I have noticed an error in the description of the IBM Network Dispatcher
product in section 2 of the LinuxExpo Paper. The IBM Network dispatcher
does NOT require any modifications to the actual back end server kernel
code to function properly. In fact, any mix and match collection of back
end servers will work.
The trick to dealing with finicky clients is to alias the virtual service
address to the loopback interface (on the actual webserver node) and then
bind the webserver directly to the aliased address on lo0. In this way, the
dispatcher node will leave the destination IP address intact, and add the
MAC address of the network iterface as normal and when the destination
webserver picks up the packet (because it contains the webserver's MAC
address) it will forward it to the lo0 interface where the webserver lives.
When the reply is returned to the client, it will appear to emenate from
the correct IP address. This allows for NAT to occur at a DMZ firewall and
does not require the dispatcher to be involved in the return portion of the
traffic. The downside of all this is:
1) Dispatchers and clients must live on the same physical segment
2) A node can either be a client or a server for a particular address, but
not both. If you want to loadbalance traffic between two (loadbalanced)
webservers and two (loadbalanced) application servers, you must use two
different service addresses.
All that said, I have not used the new V2.0 of the dispatcher product
bundled into Websphere so things may(and probably have) changed.
In either case, I'll let you know how our tril of LinuxDirector works out!
rn
|