Part of the standard deal at this datacenter is that you can have a
6-address subnet made available per server for free. However, in order
for a number of servers to share this, they need to be physically on
the same net too. The RIPs will be whatever, but my VIPs will be from
that extra subnet.
They specifically mention that there's no collision domains in their
data center, so LVS_DR is out of question anyway.
I can't quite work out if their IP Spoofing prevention will screw up
things in this situation too, but at least I have LVS-NAT as a last
resort.
I wonder, if you then need to keep your primary address within the
assigned routeable IP address range? If so, even with LVS_NAT you need
to setup one additional route, like so (more or less):
ip rule add from VIP lookup 100
ip route add default via 88.198.7.129 src RIP table 100
This allows you to reach the RS publicly and via LVS. Though, it might
be that rigorously set ACL on the managed L3 switches will not allow
privately-routed IP addresses to pass their ports. So LVS_NAT could be
in danger as well :).
Both LVS-DR and LVS-TUN seem to me to be more elegant
solutions, but ...
Elegant yes, however dirty and as such with great requirements and
adjustment to the environment they are being engineered into.
The datacenter doesn't have the VIP in its range, it's in your
range, but it's coming out of the machines in their
datacenter.
In this case the VIPs are in a range that was dished out by the
datacenter.
:) I like their policy already.
Best luck and have a nice day,
Roberto Nibali, ratz
--
echo
'[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc
|