How a virtual IP address works (Windows/Linux)?

Evidian SafeKit

How a primary/secondary virtual IP address works in the same subnet?

Case of a mirror cluster with 2 Windows or Linux servers

In a mirror cluster, a primary/secondary virtual IP address is required to reroute clients in case of failover.

How a primary/secondary virtual IP address works in a same subnet ?

When both servers of the cluster are in the same subnet, the virtual IP address is set on the Ethernet card of the primary server (through IP aliasing). The virtual IP address is a third IP address coming in addition to the two physical IP addresses of server 1 and server 2. Note that with SafeKit, several virtual IP addresses can be set in the cluster on the same Ethernet card or on different Ethernet cards.

If server 1 is the primary server, then the virtual IP address is associated to the Ethernet MAC address of server 1 in the clients ARP caches: mac1 in the figure. If there is a failure of server 1 and a failover on server 2, SafeKit automatically sends gratuitous ARP to reroute clients ARP caches with the Ethernet address mac2 of server 2. Thus, clients are reconnected to server 2 running the application which has been restarted on this server by the SafeKit clustering mechanisms.

When two servers are in remote sites, the previous virtual IP address algorithms are working if they are connected in the same subnet through an extended LAN/VLAN. This is the simplest use case for remote sites.

How a primary/secondary virtual IP address works in different subnets?

Case of a mirror cluster with 2 Windows or Linux servers

How a primary/secondary virtual IP address works in differents subnets?

If the servers are in differents subnets, the virtual IP address can be set at the level of a load balancer. The load balancer is configured with the two physical IP addresses of the two servers in their respective subnets. And the load balancer routes the traffic according a health check to servers.

The health check is based on a URL managed by SafeKit servers and answering OK or NOT FOUND according the status of a server. If the server is SECOND, the SafeKit health check returns NOT FOUND. Thus no traffic is sent by the load balancer to the secondary server. And if the server is PRIM, then the SafeKit health check returns OK. Thus all the traffic is sent by the load balancer to the primary server. In case of failover, SafeKit changes its answers to the health check. Thus the traffic of the load balancer is rerouted.

This implementation is the one used in SafeKit mirror-like solutions in the Cloud: Amazon AWS, Microsoft Azure and Google GCP.

How a load balanced virtual IP address works in the same subnet?

Case of a farm cluster with 2 Windows or Linux servers

How a load balanced virtual IP address works in the same subnet?

In a load balancing farm cluster, a virtual IP address is required to load balance clients requests and to reroute clients in case of failover. In this example, we consider only two servers but the solution works with more than two servers.

When both servers of the cluster are in the same subnet, the virtual IP address is set on the Ethernet card of both servers (IP aliasing).

In the ARP cache of clients, the virtual IP address is associated to the Ethernet MAC address of one server: mac1 of server1 in the figure. A filter inside the kernel of server 1 receives the traffic and split it according the identity of the client packets (client IP address, client TCP port).

If there is a failure of server 1, SafeKit sends gratuitous ARP to reroute clients ARP caches with the Ethernet address mac2 of server 2. Thus, clients are reconnected to server 2.

When two servers are in remote sites, the previous virtual IP address algorithms are working if they are connected in the same subnet through an extended LAN/VLAN. This is the simplest use case for remote sites.

How a load balanced virtual IP address works in different subnets?

Case of a farm cluster with 2 Windows or Linux servers

How a load balanced virtual IP address works in different subnets?

If the servers are in differents subnets, the virtual IP address can be set at the level of a load balancer. The load balancer is configured with the two physical IP addresses of the two servers in their subnets. And the load balancer routes the traffic according load balancing rules (client IP address, client TCP port) and according a health check to servers.

The health check is based on a URL managed by SafeKit servers and answering OK or NOT FOUND according the status of a server. If the server is UP, the SafeKit health check returns OK, else NOT FOUND. In case of failover, SafeKit does not answer anymore OK to the health check on the failed server. Thus the traffic of the load balancer is rerouted.

This implementation is the one used in SafeKit farm-like solutions in the Cloud: Amazon AWS, Microsoft Azure and Google GCP.

Note that there is another solution by rerouting at the DNS level. But this solution is not working in most cases because the prerequisite is that clients makes a DNS resolution after a failover to be rerouted to the new server. Most often, they do not and continue their execution with the IP address resolved when they started.

SafeKit: an ideal solution for a partner application

This platform agnostic solution is ideal for a partner with a critical application and who wants to provide a redundancy and high availability option easy to deploy to many customers.

This clustering solution is also recognized as the simplest to implement by our partners.

How the SafeKit mirror cluster works?

Step 1. Real-time replication

Server 1 (PRIM) runs the application. Clients are connected to a virtual IP address. SafeKit replicates in real time modifications made inside files through the network. 

File replication at byte level in a mirror cluster

The replication is synchronous with no data loss on failure contrary to asynchronous replication.

You just have to configure the names of directories to replicate in SafeKit. There are no pre-requisites on disk organization. Directories may be located in the system disk.

Step 2. Automatic failover

When Server 1 fails, Server 2 takes over. SafeKit switches the virtual IP address and restarts the application automatically on Server 2.

The application finds the files replicated by SafeKit uptodate on Server 2. The application continues to run on Server 2 by locally modifying its files that are no longer replicated to Server 1.

Failover in a mirror cluster

The failover time is equal to the fault-detection time (30 seconds by default) plus the application start-up time.

Step 3. Automatic failback

Failback involves restarting Server 1 after fixing the problem that caused it to fail.

SafeKit automatically resynchronizes the files, updating only the files modified on Server 2 while Server 1 was halted.

Failback in a mirror cluster

Failback takes place without disturbing the application, which can continue running on Server 2.

Step 4. Back to normal

After reintegration, the files are once again in mirror mode, as in step 1. The system is back in high-availability mode, with the application running on Server 2 and SafeKit replicating file updates to Server 1.

Return to normal operation in a mirror cluster

If the administrator wishes the application to run on Server 1, he/she can execute a "swap" command either manually at an appropriate time, or automatically through configuration.

Typical usage with SafeKit

Why a replication of a few Tera-bytes?

Resynchronization time after a failure (step 3)

  • 1 Gb/s network ≈ 3 Hours for 1 Tera-bytes.
  • 10 Gb/s network ≈ 1 Hour for 1 Tera-bytes or less depending on disk write performances.

Alternative

  • For a large volume of data, use external shared storage with a hardware clustering solution.
  • More expensive, more complex.

Why a replication < 1,000,000 files?

  • Resynchronization time performance after a failure (step 3).
  • Time to check each file between both nodes.

Alternative

  • Put the many files to replicate in a virtual hard disk / virtual machine.
  • Only the files representing the virtual hard disk / virtual machine will be replicated and resynchronized in this case.

Why a failover < 25 replicated VMs?

  • Each VM runs in an independent mirror module.
  • Maximum of 25 mirror modules running on the same cluster.

Alternative

  • Use an external shared storage and another VM clustering solution.
  • More expensive, more complex.

Why a LAN/VLAN network between remote sites?

Alternative

  • Use a load balancer for the virtual IP address if the 2 nodes are in 2 subnets (supported by SafeKit, especially in the cloud).
  • Use backup solutions with asynchronous replication for high latency network.

How the SafeKit farm cluster works?

Virtual IP address in a farm cluster

How the Evidian SafeKit farm cluster implements network load balancing and failover

On the previous figure, the application is running on the 3 servers (3 is an example, it can be 2 or more). Users are connected to a virtual IP address.

The virtual IP address is configured locally on each server in the farm cluster.

The input traffic to the virtual IP address is received by all the servers and split among them by a network filter inside each server's kernel.

SafeKit detects hardware and software failures, reconfigures network filters in the event of a failure, and offers configurable application checkers and recovery scripts.

Load balancing in a network filter

The network load balancing algorithm inside the network filter is based on the identity of the client packets (client IP address, client TCP port). Depending on the identity of the client packet input, only one filter in a server accepts the packet; the other filters in other servers reject it.

Once a packet is accepted by the filter on a server, only the CPU and memory of this server are used by the application that responds to the request of the client. The output messages are sent directly from the application server to the client.

If a server fails, the SafeKit membership protocol reconfigures the filters in the network load balancing cluster to re-balance the traffic on the remaining available servers.

Stateful or stateless applications

With a stateful application, there is session affinity. The same client must be connected to the same server on multiple TCP sessions to retrieve its context on the server. In this case, the SafeKit load balancing rule is configured on the client IP address. Thus, the same client is always connected to the same server on multiple TCP sessions. And different clients are distributed across different servers in the farm.

With a stateless application, there is no session affinity. The same client can be connected to different servers in the farm on multiple TCP sessions. There is no context stored locally on a server from one session to another. In this case, the SafeKit load balancing rule is configured on the TCP client session identity. This configuration is the one which is the best for distributing sessions between servers, but it requires a TCP service without session affinity.

SafeKit Modules for Plug&Play Redundancy and High Availability Solutions

SafeKit Modules for Plug&Play High Availability Solutions

Network load balancing and failover

Windows farm

Linux farm

Generic Windows farm   > Generic Linux farm   >
Microsoft IIS   > -
NGINX   >
Apache   >
Amazon AWS farm   >
Microsoft Azure farm   >
Google GCP farm   >
Other cloud   >

Advanced clustering architectures

Several modules can be deployed on the same cluster. Thus, advanced clustering architectures can be implemented:

SafeKit High Availability Differentiators against Competition

Demonstrations of Redundancy and High Availability Solutions

SafeKit Webinar

This webinar presents in 2 minutes Evidian SafeKit.

In this webinar, you will understand SafeKit mirror and farm clusters.

Microsoft SQL Server Cluster

This video shows a mirror module configuration with synchronous real-time replication and failover.

The file replication and the failover are configured for Microsoft SQL Server but it works in the same manner for other databases.

Free trial here

Apache Cluster

This video shows a farm module configuration with load balancing and failover.

The load balancing and the failover are configured for Apache but it works in the same manner for other web services.

Free trial here

Hyper-V Cluster

This video shows a Hyper-V cluster with full replications of virtual machines.

Virtual machines can run on both Hyper-V servers and they are restarted in case of failure.

Free trial here

SafeKit Training

Introduction

  1. Overview / pptx

    • Features
    • Architectures
    • Distinctive advantages
  2. Competition / pptx

    • Hardware vs software cluster
    • Synchronous vs asynchronous replication
    • File vs disk replication
    • High availability vs fault tolerance
    • Hardware vs software load balancing
    • Virtual machine vs application HA

Installation, Console, CLI

  1. Install and setup / pptx

    • Package installation
    • Nodes setup
    • Cluster configuration
    • Upgrade
  2. Web console / pptx

    • Cluster configuration
    • Configuration tab
    • Control tab
    • Monitor tab
    • Advanced Configuration tab
  3. Command line / pptx

    • Silent installation
    • Cluster administration
    • Module administration
    • Command line interface

Advanced configuration

  1. Mirror module / pptx

    • userconfig.xml + restart scripts
    • Heartbeat (<hearbeat>)
    • Virtual IP address (<vip>)
    • Real-time file replication (<rfs>)
  2. Farm  module / pptx

    • userconfig.xml + restart scripts
    • Farm configuration (<farm>)
    • Virtual IP address (<vip>)
  3. Checkers / pptx

    • Failover machine (<failover>)
    • Process monitoring (<errd>)
    • Network and duplicate IP checkers
    • Custom checker (<custom>)
    • Split brain checker (<splitbrain>)
    • TCP, ping, module checkers

Support

  1. Support tools / pptx

    • Analyze snapshots
  2. Evidian support / pptx

    • Get permanent license key
    • Register on support.evidian.com
    • Call desk

Documentation

  1. Technical documentation

  2. Presales documentation