2.4. How a Cluster Works
The cluster manager is the core of the cluster. It makes the determination of how work is to be divided among the cluster nodes. The cluster manager divides up the workload and sends a piece of the workload to each cluster node. The cluster node then processes that piece of work. It either sends the result back to the cluster manager, or it sends the result directly to the client that requested the result.
2.4.1. Traffic Management
For the service-oriented clustering that Turbolinux Cluster LoadBalancer 10 implements, the workload management is called traffic management. This is because the "work" to do is to respond to incoming network service requests. The cluster manager must direct network traffic amongst all the cluster nodes. In this way, it acts much like a traffic cop.
The traffic scheduling algorithm used by Turbolinux Cluster LoadBalancer 10 is called modified weighted round-robin. This mechanism tries to ensure that traffic is distributed evenly among all the nodes in the cluster, proportional to the amount of workload that each cluster can handle. Each server is assigned a weight to specify its performance relative to the other systems.
The scheduling algorithm is further enhanced to support client persistency. When this feature (also called the sticky bit) is enabled, a specific client will be bound to a particular server within the cluster. Some services such as SSL- enabled services require authentication each time a new client connects to the server. Without persistency, each time the client connects to a different server within the cluster, the user is prompted to re-enter their password.
Turbolinux Cluster LoadBalancer 10 provides three different ways to forward traffic from the cluster manager to the nodes. These are:
Direct forwarding
Tunneling
NAT
2.4.1.1. Direct Forwarding
Direct forwarding can be used when the ATM and the cluster node are attached to the same network segment or subnet. Packets forwarded using this method are sent directly to the MAC address of the cluster node. The IP packet is not modified at all; the cluster node will see it exactly as it arrived at the ATM.
This is the preferred method, because it is the fastest and has the least overhead. The direct forwarding method also has the advantage that outbound traffic (responses being returned to the client) does not need to be sent through the ATM; reply packets are sent directly out to their destination.
2.4.1.2. Tunneling
If a cluster node is not located on the same segment as the ATMs, you can use the tunneling forwarding mechanism. Tunneling is a way to encapsulate IP packets within other network traffic. It is used to make a virtual direct connection between two systems. With this point-to-point connection, you can be sure that the packet will arrive on the cluster node via the virtual connection.
The tunneling method only works with Linux and UNIX systems. It uses the IP-IP kernel module to create the point-to-point connection between the traffic manager and the cluster node. The kernel in use on the cluster node must be configured to have IP tunneling support. The kernel supplied with Turbolinux 10 Server has this support built in, and the Cluster Server daemon can automatically configure both ends of the link for you. You can also set up the tunnel interfaces yourself, establishing the point-to-point connection by hand.
The encapsulation process introduces some overhead that will reduce performance somewhat as opposed to the direct forwarding method. Like the NAT forwarding method, outbound packets do not need to be sent through the ATM; they will be sent directly from the cluster node to the client.
 | The IP tunneling used in Turbolinux Cluster LoadBalancer 10 is not encrypted, so it is possible for others to intercept any packets traveling from the traffic manager to the nodes. If you need to add nodes that are outside your LAN, you should implement a Virtual Private Network (VPN) in order to secure data transmission. |
2.4.1.3. NAT
NAT is an abbreviation for Network Address Translation. It is often used to hide a private network behind a firewall connected to the Internet. Defined in RFC 1631, NAT was designed to help mitigate the rapid depletion of the IP address space.
The NAT box sits between the private network and the public network. It modifies outbound packets from the private network to make them appear to have come from the NAT box itself. When packets are sent to the NAT box, it determines which system on the internal network the packet should go to. It normally does this by keeping a table of connections that have been initiated. For each connection made by a client on the private side, the table directs replies to be sent to that client. The version of NAT used by the ipchains or iptables package on Linux is sometimes called IP masquerading.
If the operation of NAT sounds familiar, that's because it works much like a cluster traffic manager. Although NAT is normally used to hide client systems, it is used to hide servers when used in a cluster. This difference is important, because it changes the way the connection table is used. In Turbolinux Cluster LoadBalancer 10, the NAT method uses the same connection table that is used by the other two traffic forwarding methods.
NAT simplifies configuration, because you do not need to make any special configuration changes to the cluster nodes themselves. All you have to do is make sure that the cluster nodes are on the "internal" subnet, and have their default gateway set to the NAT gateway address defined in the cluster configuration file. NAT also provides some added security, because the cluster nodes cannot be accessed directly from the outside. The downside is that NAT has slightly reduced performance, because all outbound traffic must go through the NAT box and the address translation process.