Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I install heartbeat and ldiretord, nothing else is needed.
I set them up like so:
External IPs (internet accessible):
load1 physical IP = XXX.XXX.XXX.XXX (This is a static IP from your ISP/colo assigned to load1 that never changes (this is how you ssh into load1))
load2 physical IP = XXX.XXX.XXX.XXX (Same as the load1 external ip)
virtual service IP = XXX.XXX.XXX.XXX (This is a 3rd ip that will be moved back and forth between load1 and load2 if anything goes wrong)
load1 physical IP = 172.16.16.11 (This is a static IP assigned to load1 that never changes (this is how you ssh into load1 fron inside the network)
load2 physical IP = 172.16.16.12 (Same as the load1 internal ip)
gateway IP = 172.16.16.1 (This is the IP that your farm has to use as its gateway so all their answers go back to the LBs) (it will shift between load1 and load2 at the same time as the external IP)
Set this up in masq mode to pass all traffic through your LBs so that the traffic from the farms is always on a private network and the LBs are your firewall and the only servers that have internet IPs directly.
That is it. You have a farm. As to keeping the data on the farm's HDs in sync and how to deal with sessions, etc. that is a different problem.
BTW: I like to set up 3 networks using 4 switches:
2 external switches (red network) with bonded NICs in mode 6 from each LB to one of each of the switches, then these can be connected to your ISP/co-lo with HSRP or similar so if a switch dies the farm keeps going. (make sure the switches support spanning tree, I like the LINKSYS SRW224G4 if you don't need more than 10/100)
Then 2 gigabit switches for the yellow and green networks. For these I use a vlan so ports 1-12 are yellow and 13-24 are green, since you are connecting the 2 vlans together with 2 network cables to prevent a single point of failure, you can attach up to 10 bonded NIC servers and if either switch fails your network will keep running without missing a beat. I like the Netgear GS724T for these.
Now you have a very high availability network to go with your high availability cluster.
Note: here are the 3 networks ad what they are for.
Red: This is all interfaces between your gear and the internet (load balancers, KVM over IP devices, remote PDU devices etc)
Yellow: All network communication between your servers and the load balancers (this is where the LB's internal IP attaches)
Green: All traffic that can not access the internet (like the traffic between your farm and a DB server, nfs mount, NIS+ traffic, internal DNS, internal NTP, etc.) because this traffic can not be accessed from red or yellow (they are physically separate) it is more secure. You should never fully trust any traffic and should always secure all network interfaces, but this is much safer.