|
> I didn't think we could use the same key in an LVS-DR solution?
>
> Client -> www SSL syn
> RSxx -> Client ack
> Client --> [..? Who is this and why are they sending me a return SSL ACK?]
> Client --> www SSL syn
> Etc.
I'd still think that you could, yes. With DR, you have the RIP address on
the director, which responds to ARP requests, as you do on the real servers,
which do not ARP. So, when a request comes in, it simply gets rewritten to
the MAC address of the real server (which is not routed), and resent on the
local network. When the realserver responds to the original request, it is
responding on the hidden interface, which has the RIP address. The end
result is that every packet seems like it is coming from a single computer,
not from a cluster of computers.
If this wasn't the case, LVS-DR would not work for most people behind
firewalls.
As for the legal aspects, as pointed out by Mr. Turnbull, I dunno.
-Jacob
Listingbook.com
|
