IPVSADM - help on network topology
- From: ben.wilder@xxxxxxxxx
- Date: 29 Aug 2006 06:28:28 -0700
Hi all,
I'm considering using IPVS shortly for a Load balancing scenario.
Objective:
Successfully balance load across three web servers
Be able to connect to and remotely administrate the three web servers
from an external network
Here's my current thinking:
Internet--> cisco Pix -->Linux with IPVS --> 3 Web servers
here's my current network addressing idea
Internet --> [e.g 80.100.50.100] Pix [192.168.0.1] --> [192.168.0.2]
Linux with IPVS [192.168.1.1] --> [192.168.1.10] [192.168.1.11]
[192.168.1.12]
I hope the above is clear. The topology above would implement the IPVS
/ NAT scheme correctly i believe, if, when traffic hits the external IP
address 80.100.50.100, this is translated by the Pix to 192.168.0.2.
The Linux with IPVS should then balance this across the three web
servers. The "real" servers (web servers) would have their default
gateway pointed at 192.168.1.1 so that the returning packets could be
"demasqueraded".
A few questions:
Can anyone tell me if my thinking above is correct before i embark on
putting it together in a proof of concept?
If this was in a hosted environment and i wanted to ssh / ftp into the
individual web servers so i could alter content / change configuration.
How would i perform this? If i set up VPN on the pix, i would be on the
192.168.0.0 network and would not be able to hit the 192.168.1.0
network.
If i used the pix to translate from an external address for ssh to an
internal one, i doubt id be able to get it to translate to a
192.168.1.0 address.
What would be the best way to remote admin the "real" servers (web
servers)?
Thanks very much for your time, any advice appreciated!
Mr W
.
- Prev by Date: Failover router ?
- Next by Date: Removing NAT conntrack entries
- Previous by thread: Failover router ?
- Next by thread: Removing NAT conntrack entries
- Index(es):
Relevant Pages
|
