|
On Mon, May 08, 2000 at 11:18:08AM +0700, Pongsit@xxxxxxxxxxxxxxxxxx wrote:
> If i would like to use LVS to balance 3 transparent proxy is this how i do it
> ?
>
>
> Internet
> |
> |
> ------------------------------------------- hub 1
> | | |
> |eth0 | | proxy1 ,2 and 3 set as a
> proxy1 proxy2 proxy3 transparent proxy with firewall
> |eth1 | | where eth0 connect to internet
> | | | and eth1 to the internal network
> ___________________________________________
> | | | | | hub 2
> | | | | |
> LVS/DR client machines |
> |
> |
> ___________________________________________ hub 3 if i have more internel
> users
>
> any one who did this before please give some advice . Please correct me if i
> am
If you want to do transparent proxying then I would suggest a topology
more along the lines of:
Internet
|
|
------------------------------------------------ hub 1
|
|
LVS/DR
|
|
________________________________________________
| | | | | | | hub 2
| | | | | | |
proxy1 proxy2 proxy3 client machines |
|
|
_________________________________________________ hub 3 if i have more
internel
users
Use IP chains mark all outgoing port 80 traffic, other than from the 3
proxy servers with firewall mark 1 (ipchains -m 1...).
Set up a IPVS virtual service matching of fwmark 1 (ipvsadm -A -f 1...).
The proxy servers will need to be set up to recognise all port 80 traffic
forwarded to them as local.
This way all outgoing traffic hits the LVS box. If it is for port 80 and
isn't from one of the proxy servers then it gets load balanced and
forwarded to one of the proxy servers.
You may want to consider a hot standby LVS/DR host to eliminate a single
point of failure on your network.
I havn't tested this but I think it should work.
--
Horms
|
