On Tue, 2007-08-07 at 04:45 -0700, Joseph Mack NA3T wrote: > o This solves the problem of purchasing 100's of public IPs
Correct. It also solves having to manage many thousands of IP allocations within your own, private NAT network. > o does not change the number of lines for ipvsadm Correct. Although if you get a (some) reverse proxy(ies) to sit logically between the load balancer(s) and the realservers, you can get them to do the SSL crypt/decrypt and then pass the requests to the realservers locally. This keeps the realservers doing what they do best, serving web pages, and means you can take (for example) the SSL part "out of the loop" without turning off all of the plain old HTTP sites at the same time. And it can dramatically reduce the number of entries for ipvsadm; however you may need to reinvent the wheel a little to get persistence working (for example) from the proxy to the realserver. > o does not change the number of certificates (the number of > hostnames x the number of realservers). Correct. For the interested reader, having a certificate for the same FQDN on more than one server is likely to be a breach of the T&Cs you acknowledged with the CA/CSA when you bought the cert. You need 1 cert for 10 machines? Pay us 10 times the cost of one, please. (Many providers now make this a reducing charge, but it's still expensive). > correct? Correct :) Graeme _______________________________________________ LinuxVirtualServer.org mailing list - [email protected] Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
