Release to Production – Network Hosting Specialists Wednesday, August 20, 2008
Release to Production - Network Hosting Specialists
Articles
Secrets of The World's Greatest Unsticky Organic Web Farm

Overview
Ultramonkey is a project to provide a free, open source load balancing software. Ultramonkey is really a combination of existing proven technologies: Linux Virtual Server for fast load balancing, ldirectord for service monitoring and Linux-HA “heartbeat” for those who require a high availability pair of load directors.

Version 3 of Ultramonkey has been tested on Debian Sarge and Red Hat Enterprise Linux 3. We prefer to use Debian Sarge since it provides a lean “appliance-like” footprint.

Preparation and Terminology
Our load balancers are called load directors or simply “directors”. We have two for high availability, but only one director is active or “in charge” of doing the load balancing at a time. We call the main director the primary node and its backup is the secondary node. Should the primary node fail, the secondary node will detect a loss of “heartbeat” and will take control of the load balancing services. If the primary node comes back on later, it will remain as a standby until we manually intervene to make it the active node again.

We have chosen a pair of Dell 850s as the hardware for our directors. Any type of hardware can be used, though they should be identical. Each director should have a single network interface and a serial port.

The network interface should be connected to the same logical network as the application servers in the farm. The serial ports should be connected together with a null modem cable.

Decide how many services you will be load balancing. Each load balanced service will have a unique IP Address and port called the “VIP” or virtual IP. The virtual IP is exposed to the Internet at the firewall. The application servers will each have a real IP or “RIP” that the director will point to.

For example, let’s say I have two websites I would like to load balance, each with two real servers behind them in the web farm.

Website 1

Virtual IP of website 1: 10.0.0.100/24
Real IP of website 1 on application server 1: 10.0.0.101/24
Real IP of website 1 on application server 2: 10.0.0.102/24

Website 2

Virtual IP of website 2: 10.0.0.200/24
Real IP of website 2 on application server 1: 10.0.0.201/24
Real IP of website 2 on application server 2: 10.0.0.202/24

Installation
Install Debian Sarge on both directors, choosing an option with a minimal number of packages. Verify the names of your directors by typing the following command:

uname – n

Our directors are named “jackson” and “spielberg”. The primary node is “jackson” and “spielberg” is the secondary. These names will be used later in the configuration so it’s important that each is unique and that you decide which will be the primary.

Edit /etc/modules and add the following line:

ip_vs_core

Edit /etc/apt/sources.list and add the following line to the top:

deb http://www.ultramonkey.org/download/3/ sarge main

Run the following:

apt-get update
apt-get install ultramonkey

Select “No” when asked to configure ipvsadm.rules
Select “None” when asked to configure the synchronization daemon

Configure Forwarding
Add the following line to /etc/sysctl.conf:

net.ipv4.ip_forward = 1

Type the following command to enable forwarding:

/sbin/sysctl –p net.ipv4.ip_forward = 1

Configure Heartbeat
We configure heartbeat to operate over two links: eth0 (the network) and /dev/ttys0 (the serial port). Create the file /etc/ha.d/ha.cf on both servers, replacing “jackson” and “spielberg” with the names of your directors, with the primary node listed first. Note the content of this file should be identical on both directors.

debugfile /var/log/ha-debug
logfile /var/log/ha-log
logfacility local0
keepalive 2
deadtime 10
warntime 8
serial /dev/ttyS0
baud 38400
udpport 694
bcast eth0
auto_failback off
node jackson spielberg

Next, create the file /etc/ha.d/haresources, replacing “jackson” with the name of your primary node and the IP address and subnet mask with that of each of your virtual IP addresses that are being load balanced. There should be one line per VIP. The content of this file is identical on both directors.

jackson IPaddr::10.0.0.100/24/eth0 ldirectord::ldirectord.cf
jackson IPaddr::10.0.0.200/24/eth0 ldirectord::ldirectord.cf

Finally, create the file /etc/ha.d/authkeys. Replace “MyUltraSecretKeyGoesHere” with a random SHA hash of 32 characters. You can generate one using genauthkey or some other method. Again, the content of the file, including the hash, must be identical on each director.

auth 1
1 sha1 MyUltraSecretKeyGoesHere

Change permissions on the authkeys file with the following command:.

chmod 600 /etc/ha.d/authkeys

LDirectord
Ldirectord handles the load balancing and only one director can do this at a time. Therefore, ldirectord should not be configured to start automatically on either director. Heartbeat will determine which node is “in charge” and starts ldirectord on the appropriate node.

To disable the automatic starting of ldirectord, type the following:

/usr/sbin/update-rc.d heartbeat start 2 3 4 5 .
/usr/sbin/update-rc.d –f ldirectord remove

And make sure ldirectord is not running:

/etc/init.d/ldirectord stop

Next, create the file /etc/ha.d/conf/ldirectord.cf. The content should be identical on both directors.

checktimeout=5
checkinterval=10
autoreload=yes
quiescent=no

virtual=10.0.0.100:80
real=10.0.0.101:80 gate
real=10.0.0.102:80 gate
checktype=negotiate
service=http
request="testdirector.htm"
receive="Hello"
protocol=tcp
scheduler=wlc

virtual=10.0.0.200:80
real=10.0.0.201:80 gate
real=10.0.0.202:80 gate
checktype=negotiate
service=http
request="testdirector.htm"
receive="Hello"
protocol=tcp
scheduler=wlc

Application Servers
We are done with our director configuration! Before we start load balancing, there are a few things we need to do on our application servers.

First, the director will only send new requests to application servers that are working. We’ve told our director to test to see if an application server is working by loading the web file “testdirector.htm” and looking for the word “Hello”.

Create the file testdirector.htm in the website root of each website on each application server. Add the text “Hello” to the file.

Loopback Adapter
The secret ingredient in all of this is the clever use of IP trickery involving the Loopback Adapter. We are going to give each application server the same IP address as the VIP on the load director. To prevent IP address conflicts on the network, we suppress ARP on the application servers for that IP. This allows the application server to behave as if it received a request directly whenever new connections are forwarded to it by the director.

Install the Microsoft Loopback Adapter:

Control Panel
Add/Remove Hardware
Add/Troubleshoot a device
Add a new device
No, I want to select the hardware from a list
Network Adapters
Manufacturers, Microsoft, Microsoft Loopback Adapter
Finish

Configure TCP/IP properties:

Right click on the Loopback adapter, select Properties
Deselect all checkboxes except Internet Protocol (TCP/IP)
Select Properties for TCP/IP
IP address - same as the virtual IP on the load director(s)
Subnet mask - 255.0.0.0 (no matter what your actual mask is)
Default gateway - blank
DNS servers - blank
Advanced, Interface Metric - 254
WINS - Disable Netbios over TCP/IP
Note: If load balancing multiple IPs, repeat for each VIP addresses.

Configure IIS:

Select Website Properties, Website tab
Enter the real IP address of the server assigned for this website (not the VIP address). This must match the real IP using in the ldirectord.cf file
Advanced, Multiple identities for this website, Add
Select the port and VIP assigned to the Loopback adapter, OK
You should now see first the real IP then the virtual IP listed under multiple identities for this website
Note: Repeat under the Multiple SSL identities for this website if using SSL

View State
In order for the View State to work across our web farm, each web server must use the same keys for encryption. These values are configured in the machine.config file in the section.

Refer to the following Microsoft knowledge base article for detailed instructions on how to create the keys and update the configuration file. Again, you want to generate a single set of keys that is used on all your web servers.

How to create keys by using Visual C# .NET for use in Forms

Moment of Truth
Go back to your directors and start heartbeat on the primary node. This will start ldirectord and load balancing:

/etc/init.d/heartbeat start

Verify the status of your load balancing services with the following command:

/sbin/ipvsadm – L –n

The output should be similar to the following: 

Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port		Forward Weight ActiveConn InActConn
TCP  10.0.0.100:80 wlc
-> 10.0.0.101:80              Route   1      0          0         
-> 10.0.0.102:80              Route   1      0          0         
TCP  10.0.0.200:80 wlc
-> 10.0.0.201:80              Route   1      0          0         
-> 10.0.0.202:80              Route   1      0          0

Resources
For more information, try these websites:

Ultramonkey
Linux HA
Linux Virtual Server
Loadbalancer.org (sells load directors)

[Privacy] [Site Map] [Home] [Contact] © 2008 Release To Production. All Rights Reserved. Call 1-866-207-5547