LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: DR or NAT

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: DR or NAT
From: orpheus@xxxxxxxxxxxxxxxxxxxx
Date: Thu, 28 Apr 2005 17:44:15 +0200
On Thursday 28 April 2005 17:09, Bruce Richardson wrote:
> On Thu, Apr 28, 2005 at 04:26:50PM +0200, orpheus@xxxxxxxxxxxxxxxxxxxx 
wrote:
> > On Thursday 28 April 2005 15:43, Bruce Richardson wrote:
> > > The advantages of NAT are that it doesn't require any special settings
> > > (e.g. arp suppression on the application servers),
>
> Erm, I should have said "it doesn't require any special settings ( yada
> yada ) on the application servers".  Misleading punctuation, there.
>
> > first, thanks for answer
> > do you have some recommendations on hardware used for that?
> > I think 2 eth cards are real minimum for that, but would it help to have
> > 3 or 4 ?
>
> If you are doing HA, do it properly.  Use bonded interfaces where ever
> possible.  For the directors you want a bonded pair for the external
> interface, for the internal interface and for the hearbeat interface (be
> careful to test that one, though).  That means six network ports, which
> is easily achievable even with a 1U rackserver if you get one with two
> on-board NICs and add either two dual-port cards or one quad-port card.
>
> The nice thing about the bonded interfaces is that you can configure
> them to provide fault tolerance (suriving the failure of one link) or
> load-balancing (keeps your throughput at a high level) or both of those
> at once or even port aggregation (treat 2 cards with X bandwidth as one
> card with 2X bandwidth, significantly raising your maximum throughput).
> Some of those options require the director to be connected to a smart
> switch, though.

:) ok, I agree that this should be an proper configuration (2 servers like 
this in HA)

> > How it is with CPU and memory. Right now it is PIII 700MHz
> > (735.315MHz :) ) with 512MB of memory with one eth card.
>
> When you are trying to maximise network throughput, CPU speed is much
> more important than RAM.  You need to get your calculator out and work
> out how much traffic each individual application server is likely to see
> and then compare the likely peak combined traffic with the maximum that
> the director can handle (both in terms of NIC bandwidth and CPU speed).

ok...

but what about security (DDOS.....), I think it should be much more easier to 
protect configuration like this... btw, do I need some patches for iptables ? 
(using 2.6.11 kernel from Gentoo)

-- 
-----------[ Signature ]---------
Name: Pavol Cvengros
Company: Prime Interactive, Ltd.
E-mail: pavol.cvengros@xxxxxxxxxxxxxxxxxxxx
Web: http://www.primeinteractive.net
Personal web: http://orpheus.grass.sk

<Prev in Thread] Current Thread [Next in Thread>