ELB provides customized strategies for managing service access. Before customizing these strategies, ELB needs to obtain the client's IP address contained in the access request. To obtain the IP addresses, you can install a TOA kernel module on backend servers.
This section provides detailed operations for you to compile the module in the OS if you use TCP to distribute incoming traffic.
The operations for Linux OSs with kernel version of 2.6.32 are different from those for Linux OSs with kernel version of 3.0 or later.
During the installation, download the required module development package from the Internet if it cannot be found in the source.
The following are operations for compiling the module in different Linux OSs. Perform appropriate operations.
sudo yum install kernel-devel-`uname -r`
During the installation, download the required module development package from the following address if it cannot be found in the source:
https://mirror.netcologne.de/oracle-linux-repos/ol7_latest/getPackage/
For example, to install 3.10.0-693.11.1.el7.x86_64, run the following command:
rpm -ivh kernel-devel-3.10.0-693.11.1.el7.x86_64.rpm
For CoreOS, the module will be compiled in a container, and it must be started before the module is compiled.
For detailed operations, see the CoreOS documentation. Obtain the documentation from the following link:
git clone https://github.com/Huawei/TCP_option_address.git
If the git tool is not installed, download the module source code from the following link:
make
If no warning or error code is prompted, the compilation was successful. Verify that the toa.ko file was generated in the current directory.
If error message "config_retpoline=y but not supported by the compiler, Compiler update recommended" is displayed, the GCC version is too old. Upgrade the GCC to a later version.
If TOA: toa loaded is displayed in the command output, the module has been loaded.
After compiling the CoreOS module in the container, copy it to the host system and then load it. The container for compiling the module shares the /lib/modules directory with the host system, so you can copy the module in the container to this directory, allowing the host system to use it.
To make the module take effect when the system starts, add the command for loading the module to your startup script.
You can use either of the following methods to automatically load the module:
The following is an example of the content in the toa.modules file.
#!/bin/sh
/sbin/modinfo -F filename /root/toa/toa.ko > /dev/null 2>&1
if [ $? -eq 0 ]; then
/sbin/insmod /root/toa/toa.ko
fi
/root/toa/toa.ko is the path of the module file. You need to replace it with their actual path.
sudo chmod +x /etc/sysconfig/modules/toa.modules
If the kernel is upgraded, the current module will no longer match. Compile the module again.
To load the module in the same OSs, copy the toa.ko file to VMs where the module is to be loaded and then perform the operations in 3.
After the module is successfully loaded, applications can obtain the real IP address contained in the request.
The OS of the node must have the same version as the kernel.
After the module is successfully installed, the source address can be directly obtained. The following provides an example for verification.
Run the following command to start a simple HTTP service on the backend server where Python is installed:
python -m SimpleHTTPServer port
The value of port must be the same as the port configured for the backend server, and the default value is 80.
Access the IP address of the load balancer from a client. Access logs on the server are as follows:
192.168.0.90 - - [06/Aug/2020 14:24:21] "GET / HTTP/1.1" 200 –
192.168.0.90 indicates the client's source IP address that is obtained by the backend server.
The TOA plug-in supports the OSs (CentOS 6.8 image) with a kernel of 2.6.32-xx. Perform the following steps to configure the module:
http://kb.linuxvirtualserver.org/images/3/34/Linux-2.6.32-220.23.1.el6.x86_64.rs.src.tar.gz
Change the value of #define TCPOPT_TOA200 to #define TCPOPT_TOA254.
sed -i 's/CONFIG_IPV6=m/CONFIG_IPV6=y/g' .config
echo -e '\n# toa\nCONFIG_TOA=m' >> .config
After the configuration, the IPv6 module is compiled into the kernel. TOA is compiled into a separate module and can be independently started and stopped.
You can add a description to the end of EXTRAVERSION =. This description will be displayed in uname -r, for example, -toa.
n indicates the number of vCPUs. For example, if there are four vCPUs, n must be set to 4.
The following information is displayed.
Figure 1 Installing the moduleThe following information is displayed.
Figure 2 Installing the kernelDuring the restart, the system will load the vmlinuz-2.6.32-toa kernel.
Add the modprobe toa command to both the startup script and the system scheduled monitoring script.
Figure 4 Adding the modprobe toa commandAfter the module is loaded, query the kernel information.
Figure 5 Querying the kernelAfter the module is successfully installed, the source address can be directly obtained. The following provides an example for verification.
Run the following command to start a simple HTTP service on the backend server where Python is installed:
python -m SimpleHTTPServer port
The value of port must be the same as the port configured for the backend server, and the default value is 80.
Access the IP address of the load balancer from a client. Access logs on the server are as follows:
192.168.0.90 - - [06/Aug/2020 14:24:21] "GET / HTTP/1.1" 200 –
192.168.0.90 indicates the client's source IP address that is obtained by the backend server.