Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 7 Jul 2000 19:00:01 +0200
From:      Gabriel Ambuehl <gabriel_ambuehl@buz.ch>
To:        Jason Fesler <jfesler@gigo.com>
Cc:        Luigi Rizzo <luigi@info.iet.unipi.it>, Chris Shenton <cshenton@uucom.com>, Alan Batie <batie@rdrop.com>, <isp@FreeBSD.ORG>
Subject:   Re[4]: load balancing
Message-ID:  <11591545084.20000707190001@buz.ch>
In-Reply-To: <Pine.BSF.4.21.0007070948320.69269-100000@heaven.gigo.com>
References:  <Pine.BSF.4.21.0007070948320.69269-100000@heaven.gigo.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
> Simple, don't advertise to the world the *real* IP addresses.
> Use IP aliases.

I would have done that anyway as I want to have the boxes available
for remote fixing.


> If the box is faulty but still pingable with the IP alias, 
> log into the box, shutdown the alias.  Next, turn the alias
> on, on the other box.

What if it's pingable, but ssh failed? And how do you solve the
problems of needing root access to kill the alias? I don't want to
supply an attacker with the root passwords for the another box if he
cracks one of a pair... RSA authentication isn't better for that
matter.

> This implies that there will be something that can
>  1: babysit and monitor

Clear. Easy enough.


>  2: capable of logging in and running ifconfig

Hard. See above.

>  
>  3: Advertise to your clients, the IP alias to connect to.
>     this leaves you free to move that alias to any box
>     on the same network.

Nothing to worry about. Just give the boxes other 'native' IPs than
the ones you use in your DNS to point to the production ones (s.a.)


> Note that this method is low tech, and doesn't cover geographical
> diversity, etc.

For that one, go to http://www.eddieware.org. It looks quite
impressive but I couldn't afford the time to test it yet. Plus I still
don't know how they realize their IP takeover for the frontend boxes.





Best regards,
 Gabriel




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?11591545084.20000707190001>