|
Horms wrote:
The Ultra Monkey kernel is built by taking the Red Hat kernel,
replacing LVS (with 1.0.7 the last time around) and adding
the hidden patch. So yes, the Ultra Monkey Kernel supports
the hidden interface capability.
Excellent thanks he's up and running now.. :-)
Another question (Gee thats unlike me.) and some reflections on F5/Foundry..
LVS supports the use of :0 for all ports i.e linking HTTP & HTTPS
Or you can use firewall marks..
But ldirectord doesn't allow the use of :0 as a destination, would that
be easy to allow ?
A yes or no will do and I'll attempt to understand the code (perl
gives me a headache).
----- >
I was given an into to F5 & Foundry kit the other day and thought I'd
share my thoughts.
Foundry is a nice hardware switch (fairly) easy to configure via CLI but
the web interface is a disaster. It seems pretty similar to LVS but
offers layer 7 if required. They only do a 16 port switch now for about
£8,000 retail.
F5 is still freebsd/PC based although it runs from flash (won't that
wear out with all the logging ?) and has a switch fabric plugged in the
front. Its very fast and the web front end is very intuative. But the
licence keys are a pain in the but and matched to MAC addresses, SSL is
£2,000 per 400 sessions basic box is about £10,000 retail.
The guy I talked to said that 90% of customers in the UK only used basic
layer 4 switching. 60% using 2 arm NAT and 40% using 1 arm NAT. (rough
guess stats obviously.)
But that brings me on to two nice features (one of which may be a
possibility for LVS)
The one that is a possibility is that 1 armed NAT on F5 changes the SIP
to be the DIP before forwarding to the web server. Therefore the web
server does not need to be reconfigured as it thinks it is always
talking to the DIP. The only disadvantage is that you don't log the CIP
on the web server but most people do dynamic client stats these days anyway.
Is that a possibility for LVS ?
The other thing is fantstic (IMHO) when the director forwards a request
to the real server it caches the request until it sees a response from
the real server return , if it doesn't see one in a short period of time
it resends the cached request to another real server in the group ! :-)
no client ever gets a dud connection ...
I thought that was cool but I can see a lot of performance / memory /
DOS issues with it.
--
Regards,
Malcolm Turnbull.
Crocus.co.uk Ltd
01344 629629
http://www.crocus.co.uk/
|
