[Moving to list]
Hi Sam,
responses inline
-- Forwarded message --
From: Samuel Bercovici samu...@radware.com
Date: Thu, Jun 27, 2013 at 1:43 PM
Subject: Chalenges with highly available service VMs
To: Mark McClain (mark.mccl...@dreamhost.com) mark.mccl...@dreamhost.com,
Seems like a tweak would be to identify virtual IPs as separate to the
primary IP on a port:
you don't need to permit spoofing of the actual host IP for each host in
the HA cluster; you just need to permit spoofing of the virtual IP. This
would be safer than disabling the spoofing rules, and
On 4 July 2013 23:42, Robert Collins robe...@robertcollins.net wrote:
Seems like a tweak would be to identify virtual IPs as separate to the
primary IP on a port:
you don't need to permit spoofing of the actual host IP for each host in
the HA cluster; you just need to permit spoofing of the