Re: topologies

[Gerry Reno <greno@xxxxxxxxxxx>]

Joseph Mack NA3T wrote:
> On Sat, 26 May 2007, Gerry Reno wrote:
>
> > Joseph Mack NA3T wrote:
> > > separate from what, the other realservers? the VIP?
> > yes
> > > > then it's more difficult to administer them and also they will lose 
> > > > access to common resources such as the backup server. So it looks 
> > > > like each realserver will have to be part of multiple lans or vlans 
> > > > into order to still have access to common resouces. In doing so, 
> > > > will it create any problems with routing for the VIP's and GW's?
> > > such as?
> > >
> > > > I don't want any triangulation problems that can cause connections 
> > > > to hang.
> > > what's a triangulation problem?
> > where you have the response packets best-routed around the director 
> > directly back to the client
> OK you want LVS-NAT or the modified-shared version of LVS-DR (if you 
> don't know what that is, use LVS-NAT).
> > Ok, some ascii art:
> you need blanks and not tabs, and limit to (about) 50chars/line
>
> > |
> > |(Single Public IP)
> > ---------------------
> > | HW NAT Firewall |
> > | Router |
> > ---------------------
> > |(GW=192.168.0.1)
> > |
> > |(VIP=192.168.0.215)
> > ------------------------------------------------------------------------------------ 
> >
> > | ==LVS== | | | |(192.168.0.10) |(192.168.0.11) | |(192.168.0.nnn)
> > --------------------- --------------------- | ---------------------
> > | keepalived | | keepalived | | | lots of other | | master | | backup 
> > | | | servers |
> > --------------------- --------------------- | ---------------------
> > |(GW=192.168.1.1) | |
> > ------------------------------------------------------------------- |
> > | | | | |
> > |(192.168.1.10) |(192.168.1.11) |(192.168.2.10) |(192.168.2.11) |
> > --------------- --------------- --------------- --------------- |
> > | RS(web) | | RS(web) | | RS(db) | | RS(db) | |
> > --------------- --------------- --------------- --------------- |
> > |(192.168.0.70) |(192.168.0.71) |(192.168.0.72) |(192.168.0.73) |
> > | | | | |
> > -----------------------------------------------------------------------------| 
> >
> > |
> > --------------------- |
> > | Network |---------------------------------
> > | Storage |(192.168.0.99)
> > ---------------------
> >
> > This is what I was referring to when I was commenting on topology and 
> > if it is possible to configure this way I was concerned about packets 
> > being best-routed somehow past the director through the second 
> > interface on the realservers.
> taking a punt here...
>
> you have director(s) with a public IP (here 192.168.0.215). Then you 
> have some web realservers, on 192.168.1.0/32. Presumably these talk to 
> the db machines (and the clients do not directly connect to the db 
> machined). In which case the db machines can also be on 
> 192.168.1.0/32. And you have a NAS which can also be on 191.168.1.0/32. 
This was part of my problem. All the other (non-LVS) servers on the 
network are on 192.168.0.nnn which includes the NAS server. If I put NAS 
on the 192.168.1.0 network it may be a problem. Maybe I can use /23 to 
keep it visible on both networks. But again I still am concerned about 
packets finding their way directly back to 192.168.0.x network and to 
the client.

> The webservers will have 192.168.1.1 as their default gw. The other 
> machines (db, NAS) shouldn't havea default gw at all (presumably they 
> aren't replying to clients)
Hmm... I still have other LVS services like SSH that I want to make 
available on these machines. I'll have to think about this part some more.
> Joe
Gerry