Re: Can we do user-id-based-switching on layer4 switch with lvs?

To:	<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: Can we do user-id-based-switching on layer4 switch with lvs?
From:	"john-dean" <john@xxxxxxxxxxxxxxx>
Date:	Thu, 3 May 2001 01:59:56 +0800 (Taipei Standard Time)

-------Original Message-------

From: Horms

Date: 2001年05月05日 AM 01:05:06

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx

Subject: Re: Can we do user-id-based-switching on layer4 switch with lvs?

On Wed, May 02, 2001 at 09:20:57PM +0800, john-dean wrote:
>
> Dear All:
>
> I ask for the help for the implementation:
>
> A lvs box acts as a layer4 switch by LVS-NAT
> however there are two FTP real-servers with different
> content exclusively (for some reason,they can not use
> role-based-control to handle in one server to see different content) .
>
> two users with the same IP(also from another NAT area and the IP is dynamic) must go to the two different FTP servers, The problem is:
> Can we use some identify or proxy method to dynamic change the lvs table to reflect the different path ?
> best regards...

>>Is there are reason they _have_ to use the same IP address. If you
>>can use different IP addresses then you can set up two virtual >>services
>>and have a different back-end FTP server in each. Otherwise, as >>per a
>>different mail to the list you will need somthing more than layer-4
>>switching.

thanks for the help!!

It seems users may come from a single IP from a NAT area (AOL or some companies) , but in different ports.

I don't know the following idea is work or not, please give me the openions:

[I am not talking about a layer 7 switch whicn parsing the cookies]

If we can first check the user ID and passwords by some daemon, (before ftp) then get the user's IP:port , than we can use the fwmarks method to mark differently with IP:port and dynamically ( daemon execute ipchains and ipvsadm, like nanny in Redhat) update the lvs table in kernel to reflect the ID and its ongoing ftp server, and issue the user who can use ftp then.

But it is not transparent and not convinent with "single sign on",So what else we can do?

Best regards..

--
Horms
horms@xxxxxxxxxxxx
http://vergenet.net/~horms/

_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users

_________________________________________________
IncrediMail - Email has finally evolved - Click Here

<Prev in Thread]	Current Thread	[Next in Thread>
Can we do user-id-based-switching on layer4 switch with lvs?, john-dean Re: Can we do user-id-based-switching on layer4 switch with lvs?, Radu-Adrian Feurdean Re: Can we do user-id-based-switching on layer4 switch with lvs?, Horms Re: Can we do user-id-based-switching on layer4 switch with lvs?, john-dean <= Re: Can we do user-id-based-switching on layer4 switch with lvs?, Joseph Mack

Previous by Date:	Re: Can we do user-id-based-switching on layer4 switch with lvs?, Horms
Next by Date:	Re: Security of VS-NAT versus VS-DR ?, Jon Burford
Previous by Thread:	Re: Can we do user-id-based-switching on layer4 switch with lvs?, Horms
Next by Thread:	Re: Can we do user-id-based-switching on layer4 switch with lvs?, Joseph Mack
Indexes:	[Date] [Thread] [Top] [All Lists]