On Wed, Jan 25, 2012 at 07:22:44PM +0100, Anton Melser wrote: > >> I actually did 1 to 3 (with both configure primitive and configure > >> clone) which worked successfully, and then launched the following. > >> Both FW1 and FW2 are up, and it seems to be distributing the IPs > >> between the two. The IPs are pingable from external machines. It is > >> taking aaaaaages though - am I trying to fit a round pole into a > >> square hole here? Am I never going to get things working smoothly with > >> the numbers of IPs I need here? Is it worth persisting, or should I be > >> looking for a cluster solution better adapted to lots and lots of very > >> simple resources? > > > > How many addresses do you want to create? Although it is going to > > work, it may really be slow, because the status section in the > > CIB is going to grow quite a bit (check the output of cibadmin -Q > > | wc). > > I want to be able to manage thousands of IPs. I currently need to do > hundreds, but any solution I come up with needs to be able to support > thousands (at least the 2k or so I have done in my test above) to make > this a robust and future-proof solution. It is for setting up a > NAT/firewall solution mapping from 1 internal /24 network to 1 > external, public IP - times a couple of thousand.
Thousands? In that case you should extend the IPaddr2 RA to support IP ranges and then handle all of them in a loop within the RA. If any of the IP addresses fails you'll need to report failure, so the complete range would have to be restarted. > > BTW, why do you need so many IPs? > > I was hoping this question wouldn't get asked but thought it might... > I spent *heaps* of time explaining why on the netfilter list. I > completely understand both the interest in why and the > misunderstanding of the situation at first glance - will "it is > completely legal, and completely moral" suffice? It is "moral" unless > you have a particular hate of outsourcing... This post seemed to > satisfy the angry masses: > http://www.spinics.net/lists/netfilter/msg52178.html > The fact that the Linux Foundation uses an Email Service Provider to > send their newsletters hopefully proves that sending emails from lots > of IPs (each dedicated to a single customer, so thousands of IPs = > thousands of customers) is not a nasty thing to do if done by a > responsible company! I was just curious, didn't mean to imply anything. Thanks, Dejan > Thanks for all your help! > Cheers > A > > _______________________________________________ > Pacemaker mailing list: Pacemaker@oss.clusterlabs.org > http://oss.clusterlabs.org/mailman/listinfo/pacemaker > > Project Home: http://www.clusterlabs.org > Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf > Bugs: http://bugs.clusterlabs.org _______________________________________________ Pacemaker mailing list: Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org
