|
> the solution is to add a
> > static arp entry in the real server's arp table of the router's ip and mac
> > address.
>
> I hadn't thought about this. I have the router with an 192.168.x.x address
> and an address in the network of the VIP, so can communicate with the
> real-servers and the director.
>
> So what are the minimum addresses for the inside of the router, the
> outside of the director and the real-servers?
2. 1 router. 1 vip.
the balancer doesn't need to accept any outside addresses except the vip.
the real servers don't need to either, they just need a path back to the
router, which is fine with the vip on a hidden interface i suppose, and
fine with horms' ipchains method + static arp entry as well.
all other addresses can be private.
right?
that's how i'll be doing things. vip on a balancer's eth2 (maybe eth2:0),
192.168.1.x on its eth1. 192.168.1.x on a real server's eth1, ipchains
redirect (horms' method) to accept the packet, avoid the arp problem, and
redirect port 80 traffic to a non-priviledged port. arp entries for the
router on the real servers to send responses. that 192.168.1 network is
on the same physical segment as the router.
i just use eth1 and eth2 because of the hardware in the machines (i like
my dual-port tulip cards more than the on-board eepro interfaces).
lots of other action going on in the network i'm implementing, but that's
the gist of it from the web traffic + balancing point of view.
-tcl.
|
