|
This is very similar to my setup, and it works great.
"K. M." wrote:
>
> Three questions:
> --can LVS be used as a combined load balancer/firewall, since you're using
> ipchains already, or is ipchains on a separate box recommended?
You are restricted to using VS-NAT if you want all your traffic to go
through the ldirectord/firewall machine.. that's really the only
consideration..
>
> --can you place a single box that *doesn't* need load balancing behind the
> LVS box? Not sure how would work, if the LVS box always represents just one
> IP.
If you have 'real' IP's for your firewalled subnet, this is easy. If
you are using reserved LAN IPs (i.e. 10.0.0.x or 192.168.x.x) then you
would need to use the portfw module with ipchains.
>
> --is LVS a good choice for the following configuration?
>
> Requirements: 3 webservers, need to be load balanced; 1 database server, not
> part of the load-balancing cluster; all servers are colo and need to be
> firewalled and accessed remotely
>
> ME
> |
> |
> (internet)
> |>public network
> |
> data center router
> |
> firewall
> |
> switch >private network #1?
> | |---------------------------|
> -------------- |
> | | database server
> LVS primary LVS backup
> web1 web2 web3 >private network #2?
>
> This diagram is just a draft. If the LVS box can serve as a firewall and the
> db box can go behind it, so much the better.
>
> thanks!
>
> Kathi
|
