WebGUI Load Balancing WebGUI User Conference October 5, 2005 Presented by: Len Kranendonk len@primaat.com
Course Contents Introduction Example: The Royal Netherlands Football Association Scaling WebGUI Load balancing Techniques: Round Robin DNS Firewall Software Load Balancers Hardware Load Balancers CARP Tools
Introduction Len Kranendonk Currently working full time on the website of the Royal Netherlands Football Association www.knvb.nl Learned load balancing the hard way :) Football is as important as the painting of Van Gogh and Rembrandt in the Dutch culture.
Some statistics Visitors last month: Up to 1200 simultaneous users in peak hours.
OpenBSD PF Firewalls with CARP failover and PFSync FW1 Internet sync FW2 Load balanced THTTPD servers for static content. Load balanced SQUID servers. /uploads /extras ICP is used to share cache amongst the squids. SQ1 SQ2 IMG1 IMG2 ICP rsync Load balanced WebGUI servers on FreeBSD WG1 WG2 WG ADM DB1 NFS repl WebGUI Admin server outside Squid. DB2 KNVB Setup MySQL servers in Master-Slave configuration
Scaling WebGUI - 1 WebGUI is designed with scaling in mind: Static content can be separated from dynamic content In WebGUI.conf: uploadsurl = http://files.domain.com/uploads uploadspath = /nfs/share/to/file/server WebGUI can read from multiple database servers: In WebGUI.conf: dbslave1 = dsn => DBI:mysql:db_name;host=192.168.1.20, \ user => db_user, \ pass => db_password
Scaling WebGUI - 2 Cache can be shared across WebGUI nodes using memcached: Memcached = high performance distributed memory caching system, see http://www.danga.com/memcached/ In WebGUI.conf: memcached_servers = 192.168.1.100:11211 Unburden the WebGUI application server (mod_perl) by using a frontend proxy: Apache mod_proxy: The WRE (WebGUI Runtime Environment) offers an all-in-one mod_proxy solution Squid: Fast, flexible, stable and secure. See http://squid.visolve.com/squid/reverseproxy.htm for installation instructions.
Load Balancing Techniques Round Robin DNS Firewall load balance support Software load balancers Hardware load balancers Redirectors CARP (Common Address Redundancy Protocol)
DNS - Round Robin Simplest way to implement load balancing. In Bind zonefile oreilly.com: www 60 IN A 208.201.239.36 www 60 IN A 208.201.239.37 # nslookup www.oreilly.com Name: www.oreilly.com Addresses: 208.201.239.36, 208.201.239.37 IP addresses are rotated, so the load is divided (more or less) equally between the nodes.
DNS - Round Robin Round Robin DNS has no support for failover! Solution: Write a monitor script that takes over the IP address of the failing node.
DNS Load Balance lbnamed: A DNS-based load balancer. Can be found at: http://www.stanford.edu/~riepel/lbnamed/ Written in Perl. Implements failover.
Load Balancing in the Firewall In PF: web_servers = "{ 10.0.0.10, 10.0.0.11, 10.0.0.12 }" rdr on $ext_if proto tcp from any to any port 80 -> $web_servers \ round-robin sticky-address In IPTables: $IPT -t nat -A PREROUTING -p tcp -i $ext --destination-port 80 -j DNAT --to 10.0.0.10-10.0.0.12 $IPT -A INPUT -p tcp -i $ext -- destination-port 80 -j ACCEPT
Software for Load Balancing LVS: Linux Virtual Server Implemented in the kernel Three techniques for load balancing: Virtual server via NAT Virtual server via IP tunneling Virtual server via Direct Routing Very Fast Failover support If you're on Linux you should definitely check out LVS! http://www.austintek.com/lvs/lvs-howto/howto/
Software for Load Balancing Balance Generic TCP Proxy with load balancing and failover mechanisms. Listen on port 80 and distribute connections to 192.168.1.30 and 31: # balance http 192.168.1.30 192.168.1.31 Set the maximum number of simultaneaus connections for each node to 100. Balance will fail over to 192.168.1.32 if the first two nodes fail. # balance http 192.168.1.30::100 192.168.1.31::100! 192.168.1.32::100 Project page: http://balance.sourceforge.net/
Hardware for Load Balancing Cisco LocalDirector Transparently sits between servers and external LAN TCP/IP connections, not just HTTP Nortel (Alteon) Application Switch 8x 1 GB Up to 51K sessions / sec. ~ $ 25000 F5 / BigIP Local Traffic Management BSDi modified kernel running on Intel architecture. Sold as black box. Several load balancing models.
Redirectors Apache's mod_rewrite: ## httpd.conf RewriteMap servers rnd:/path/to/your/server/server.txt RewriteRule ^(.*)$ http://${server:backend}$1 [P] ## server.txt backend 192.168.1.20 192.168.1.21 192.168.1.22
CARP CARP (Common Address Redundancy Protocol) Introduced by OpenBSD in October 2003 Allows nodes in a local network to share a set of IP addresses. Can be configured in Master / Slave mode (preemptive) or in Balance mode. Available for *BSD only.