Viability of nginx instead of hardware load balancer?
david at icewatermedia.com
Thu Sep 24 23:57:03 MSD 2009
For that you would likely want the DC to setup HSRP so you would have port
fail over, which would allow for a re-arp, but preventing a "arpstorm"
From: owner-nginx at sysoev.ru [mailto:owner-nginx at sysoev.ru] On Behalf Of
Sent: Thursday, September 24, 2009 12:32 PM
To: nginx at sysoev.ru
Subject: Re: Viability of nginx instead of hardware load balancer?
Another problem with the floating ip is locking arp. The routers on my host
lock the arp for a given ip to whichever mac address it first hears claiming
to have that ip, so I can't switch ips on the same segment between machines
without talking to them first (or presumably letting the arp entry expire)
On Thu, Sep 24, 2009 at 6:04 PM, Payam Chychi <pchychi at gmail.com> wrote:
> On Thu, Sep 24, 2009 at 8:46 AM, Gabriel Ramuglia <gabe at vtunnel.com>
>> My experiences with spread were less than stellar, but instead of
>> going into that, I'll just give a piece of advice. Spread first tries
>> to communicate using multicast, and then falls back to broadcasting.
>> At my hosting provider, since their equipment didn't support
>> multicast, this meant that, even though communications were only
>> going between two computers and did not need to be broadcast to
>> everyone, all communications were being broadcast to everyone on the
>> subnet. It didn't take long before my hosting provider null routed my
>> server. You can override this behaviour by telling spread to
>> communicate using unicast, but this only works if there is only one
>> destination for each source piece of information.
>> Just something to keep in mind
>> On Thu, Sep 24, 2009 at 4:04 PM, Barry Abrahamson <barry at automattic.com>
>>> On Sep 17, 2009, at 5:49 AM, John Moore wrote:
>>>> It certainly does, thanks! Could I trouble you to explain a little
>>>> more about your use of Wackamole and Spread? I've not used either of
>>> There is a How-to here:
>>> You are just using nginx instead of HAProxy, but the Wackamole and
>>> Spread portion still applies.
>>> Scalable Internet Architectures (
>>> gle/dp/067232699X ) also has a section on how this works.
>>>> Also, is there any reason why a hosting company would have problems
>>>> with such a setup (i.e., this won't be running in our hardware on
>>>> our premises, but we have full control of Linux servers).
>>> Yes, you have to be a little careful here and ask questions up
>>> front. A lot of hosting companies segment their switches such that
>>> each port is it's own VLAN which means you can't "float" IPs between
>>> ports which is what you need for this to work. If you tell your
>>> hosting company what you are trying to do and tell them that you
>>> need to be able to have IPs which are programmatically moved between
>>> switch ports they should be able to tell you if this is possible or
>>> not. Some hosts may require you have some sort of "private rack" or
other upgrade to make this possible.
>>> Barry Abrahamson | Systems Wrangler | Automattic
>>> Blog: http://barry.wordpress.com
> why not just ask for your own private vlan? a private vlan will not
> only create a boundry around your unciast/broadcast traffic but it
> will also allow you to have your own ip unshared ip space (as appose
> to shared vlan/shared ip space). Also, private vlan will give you the
> frameworkf or moving your ip space anywhere you want inside the
> In regards to floating ip, just hava them provision you on a layer2
> segment, that will allow you to have multiple ports on their netowrk,
> in the same private vlan, in different locations
> Payam Tarverdyan Chychi
> Network Security Specialist / Network Engineer
More information about the nginx