Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
SDN 101: An Introduction to Software Defined Networking
Discover the advantages of SDN.
SDN has quickly become one of the hottest trends in IT. But not all SDN solutions offer real software-defined functionality. As more enterprises consider SDN, they want to know, “What is SDN? And what are the real benefits?” If you're ready to explore the advantages of SDN, and want to know how it should be implemented within your enterprise, start by reading our introductory white paper.
Click Here to receive this Complete Guide absolutely free.
I install heartbeat and ldiretord, nothing else is needed.
I set them up like so:
External IPs (internet accessible):
load1 physical IP = XXX.XXX.XXX.XXX (This is a static IP from your ISP/colo assigned to load1 that never changes (this is how you ssh into load1))
load2 physical IP = XXX.XXX.XXX.XXX (Same as the load1 external ip)
virtual service IP = XXX.XXX.XXX.XXX (This is a 3rd ip that will be moved back and forth between load1 and load2 if anything goes wrong)
load1 physical IP = 172.16.16.11 (This is a static IP assigned to load1 that never changes (this is how you ssh into load1 fron inside the network)
load2 physical IP = 172.16.16.12 (Same as the load1 internal ip)
gateway IP = 172.16.16.1 (This is the IP that your farm has to use as its gateway so all their answers go back to the LBs) (it will shift between load1 and load2 at the same time as the external IP)
Set this up in masq mode to pass all traffic through your LBs so that the traffic from the farms is always on a private network and the LBs are your firewall and the only servers that have internet IPs directly.
That is it. You have a farm. As to keeping the data on the farm's HDs in sync and how to deal with sessions, etc. that is a different problem.
BTW: I like to set up 3 networks using 4 switches:
2 external switches (red network) with bonded NICs in mode 6 from each LB to one of each of the switches, then these can be connected to your ISP/co-lo with HSRP or similar so if a switch dies the farm keeps going. (make sure the switches support spanning tree, I like the LINKSYS SRW224G4 if you don't need more than 10/100)
Then 2 gigabit switches for the yellow and green networks. For these I use a vlan so ports 1-12 are yellow and 13-24 are green, since you are connecting the 2 vlans together with 2 network cables to prevent a single point of failure, you can attach up to 10 bonded NIC servers and if either switch fails your network will keep running without missing a beat. I like the Netgear GS724T for these.
Now you have a very high availability network to go with your high availability cluster.
Note: here are the 3 networks ad what they are for.
Red: This is all interfaces between your gear and the internet (load balancers, KVM over IP devices, remote PDU devices etc)
Yellow: All network communication between your servers and the load balancers (this is where the LB's internal IP attaches)
Green: All traffic that can not access the internet (like the traffic between your farm and a DB server, nfs mount, NIS+ traffic, internal DNS, internal NTP, etc.) because this traffic can not be accessed from red or yellow (they are physically separate) it is more secure. You should never fully trust any traffic and should always secure all network interfaces, but this is much safer.