|
On Wed, 19 Apr 2006, Graeme Fowler wrote:
This is the LVS synchronisation daemon pushing state information from
the master to the backup director (and it is in fact multicast, not
broadcast, see http://www.iana.org/assignments/multicast-addresses).
It is possible to put this traffic onto a separate interface (like your
heartbeat network) to save it being sent out to all the machines on the
frontend network, but how that's configured depends on which application
you use you manage your LVS.
There's a thread on the keepalived mailing list at the
moment about which network to put the keepalived vrrp
packets. I've lost my posting privileges but still get the
posting and I'm not prepared to go figure out why, so I'll
post my 2c worth here.
An LVS functions as one machine and thus must appear to the
outside world as one machine. This means if you have any
communication between machines (director-director,
director-realserver), the clients can't know about it.
o it breaks the unix semantics of one machine
o it allows hackers access to private data.
Whether you put the director-director communications
on the same network as the RIPs or on another private
network, is up to you, but the packets can't be allowed to
go out the NIC on the director which faces the internet.
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
|
