IPVSADM (8)
administer the routing table on a Linux Virtual Server
SYNOPSIS
ipvsadm -[A|E] -[t|u] \fIservice-address\fP [-s \fIscheduler\fP]
[-p [\fItimeout\fP]] [-M [\fInetmask\fP]]
ipvsadm -D -[t|u] \fIservice-address\fP
ipvsadm -C
ipvsadm -[a|e] -[t|u] \fIservice-address\fP -r \fIserver-address\fP
[-g|-m|-i] [-w \fIweight\fP]
ipvsadm -d -[t|u] \fIservice-address\fP -r \fIserver-address\fP
ipvsadm -[L|l] [-n]
ipvsadm -h
DESCRIPTION
Use ipvsadm(8) to build a Linux Virtual Server (LVS) based on a
cluster of two or more nodes. The active node of the cluster
redirects service requests to a collection of server hosts that will
actually perform the services. You use ipvsadm(8) to set up,
maintain or inspect the kernel routing table. Supported features
include two protocols (TCP and UDP), three packet-forwarding methods
(NAT, tunneling, and direct routing), and four load balancing
algorithms (round robin, weighted round robin, least-connection and
weighted least-connection).
The command has these two basic versions:
ipvsadm COMMAND [protocol] service-address [scheduling-method] [persistent-timeout]
ipvsadm command [protocol] service-address server-address [packet-forwarding-method] [server-capacity]
The first version adds a public service address (a host address and
port associated with a service request rather than a specific network
host) to the kernel routing table and specifies the method for
assigning service requests to hosts and the persistent timeout. The
second version associates an existing public service address in the
table with the addresses of the server hosts to which requests for
service may be redirected. This version also indicates the
packet-forwarding method and the capacity of the server hosts relative
to one another.
ipvsadm(8) recognizes the commands described below. Upper-case
commands maintain public service addresses. Lower-case commands
maintain the associations between a service address and the network
hosts to which requests for service are redirected.
-A
Add a public service address to the routing table. A service address is
uniquely defined by a triplet: IP address, port number, and protocol type.
-D
Delete a service address from the routing table, along with any associated
server hosts added with the -a command.
-C
-a
Associate an existing public service address with a server host to which
the service may be redirected.
-d
Remove a server from the pool of hosts to which a service may be redirected.
-L, -l
Display the routing table.
-h
Help. Display a description of the command syntax.
The commands above accept or require zero or more of the following
parameters.
-t, --tcp-service \fIservice-address\fP
Use TCP service. The service-address is a host and port
associated with a service to be redirected. Host can be either
a plain IP address or a hostname. Port can be either a plain port
number or the service name of port.
-u, --udp-service \fIservice-address\fP
Use UDP service. See the -t (tcp-service) for the description of
the service-address.
-s, --scheduler \fIscheduling-method\fP
scheduling-method is the algorithm for distributing the jobs to servers:
rr - robin robin: distribute jobs equally among the available servers.
wrr - weighted round robin: assign more jobs to servers with
larger capacity (i.e., assign jobs in decending order by weight).
lc - least-connection: assign more jobs to servers with fewer active
jobs.
wlc - weighted least-connection: assign more jobs to servers with
fewer active jobs relative to their capacity (i.e., number of active jobs
divided by weight). This is the default.
-p, --persistent [\fItimeout\fP]
Persistent port. If this switch is specified, multiple requests from a client
are redirected to the same server each time (the one selected for the first
request). The timeout of persistent sessions can be specified by the
values in seconds, the default is 300 seconds. Use this option to solve
problems with cookies, SSL, or FTP with tunneling or direct routing.
-M, --netmask \fInetmask\fP
For persistent ports, allows you to specify the granularity at which the
clients are grouped. The source address of the request is masked with this
netmask to, for example, direct all clients from a /24 network to the same
real server. The default is 255.255.255.255, which means that the
persistence granularity is per client host. Use this option to solve
problems with non-persistent cache clusters on the client side.
-r, --real-server \fIserver-address\fP
Real server that an associated request for service may be assigned to.
The server-address is the host address of a real server,
and may plus port. Host can be either a plain IP address
or a hostname. Port can be either a plain port number or the
service name of port. In the case of the masquerading method, the
host address is usually a private IP address, and the port can be
different from that of the associated service. If port is not
specified, the port specified in the service address will be
used. With the tunneling and direct routing methods, port must
be equal to that of the service address.
[packet-forwarding-method]
-g, --gatewaying Use gatewaying (direct routing). This is the default.
-m, --masquerading Use masquerading (network access translation, or NAT).
-i, --ipip Use ipip encapsulation (tunneling).
-w, --weight \fIweight\fP
weight is an integer (default 1) specifying the processing
capacity of a server relative to that of others in the pool. The
valid values of weight is from 0 through 65535. The server with
weight=0 is "quiesced" and receives no new jobs but still serves the
existing jobs. It is useful to cool down overloaded servers or get
some servers out of service for maintenance.
-n, --numeric
Numeric output. IP addresses and port numbers will be printed in
numeric format. By default, the program will try to display them as
host names, network names, or services (whenever applicable).
EXAMPLE
The following commands configure a redirector host to distribute
incoming Web requests addressed to port 80 on 207.175.44.110 equally
to port 80 on five Web server hosts. The networking model for this
example is NAT with each of the real servers being masqueraded by the
LVS.
ipvsadm -A -t 207.175.44.110:80 -s rr
ipvsadm -a -t 207.175.44.110:80 -r 192.168.10.1 -m
ipvsadm -a -t 207.175.44.110:80 -r 192.168.10.2 -m
ipvsadm -a -t 207.175.44.110:80 -r 192.168.10.3 -m
ipvsadm -a -t 207.175.44.110:80 -r 192.168.10.4 -m
ipvsadm -a -t 207.175.44.110:80 -r 192.168.10.5 -m
The default route of the Web server hosts must be set to the
redirector box, and the redirector box must be configured to forward
the masquerading packets.
echo "1" > /proc/sys/net/ipv4/ip_forward
ipchains -A forward -j MASQ -s 192.168.10.0/24 -d 0.0.0.0/0
FILES
SEE ALSO
AUTHORS
ipvsadm - Wensong Zhang <wensong@iinchina.net>
Peter Kese <peter.kese@ijs.si>
man page - Mike Wangsmo <wanger@redhat.com>
Wensong Zhang <wensong@iinchina.net>
|