Installation guide
the problem of grouping together connections destined for different ports. For these situations, it is best
to use firewall marks.
1.5.2. Firewall Marks
Firewall marks are an easy and efficient way to a group ports used for a protocol or group of related
protocols. For instance, if LVS is deployed to run an e-commerce site, firewall marks can be used to
bundle HT T P connections on port 80 and secure, HT T PS connections on port 443. By assigning the
same firewall mark to the virtual server for each protocol, state information for the transaction can be
preserved because the LVS router forwards all requests to the same real server after a connection is
opened.
Because of its efficiency and ease-of-use, administrators of LVS should use firewall marks instead of
persistence whenever possible for grouping connections. However, administrators should still add
persistence to the virtual servers in conjunction with firewall marks to ensure the clients are reconnected
to the same server for an adequate period of time.
1.6. LVS — A Block Diagram
LVS routers use a collection of programs to monitor cluster members and cluster services. Figure 1.5,
“LVS Components” illustrates how these various programs on both the active and backup LVS routers
work together to manage the cluster.
Figure 1.5. LVS Components
The pulse daemon runs on both the active and passive LVS routers. On the backup router, pulse
sends a heartbeat to the public interface of the active router to make sure the active router is still
properly functioning. On the active router, pulse starts the lvs daemon and responds to heartbeat
queries from the backup LVS router.
Once started, the lvs daemon calls the ipvsadm utility to configure and maintain the IPVS routing table
in the kernel and starts a nanny process for each configured virtual server on each real server. Each
Chapter 1. Linux Virtual Server Overview
17