Hi,
Here's an idea from an article in a Linux Journal, that struck me as one
of the smartest, yet simple, ideas I've seen (maybe I don't get out
enough, you make up your own mind :-).
Let's say we have four web servers and four hosts.
1. Give the hosts RFC 1918 address on the real interfaces.
2. Stick the hosts behind a pair of routers using VRRP/HSRP.
3. On each machine ...
a) configure four loopback pseudo interfaces (eg lo0:1, lo0:2, lo0:3,
lo0:4). This can be done on Linux and I have also tried Solaris
b) configure the four web server real addresses on lo0:[1-4].
c) set up the web servers listening on the appropriate
addresses/interfaces
You should now have four machines all capable of answering for any of the
web servers.
4. Select which host serves which web server by host routes on the
routers, ie provide a host route to web server 'a' via the RFC1918 address
on the appropriate host.
5. If you use dynamic routing between the routers and the web machines you
get automated failover.
6. If you can route by session (every time you see a SYN) you can even do
load balancing.
This is very simple, and cheap although I've probably not explained this
very well. The LJ article was much better.
Colin
--
Colin Campbell
Unix Support
CITEC
+61 7 3227 7112
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
