On Fri, 2008-03-07 at 05:18 -0800, Joseph Mack NA3T wrote: > I don't deal with ISPs so I don't know what they do. However > advertising the VIP and allowing taffic from the VIP are > separate logically. I would expect if you're the customer > and said "if I'm going to be here, I need packets from the > VIP to be let out" that they would do it.
Not necessarily. If I'm Hosting company A, and I peer using BGP with ISPs B, C, D and E then it's in their interests to ensure that they only accept traffic from the prefixes I announce to them - prefix filtering, in ISP parlance. If I'm a customer of Hosting company A *and* a customer of Hosting company Z (who peers with ISPs B, C, X and Y) then I may be able to persuade companies A and Z to permit each other's traffic out of each other's network, but I doubt it - I speak from experience here, both as a customer *and* as a host *and* as an ISP! > however you're saying that even if the ISP let out packets > from the VIP, that routers upstream would stop these > packets? If I'm an ISP and I permit arbitrary traffic through my network from a source (non-transit) network like a web host, then I am liable to be ostracised at a high speed from the world at large by my peers since this is a significant cause of DDoS problems. > In this case LVS-Tun can't be deployed anywhere? No, that's not the case - if I'm lucky enough to have acquire PI space, that's "Provider Independent" rather than PA space (Provider Aggregatable) then I can probably request, persuade or pay for both companies A and Z to announce it to the world. If it's announced, they'll let it in and out. In my experience this is the most common way for TUN-type load balancing to work; the more complex methods involve becoming an ISP yourself (like Google, Akamai, Microsoft et al) to provide your own services. In my opinion the original poster's question is a valid one, but is nothing to do with LVS - it's a network operations problem which needs dealing with by the providers involved. Graeme _______________________________________________ LinuxVirtualServer.org mailing list - [email protected] Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
