LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: vs/nat + ipcop

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: vs/nat + ipcop
From: Mack.Joseph@xxxxxxxxxxxxxxx
Date: Wed, 04 May 2005 19:09:29 -0400
Joseph Mack PhD, High Performance Computing & Scientific Visualisation
LMIT, Supporting the EPA Research Triangle Park, NC 919-541-0007 Federal
Infrastructure Contact-Ravi Nair 919-541-5467 - nair.ravi@xxxxxxx,
Federal Visualization  Contact - Joe Retzer, Ph.D. 919-541-4190 -
retzer.joseph@xxxxxxx

lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx wrote on 05/04/2005 03:34:08
PM:

> Most of the setups I see describe a layered approach:
>
>     firewall
>        |
> lb (lvs director)
>       /|\
>   http servers
>
> Is there any technical advantage to separating the
> firewall and lb onto
> different pieces of hardware?  Is it a requirement?

It was till recently. The director is a specialised router
and its own idea of routing bypassed attempts by netfilter
to affect the routing of packets. This has been mostly fixed
so that the director looks like a normal node now, but you
still have to keep your head on straight. See the howto for
making your director a firewall

Joe


<Prev in Thread] Current Thread [Next in Thread>