|
Thanks Sandy for the response...but didn't get enough information from the
papers for my problem.
One solution proposed to me by my seniors is :
Every server is given the same virtual IP (I dont know how) and on the
director, there is some application sitting which listens to the packet s on
layer2 itself and routes them to real servers on the basis of their MAC
Address(I dont know how). There is a mapping of the Client's source IP address
to the real server's MAC Address.
Just wanted to know, if this solution is feasible. And a request is that please
talk in simple terms(i am new). Also, the redundancy is still not taken care of
as each client will have to make IPsec ESP transport connections with 2 real
servers. How is this achievable ??
Hope you got the question.
Thanks
Gagandeep Bajaj
On Thu, 28 Feb 2008 Sandy Harris wrote :
>On 28 Feb 2008 06:37:01 -0000, Gagandeep bajaj
><gagandeep_bajaj@xxxxxxxxxxxxxx> wrote:
> >
> > Hello everybody .... this is my first post and i guess its gonna be a long
> > one to make you people understand my problem.
> > I am new to this cluster concept, but know about LVS and IPsec though.
>
>One good paper on scaling IPsec:
>http://www.av8n.com/security/lisa/
>Site has other papers as well.
>
>Some performance data:
>http://www.freeswan.org/freeswan_trees/freeswan-2.06/doc/performance.html#performance
>
>I wrote most of that. Post questions if needed.
>
>--
>Sandy Harris,
>Nanjing, China
Gagandeep Bajaj wrote:
Hello everybody .... this is my first post and i guess its gonna be a long one
to make you people understand my problem.
I am new to this cluster concept, but know about LVS and IPsec though.
Here is my problem :
Client
(40.x.x.x) Cluster ---> Director ( 50.x.x.x + 10.x.x.x)
Real server1 (IPsec,10.x.x.x)
Real server2 (IPsec,
10.x.x.x)
I am working on IMS P-CSCF, so will be having around 1 million IPsec
connections at one single time, and that too ESP and in transport mode. What
the requirement is to distribute these IPsec connections on real servers(high
end machines(8 core) till i guess may be 8).
What should be the configuration, and which one should i use--> LVS-NAT or
LVS-DR ...and
what kind of load balancing application i have to make on the director that all
the requests from one client IP address goes to the same real server.
What can i do for redundancy of IPsec connections that the client doesnt have
to reconnect, if one real server goes down ..??
As i dont have any previous experience with this, I dont have any idea, how
many real servers will i need, How much CPU they will take(encryption thing)
etc.
Please help me as i have been googling for more than a week for any pointers,
but everywhere it is a proprietary solution ...
TIA
Gagandeep Bajaj
Software Engineer
India
|
