I was wondering if this clustering model will work for 100% uptime (Server/Service Wise not related to the NOC or the act of GOD).

OS: Windows 2000 Advanced Server

Lets say if
Node1:
Primary Server<---------->Mirror Server
Mail Server

Node2:
Primary Server <---------> Mirror Server
Mail Server

N1 + N2 <-------------> Proxy <---> Firewall <----> Port
N1 + N2: Will have the identical Data will this be powerful enough for a e commerce site who really needs 100% uptime as for each 1% downtime can cause them the possible of 100,000 plus loss in potential sales. Would clustering be the best option for availability for database systems? Lets say if both nodes has fail-over node within its connectivity to the cluster, will it be possible for Node1 or Node2 to pick up the slack if a failure occurs?

With something that critical wouldn't you want some redundancy of the firewall too? Or better yet, an f5 3DNS controller and a pair if Big IPs in two different data centers.

If you are using Windows 2000 servers, your best bet is to either use Win2K Advaned Server and use network load balancing, not clustering.

NLB splits the load of the web sites between two servers and moves the load to one server should the other server go down. On the other hand, clustering is more of a failover solution - one server is typically active, and the other server is passive until there is a problem with the active server.

However, I would recommend going with a hardware load balancer and Windows 2000 server. The price between Windows 2000 Server and Win2K AS is considerable, and would be better off spent on a load balancer. There are other advantages of going with a network load balancer, most importantly though, is a lower TCO. If you need to grow your server farm to 5 servers to support the load, you'll be able to run Win2K, not win2kAS, saving about $2,000 a server. There's other reasons why going with a hardware load balance is adventageous, but it's late ;)

You can also cluster (yes, cluster, not load balance) SQL server, but this is very expensive - I think SQL Enterprise edition runs about $25,000 per processor.

Regardless, if you're dealing with a client who can loose $100,000 with one minute of downtime, you will probably want to bring in some consultants who are experienced with building high-availablity hosting solutions.

Originally posted by Potsie
With something that critical wouldn't you want some redundancy of the firewall too? Or better yet, an f5 3DNS controller and a pair if Big IPs in two different data centers.

You can get more speed and power for your money using RadWare or Foundry over F5.

Originally posted by Jay Suds
If you are using Windows 2000 servers, your best bet is to either use Win2K Advaned Server and use network load balancing, not clustering.

NLB splits the load of the web sites between two servers and moves the load to one server should the other server go down. On the other hand, clustering is more of a failover solution - one server is typically active, and the other server is passive until there is a problem with the active server.


One word of caution about NLB: it generates a s%$tload of ARP reequests. Depending on the number of servers in the cluster I have seen it take down some pretty powerful switches -- basically it creates a broadcast storm and you DoS yourself.

The best model for 100% uptime within a single data center (which I don't recommend is the following:



Handoff 1 Handoff2
| |
LB1 ------ VRRP ------ LB2
| |
FW1 ----- VRRP ------ FW2
\ /
\ /
Switch1----Switch2
/ / \ \ / / \ \
[Server Farm]


From a logical perspective here is how this would work:

First, this requires two netblocks, because the firewalls are layer 3 devices, and need to have interfaces in two AS. We'll give them the following:

192.168.1.0/28
192.168.1.16/28

You map your domain: www.example.com to an IP address your Web Host provides you with, say, 192.168.1.5.

192.168.1.5 becomes the virtual IP (VIP) on the load balancers. You also setup a VRRP address, say 192.168.1.2, that is bound to the load balancers, and is used as a gateway by the firewalls.

The firewalls each have their own public addresses (we will give them 192.168.1.6 and 192.168.1.7) as well as a VRRP address on the public side, 192.168.1.8.

On the load balancers, set up a filter that says: All traffic destined for the 192.168.1.16/28 netblock must go through 192.168.1.8.

On the private side of the firewalls, you need three address:
192.168.1.18 for FW1, 192.168.1.19 for FW2 and they will share a VRRP address of 192.168.1.17

Each of the servers will be assigned an IP address in the 192.168.1.16/28 and use 192.168.1.17 as their gateway.

The firewalls will use simple port forwarding to move traffic from the public to the private interface, and will keep session state with each other (as will the load balancers).

The load balancers will use 192.168.1.1 as their gateway. Because you have two handoffs, hopefully, to two different switches within your provider's infrastructure, the 192.168.1.1 address should either be a VRRP/HSRP address or you will need a BGP handoff -- in which case you should make sure you use an LB device that supports the BGP protocol (Alteon/Arrowpoint/Foundry/RadWare).

Hopefully this makes sense :D.