|
Andy Harding wrote:
>
> Hi
>
> > hmm, the VIP(s) should all face the outside world. There shouldn't be one
> > on the inside ethernet device.
> I think there needs to be one on the inside so that default route
> (gateway) is brought up on the second server if the first fails. Otherwise
> the real servers would need to be configured with the new gateway ip when
> the backup kicked in.
when the backup director is made active, both the VIP and the DIP are moved
to the new director. Perhaps you are confusing the nomenclature of the DIP.
> I need the real server to be able to access the outside world,
there are often reasons why people need to do this, see the section on 3-Tier
LVS's in the HOWTO. Just make sure that each hole you poke in your security
setup is only letting in and out what you want.
> Is NAT on the director (gateway)
> the way to let the real servers make a connection to outside.
You can arrange for realservers to connect to the outside world in
both LVS-NAT and LVS-DR. see the section on clients on realservers
in the HOWTO
Joe
--
Joseph Mack PhD, High Performance Computing & Scientific Visualization
SAIC, Supporting the EPA Research Triangle Park, NC 919-541-0007
Federal Contact - John B. Smith 919-541-1087 - smith.johnb@xxxxxxx
|
