Gentoo Archives: gentoo-user

From: Randy Barlow <randy@×××××××××××××××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] HA-Proxy or iptables?
Date: Thu, 29 Aug 2013 12:12:42
1 Honestly, I think the best solution is to switch the company to using domain names to access these resources. This makes it much easier to silently introduce things like load balancers later on if you ever need to scale. It's also much easier to communicate to new users how to find this resource. Once you migrate to IPv6 it becomes a very long address to tell people as well.
3 To answer your specific question, I would just do it with iptables if you must continue accessing it by IP address. I will point out that the service on the new IP address now has doubled its chances of going out of service, because it depends on both machines running, even though the first has nothing to do with it. Also, doing this with firewall rules isn't very nice from a systems management perspective for the future, as it's not very obvious what's going on with some server rewriting packets for another one. If someone sees that in two years, are they going to know what to do? What if they want to take server 1 down, and forget that it also disrupts 2? Using DNS is much cleaner for these reasons.


Subject Author
Re: [gentoo-user] HA-Proxy or iptables? thegeezer <thegeezer@×××××××××.net>
Re: [gentoo-user] HA-Proxy or iptables? Pandu Poluan <pandu@××××××.info>