Thanks Sandy for the response...but didn't get enough information from the papers for my problem.
One solution proposed to me by my seniors is : Every server is given the same virtual IP (I dont know how) and on the director, there is some application sitting which listens to the packet s on layer2 itself and routes them to real servers on the basis of their MAC Address(I dont know how). There is a mapping of the Client's source IP address to the real server's MAC Address. Just wanted to know, if this solution is feasible. And a request is that please talk in simple terms(i am new). Also, the redundancy is still not taken care of as each client will have to make IPsec ESP transport connections with 2 real servers. How is this achievable ?? Hope you got the question. Thanks Gagandeep Bajaj On Thu, 28 Feb 2008 Sandy Harris wrote : >On 28 Feb 2008 06:37:01 -0000, Gagandeep bajaj ><[EMAIL PROTECTED]> wrote: > > > > Hello everybody .... this is my first post and i guess its gonna be a long > > one to make you people understand my problem. > > I am new to this cluster concept, but know about LVS and IPsec though. > >One good paper on scaling IPsec: >http://www.av8n.com/security/lisa/ >Site has other papers as well. > >Some performance data: >http://www.freeswan.org/freeswan_trees/freeswan-2.06/doc/performance.html#performance > >I wrote most of that. Post questions if needed. > >-- >Sandy Harris, >Nanjing, China Gagandeep Bajaj wrote: Hello everybody .... this is my first post and i guess its gonna be a long one to make you people understand my problem. I am new to this cluster concept, but know about LVS and IPsec though. Here is my problem : Client (40.x.x.x) Cluster ---> Director ( 50.x.x.x + 10.x.x.x) Real server1 (IPsec,10.x.x.x) Real server2 (IPsec, 10.x.x.x) I am working on IMS P-CSCF, so will be having around 1 million IPsec connections at one single time, and that too ESP and in transport mode. What the requirement is to distribute these IPsec connections on real servers(high end machines(8 core) till i guess may be 8). What should be the configuration, and which one should i use--> LVS-NAT or LVS-DR ...and what kind of load balancing application i have to make on the director that all the requests from one client IP address goes to the same real server. What can i do for redundancy of IPsec connections that the client doesnt have to reconnect, if one real server goes down ..?? As i dont have any previous experience with this, I dont have any idea, how many real servers will i need, How much CPU they will take(encryption thing) etc. Please help me as i have been googling for more than a week for any pointers, but everywhere it is a proprietary solution ... TIA Gagandeep Bajaj Software Engineer India _______________________________________________ LinuxVirtualServer.org mailing list - [email protected] Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
