|
Lars Marowsky-Bree wrote:
You cannot load-balance the same IPSec session to multiple end points;
that will be the main problem, I suppose.
> so the
basic question is whether you expect to have many "low bandwidth" connections
(ie each of them could be handled by a single node) or few "high bandwidth"
ones. The second one might not adapt too well to being load balanced.
we will have many 'low bandwidth' connections - they will all be < 2MBit.
Second, LVS doesn't do load balancing of non-UDP/TCP protocols right now; and
if my memory doesn't fail me, IPSec is such a protocol. It might be reasonably
(?) easy to extend LVS to do this though.
good point - I didn't think of that before. My problem is, that I'm good
at installing, but programming is something I havent done for about 2 years.
But I am pretty sure ratz will be the person for you to talk to; he is the
resident security expert ;-)
it may sound stupid, but who is ratz? - sorry I#m bad at remembering
names...
Henrik.
| 