1ec8f24b7SThomas Gleixner# SPDX-License-Identifier: GPL-2.0-only 2cb7f6a7bSJulius Volz# 3cb7f6a7bSJulius Volz# IP Virtual Server configuration 4cb7f6a7bSJulius Volz# 5cb7f6a7bSJulius Volzmenuconfig IP_VS 6f901b644SDavid S. Miller tristate "IP virtual server support" 7864e898bSMasahiro Yamada depends on INET && NETFILTER 8dba4490dSPatrick McHardy depends on (NF_CONNTRACK || NF_CONNTRACK=n) 9a7f7f624SMasahiro Yamada help 10cb7f6a7bSJulius Volz IP Virtual Server support will let you build a high-performance 11cb7f6a7bSJulius Volz virtual server based on cluster of two or more real servers. This 12cb7f6a7bSJulius Volz option must be enabled for at least one of the clustered computers 13cb7f6a7bSJulius Volz that will take care of intercepting incoming connections to a 14cb7f6a7bSJulius Volz single IP address and scheduling them to real servers. 15cb7f6a7bSJulius Volz 16cb7f6a7bSJulius Volz Three request dispatching techniques are implemented, they are 17cb7f6a7bSJulius Volz virtual server via NAT, virtual server via tunneling and virtual 18cb7f6a7bSJulius Volz server via direct routing. The several scheduling algorithms can 19cb7f6a7bSJulius Volz be used to choose which server the connection is directed to, 20cb7f6a7bSJulius Volz thus load balancing can be achieved among the servers. For more 21cb7f6a7bSJulius Volz information and its administration program, please visit the 22cb7f6a7bSJulius Volz following URL: <http://www.linuxvirtualserver.org/>. 23cb7f6a7bSJulius Volz 24cb7f6a7bSJulius Volz If you want to compile it in kernel, say Y. To compile it as a 25cb7f6a7bSJulius Volz module, choose M here. If unsure, say N. 26cb7f6a7bSJulius Volz 27cb7f6a7bSJulius Volzif IP_VS 28cb7f6a7bSJulius Volz 29cb7f6a7bSJulius Volzconfig IP_VS_IPV6 300537ae6aSJulius Volz bool "IPv6 support for IPVS" 312890a157SSimon Horman depends on IPV6 = y || IP_VS = IPV6 32098e13f5SAndrea Claudi select NF_DEFRAG_IPV6 33a7f7f624SMasahiro Yamada help 342f74713dSJesper Dangaard Brouer Add IPv6 support to IPVS. 35cb7f6a7bSJulius Volz 362f74713dSJesper Dangaard Brouer Say Y if unsure. 37cb7f6a7bSJulius Volz 38cb7f6a7bSJulius Volzconfig IP_VS_DEBUG 39cb7f6a7bSJulius Volz bool "IP virtual server debugging" 40a7f7f624SMasahiro Yamada help 41cb7f6a7bSJulius Volz Say Y here if you want to get additional messages useful in 42cb7f6a7bSJulius Volz debugging the IP virtual server code. You can change the debug 43cb7f6a7bSJulius Volz level in /proc/sys/net/ipv4/vs/debug_level 44cb7f6a7bSJulius Volz 45cb7f6a7bSJulius Volzconfig IP_VS_TAB_BITS 46cb7f6a7bSJulius Volz int "IPVS connection table size (the Nth power of 2)" 4704292c69SAbhijeet Rastogi range 8 20 if !64BIT 4804292c69SAbhijeet Rastogi range 8 27 if 64BIT 49cb7f6a7bSJulius Volz default 12 50a7f7f624SMasahiro Yamada help 51cb7f6a7bSJulius Volz The IPVS connection hash table uses the chaining scheme to handle 52cb7f6a7bSJulius Volz hash collisions. Using a big IPVS connection hash table will greatly 53cb7f6a7bSJulius Volz reduce conflicts when there are hundreds of thousands of connections 54cb7f6a7bSJulius Volz in the hash table. 55cb7f6a7bSJulius Volz 56cb7f6a7bSJulius Volz Note the table size must be power of 2. The table size will be the 57cb7f6a7bSJulius Volz value of 2 to the your input number power. The number to choose is 5804292c69SAbhijeet Rastogi from 8 to 27 for 64BIT(20 otherwise), the default number is 12, 5904292c69SAbhijeet Rastogi which means the table size is 4096. Don't input the number too 6004292c69SAbhijeet Rastogi small, otherwise you will lose performance on it. You can adapt the 6104292c69SAbhijeet Rastogi table size yourself, according to your virtual server application. 6204292c69SAbhijeet Rastogi It is good to set the table size not far less than the number of 6304292c69SAbhijeet Rastogi connections per second multiplying average lasting time of 6404292c69SAbhijeet Rastogi connection in the table. For example, your virtual server gets 200 6504292c69SAbhijeet Rastogi connections per second, the connection lasts for 200 seconds in 6604292c69SAbhijeet Rastogi average in the connection table, the table size should be not far 6704292c69SAbhijeet Rastogi less than 200x200, it is good to set the table size 32768 (2**15). 68cb7f6a7bSJulius Volz 69cb7f6a7bSJulius Volz Another note that each connection occupies 128 bytes effectively and 70cb7f6a7bSJulius Volz each hash entry uses 8 bytes, so you can estimate how much memory is 71cb7f6a7bSJulius Volz needed for your box. 72cb7f6a7bSJulius Volz 736f7edb48SCatalin(ux) M. BOIE You can overwrite this number setting conn_tab_bits module parameter 7404292c69SAbhijeet Rastogi or by appending ip_vs.conn_tab_bits=? to the kernel command line if 7504292c69SAbhijeet Rastogi IP VS was compiled built-in. 766f7edb48SCatalin(ux) M. BOIE 77cb7f6a7bSJulius Volzcomment "IPVS transport protocol load balancing support" 78cb7f6a7bSJulius Volz 79cb7f6a7bSJulius Volzconfig IP_VS_PROTO_TCP 80cb7f6a7bSJulius Volz bool "TCP load balancing support" 81a7f7f624SMasahiro Yamada help 82cb7f6a7bSJulius Volz This option enables support for load balancing TCP transport 83cb7f6a7bSJulius Volz protocol. Say Y if unsure. 84cb7f6a7bSJulius Volz 85cb7f6a7bSJulius Volzconfig IP_VS_PROTO_UDP 86cb7f6a7bSJulius Volz bool "UDP load balancing support" 87a7f7f624SMasahiro Yamada help 88cb7f6a7bSJulius Volz This option enables support for load balancing UDP transport 89cb7f6a7bSJulius Volz protocol. Say Y if unsure. 90cb7f6a7bSJulius Volz 91cb7f6a7bSJulius Volzconfig IP_VS_PROTO_AH_ESP 9272c7664fSMichal Marek def_bool IP_VS_PROTO_ESP || IP_VS_PROTO_AH 93cb7f6a7bSJulius Volz 94cb7f6a7bSJulius Volzconfig IP_VS_PROTO_ESP 95cb7f6a7bSJulius Volz bool "ESP load balancing support" 96a7f7f624SMasahiro Yamada help 97cb7f6a7bSJulius Volz This option enables support for load balancing ESP (Encapsulation 98cb7f6a7bSJulius Volz Security Payload) transport protocol. Say Y if unsure. 99cb7f6a7bSJulius Volz 100cb7f6a7bSJulius Volzconfig IP_VS_PROTO_AH 101cb7f6a7bSJulius Volz bool "AH load balancing support" 102a7f7f624SMasahiro Yamada help 103cb7f6a7bSJulius Volz This option enables support for load balancing AH (Authentication 104cb7f6a7bSJulius Volz Header) transport protocol. Say Y if unsure. 105cb7f6a7bSJulius Volz 1062906f66aSVenkata Mohan Reddyconfig IP_VS_PROTO_SCTP 1072906f66aSVenkata Mohan Reddy bool "SCTP load balancing support" 108*b261d222SEric Biggers select CRC32 109a7f7f624SMasahiro Yamada help 1102906f66aSVenkata Mohan Reddy This option enables support for load balancing SCTP transport 1112906f66aSVenkata Mohan Reddy protocol. Say Y if unsure. 1122906f66aSVenkata Mohan Reddy 113cb7f6a7bSJulius Volzcomment "IPVS scheduler" 114cb7f6a7bSJulius Volz 115cb7f6a7bSJulius Volzconfig IP_VS_RR 116cb7f6a7bSJulius Volz tristate "round-robin scheduling" 117a7f7f624SMasahiro Yamada help 118cb7f6a7bSJulius Volz The robin-robin scheduling algorithm simply directs network 119cb7f6a7bSJulius Volz connections to different real servers in a round-robin manner. 120cb7f6a7bSJulius Volz 121cb7f6a7bSJulius Volz If you want to compile it in kernel, say Y. To compile it as a 122cb7f6a7bSJulius Volz module, choose M here. If unsure, say N. 123cb7f6a7bSJulius Volz 124cb7f6a7bSJulius Volzconfig IP_VS_WRR 125cb7f6a7bSJulius Volz tristate "weighted round-robin scheduling" 126a7f7f624SMasahiro Yamada help 127cb7f6a7bSJulius Volz The weighted robin-robin scheduling algorithm directs network 128cb7f6a7bSJulius Volz connections to different real servers based on server weights 129cb7f6a7bSJulius Volz in a round-robin manner. Servers with higher weights receive 130cb7f6a7bSJulius Volz new connections first than those with less weights, and servers 131cb7f6a7bSJulius Volz with higher weights get more connections than those with less 132cb7f6a7bSJulius Volz weights and servers with equal weights get equal connections. 133cb7f6a7bSJulius Volz 134cb7f6a7bSJulius Volz If you want to compile it in kernel, say Y. To compile it as a 135cb7f6a7bSJulius Volz module, choose M here. If unsure, say N. 136cb7f6a7bSJulius Volz 137cb7f6a7bSJulius Volzconfig IP_VS_LC 138cb7f6a7bSJulius Volz tristate "least-connection scheduling" 139a7f7f624SMasahiro Yamada help 140cb7f6a7bSJulius Volz The least-connection scheduling algorithm directs network 141cb7f6a7bSJulius Volz connections to the server with the least number of active 142cb7f6a7bSJulius Volz connections. 143cb7f6a7bSJulius Volz 144cb7f6a7bSJulius Volz If you want to compile it in kernel, say Y. To compile it as a 145cb7f6a7bSJulius Volz module, choose M here. If unsure, say N. 146cb7f6a7bSJulius Volz 147cb7f6a7bSJulius Volzconfig IP_VS_WLC 148cb7f6a7bSJulius Volz tristate "weighted least-connection scheduling" 149a7f7f624SMasahiro Yamada help 150cb7f6a7bSJulius Volz The weighted least-connection scheduling algorithm directs network 151cb7f6a7bSJulius Volz connections to the server with the least active connections 152cb7f6a7bSJulius Volz normalized by the server weight. 153cb7f6a7bSJulius Volz 154cb7f6a7bSJulius Volz If you want to compile it in kernel, say Y. To compile it as a 155cb7f6a7bSJulius Volz module, choose M here. If unsure, say N. 156cb7f6a7bSJulius Volz 157616a9be2SKenny Mathisconfig IP_VS_FO 158616a9be2SKenny Mathis tristate "weighted failover scheduling" 159a7f7f624SMasahiro Yamada help 160616a9be2SKenny Mathis The weighted failover scheduling algorithm directs network 161616a9be2SKenny Mathis connections to the server with the highest weight that is 162616a9be2SKenny Mathis currently available. 163616a9be2SKenny Mathis 164616a9be2SKenny Mathis If you want to compile it in kernel, say Y. To compile it as a 165616a9be2SKenny Mathis module, choose M here. If unsure, say N. 166616a9be2SKenny Mathis 167eefa32d3SRaducu Deaconuconfig IP_VS_OVF 168eefa32d3SRaducu Deaconu tristate "weighted overflow scheduling" 169a7f7f624SMasahiro Yamada help 170eefa32d3SRaducu Deaconu The weighted overflow scheduling algorithm directs network 171eefa32d3SRaducu Deaconu connections to the server with the highest weight that is 172eefa32d3SRaducu Deaconu currently available and overflows to the next when active 173eefa32d3SRaducu Deaconu connections exceed the node's weight. 174eefa32d3SRaducu Deaconu 175eefa32d3SRaducu Deaconu If you want to compile it in kernel, say Y. To compile it as a 176eefa32d3SRaducu Deaconu module, choose M here. If unsure, say N. 177eefa32d3SRaducu Deaconu 178cb7f6a7bSJulius Volzconfig IP_VS_LBLC 179cb7f6a7bSJulius Volz tristate "locality-based least-connection scheduling" 180a7f7f624SMasahiro Yamada help 181cb7f6a7bSJulius Volz The locality-based least-connection scheduling algorithm is for 182cb7f6a7bSJulius Volz destination IP load balancing. It is usually used in cache cluster. 183cb7f6a7bSJulius Volz This algorithm usually directs packet destined for an IP address to 184cb7f6a7bSJulius Volz its server if the server is alive and under load. If the server is 185cb7f6a7bSJulius Volz overloaded (its active connection numbers is larger than its weight) 186cb7f6a7bSJulius Volz and there is a server in its half load, then allocate the weighted 187cb7f6a7bSJulius Volz least-connection server to this IP address. 188cb7f6a7bSJulius Volz 189cb7f6a7bSJulius Volz If you want to compile it in kernel, say Y. To compile it as a 190cb7f6a7bSJulius Volz module, choose M here. If unsure, say N. 191cb7f6a7bSJulius Volz 192cb7f6a7bSJulius Volzconfig IP_VS_LBLCR 193cb7f6a7bSJulius Volz tristate "locality-based least-connection with replication scheduling" 194a7f7f624SMasahiro Yamada help 195cb7f6a7bSJulius Volz The locality-based least-connection with replication scheduling 196cb7f6a7bSJulius Volz algorithm is also for destination IP load balancing. It is 197cb7f6a7bSJulius Volz usually used in cache cluster. It differs from the LBLC scheduling 198cb7f6a7bSJulius Volz as follows: the load balancer maintains mappings from a target 199cb7f6a7bSJulius Volz to a set of server nodes that can serve the target. Requests for 200cb7f6a7bSJulius Volz a target are assigned to the least-connection node in the target's 201cb7f6a7bSJulius Volz server set. If all the node in the server set are over loaded, 202cb7f6a7bSJulius Volz it picks up a least-connection node in the cluster and adds it 203cb7f6a7bSJulius Volz in the sever set for the target. If the server set has not been 204cb7f6a7bSJulius Volz modified for the specified time, the most loaded node is removed 205cb7f6a7bSJulius Volz from the server set, in order to avoid high degree of replication. 206cb7f6a7bSJulius Volz 207cb7f6a7bSJulius Volz If you want to compile it in kernel, say Y. To compile it as a 208cb7f6a7bSJulius Volz module, choose M here. If unsure, say N. 209cb7f6a7bSJulius Volz 210cb7f6a7bSJulius Volzconfig IP_VS_DH 211cb7f6a7bSJulius Volz tristate "destination hashing scheduling" 212a7f7f624SMasahiro Yamada help 213cb7f6a7bSJulius Volz The destination hashing scheduling algorithm assigns network 214cb7f6a7bSJulius Volz connections to the servers through looking up a statically assigned 215cb7f6a7bSJulius Volz hash table by their destination IP addresses. 216cb7f6a7bSJulius Volz 217cb7f6a7bSJulius Volz If you want to compile it in kernel, say Y. To compile it as a 218cb7f6a7bSJulius Volz module, choose M here. If unsure, say N. 219cb7f6a7bSJulius Volz 220cb7f6a7bSJulius Volzconfig IP_VS_SH 221cb7f6a7bSJulius Volz tristate "source hashing scheduling" 222a7f7f624SMasahiro Yamada help 223cb7f6a7bSJulius Volz The source hashing scheduling algorithm assigns network 224cb7f6a7bSJulius Volz connections to the servers through looking up a statically assigned 225cb7f6a7bSJulius Volz hash table by their source IP addresses. 226cb7f6a7bSJulius Volz 227cb7f6a7bSJulius Volz If you want to compile it in kernel, say Y. To compile it as a 228cb7f6a7bSJulius Volz module, choose M here. If unsure, say N. 229cb7f6a7bSJulius Volz 23030edf801SInju Songconfig IP_VS_MH 23130edf801SInju Song tristate "maglev hashing scheduling" 232a7f7f624SMasahiro Yamada help 23330edf801SInju Song The maglev consistent hashing scheduling algorithm provides the 23430edf801SInju Song Google's Maglev hashing algorithm as a IPVS scheduler. It assigns 23530edf801SInju Song network connections to the servers through looking up a statically 23630edf801SInju Song assigned special hash table called the lookup table. Maglev hashing 23730edf801SInju Song is to assign a preference list of all the lookup table positions 23830edf801SInju Song to each destination. 23930edf801SInju Song 24030edf801SInju Song Through this operation, The maglev hashing gives an almost equal 24130edf801SInju Song share of the lookup table to each of the destinations and provides 24230edf801SInju Song minimal disruption by using the lookup table. When the set of 24330edf801SInju Song destinations changes, a connection will likely be sent to the same 24430edf801SInju Song destination as it was before. 24530edf801SInju Song 24630edf801SInju Song If you want to compile it in kernel, say Y. To compile it as a 24730edf801SInju Song module, choose M here. If unsure, say N. 24830edf801SInju Song 249cb7f6a7bSJulius Volzconfig IP_VS_SED 250cb7f6a7bSJulius Volz tristate "shortest expected delay scheduling" 251a7f7f624SMasahiro Yamada help 252cb7f6a7bSJulius Volz The shortest expected delay scheduling algorithm assigns network 253cb7f6a7bSJulius Volz connections to the server with the shortest expected delay. The 254cb7f6a7bSJulius Volz expected delay that the job will experience is (Ci + 1) / Ui if 255cb7f6a7bSJulius Volz sent to the ith server, in which Ci is the number of connections 256cb7f6a7bSJulius Volz on the ith server and Ui is the fixed service rate (weight) 257cb7f6a7bSJulius Volz of the ith server. 258cb7f6a7bSJulius Volz 259cb7f6a7bSJulius Volz If you want to compile it in kernel, say Y. To compile it as a 260cb7f6a7bSJulius Volz module, choose M here. If unsure, say N. 261cb7f6a7bSJulius Volz 262cb7f6a7bSJulius Volzconfig IP_VS_NQ 263cb7f6a7bSJulius Volz tristate "never queue scheduling" 264a7f7f624SMasahiro Yamada help 265cb7f6a7bSJulius Volz The never queue scheduling algorithm adopts a two-speed model. 266cb7f6a7bSJulius Volz When there is an idle server available, the job will be sent to 267cb7f6a7bSJulius Volz the idle server, instead of waiting for a fast one. When there 268cb7f6a7bSJulius Volz is no idle server available, the job will be sent to the server 269cb7f6a7bSJulius Volz that minimize its expected delay (The Shortest Expected Delay 270cb7f6a7bSJulius Volz scheduling algorithm). 271cb7f6a7bSJulius Volz 272cb7f6a7bSJulius Volz If you want to compile it in kernel, say Y. To compile it as a 273cb7f6a7bSJulius Volz module, choose M here. If unsure, say N. 274cb7f6a7bSJulius Volz 275012da53dSDarby Payneconfig IP_VS_TWOS 276012da53dSDarby Payne tristate "weighted random twos choice least-connection scheduling" 277012da53dSDarby Payne help 278012da53dSDarby Payne The weighted random twos choice least-connection scheduling 279012da53dSDarby Payne algorithm picks two random real servers and directs network 280012da53dSDarby Payne connections to the server with the least active connections 281012da53dSDarby Payne normalized by the server weight. 282012da53dSDarby Payne 283012da53dSDarby Payne If you want to compile it in kernel, say Y. To compile it as a 284012da53dSDarby Payne module, choose M here. If unsure, say N. 285012da53dSDarby Payne 28676ad94fcSMichael Maximcomment 'IPVS SH scheduler' 28776ad94fcSMichael Maxim 28876ad94fcSMichael Maximconfig IP_VS_SH_TAB_BITS 28976ad94fcSMichael Maxim int "IPVS source hashing table size (the Nth power of 2)" 29076ad94fcSMichael Maxim range 4 20 29176ad94fcSMichael Maxim default 8 292a7f7f624SMasahiro Yamada help 29376ad94fcSMichael Maxim The source hashing scheduler maps source IPs to destinations 29476ad94fcSMichael Maxim stored in a hash table. This table is tiled by each destination 29576ad94fcSMichael Maxim until all slots in the table are filled. When using weights to 29676ad94fcSMichael Maxim allow destinations to receive more connections, the table is 29776ad94fcSMichael Maxim tiled an amount proportional to the weights specified. The table 29876ad94fcSMichael Maxim needs to be large enough to effectively fit all the destinations 29976ad94fcSMichael Maxim multiplied by their respective weights. 30076ad94fcSMichael Maxim 30130edf801SInju Songcomment 'IPVS MH scheduler' 30230edf801SInju Song 30330edf801SInju Songconfig IP_VS_MH_TAB_INDEX 30430edf801SInju Song int "IPVS maglev hashing table index of size (the prime numbers)" 30530edf801SInju Song range 8 17 30630edf801SInju Song default 12 307a7f7f624SMasahiro Yamada help 30830edf801SInju Song The maglev hashing scheduler maps source IPs to destinations 30930edf801SInju Song stored in a hash table. This table is assigned by a preference 31030edf801SInju Song list of the positions to each destination until all slots in 31130edf801SInju Song the table are filled. The index determines the prime for size of 3123723c632SArnd Bergmann the table as 251, 509, 1021, 2039, 4093, 8191, 16381, 32749, 3133723c632SArnd Bergmann 65521 or 131071. When using weights to allow destinations to 3143723c632SArnd Bergmann receive more connections, the table is assigned an amount 3153723c632SArnd Bergmann proportional to the weights specified. The table needs to be large 31630edf801SInju Song enough to effectively fit all the destinations multiplied by their 31730edf801SInju Song respective weights. 31830edf801SInju Song 319cb7f6a7bSJulius Volzcomment 'IPVS application helper' 320cb7f6a7bSJulius Volz 321cb7f6a7bSJulius Volzconfig IP_VS_FTP 322cb7f6a7bSJulius Volz tristate "FTP protocol helper" 323aaea4ed7SJulian Anastasov depends on IP_VS_PROTO_TCP && NF_CONNTRACK && NF_NAT && \ 324aaea4ed7SJulian Anastasov NF_CONNTRACK_FTP 325f4bc17cdSJulian Anastasov select IP_VS_NFCT 326a7f7f624SMasahiro Yamada help 327cb7f6a7bSJulius Volz FTP is a protocol that transfers IP address and/or port number in 328cb7f6a7bSJulius Volz the payload. In the virtual server via Network Address Translation, 329cb7f6a7bSJulius Volz the IP address and port number of real servers cannot be sent to 330cb7f6a7bSJulius Volz clients in ftp connections directly, so FTP protocol helper is 331cb7f6a7bSJulius Volz required for tracking the connection and mangling it back to that of 332cb7f6a7bSJulius Volz virtual service. 333cb7f6a7bSJulius Volz 334cb7f6a7bSJulius Volz If you want to compile it in kernel, say Y. To compile it as a 335cb7f6a7bSJulius Volz module, choose M here. If unsure, say N. 336cb7f6a7bSJulius Volz 337f4bc17cdSJulian Anastasovconfig IP_VS_NFCT 338f4bc17cdSJulian Anastasov bool "Netfilter connection tracking" 339f4bc17cdSJulian Anastasov depends on NF_CONNTRACK 340a7f7f624SMasahiro Yamada help 341f4bc17cdSJulian Anastasov The Netfilter connection tracking support allows the IPVS 342f4bc17cdSJulian Anastasov connection state to be exported to the Netfilter framework 343f4bc17cdSJulian Anastasov for filtering purposes. 344f4bc17cdSJulian Anastasov 345758ff033SSimon Hormanconfig IP_VS_PE_SIP 346758ff033SSimon Horman tristate "SIP persistence engine" 347758ff033SSimon Horman depends on IP_VS_PROTO_UDP 348758ff033SSimon Horman depends on NF_CONNTRACK_SIP 349a7f7f624SMasahiro Yamada help 350758ff033SSimon Horman Allow persistence based on the SIP Call-ID 351758ff033SSimon Horman 352cb7f6a7bSJulius Volzendif # IP_VS 353