Firewall Marks; Lvs - A Block Diagram - Red Hat ENTERPRISE LINUX 4 - VIRTUAL SERVER ADMINISTRATION Manual

Chapter 1. Linux Virtual Server Overview
the problem of grouping together connections destined for different ports. For these situations, it is
best to use firewall marks.

1.5.2. Firewall Marks

Firewall marks are an easy and efficient way to a group ports used for a protocol or group of related
protocols. For instance, if LVS is deployed to run an e-commerce site, firewall marks can be used to
bundle HTTP connections on port 80 and secure, HTTPS connections on port 443. By assigning the
same firewall mark to the virtual server for each protocol, state information for the transaction can be
preserved because the LVS router forwards all requests to the same real server after a connection is
opened.
Because of its efficiency and ease-of-use, administrators of LVS should use firewall marks instead
of persistence whenever possible for grouping connections. However, administrators should still
add persistence to the virtual servers in conjunction with firewall marks to ensure the clients are
reconnected to the same server for an adequate period of time.
1.6. LVS — A Block Diagram
Figure 1.5,
LVS routers use a collection of programs to monitor cluster members and cluster services.
"LVS Components"
illustrates how these various programs on both the active and backup LVS routers
work together to manage the cluster.
Figure 1.5. LVS Components
10