From owner-freebsd-isp Tue Dec 11 9:30:28 2001 Delivered-To: freebsd-isp@freebsd.org Received: from c007.snv.cp.net (c007-h012.c007.snv.cp.net [209.228.33.219]) by hub.freebsd.org (Postfix) with SMTP id C739937B85C for ; Tue, 11 Dec 2001 09:25:18 -0800 (PST) Received: (cpmta 15178 invoked from network); 11 Dec 2001 09:21:37 -0800 Received: from 216.227.100.85 (HELO vector) by smtp.telocity.com (209.228.33.219) with SMTP; 11 Dec 2001 09:21:37 -0800 X-Sent: 11 Dec 2001 17:21:37 GMT From: "Dustin Puryear" To: "Gabriel Ambuehl" Cc: Subject: RE: Re[8]: Using DNAT and DNS round-robin Date: Tue, 11 Dec 2001 11:29:35 -0600 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <73616702571.20011211170103@buz.ch> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > alias on each webserver, unless I am missing something. Obviously, > > that won't work. That is one reason why I was looking at Squid. > > Ah now I get it. > > If you bind the virtual hosts to the IP, you have no other option > than > having the IPs assigned to the firewall and either run statical NAT > or > some proxy (like squid or apache mod_proxy) on the firewall. Yes, that is what I eventually found out. Apparently, unless you have some type of special gear, you cannot do IP-based virtual hosting in a load-sharing or -balancing environment. Now, doing HA might not be too much work depending on what your requirements for switch over time are. > >> with hosting consumers, that's obviously not possible. > > Well, we are one of those "we control all data" types. :) > > That's nice. I wished I were in the same situation... Yes, it is nice. I have yet to do work for a company providing web hosting to consumers, but I can see how it would have some real challenges. But it seems to me there are several solutions to the whole file system synchronization issue. NAS being one. A second is using a few "shell" servers that automatically get replicated to your web servers seems to be another. > >> You simply can't have the same IP based virtual host on two > >> machines. The online thing that can be done there is round robin > >> NAT but for reasons pointed out above, that's major PITA. > > That is becoming rather obvious to me at this point. > > Given you can solve the fs inconsistency issues, round robin NAT > actually would be the by far fastest solution to do what you want. > > Squid should do the job too, more flexibly, but probably slower. I played with Squid and it works nicely. Indeed, I liked the fact that with Squid I can make my web cluster disappear from outsiders and use Squid as a reverse proxy. However, since we dropped the requirement for IP-based virtual hosting the point is moot. We will be using just a standard configuration where we will DNS round-robin between web servers. Regards, Dustin --- Dustin Puryear Information Systems Consultant http://members.telocity.com/~dpuryear In the beginning the Universe was created. This has been widely regarded as a bad move. - Douglas Adams To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message