LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] Fwd: Firewall clustering

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] Fwd: Firewall clustering
From: Michael Schwartzkopff <misch@xxxxxxxxxxxxxxxxx>
Date: Tue, 17 May 2011 14:06:49 +0200
> > the usual way that LVS is used with pacemaker is that you have a HA pair
> > of LVS laod balancer boxes that load balance across a farm of additional
> > servers, but the LVS boxes themselves are active/bassive
> 
> Thanks, I will take a look.
> 
> No. CLUSTERIP only works on the INPUT chain, not on the forward chain.
> 
> > Believe me that you do not want to setup an active/active firewall, but
> > an active/passive cluster.
> 
> What do you mean? Could you be more specific?
> OK to not user CLUSTERIP. But what about an active/active cluster for
> firewalling? Is there any problem?

Yes. How can you distribute traffic over both systems? The only idea I have are 
FWMARKs and loadbalancing according to the MARKs. But is too much effort for a 
simple firewall.

My advise: Do an active/passive cluster setup WITHOUT loadbalancing. You can 
configure state table sync. Every normal hardware today is able to firewall 
1Gbit/s traffic. No need to add load balancing.

Greetings,

-- 
Dr. Michael Schwartzkopff
Guardinistr. 63
81375 München

Tel: (0163) 172 50 98
Fax: (089) 620 304 13

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
<Prev in Thread] Current Thread [Next in Thread>