[NCLUG] Tuesday April 10th, 2017 NCLUG Meeting

Sean Reifschneider jafo00 at gmail.com
Wed Apr 11 15:58:28 MDT 2018

I've also used IPVS in the past, it works pretty well for many things.  In
particular, a "DR" (direct routing) configuration can be extremely high
performance, because it only has to handle incoming packets and responses
are sent directly back to the client instead of coming back through the

I had problems in the distant past with one of the ipvs tools written in
perl, whos' name I can't recall, which would occasionally go out to lunch
and have to be restarted.  It was fine as long as no configs were changing,
because that was all handled by the in kernel code.  But once the config
changed and you tried to apply it, it would just freak out.

There's another method that is kind of "distributed load balancing" using
an iptables module which I can't find the name of at the moment, which
works by using the remote IP address to decide if a machine should block or
accept a packet, so you have have 10 machines all with the same IP on it,
but only one of those 10 will process that packet.

I've been using haproxy a lot for the last year or two and it's really
great.  I love the web interface for checking status, that I can load
balance based on layer 7 things including what SSL cert or name was used,
parts of the URL, and the like.  It's been extremely reliable.  I also use
health checks and agent checks to take machines in and out of the load.  I
can touch a file on the system that causes the agent to take a system out
of the load, for example, and only return back to the load when it is
healthy and that file has been removed.  It's also really easy to use
LetsEncrypt for all systems behind a haproxy load balancer with the haproxy
holding the key and doing the challenge/auth for LE.  With all the
capabilties of haproxy we were able to go down from over a dozen IPs
between production and dev/stg, to a single IP for prod and one more for
dev/stg (hosted at different locations).  That was nice.  :-)

We use keepalived for HA/fail over.

There are a lot of other proxies out there.  nginx can do it, IIRC.  caddy
I've heard good things about https://caddyserver.com/

On Tue, Apr 10, 2018 at 7:19 PM Bob Proulx <bob at proulx.com> wrote:

> jdewitt at verinet.com wrote:
> > What: Tuesday April 10th, 2017 NCLUG Meeting
> > When: Tuesday April 10th, 2017, 6pm
> > Where: Fort Collins Creator Hub,
> >   1304 Duff Dr Unit 15, Fort Collins, CO; map:
> > Topic:  Short Topics!
> We were few in prearranged topics and therefore chitter-chattered for
> the first 20 minutes while people trickled into the new classroom
> area.  The new classroom area is further in through the sliding glass
> doors.  If you arrive late and don't see anyone please keep walking
> and look through those doors into the next room.
> Then things really got going when Nathan gave a talk on creating new
> bash completions.  Bash is the default command line shell on most
> distributions.  Bash completion is a way to add custom TAB completion
> to the command line.  Nathan said that while documentation was a
> little hard to locate that the actual task was relatively straight
> forward and he found it easy to make some custom TAB completion for
> his creations.  After watching his demos I know I am more likely to
> create bash completions for my own stuff.
> Marc then talked about IPVS.  According to the web page "IPVS (IP
> Virtual Server) implements transport-layer load balancing inside the
> Linux kernel, so called Layer-4 switching.  IPVS running on a host
> acts as a load balancer at the front of a cluster of real servers, it
> can direct requests for TCP/UDP based services to the real servers,
> and makes services of the real servers to appear as a virtual service
> on a single IP address."  Marc gave a tour of how he is using it.  He
> liked it and said that it is working well for them.  At the time they
> implemented this they were getting thousands of connections for smtp
> and this was a solution to be able to scale out to handle it.
>   http://www.linuxvirtualserver.org/software/ipvs.html
> Aaron talked briefly, a standing talk, about using HA Proxy.  HA Proxy
> is doing a similar task to IPVS but doing so in user space rather than
> in the Linux netfilter.
> James teased us with some talk of his recent experiences with
> Kubernetes.  Hopefully next month he will have some demos for us.
> For a change of dinner pace the group decided to try out the new
> Panhandler's under new ownership and at a new location at 2721
> S. College Ave.  None of us have been there yet.
> _______________________________________________
> NCLUG mailing list       NCLUG at lists.nclug.org
> To unsubscribe, subscribe, or modify
> your settings, go to:
> http://lists.nclug.org/mailman/listinfo/nclug

More information about the NCLUG mailing list