> > The point of all of this is that if the realservers aren't
> > up, I want client requests to time out (i.e. be silently
> > dropped by the director) rather than get "connection
> > refused".
>
> the user on the client box may not like this (for http, the
> web browser will just hang). Just a caution - you usually
> only drop packets for connections that you regard as
> malicious, and give normal users the reject so they can do
> something else.
I agree that in the vast majority of cases, the LVS behaviour is what it
should be - we're definitely working with a special case. :)
> However if you really want it, a possible way might be to
> have a director with localnode and an iptables rule for
> 127.0.0.1:your_service to drop the inbound packets.
Thanks! Localnode looks like it might be what I'm looking for, as long
as I can ensure that the local node would only be chosen as a realserver
when no other realserver is available. I think I've seen an option like
this kicking around...
> Another way of handling it would be to have a localnode
> sorry server (displaying a page saying "our website is down
> - please come back")
Since our cluster is providing HTTP services, our plan is to eventually
respond with a HTTP "Temporarily Unavailable", but atm the clients do
not support it. But now we know how to do it when the time comes. :)
Thanks for the reply, and the HOWTOs!
Nick.
|