11.4 High availability for the ISPCompany example

ISPCompany's ISP division offers its small company clients a very successful static Web-page-serving service, by using the marketing slogan "Anyone in the world, day or night, can find out about your company and its services." By guaranteeing the 24x7 availability, they have differentiated themselves from the competition and have been able to attract a number of smaller businesses to using this service. The real value to ISPCompany is that these clients become excellent candidates for outsourcing a dynamic Web-page-serving environment that is even more profitable.

The design in Figure 11-5 is their implementation of the Linux virtual server (LVS) cluster technology. Most of this design is a pretty obvious cluster implementation with a workload balancer front-end (in its own hot-standby configuration). In the simple discussion in 11.3.1, "Linux image redundancy" we glossed over a rather interesting challenge. When the primary workload balancer image fails, how do users who already know its IP address manage to connect to the hot-standby image?

Many users of LVS use the program FAKE to connect users to the hot-standby image. In Figure 11-5 you probably noticed the existence of an extra server, called the DNS (Domain Name Server). Among its functions is helping others to locate a specific machine by giving a translation from the IP address to the corresponding hardware LAN adapter address. The DNS can be primed with a lookup table, or dynamically learn the relationship from machines as they become active. There is a type of IP message, an address resolution protocol (ARP), that lets a machine "shout" to the local world: "I'm IP address x.y.z and my physical adapter LAN address is 123456789" (actually it is a large hex number).

FAKE relies on the fact that the DNS will listen to the latest "shout" and use it to further route messages. So, in our particular case, both the primary and secondary workload servers have two IP adapters (for symmetry, both have two.) The normal adapter on the hot standby is the address by which anyone can talk to it, in its standby role. However, once the primary image fails, the secondary image starts broadcasting ARPs, using the primary image's IP address and substituting the hardware address of its own backup LAN adapter. In fact, all the new workload manager's traffic will be done in this "fake" mode.

The Linux Primary image of Figure 11-6 uses the service's IP name as its normal attachment to the LAN. The backup attachment to the LAN is not really needed.

The Linux Secondary image of Figure 11-6 uses its unique real name as its normal attachment to the LAN. Therefore, it is possible to perform a heartbeat and communicate with this Linux Secondary image via this LAN attachment. The backup attachment to the LAN is used to ARP-out the Linux Primary image's IP address, claiming that it should be resolved to this backup LAN MAC address.

A source for additional information on the FAKE process can be found by looking for the LVS tool in Table 25-6 in Chapter 25, "Systems Management Tools."

There is another, more elegant and effective approach for IP takeover available on the zSeries, called VIPA (Virtual IP Address). For a source of more information on VIPA, see Table 25-6 in Chapter 25, "Systems Management Tools."