|
Joe,
> on the assumption that the traffic being LVS'ed and the traffic being
> bridged are independant, there should be no problem doing this.
That I think is where I'm sorta hung up. The function of the LVS machines
would be to run the filtering apps on the incoming traffic from the net.
For example, a SMTP session is passed off to one of the LVS real servers
and then gets sent on to a machine on the local network (off of the
firewall/switch). This means that I have to use the bridging firewall
patches (from http://bridge.sourceforge.net/). From the links you sent it
looks like I might run into some issues since the ipvs stuff is a
netfilter module. I'm also thinking that this might require 3 nics in the
director machine.
> However it seems that you are using your director as a multifunction
> machine. This invites problems just to save the price of an extra node.
Yeah true...
-Warren
|
