're[2]: [SSI] [Design] Cluster wide TCP and LVS Part 2'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ssic-linux-devel
Subject:    re[2]: [SSI] [Design] Cluster wide TCP and LVS Part 2
From:       Greg Freemyer <freemyer () NorcrossGroup ! com>
Date:       2002-04-30 17:05:49
[Download RAW message or body]

 >>  > CLUSTE WIDE  TCIP/IP:

 >>  Let's see if I understand the environment, issues and options.
 >>  There are several kinds of listening daemons we may wish to run in the
 >>  cluster.  All of them no doubt will just do wildcard listens:
 >>  a. daemons that are strictly local and not parallel and
 >>  don't want to be listening on the VIPs (just the local
 >>  physical interfaces;
 >>  b. single instance daemons (not parallel) that might be
 >>  started anywhere in the cluster and mostly want to listen
 >>  on VIP and have a fixed port number.
 >>  c. single instance daemons (not parallel) that might be
 >>  started anywhere in the cluster and mostly want to listen
 >>  on VIP and want to use an ephimeral port number.
 >>  d. parallel instance daemons (like http) that want to run on
 >>  every node and listen on the VIP and local interfaces, with
 >>  VIP traffic being load levelled to them.

 >>  LVS is just fine at handling case a (not involved), case b (somewhat
 >>  degenerate case of d) and d (what LVS was meant for.  Case c is
 >>  a problem because you need a unique port number which the system must
 >>  pick and you need it registered with ldirectord.  Question is, is this
 >>  a very interesting case to worry about.

 >>  Now, the main place that port space is an issue is with those doing
 >>  connects, which often get an ephimeral local port number for the
 >>  socket.  The port space needs only to be unique w.r.t. the ip
 >>  address so this is a clusterwide issue only when we allow 
 >>  binds/connects on VIPs  (normally the program doesn't
 >>  specify an ip address and the system picks the one that it is going
 >>  to route the traffic out on).  If we want to support VIP as
 >>  the address on outgoing connections 

> > ( I suspect no one else does this?),

 >>  we have to provide a clusterwide port space and must register the
 >>  port with ldirector so that the traffic from the remote node can
 >>  be directed to the local node that initiated the connection.
 >>  

Tru64/TruClusters V5 supports using the VIP for outgoing connections.  Since \
TruClusters was based on OpenVMS clusters, I assume it also does this.

In one of the config files you can tell TruClusters whether to use the VIP or not \
based on the _target_ port number. 

The default is not to use it.  IIRC, Telnet is configured to use it.  

i.e. By default on a TruClusters V5 machine any socket opened with a _target_ port of \
23 will have the originating IP set to the VIP.

As I understand it, this was done to allow integration into secure environments to be \
easier.  i.e. firewalls, and other security mechanisms only have to know about the \
VIP, not all of the individual node IPs.


 >>  I think we need to discuss the specific goals a little more before
 >>  going on the implementation.

You should also look into the rather unusual mechanism Java RMI uses for assigning \
port numbers.  (The logic behind it defies me.)

I don't know if Java RMI will qualify as a case c) or not.

I am _not_ a Java RMI expert, but I think the below is accurate. 

FYI: If you get to where you really need to know, I can put a sniffer on and get a \
detailed trace, but it might be better to get a Java RMI expert to explain it.

With JAVA RMI a RMI Registration Process runs as daemon and a well-known port is \
listened to by this daemon.  When a client connects, a new _thread_ is kicked off \
dedicated to that client.  The new thread  requests an ephemeral port and _listens_ \
on it.  The client is notified of the new port on the original socket.  Then the \
client closes the original socket and _connects_ to the new socket.

WIth this bizarre behavior, you conceivably can have problems with both the ephemeral \
port, and also with the IP address on the second listen.

 >>  bruce

Greg Freemyer
Internet Engineer
Deployment and Integration Specialist
Compaq ASE - Tru64
Compaq Master ASE - SAN Architect
The Norcross Group
www.NorcrossGroup.com


_______________________________________________
ssic-linux-devel mailing list
ssic-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ssic-linux-devel


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic