[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: A Few Questions (LDAP failover)



On Mon, Apr 08, 2002 at 11:33:32AM -0400, Geoff Silver wrote:
> 
> Suppose you have an office on the east coast and another on the west
> coast.  locally, your LAN is 100 Mbps, but your WAN is, say a 512k frame
> line.  You therefore want your queries to ALWAYS go to the local LDAP
> server.  But, if the local server is down, then you want to use the slow
> WAN connection so that things will still keep working.
> 
> Just an example.  In reality, load balancing is usually a good idea, but I
> want ot make sure if a server goes down, queries aren't sent to it (or if
> they are, they will *quickly* be retried on one of the other servers).

There are two main options for doing failover of any network service:
either the client software handles it, or the `infrastructure' does.

In terms of LDAP services, client-end fallback could be implemented
by listing two or more server addresses in the config file. You would
obviously put the 'nearest' server first. It does not matter which
server is the master, provided the slave server has the correct
'updateref' entry (updates can only be performed on the master server,
so a referral is returned if any client tries them on a slave).
The time taken for fallback to occur depends on just how broken the
first-choice server is: if packets to it go into a black hole then the
client will wait for a TCP connection timeout before trying the next
server. On the other hand, if the server or network returns an
'unreachable' packet then fallback will be very fast.

Infrastructure fallback can be done in several different ways
depending on what you want to achieve and how much money you can
spend. For the example you give, something based on clever routers
might be appropriate: give your servers addresses on a separate
network, and use NAT to make all the LDAP servers appear to have the
*same* IP address. The routers then have to sort out getting the
packets to the nearest working server. There are several commercial
products based on this principle. I believe the Linux Virtual Server
works in a similar way, but it may introduce another single point of
failure.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|        Andrew.Findlay@skills-1st.co.uk       +44 1628 782565        |
-----------------------------------------------------------------------