FYI:
On Wednesday, April 19, 2006 at 10:46, Graeme Fowler wrote:
> It is possible to put this traffic onto a separate interface
> (like your heartbeat network) to save it being sent out to
> all the machines on the frontend network, but how that's
> configured depends on which application you use you manage your LVS.
>
> ipvsadm: --mcast-interface <interface>
> keepalived: lvs_sync_daemon_interface option in the VRRP
> instance section
> ldirectord: seems not to have the option in the CVS version
> I'm looking at (Id: ldirectord,v 1.136 2006/04/05 02:12:24
> horms) but can be driven alongside ipvsadm anyway quite
> happily, providing you don't stomp on the functionality
> provided by ldirectord.
I am using Ultramonkey which uses ldirectord. I agree entirely with Joseph
on his comments about the clients/ISP/outside world being able to see your
state information (or anything else) being passed back and forth between the
servers in an LVS. They shouldn't know there is more than one server
either.
As it happens I am using the LVSSyncDaemonSwap script for IP
takeover/giveaway in my haresources file. It was trival to switch the
interface used, only a matter of finding the interface definition part of
the file (/etc/ha.d/resources.d/LVSSyncDaemonSwap) and switching from:
if [ $# -eq 3 ]
then
CMD=$3
IFACE=$2
else
CMD=$2
IFACE=eth0
fi
To:
if [ $# -eq 3 ]
then
CMD=$3
IFACE=$2
else
CMD=$2
IFACE=eth2
fi
So far there's been no ill effects. Using an extremely underutilized
heartbeat interface to pass the LVS state information seems far more secure
and reliable than chancing it on an external or internal interface.
_________________________________
Dan Brown
zu.com communications inc.
|