1 |
On 29/08/2013 08:54, Pandu Poluan wrote: |
2 |
> Hello list! |
3 |
> |
4 |
> Here's my scenario: |
5 |
> |
6 |
> Currently there is a server performing 2 functions; one runs on, let's |
7 |
> say, port 2000, and another one runs on port 3000. |
8 |
> |
9 |
> Due to some necessary changes, especially the need to (1) provide more |
10 |
> resource for a function, and (2) delegate management of the functions |
11 |
> to different teams, we are going to split the server into two. |
12 |
> |
13 |
> The problem is: Many users -- spread among 80+ branches throughout the |
14 |
> country -- access the server using IP Address instead of DNS name. |
15 |
> |
16 |
> So, my plan was to leave port 2000's application on the original |
17 |
> server, implement port 3000's application on a new server, and have |
18 |
> all access to port 3000 of the original server to be redirected to |
19 |
> same port on the new server. |
20 |
> |
21 |
> I can implement this using iptables SNAT & DNAT ... or I can use HA-Proxy. |
22 |
> |
23 |
> Can anyone provide some benefit / drawback analysis on either solution? |
24 |
|
25 |
I don't have any practical experience of using HA-Proxy. However, if you |
26 |
are sizing up Netfilter as a solution then I would suggest that you also |
27 |
consider Linux Virtual Server (LVS). It provides a lightweight NAT |
28 |
implementation and scales well. It is natively administered with the |
29 |
ipvsadm tool but I would recommend using ldirectord or such: |
30 |
|
31 |
http://horms.net/projects/ldirectord/ |
32 |
|
33 |
--Kerin |