[Spread-users] Complex Spread Configuration
Matthew T. Kromer
matt at zope.com
Mon Apr 29 16:16:47 EDT 2002
I have a complex Spread configuration I am trying to set up. The
complexity comes about due to some severe firewalling, IP NAT
translation, and IP aliasing.
Here is the configuration of machines.
"development" is at IP address 170.109.46.240. This machine is not
available outside of the local LAN due to firewall rules.
"staging" is at IP address 170.109.46.240. This machine is not
available outside the local LAN with one caveat, that from the
production pod, packets destined for 170.109.48.254 are rewritten to
170.109.46.240. This address is an IP alias on the box; the base
address of the box is 170.109.46.181.
"production 1" is at IP address 192.168.50.40 -- Clearly, private
address space. All packets arriving at this address from 170.109.46.240
are rewritten to be as from 170.109.48.254. A NAT rewriting rule will
allow packets destined to this machine to be delivered to 170.109.48.68.
This box has IP aliases from 192.168.50.40 to 192.168.50.69.
"production 2" is at IP address 192.168.50.70 -- Clearly, private
address space. All packets arriving at this address from 170.109.46.240
are rewritten to be as from 170.109.48.254. A NAT rewriting rule will
allow packets destined to this machine to be delivered to 170.109.48.69.
This box has IP aliases from 192.168.50.70 to 192.168.50.99.
"production 3" is at IP address 192.168.50.100 -- Clearly, private
address space. All packets arriving at this address from 170.109.46.240
are rewritten to be as from 170.109.48.254. A NAT rewriting rule will
allow packets destined to this machine to be delivered to 170.109.48.70.
This box has IP aliases from 192.168.50.100 to 192.168.50.129.
I *think* it should be possible to configure spread, albeit with two
caveats: 1) since the "development" machine is not ever reachable from
the production cluster, it may need to be dropped from the spread
config. 2) the production and staging configurations may need to be
different; because of the address translation that takes place.
I would *think* that I could get away with something like this on "staging":
Spread_Segment 225.0.0.1 { # Fake a multicast
staging 170.109.46.240 {
D 170.109.46.18
C 170.109.46.240
}
}
Spread_Segment 225.0.0.2 { # Fake a multicast
prod1 170.109.48.68
prod2 170.109.48.69
prod3 170.109.48.70
}
and like the following on "production":
Spread_Segment 225.0.0.1 { # Fake a multicast
staging 170.109.48.254
}
Spread_Segment 225.0.0.2 { # Fake a multicast
prod1 192.168.50.40
prod2 192.168.50.100
prod3 192.168.50.70
}
Is this valid? I'm having a tough time getting this working for a
production site.
--
Matt Kromer
Zope Corporation http://www.zope.com/
More information about the Spread-users
mailing list