From owner-freebsd-isp Sat Jul 8 9:19:19 2000 Delivered-To: freebsd-isp@freebsd.org Received: from misery.sdf.com (misery.sdf.com [204.244.213.49]) by hub.freebsd.org (Postfix) with ESMTP id 05FFE37B8AA for ; Sat, 8 Jul 2000 09:19:15 -0700 (PDT) (envelope-from tom@sdf.com) Received: from tom (helo=localhost) by misery.sdf.com with local-esmtp (Exim 2.12 #1) id 13Ax00-0003eA-00; Sat, 8 Jul 2000 08:58:36 -0700 Date: Sat, 8 Jul 2000 08:58:17 -0700 (PDT) From: Tom Samplonius To: "R.I.Pienaar" Cc: Gabriel Ambuehl , Jason Fesler , Luigi Rizzo , Chris Shenton , Alan Batie , isp@FreeBSD.ORG Subject: Re: load balancing In-Reply-To: <20000708112606.G10253@pinetec.co.za> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 8 Jul 2000, R.I.Pienaar wrote: > > What if it's pingable, but ssh failed? And how do you solve the > > problems of needing root access to kill the alias? I don't want to > > supply an attacker with the root passwords for the another box if he > > cracks one of a pair... RSA authentication isn't better for that > > matter. > > you can have it behind a nat box, that monitors the services, the moment > anything stop working, you just rewrite its real ip to another box and > everything fails over. > > this ofcource leave you with a nat box again to failover. Foundry Networks makes a load-balancer box that is able to keep itself synced with another unit for both fail-over and load-balancing. The unit balances requests to whatever backend servers you have, and if one of the backend servers croaks, the Foundry unit stops sending requests to it. This solution give you complete backend and frontend redunancy. Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message