To All so far,
>From all the preliminary inputs, it looks like we'll end up fielding some
of-the-shelf solution that will monitor and redirect the packets. But I'm
still open for suggestions.
Michae Sorbera
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, July 25, 2000 2:01 PM
Subject: Re: Another option to Round Robin?
>
>
> On 07/25/2000 at 16:36:25 ZE2, "Volker Tanger"
> <[EMAIL PROTECTED]> wrote:
> > Assumptions:
> > MainWeb Server 1.1.1.1
> > BackupWeb Server 2.2.2.2 (plus secondary IP address 1.1.1.1)
> >
> > Following options - plus a bunch of even more weird:
> >
> > 1.) ISP-sided routing.
> > This will have to be implemented on your ISPs side and the routes
> > properly
> > distributed. You will
> > have automagic failover wether the server or the link goes down.
> > route 1.1.1.1 (via main site) metric=1
> > route 1.1.1.1 2.2.2.2 metric=5
> >
> > 2.) Load-Balancer (I)
> > You place a load balancer in front of the main web server. If the
> main
> > web
> > server goes down,
> > it sends ICMP-redirects, redirecting the packets to the Backup Web
> > Server.
> > This won't help
> > if the link goes down.
> >
> > 3.) Load-Balancer (II)
> > You place a load balancer in front of the main web server. If the
> main
> > web server goes down,
> > it re-sends the packet with IP loose source routing via 2.2.2.2 back
> > to the uplink router.
> > This won't help if the link goes down.
> >
> > 4.) VPN / Tunneling
> > If you don not have access to ISP sided routing, then create
> > aVPN/tunnel
> > between the two routers
> > in front of the web servers. You set the following routes on the
> > routers:
> > Main site router:
> > route 1.1.1.1 connected metric=1
> > route 1.1.1.1 (via VPN to backup site) metric=5
> >
> > Backup site router:
> > route 1.1.1.1 2.2.2.2 metric=1
> >
> > But this won't help if the link goes down.
>
> Some clever and new (at least to me) ideas here, but I question whether
any
> of options 1-3 would work in the real world (I have no idea about option
> 4).
>
> Option 1 can only work if the redirector (the router with the secondary
> route to the backup address) is adjacent to the backup machine or if all
> routers on the path to the backup have routes pointing to the correct next
> hop (not to the target backup address - that's not the way routing works).
>
> Option 2, ICMP redirects. No way. First, a redirect means take another
> route, it doesn't mean go to another destination. Second, the redirect
> must be sent all the way back to the originator (the client), but ICMP
will
> not reach many clients as it is filtered by many sites. Third, sending a
> redirect still requires you to forward the packet to the correct
> destination.
>
> Option 3 - loose source routing is not obeyed in many parts of the
> Internet. It may even be filtered by some.
>
> So, please let us know which of these you have successfully implemented.
>
> Tony Rall
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
