|
Everyone seems to recommend VS-DR instead of VS-NAT.
I have a few questions regarding this preference.
a) security
Isn't it true that a 2-NIC VS-NAT setup is intrinsically
more secure than a VS-DR setup?
The NAT setup has no physical connection between the realservers
and the outside network, every packet must pass through the director.
The masquerading and ipvs-configuration of the director are the
only critical point, how packets can be moved between the inside and
outside
networks.
The DR-setup needs a physical connection from each realserver to the
outside network, for the return packets.
Any configuration error in any of the realservers contains a risk
that uncontrolled packets can flow between the outside network and the
inside network.
We have multiple points of security failure (every real server)
instead of a single
point (director).
b) director as firewall
If I have no separate firewall for the LVS cluster, but want to use
the director
for it, then VS-NAT is the only choice.
VS_DR would need a firewall outside of both, the director and the
return-cables
from the realservers.
Is that correct?
c) performance advantage of DR versus NAT
If I need such a firewall outside of the LVS, which all incoming
packets
and return packets have to pass: the supposed performance advantage of
DR
goes away, it is just that the bottleneck which all packets have to
pass moves
from director to firewall box.
There is no intrinsic reason why a separate firewall box should be
able to do its
job faster than the director itself, if comparable hardware (CPU
speed, RAM size)
is chosen.
is that correct?
If my assumptions are correct, what is the advantage of DR versus NAT
in a production http-server which needs firewalling against the
Internet?
Alois
|
