How to Configure Integrated Load Balancer (ILB) in Solaris 11
Integrated Load Balancer (ILB) provides Layer 3 and Layer 4 load-balancing capabilities for Oracle Solaris installed on SPARC and x86-based systems. It is managed by the svc:/network/loadbalancer/ilb:default service. It intercepts incoming requests from clients, decides which back-end server should handle the request based on load-balancing rules, and then forwards the request to the selected server. It also performs optional health checks and provides the data for the load-balancing algorithms to verify whether the selected server can handle the incoming request. ILB spreads workload directed to the server across multiple servers.
The following are the key features of ILB:
- Supports stateless Direct Server Return (DSR) and Network Address Translation (NAT) modes of operation for IPv4 and IPv6
- Enables ILB administration through a command-line interface (CLI)
- Provides server monitoring capabilities through health checks
ILB enables:
- Clients to ping virtual IP (VIP) addresses
- You to add and remove servers from a server group without interrupting service
- You to configure session persistence (stickiness)
- You to perform connection draining
- Load-balancing of TCP and UDP ports
- You to specify independent ports for virtual services within the same server group
- You to load balance a simple port range
- Port range shifting and collapsing
Installing ILB
ILB has two portions, the kernel and the userland. The kernel portion is automatically installed as part of the Oracle Solaris 11 installation. To obtain the userland portion of ILB, you must manually install the ilb package by using the “pkg install ilb” command.
# pkg install ilb
ILB Operation Modes
ILB supports the following modes of operation for IPv4 and IPv6, in single-legged and dual-legged topologies:
- Stateless Direct Server Return (DSR) topology
- Network Address Translation (NAT) mode (full-NAT and half-NAT) topology
ILB Operation Modes: DSR
In DSR mode, ILB balances incoming requests to the back-end servers, but allows the return traffic from the servers to the clients to bypass it. However, you can also set up ILB to be used as a router for the back-end server. In this case, the response from the back-end server to the client is routed through the machine that is running ILB.
With stateless DSR, ILB does not save any state information of the processed packets, except basic statistics. Because ILB does not save any state in this mode, the performance is comparable to the normal IP-forwarding performance. This mode is best suited for connectionless protocols.
ILB Operation Modes: NAT
ILB uses NAT in stand-alone mode strictly for load balancing. In this mode, ILB rewrites the header information and handles incoming as well as outgoing traffic. ILB operates in both half-NAT and full-NAT modes.
In the half-NAT and full-NAT modes, ILB matches the response from the back-end server to the incoming request, and replaces the changed IP address and the transport protocol port number with that of the original incoming request. ILB then forwards the response to the client. Essentially, both modes rewrite the destination IP address. However, full-NAT also rewrites the source IP address, making it appear to the server that all connections are from the load balancer.
Enabling and Disabling ILB
1. Enable the appropriate forwarding service: either IPv4 or IPv6, or both of them. Note that this command produces no output when successful.
# ipadm set-prop -p forwarding=on ipv4 # ipadm set-prop -p forwarding=on ipv6
2. Enable the ILB service.
# svcadm enable ilb
3. Disable the ILB service.
# svcadm disable ilb
4. Verify that the ILB service is enabled or disabled.
# svcs ilb
Configuring ILB
1. Set up the back-end servers.
# route add -p default 192.168.1.21
2. Set up the server group in ILB.
# ilbadm create-sg -s servers=192.168.1.50,192.168.1.60 srvgrp1
3. Set up the simple health check called hc-srvgrp1.
# ilbadm create-rule -e -p -i vip=10.0.2.20,port=5000 –m \ lbalg=rr,type=half-nat,pmask=32 -h hc-name=hc-srvgrp1 \ -o servergroup=srvgrp1 rule1_rr
No comments:
Post a Comment