. Handling the arp problem for LVS-DR
7.4. LVS-DR scales well
7.5. LVS-DR director as default gw for realservers, transparent proxy and Julian's martian and forward_shared patches
7.6. Accepting packets on LVS-DR director by fwmarks
7.7. security concerns: default gw(s) and routing with LVS-DR/LVS-Tun
7.8. routing to realserver from director
7.9. LVS-DR, LVS-Tun need rp_filter=0
7.10. Director as client in LVS-DR
7.11. from the mailing list
7.12. rewriting, re-mapping, translating ports with LVS-DR
8. LVS: LVS-Tun
8.1. LVS-Tun Intro
8.2. LVS-Tun example setup
8.3. You need a tunl0 device
8.4. the ARP problem with LVS-Tun
8.5. Reply packets appear to be spoofed
8.6. How LVS-Tun works
8.7. The RIP (not the tunl device) receives the ipip packet
8.8. Configure LVS-Tun
8.9. set rp_filter correctly
8.10. FreeBSD and Solaris realservers with LVS-Tun
8.11. Windows realservers with LVS-Tun
8.12. Realservers without ipip encapsulation
8.13. LVS-Tun has smaller MTUu: PMTU is disabled - handling fragmentation
8.14. MTU: early signs of problems
8.15. tunl mtu solved: Setting the MTU by MSS with iptables on the realserver
8.16. Setting the MTU by route
8.17. rewriting, re-mapping, translating ports with LVS-Tun
9. LVS: LocalNode
9.1. Two LocalNode Servers
9.2. Two Box LVS
9.3. Testing LocalNode
9.4. Localnode on the backup director
9.5. rewriting, re-mapping, translating ports with Localnode
10. LVS: You can't map (or earewrite) ports with LVS-DR, LVS-Tun or localnode (but you can with iptables)
10.1. You can't rewrite ports with localnode (but you can with iptables)
10.2. rewriting, re-mapping, translating ports with iptables in LVS-DR
10.3. can't port map with LVS
11. LVS: Non-LVS clients on Realservers
11.1. always NAT out clients through VIP
11.2. Masquerading clients on realservers to the outside world (SNAT)
11.3. Masquerading clients on LVS-NAT realservers
11.4. Masquerading clients on LVS-DR realservers
11.5. Masquerading clients on LVS-Tun realservers
11.6. Masquerading clients through the VIP on the director
11.7. 3-Tier LVS
11.8. Routes needed for 3-Tier LVS
11.9. Setting up routes using iptables and iproute2
11.10. from the mailing list
12. LVS: LVS clients on Realservers
12.1. Do you really need LVS clients on the realserver in a 3-Tier setup?
12.2. Realserver as LVS client in LVS-NAT
12.3. Realserver as LVS client in LVS-DR
13. LVS: Non Linux Realservers
13.1. Loopback interface on Windows/Microsoft/NT/W2K
13.2. Mac OS X (and Solaris)
14. LVS: identd/authd
14.1. What is authd/identd?
14.2. authd/identd and other 3-Tier clients
14.3. symptoms of the identd problem
14.4. comp.os.linux.security FAQ on identd
14.5. Russ Nelson on identd
14.6. Why identd is a problem for LVS
14.7. tcpdumps of connections delayed by identd
14.8. There are solutions to identd problem in some cases
14.9. Turn off tcpwrappers
14.10. Identd and smtp/pop/qmail
15. LVS: Variants on LVS: Local Nodes (One Box LVS)
16. LVS: Variants on LVS: Peter Warasin's ip_vs() in PREROUTING
17. LVS-J: Ludo's reinJect Forwarder: using the director as a gateway to load balance connections to the internet
17.1. Introduction
17.2. reinJect setup with ipvsadm
17.3. The target LVS: sending packets with dst_addr=0/0 to ip_vs
17.4. setting up LVS-J forwarding
17.5. SNAT'ing the output
17.6. LVS-J discussion by Ludo
18. LVS: Services: general, setup, debugging new services
18.1. Single port services are simple
18.2. setting up a (new) service
18.3. services must be setup for forwarding type
18.4. Realservers present the same content: Synchronising (filesharing) content and config files, backing up realservers
18.5. cfengine for synchronising files
18.6. File Systems for (really big) Clusters: Lustre, Panasas
18.7. File Systems for Clusters: Samba waits for a commit and is slow, NFS fills buffers and is fast
18.8. Discussion on distributed filesystems
18.9. load balancing and scheduling based on the content of the packet: Cookies, URL, file requested, session headers
18.10. timeouts for TCP/UDP connections to services
18.11. name resolution on realservers: running name resolution friendly demons on realservers
18.12. Debugging new services
18.13. "broken" services:servlets and j2ee
18.14. http logs, error logs
19. LVS: Services: single-port
19.1. ftp, tcp 21
19.2. ssh, sftp, scp, tcp 22
19.3. telnet, tcp 23
19.4. smtp, tcp 25; pop3, tcp 110; imap tcp/udp 143 (imap2), 220(imap3). Also sendmail, qmail, postfix, and mailfarms.
19.5. Mail Farms
19.6. dns, tcp/udp 53 (and dhcpd server 67, dhcp client 6
19.7. http name and IP-based (with LVS-DR or LVS-Tun), tcp 80
19.8. http with LVS-NAT
19.9. httpd is stateless and normally closes connections
19.10. netscape/database/tcpip persistence (keepalives)
19.11. dynamically generated images on web pages
19.12. http: sanity checks, shutting down, indexing programs, htpasswd, apache proxy and reverse proxy to look at URL, mod_backhand, logging
19.13. HTTP 1.0 and 1.1 requests
19.14. Large HTTP /POST with LVS-Tun
19.15. Microsoft http clients and servers violate the RFC for TCP/IP
19.16. http keepalive - effect on InActConn
19.17. Fallback/Sorry pages with Apache
19.18. Testing http with apachebench (ab)
19.19. Apache setup for DoS
19.20. squids, tcp 80, 3128
19.21. authd/identd, tcp 113 and tcpwrappers (tcpd)
19.22. ntp, udp 123
19.23. https, tcp 443
19.24. name based virtual hosts for https
19.25. Obtaining certificates for https
19.26. Self made certificates
19.27. SSL Accelerators and Load Balancers
19.28. r commands; rsh, rcpi (and their ssh replacements), tcp 514
19.29. lpd, tcp 515
19.30. Databases
19.31. Databases: mysql
19.32. Using Zope with databases
19.33. Databases: Microsoft SQL server, tcp 1433
19.34. Databases: Oracle
19.35. Databases: ldap, tcp/udp 389, tcp/udp 636
19.36. nfs, udp 2049
20. LVS: Services: multi-port
20.1. Introduction
20.2. ftp general, active tcp 20,21; passive 21,high_port
20.3. ftp helper modules: ip_vs_ftp/ip_masq_ftp
20.4. ftp (active) - the classic command line ftp
20.5. ftp (passive)
20.6. ftp helper bug(s)
20.7. ftp is difficult to secure
20.8. ftps (ssl based ftp), tcp 21, 22?
20.9. dns, tcp/udp 53 (and dhcpd server 67, dhcp client 6
20.10. samba, udp 137, udp 138, tcp 139, tcp 445
20.11. xdmcp, X-window, udp 177 (xdmcp), tcp 6000 (and ssh X-forwarding)
20.12. r commands; rsh, rcp, and their ssh replacements, tcp 513 (,514) and another connection
20.13. Streaming Media: RealNetworks, Quicktime, Windows Media Server, tcp/udp 554 (and other ports)
20.14. Radius, udp 1645,1646
21. LVS: Services that we haven't got to work with LVS yet
21.1. Kerberos
21.2. RMI
22. LVS: UDP Services - unique problems
22.1. SIP (Session Initiation Protocol)
22.2. UDP timeouts (SIP)
22.3. UDP timeouts (DNS)
22.4. Julian's One Packet Scheduler (OPS) for UDP, timeouts for DNS
22.5. icmp responses aren't generated by UDP timeouts on VIP-less directors
23. LVS: Routing and packet delivery to a director without a VIP (for fwmark and transparent proxy)
23.1. Introduction
23.2. Routing to and accepting packets by a VIP-less director
23.3. Routing to the MAC address of the director
23.4. Julian's iproute2 solutions
23.5. Ludos LVS target in iptables
23.6. Transparent proxy Q and A
23.7. Other tricks
24. LVS: Fwmarks (firewall marks)
24.1. Introduction
24.2. ipvsadm syntax for fwmark
24.3. setting up routing and packet delivery to the director
24.4. single-port service: telnet with fwmarks
24.5. Grouping services: single group, active ftp(20,21)
24.6. Grouping services: two groups, active ftp(20,21) and e-commerce(80,443)
24.7. passive ftp
24.8. fwmark with LVS-NAT
24.9. collisions between fwmark and VIP rules
24.10. persistence granularity with fwmark
24.11. fwmark allows LVS-DR director to be default gw for realservers
24.12. fwmark simplifies configuration for large numbers of addresses
24.13. Example: firewall farm
24.14. Example: LVS'ing a CIDR block
24.15. Example: forwarding based on client source IP
24.16. Example: load balancing multiple class C networks
24.17. Example: proxy server
24.18. Example: transparent web cache
24.19. Example: Multiply-connected router
24.20. httpd clients (browsers)
24.21. Example: dynamically generated images in webpages
24.22. Example: Balancing many IPs/services as one block
24.23. Example: Source controlled LVS - services and realserver customised by Client IP
24.24. Appendix 1: Specificiations for grouping of services with fwmarks
24.25. Appendix 2: Demonstration of grouping services with fwmarks
24.26. Appendix 3: Announcement of grouping services with fwmarks
24.27. fwmark examples from the mailing list
25. LVS: Transparent proxy (TP or Horms' method)
25.1. setting up routing and packet delivery to the director
25.2. General
25.3. How you use TP
25.4. The original 2.2 TP setup method
25.5. Transparent proxy for 2.4.x (and presumably 2.6.x)
25.6. Experiments showing that 2.4TP is different to 2.2TP
25.7. What IP TP packets arriving on?
25.8. Take home lesson for setting up TP on realservers
25.9. Handling identd requests from 2.4.x LVS-DR realservers using TP
25.10. Performance of Transparent Proxy
25.11. The difference between REDIRECT and TPROXY
26. LVS: Transparent Bridging
27. LVS: Persistent Connection (Persistence, Affinity in cisco-speak)
27.1. LVS persistence
27.2. Scheduling looks different under persistence
27.3. Persistent and regular (non-persistent) services together on the same realserver.
27.4. Tracing connections: where will the client connect next?
27.5. Bringing down persistent services.
27.6. Forcing a break in a persistent connection: expire_quiescent_template - Horms sysctl for quiescing persistent connections
27.7. what if a realserver holding a persistent (sticky) connection crashes
27.8. Load Balancing time constant is longer with persistence
27.9. The tcp NONE flag
27.10. Resetting the persistence timeout counter (persistence behaviour for short timeout values)
27.11. Why you don't want persistence for your e-commerce site: why you should rewrite your application
27.12. more about e-commerce sites: we used to think memory was the problem - it isn't
27.13. persistence with windows realservers
27.14. messing with the ipvsadm table while your LVS is running
27.15. Persistence for multiport services
27.16. Proxy services, e.g. AOL
27.17. key exchanges (SSL)
27.18. About longer timeouts
27.19. passive ftp and persistence
27.20. The Persistence Template (about port 0)
27.21. persistent clients behind a proxy or nat box
27.22. Rogue clients hidden by persistence
27.23. Long (1 day) persistence to windows terminal servers
28. LVS: Running a firewall on the director: Interaction between LVS and netfilter (iptables).
28.1. Start with no filter rules
28.2. Introduction
28.3. Path of an ip_vs controlled packet
28.4. how to filter with netfilter
28.5. ipvs_nfct, netfilter connection tracking for ipvs
28.6. LVS-NAT netfilter conntrack example with ftp
28.7. tcpdump is LVS compatible
28.8. Writing Filter Rules
28.9. The Antefacto Netfilter Connection Tracking patches
28.10. The design of LVS as a netfilter module, pt1
28.11. The design of LVS for Netfilter and Linux 2.4, pt2
28.12. Example ip_tables filter scripts
28.13. performance hit on director with iptables/netfilter
28.14. Long sessions through LVS DR director terminated by icmp-host-prohibited (ICMP type 3 code 10)
29. LVS: Cluster friendly versions of applications that need to maintain state
29.1. rewriting your application/service
29.2. Session Data, maintaining state in a cluster, from Andreas Koening
29.3. Single Session
29.4. IIS session management: how it works
29.5. Maintaining state with persistence
29.6. How others maintain state
30. LVS: Squid Realservers (poor man's L7 switch)
30.1. Terminology
30.2. Preview
30.3. Let's start assembling
30.4. One squid
30.5. Another squid
30.6. Combining pieces with LVS
30.7. Problems |
|