In certain situations, it may be desirable for a client to
reconnect repeatedly to the same real server, rather than have an
LVS load balancing algorithm send that request to the best
available server. Examples of such situations include multi-screen
web forms, cookies, SSL, and FTP connections. In these cases, a
client may not work properly unless the transactions are being
handled by the same server to retain context. LVS provides two
different features to handle this: persistence and firewall
marks.
When enabled, persistence acts like a timer. When a client
connects to a service, LVS remembers the last connection for a
specified period of time. If that same client IP address connects
again within that period, it is sent to the same server it
connected to previously — bypassing the load-balancing
mechanisms. When a connection occurs outside the time window, it is
handled according to the scheduling rules in place.
Persistence also allows the administrator to specify a subnet
mask to apply to the client IP address test as a tool for
controlling what addresses have a higher level of persistence,
thereby grouping connections to that subnet.
Grouping connections destined for different ports can be
important for protocols which use more than one port to
communicate, such as FTP. However, persistence is not the most
efficient way to deal with the problem of grouping together
connections destined for different ports. For these situations, it
is best to use firewall marks.
Firewall marks are an easy and efficient way to a group ports
used for a protocol or group of related protocols. For instance, if
an LVS cluster is deployed to run an e-commerce site, firewall
marks can be used to bundle HTTP connections on port 80 and secure,
HTTPS connections on port 443. By assigning the same firewall mark
to the virtual server for each protocol, state information for the
transaction can be preserved because the LVS router forwards all
requests to the same real server after a connection is opened.
Because of its efficiency and ease-of-use, administrators of LVS
clusters should use firewall marks instead of persistence whenever
possible for grouping connections. However, administrators should
still add persistence to the virtual servers in conjunction with
firewall marks to ensure the clients are reconnected to the same
server for an adequate period of time.