Persistence And Firewall Marks - Red Hat ENTERPRISE LINUX AS 2.1 Installation Manual

Section 6.5:Persistence and Firewall Marks 109
backup LVS router simultaneously. All of the cluster's real servers located on the private network use
the floating IP for the NAT router as their default route to communicate with the active LVS router so
that their ability to respond to requests from the Internet never goes down.
In this example, the LVS router's public LVS floating IP address and private NAT floating IP address
are aliased to two physical NICs. While it is possible to associate each floating IP address to its own
physical device on the LVS router nodes, having more than two NICs is not a requirement.
Under this topography, the active LVS router receives the request and routes it to the appropriate server.
The real server then processes the request and returns the packets to the LVS router which uses network
address translation to replace the address of the real server in the packets with the LVS routers public
VIP address. This process is called IP masquerading because the actual IP addresses of the real
servers is hidden from the requesting clients.
NAT routing is easy to set up and quite flexible. Using this topography, the real servers may be any
kind of machine running any operating system. The chief disadvantage is that, once the real server
pool contains more than twenty members, the LVS router may become a bottleneck because it must
process outgoing as well as incoming requests.

6.5 Persistence and Firewall Marks

In certain situations, it may be desirable for a client to reconnect repeatedly to the same real server,
rather than have an LVS load balancing algorithm send that request to the best available server. Exam-
ples of such situations include multi-screen web forms, cookies, SSL, and FTP connections. In these
cases, a client may not work properly unless the transactions are being handled by the same server in
order to retain context. LVS provides two different features to handle this: persistence and firewall
marks.
6.5.1 Persistence
When enabled, persistence acts like a timer. When a client connects to a service, LVS remembers the
last connection for a specified period of time. If that same client IP address connects again within
that period, it will be sent to the same server it connected to previously — bypassing the load-balanc-
ing mechanisms. When a connection occurs outside the time window, it is handled according to the
scheduling rules in place.
Persistence also allows the administrator to specify a subnet mask to apply to the client IP address test
as a tool for controlling what addresses have a higher level of persistence, thereby grouping connec-
tions to that subnet.
Grouping connections destined for different ports can be important for protocols which use more than
one port to communicate, such as FTP. However, persistence is not the most efficient way to deal with
the problem of grouping together connections destined for different ports. For these situations, it is
best to use firewall marks.