"Michael T. Halligan" wrote:
>
> I have an lvs server that also needs to be an SSL proxy..
I don't really understand what you're trying to do here
(not knowing much about SSL proxies), but there's
a few things I notice.
> My first idea was to use 2 external ip addresses, have
> one of them proxypass to the other external ip address.. And
> have that other ip address be the ip address that LVS sits on.
the machine will recognise the new dst_addr as being local and won't
send the packet out again. The rules for the 2 IPs won't chain.
> That doesn't seem to work because of my nat configuration, my internal
> box can't talk to that external Ip address.
>
> My second idea was to have
>
> EXTERNAL_IP 1
> Proxypass to an internal ip address :
> 192.168.1.20 which would loadbalance to realservers
> 192.168.2.54 and .55
>
> And have my realservers use 192.168.2.1 as a gateway.
>
> The problem is I don't have enough Nics..
use iproute2 tools (they aren't easy to use).
With these tools all IPs are independant.
The only thing you get from separate NICs is
higher throughput and separation of packet traffic.
Whether you have the IPs on separate or the same
NICs, they'll still be local to the host.
Joe
--
Joseph Mack PhD, Senior Systems Engineer, SAIC contractor
to the National Environmental Supercomputer Center,
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
|