[nflug] Firewalls
Christopher Hawkins
chawkins at bplinux.com
Tue Nov 20 16:54:33 EST 2007
Well, iptables is the firewall / router. It wouldn't have to do much routing
in this case (no need for it to forward packets to inside servers... LVS
will do that). It would allow a packet and then send it to a virtual IP
which would controlled by LVS. LVS then looks at its table of servers and
uses an algorithm of your choosing to make a routing decision (round robin,
least loaded server, etc.). It sends it to a server, the server processes
the request and responds directly back to the client. It is really quite
elegant and... It's fast as hell! :-)
LVS by itself is not a router, though. It needs an interface on the same
network as the servers, so it doesn't "route" as much as it "redirects".
-----Original Message-----
From: nflug-bounces at nflug.org [mailto:nflug-bounces at nflug.org] On Behalf Of
Robert Wolfe
Sent: Tuesday, November 20, 2007 4:34 PM
To: nflug at nflug.org
Subject: Re: [nflug] Firewalls
On Tue, 20 Nov 2007 16:32:26 -0500
"Christopher Hawkins" <chawkins at bplinux.com> wrote:
> For the record, the LVS project ( http://www.linuxvirtualserver.org/ )
> is a great load balancer. You could have a linux box running iptables
> and LVS, and you'd be able to distribute inbound connections anywhere
> you want. For adding automatic detection of what has failed, you can
> use a monitoring
So basically this is a decent router then? (Oh and sorry, Frank, had to use
the sig <G>).
--
Robert Wolfe (robertwolfe at localnet.com) | Systems Administrator
LocalNet Corp | Williamsville, NY | http://www.localnet.com
"I do the voodoo that I do do with sudo."
_______________________________________________
nflug mailing list
nflug at nflug.org
http://www.nflug.org/mailman/listinfo/nflug
More information about the nflug
mailing list