> > the usual way that LVS is used with pacemaker is that you have a HA pair > > of LVS laod balancer boxes that load balance across a farm of additional > > servers, but the LVS boxes themselves are active/bassive > > Thanks, I will take a look. > > No. CLUSTERIP only works on the INPUT chain, not on the forward chain. > > > Believe me that you do not want to setup an active/active firewall, but > > an active/passive cluster. > > What do you mean? Could you be more specific? > OK to not user CLUSTERIP. But what about an active/active cluster for > firewalling? Is there any problem?
Yes. How can you distribute traffic over both systems? The only idea I have are FWMARKs and loadbalancing according to the MARKs. But is too much effort for a simple firewall. My advise: Do an active/passive cluster setup WITHOUT loadbalancing. You can configure state table sync. Every normal hardware today is able to firewall 1Gbit/s traffic. No need to add load balancing. Greetings, -- Dr. Michael Schwartzkopff Guardinistr. 63 81375 München Tel: (0163) 172 50 98
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
