|
Hi Chris,
> I know that I will need to use Direct Routing for this,
> however I am concerned that because the outside IP addresses
> are already being NAT'd (hence everything IP address-wise
> will be coming from the inside interface on the firewall),
> that I may not get a "good balance". What would be the best
> type of balance to setup in this scenario? Also, I need to
in this scenario I'd use the standard "round-robin" algorithm. in
ldirectord.conf under your "virtual=VIP.ip.here.xyz" section make sure
scheduler=rr appears.
> maintain some level of persistence since it is session-based
> websites and it is VERY important that the user continue to
> use the same real server for their session.
in the same area of ldirectord.conf, persistence=xx where xx is seconds of
persistence.
>
> Currently, I need to:
> - Be able to load-balance to multiple web/app servers on
> Windows 2000 & Linux.
no problem. check the mail archives & howto for specific examples.
> - Be able to provide redundant load-balancing using
> ldirectd/heartbeat
> on the load-balancers themselves (using Ultramonkey, preferably).
it seems with the latest versions of heartbeat & ultramonkey you don't need
MON anymore. we used to have to use that monitoring software to avoid
"split brain" scenarios where in some hardware/network failures both LBs are
fighting for control over who is active. theoretically you are set with
ultramonkey & ldirectord.
> - Provide (if possible) a failover SAMBA (SMB) fileservice from the
> load-balancers (when failing over, start/stop SMB service).
> {I'm willing to deal with the filesync issues between the two)
sounds like perhaps you might want to use mon after all.. either that or
get your hands dirty in source code of either ldirectord or heartbeat. (if
you know perl I don't think it would be too hard to modify ldirectord)..
> If anyone is running anything similar to this, I would very
> much appreciate hearing about your scenario and the basic
> idea of how you set things up. I have the HOWTO and other
> docs and things are starting making sense about how everything works.
> I'd like suggestions about what you guys believe is the
> proper way to implement this type of situation.
just keep plugging away for a bit and things will start to work for you.
the mailing list archives & howtos are as important as coffee and/or
redbull. mail the list when you get stuck :).
my tip of the day for you is to make certain you have a QA setup that
simulates your production scenario as much as possible - hardware, network
layers, and firewall. firewall & DoS defenses are last AFTER you get things
working..
> Again, any help would be greatly appreciated.
>
> Chris
Best of luck
Peter
|
