eviden-logo

Evidian > Products > High Availability Software - Zero Extra Hardware > Linux: The Simplest Load Balancing Cluster with Failover

Linux: The Simplest Load Balancing Cluster with Failover

Evidian SafeKit

How the Evidian SafeKit software simply implements Linux load balancing and failover?

The solution for Linux

Evidian SafeKit brings load balancing and failover to Linux.

This article explains how to implement quickly a Linux cluster without network load balancers, dedicated proxy servers or special MAC addresses. SafeKit is installed directly on the Linux servers.

A generic product

Note that SafeKit is a generic product on Windows and Linux.

You can implement with the SafeKit product real-time replication and failover of any file directory and service, database, complete Hyper-V or KVM virtual machines, Docker, Podman, K3S, Cloud applications (see the module list).

A complete solution

SafeKit solves:

  • hardware failures (20% of problems), including the complete failure of a computer room,
  • software failures (40% of problems), including restart of critical processes,
  • and human errors (40% of problems) thanks to its ease of use and its web console.

Partners, the success with SafeKit

This platform agnostic solution is ideal for a partner reselling a critical application and who wants to provide a redundancy and high availability option easy to deploy to many customers.

With many references in many countries won by partners, SafeKit has proven to be the easiest solution to implement for redundancy and high availability of building management, video management, access control, SCADA software...

Building Management Software (BMS)

Video Management Software (VMS)

Electronic Access Control Software (EACS)

SCADA Software (Industry)

How the SafeKit farm cluster works with Linux?

Virtual IP address in a farm cluster

How the Evidian SafeKit farm cluster implements Linux network load balancing and failover

On the previous figure, the Linux application is running on the 3 servers (3 is an example, it can be 2 or more). Users are connected to a virtual IP address.

The virtual IP address is configured locally on each server in the farm cluster.

The input traffic to the virtual IP address is received by all the servers and split among them by a network filter inside each server's kernel.

SafeKit detects hardware and software failures, reconfigures network filters in the event of a failure, and offers configurable application checkers and recovery scripts.

Load balancing in a network filter

The network load balancing algorithm inside the network filter is based on the identity of the client packets (client IP address, client TCP port). Depending on the identity of the client packet input, only one filter in a server accepts the packet; the other filters in other servers reject it.

Once a packet is accepted by the filter on a server, only the CPU and memory of this server are used by the Linux application that responds to the request of the client. The output messages are sent directly from the application server to the client.

If a server fails, the SafeKit membership protocol reconfigures the filters in the network load balancing cluster to re-balance the traffic on the remaining available servers.

Stateful or stateless applications

With a stateful Linux application, there is session affinity. The same client must be connected to the same server on multiple TCP sessions to retrieve its context on the server. In this case, the SafeKit load balancing rule is configured on the client IP address. Thus, the same client is always connected to the same server on multiple TCP sessions. And different clients are distributed across different servers in the farm.

With a stateless Linux application, there is no session affinity. The same client can be connected to different servers in the farm on multiple TCP sessions. There is no context stored locally on a server from one session to another. In this case, the SafeKit load balancing rule is configured on the TCP client session identity. This configuration is the one which is the best for distributing sessions between servers, but it requires a TCP service without session affinity.

SafeKit free trial + farm module for Linux + quick installation guide

How the SafeKit mirror cluster works?

Step 1. Real-time replication

Server 1 (PRIM) runs the application. Clients are connected to a virtual IP address. SafeKit replicates in real time modifications made inside files through the network. 

File replication at byte level in a mirror cluster

The replication is synchronous with no data loss on failure contrary to asynchronous replication.

You just have to configure the names of directories to replicate in SafeKit. There are no pre-requisites on disk organization. Directories may be located in the system disk.

Step 2. Automatic failover

When Server 1 fails, Server 2 takes over. SafeKit switches the virtual IP address and restarts the application automatically on Server 2.

The application finds the files replicated by SafeKit uptodate on Server 2. The application continues to run on Server 2 by locally modifying its files that are no longer replicated to Server 1.

Failover in a mirror cluster

The failover time is equal to the fault-detection time (30 seconds by default) plus the application start-up time.

Step 3. Automatic failback

Failback involves restarting Server 1 after fixing the problem that caused it to fail.

SafeKit automatically resynchronizes the files, updating only the files modified on Server 2 while Server 1 was halted.

Failback in a mirror cluster

Failback takes place without disturbing the application, which can continue running on Server 2.

Step 4. Back to normal

After reintegration, the files are once again in mirror mode, as in step 1. The system is back in high-availability mode, with the application running on Server 2 and SafeKit replicating file updates to Server 1.

Return to normal operation in a mirror cluster

If the administrator wishes the application to run on Server 1, he/she can execute a "swap" command either manually at an appropriate time, or automatically through configuration.

Choose between redundancy at the application level or at the virtual machine level

Redundancy at the application level

In this type of solution, only application data are replicated. And only the application is restared in case of failure.

Application HA - redundancy at the application level

With this solution, restart scripts must be written to restart the application.

We deliver application modules to implement redundancy at the application level. They are preconfigured for well known applications and databases. You can customize them with your own services, data to replicate, application checkers. And you can combine application modules to build advanced multi-level architectures.

This solution is platform agnostic and works with applications inside physical machines, virtual machines, in the Cloud. Any hypervisor is supported (VMware, Hyper-V...).

  • Solution for a new application (restart scripts to write): Windows, Linux

Redundancy at the virtual machine level

In this type of solution, the full Virtual Machine (VM) is replicated (Application + OS). And the full VM is restarted in case of failure.

VM HA - redundancy at the virtual machine level

The advantage is that there is no restart scripts to write per application and no virtual IP address to define. If you do not know how the application works, this is the best solution.

This solution works with Windows/Hyper-V and Linux/KVM but not with VMware. This is an active/active solution with several virtual machines replicated and restarted between two nodes.

More comparison between VM HA vs Application HA

Typical usage with SafeKit

Why a replication of a few Tera-bytes?

Resynchronization time after a failure (step 3)

  • 1 Gb/s network ≈ 3 Hours for 1 Tera-bytes.
  • 10 Gb/s network ≈ 1 Hour for 1 Tera-bytes or less depending on disk write performances.

Alternative

Why a replication < 1,000,000 files?

  • Resynchronization time performance after a failure (step 3).
  • Time to check each file between both nodes.

Alternative

  • Put the many files to replicate in a virtual hard disk / virtual machine.
  • Only the files representing the virtual hard disk / virtual machine will be replicated and resynchronized in this case.

Why a failover < 25 replicated VMs?

  • Each VM runs in an independent mirror module.
  • Maximum of 25 mirror modules running on the same cluster.

Alternative

  • Use an external shared storage and another VM clustering solution.
  • More expensive, more complex.

Why a LAN/VLAN network between remote sites?

Alternative

  • Use a load balancer for the virtual IP address if the 2 nodes are in 2 subnets (supported by SafeKit, especially in the cloud).
  • Use backup solutions with asynchronous replication for high latency network.

SafeKit Modules for Plug&Play Redundancy and High Availability Solutions

Advanced clustering architectures

Several modules can be deployed on the same cluster. Thus, advanced clustering architectures can be implemented:

Demonstrations of Redundancy and High Availability Solutions

SafeKit Overview

Examples of redundancy and high availability solutions with SafeKit.

Full training here

Microsoft SQL Server Cluster

This video shows a mirror module configuration with synchronous real-time replication and failover.

The file replication and the failover are configured for Microsoft SQL Server but it works in the same manner for other databases.

Free trial here

Apache Cluster

This video shows a farm module configuration with load balancing and failover.

The load balancing and the failover are configured for Apache but it works in the same manner for other web services.

Free trial here

Hyper-V Cluster

This video shows a Hyper-V cluster with full replications of virtual machines.

Virtual machines can run on both Hyper-V servers and they are restarted in case of failure.

Free trial here

SafeKit Customers in all Business Activities

  • Best high availability use cases with SafeKit

    Best use cases [+]

  • High availability of video management, access control, building management with SafeKit

    Video management, access control, building management [+]

  • Harmonic has deployed more than 80 SafeKit clusters for TV broadcasting

    TV broadcasting [+]

  • Natixis uses SafeKit as a high availability solution for banking applications

    Finance [+]

  • Fives Syleps implements high availability with SafeKit for automated logistics

    Industry [+]

  • Air traffic control systems supplier, Copperchase, deploys SafeKit high availability in airports.

    Air traffic control [+]

  • Software vendor Wellington IT deploys SafeKit in banks

    Bank [+]

  • Paris transport company (RATP) chose the SafeKit high availability for metro lines

    Transport [+]

  • Systel deploys SafeKit in emergency call centers

    Healthcare [+]

  • ERP high availability and load balancing of the French army (DGA) are made with SafeKit.

    Government [+]

SafeKit High Availability Differentiators against Competition

SafeKit Technical Documentation

SafeKit Training

Introduction

  1. Overview / pptx

    • Demonstration
    • Examples of redundancy and high availability solution
    • Evidian SafeKit sold in many different countries with Milestone
    • 2 solutions: virtual machine or application cluster
    • Distinctive advantages
    • More information on the web site
    • SafeKit training
  2. Competition / pptx

    • Cluster of virtual machines
    • Mirror cluster
    • Farm cluster

Installation, Console, CLI

  1. Install and setup / pptx
    • Package installation
    • Nodes setup
    • Upgrade
  2. Web console / pptx
    • Cluster configuration
    • Configuration tab
    • Control tab
    • Monitor tab
    • Advanced Configuration tab
  3. Command line / pptx
    • Configure the SafeKit cluster
    • Configure a SafeKit module
    • Control commands

Advanced configuration

  1. Mirror module / pptx
    • start_prim / stop_prim scripts
    • userconfig.xml
    • Heartbeat (<hearbeat>)
    • Virtual IP address (<vip>)
    • Real-time file replication (<rfs>)
    • How real-time file replication works?
    • Mirror's states in action
  2. Farm  module / pptx
    • start_both / stop_both scripts
    • userconfig.xml
    • Farm heartbeats (<farm>)
    • Virtual IP address (<vip>)
    • Farm's states in action
  1. Checkers / pptx
    • userconfig.xml
    • errd checker
    • intf and ip checkers
    • custom checker
    • splitbrain checker for a mirror module
    • tcp, ping, module checkers
    • Checkers in action

Troubleshooting

  1. Troubleshooting / pptx
    • Analyze yourself the logs
    • Running an application without SafeKit
    • Take snapshots for support
    • Boot / shutdown
    • Web console / Command lines
    • Mirror / Farm / Checkers

Support

  1. Evidian support / pptx
    • Get permanent license key
    • Register on support.evidian.com
    • Call desk