On Wed, 2006-02-22 at 14:45 -0800, William Olson wrote:
> Yep, that's pretty much how we do it.
<snip>
You could also do this using ports instead of IP addresses, so if you
ever extend the cluster internally you don't end up using thousands of
"internal" (whether RFC1918 or public) IP addresses.
Say you had a simple 1 director, 2 node cluster using LVS-NAT. It has 10
VIPs, VIP1 thru VIP10.
The director has VIP1 thru VIP10 on its' public interface. You then
configure your LVS for each VIP such that:
VIP1 port 443 -> RIP1 and RIP2 port 20001
VIP2 port 443 -> RIP1 and RIP2 port 20002
...
VIP10 port 443 -> RIP1 and RIP2 port 20010
Clearly this means that your customers may be able to determine for
themselves that their environment details show that their port is not
443. This can have far-reaching implications in certain areas of
e-commerce, but it does save you ending up with a billion IP addresses
on your realservers :)
Graeme
|