|
On Wed, Nov 01, 2000 at 07:04:32PM -0500, tc lewis wrote:
>
>
> > the solution is to add a
> > > static arp entry in the real server's arp table of the router's ip and mac
> > > address.
> >
> > I hadn't thought about this. I have the router with an 192.168.x.x address
> > and an address in the network of the VIP, so can communicate with the
> > real-servers and the director.
> >
> > So what are the minimum addresses for the inside of the router, the
> > outside of the director and the real-servers?
>
> 2. 1 router. 1 vip.
>
> the balancer doesn't need to accept any outside addresses except the vip.
>
> the real servers don't need to either, they just need a path back to the
> router, which is fine with the vip on a hidden interface i suppose, and
> fine with horms' ipchains method + static arp entry as well.
I'm not sure I follow the necesity for the static arp entry,
unless the router can't deal with having an interface on
non-routed network (for administrative reasons).
> all other addresses can be private.
>
> right?
Yes, as long as the real servers don't need to _initiate_ connections to
external hosts. There was a thread on how to allow privatly addressed real
servers to initate connections in DR mode a while back, I won't reiterate
it.
> that's how i'll be doing things. vip on a balancer's eth2 (maybe eth2:0),
> 192.168.1.x on its eth1. 192.168.1.x on a real server's eth1, ipchains
> redirect (horms' method) to accept the packet, avoid the arp problem, and
> redirect port 80 traffic to a non-priviledged port. arp entries for the
> router on the real servers to send responses. that 192.168.1 network is
> on the same physical segment as the router.
You can redirect the port 80 traffic to port 80 if need be.
--
Horms
|
