|
One of the practical application in our environment is for network
management purpose. We have a group of management server, however, for load
sharing/HA purpose I would like to let all of them appear as a single IP.
The way the overall system works is that whenever there is a link state
change on the edge switch port (connect/disconnect a pc/notebook to the
switch port, for instance), a trap will be sent to the management server,
which contains important info like the location of the switch, MAC address
of the client, etc. These information will be used later to generate audit
reports.
Unfortunately currently there is no way to send certain packets to all real
server, so unless the subsequent packets from the *client* (not the switch)
happended to reach the real server, or else ....
Obviously I could use persistence feature with 0.0.0.0 as the netmask, but
this doesn't sounds like a neat solution ...
The "security/flooding" concern something valid as not every system
administrator knows what they are doing :-)
This is just one particular instance whereby I found LVS doesn't fit into
the picture nicely. In other situations especially WWW/FTP, it works really
nice!
-----Original Message-----
From: Ted Pavlic [mailto:tpavlic@xxxxxxxxxxx]
Sent: Saturday, July 29, 2000 4:28 AM
To: Joseph Mack; Brian Edmonds
Cc: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Q]Send certain packet to *ALL* real server
> I take it just having the DNS on the real-servers as secondaries to the
> master machine independant of the LVS just doesn't fly?
> I don't know how NOTIFY works. How does a primary machine NOTIFY
> secondaries? From what I know from setting them up, the primaries don't
> push, they respond to requests.
The primary servers do send notifies to the authoritative secondary servers
(i.e., all of the NS records in a domain).
The notifies don't push information, they simply tell the secondaries that
it is time to pull information for domain-X. They basically force the
authoritative secondaries to do a zone transfer before their zone
information has expired.
It would be useful to be able to send one notify to all servers at one time
thus causing all of them to go and pull all of their information
immediately...
BUT... I'm not quite sure how RFC it is to have DNS behind an LVS. Any
thoughts on this?
However -- I'm sure there are other uses for having the ability to send a
packet to all real servers at once... I just can't think of any right now...
<?>
Personally I don't know if it would be worth the hassle. And I think I'd be
worried about security... that is -- I'd be worried that someone could flood
all of my real servers at once. That wouldn't be cool.
|
