Gentoo Archives: gentoo-user

From: Pandu Poluan <pandu@××××××.info>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] HA-Proxy or iptables?
Date: Thu, 29 Aug 2013 14:11:20
In Reply to: Re: [gentoo-user] HA-Proxy or iptables? by Randy Barlow
1 On Aug 29, 2013 7:13 PM, "Randy Barlow" <randy@×××××××××××××××××.com> wrote:
2 >
3 > Honestly, I think the best solution is to switch the company to using
4 domain names to access these resources. This makes it much easier to
5 silently introduce things like load balancers later on if you ever need to
6 scale. It's also much easier to communicate to new users how to find this
7 resource. Once you migrate to IPv6 it becomes a very long address to tell
8 people as well.
9 >
11 I agree, but considering that the split is Really Urgent™, I'll just have
12 to make do with redirection for the time being.
14 > To answer your specific question, I would just do it with iptables if you
15 must continue accessing it by IP address. I will point out that the service
16 on the new IP address now has doubled its chances of going out of service,
17 because it depends on both machines running, even though the first has
18 nothing to do with it. Also, doing this with firewall rules isn't very nice
19 from a systems management perspective for the future, as it's not very
20 obvious what's going on with some server rewriting packets for another one.
21 If someone sees that in two years, are they going to know what to do? What
22 if they want to take server 1 down, and forget that it also disrupts 2?
23 Using DNS is much cleaner for these reasons.
25 Again , I agree 100%.
27 Fortunately, nobody is allowed to bring down a server without my team's
28 blessing, so if they ever need to bring the server down, we will force them
29 to arrange a schedule with the other team.
31 Rgds,
32 --