Nicolas Chiappero wrote:
> I would like to merge director and firewall into only one box, but
> some questions remain and I have no clear answers :
> - I read many different documents and figured out that "proxy arp"
> is equivalent to "transparent proxy". Am I right ?
no, TP allows a machine to accept (rather than forward) packets
for which it is not the destination. This originally was written
so that a local squid would accept packets destined for a remote
httpd server.
proxy arp, allows a host to reply to arp requests, telling the requestor
that it has an IP locally, when in fact the IP is on another machine.
This is useful to alter routing (eg for transparent bridging).
> - If so, I found a document (http://www.sjdjweis.com/linux/proxyarp/)
> explaining how to do proxy arp on a 2.4 kernel. Will this method
> be compatible with LVS as long as director would also be the default
> GW for realservers ?
hmm, well it may be possible, but no one has done it yet.
Julian's forward-shared patches are the way to allow an LVS-DR
director to be the default gw for the realservers.
> I would like to have a very stable setup, so I'm wondering whether
> switching from LVS-DR to LVS-NAT would be a better approach or not.
won't make any difference.
> In this case, I would like to be sure that LVS-NAT can handle
> the actual load of this LVS-DR setup.
The problems with 2.2 LVS-NAT are not in 2.4 LVS-NAT. It's fast
now. With any modern CPU (>400MHz), the rate limiting step
is the network (100Mbps) or reading off the disks.
Joe
--
Joseph Mack PhD, Senior Systems Engineer, SAIC contractor
to the National Environmental Supercomputer Center,
ph# 919-541-0007, RTP, NC, USA. mailto:mack.joseph@xxxxxxx
|