On Wed, Mar 19, 2003 at 01:27:22PM -0600, Warren Volz wrote:
> Joe,
>
> > on the assumption that the traffic being LVS'ed and the traffic being
> > bridged are independant, there should be no problem doing this.
>
> That I think is where I'm sorta hung up. The function of the LVS machines
> would be to run the filtering apps on the incoming traffic from the net.
> For example, a SMTP session is passed off to one of the LVS real servers
> and then gets sent on to a machine on the local network (off of the
> firewall/switch). This means that I have to use the bridging firewall
> patches (from http://bridge.sourceforge.net/). From the links you sent it
> looks like I might run into some issues since the ipvs stuff is a
> netfilter module. I'm also thinking that this might require 3 nics in the
> director machine.
I have to confess that I am not up to speed on the bridging
firewall. But if you were using a routing firewall I wouldn't see
any problems.
> > However it seems that you are using your director as a multifunction
> > machine. This invites problems just to save the price of an extra node.
>
> Yeah true...
Ditto
--
Horms
|