[Spread-users] Complex Spread Configuration

Yair Amir yairamir at cnds.jhu.edu
Tue Apr 30 09:16:44 EDT 2002 

Hi,

Nice way of thinking but it will not work with Spread.
All of the cross-segment messages in your setting will be rejected
as messages that are illegal because they come from outside of the
specified configuration.

So no, this is not valid. But I am not sure it is impossible to achieve

the same effect in a different way...

	Cheers,

	:) Yair.

Matthew T. Kromer wrote:

> I have a complex Spread configuration I am trying to set up.  The 
> complexity comes about due to some severe firewalling, IP NAT 
> translation, and IP aliasing.
> 
> Here is the configuration of machines.
> 
> "development" is at IP address 170.109.46.240.  This machine is not 
> available outside of the local LAN due to firewall rules.
> 
> "staging" is at IP address 170.109.46.240.  This machine is not 
> available outside the local LAN with one caveat, that from the 
> production pod, packets destined for 170.109.48.254 are rewritten to 
> 170.109.46.240.  This address is an IP alias on the box; the base 
> address of the box is 170.109.46.181.
> 
> "production 1" is at IP address 192.168.50.40  -- Clearly, private 
> address space.  All packets arriving at this address from 170.109.46.240 
> are rewritten to be as from 170.109.48.254.  A NAT rewriting rule will 
> allow packets destined to this machine to be delivered to 170.109.48.68. 
> This box has IP aliases from 192.168.50.40 to 192.168.50.69.
> 
> "production 2" is at IP address 192.168.50.70  -- Clearly, private 
> address space.  All packets arriving at this address from 170.109.46.240 
> are rewritten to be as from 170.109.48.254.  A NAT rewriting rule will 
> allow packets destined to this machine to be delivered to 170.109.48.69. 
> This box has IP aliases from 192.168.50.70 to 192.168.50.99.
> 
> "production 3" is at IP address 192.168.50.100  -- Clearly, private 
> address space.  All packets arriving at this address from 170.109.46.240 
> are rewritten to be as from 170.109.48.254.  A NAT rewriting rule will 
> allow packets destined to this machine to be delivered to 170.109.48.70. 
> This box has IP aliases from 192.168.50.100 to 192.168.50.129.
> 
> I *think* it should be possible to configure spread, albeit with two 
> caveats:  1) since the "development" machine is not ever reachable from 
> the production cluster, it may need to be dropped from the spread 
> config.  2)  the production and staging configurations may need to be 
> different; because of the address translation that takes place.
> 
> I would *think* that I could get away with something like this on 
> "staging":
> 
> Spread_Segment 225.0.0.1 {  # Fake a multicast
>     staging 170.109.46.240 {
>            D 170.109.46.18
>            C 170.109.46.240
>     }
> }
> Spread_Segment 225.0.0.2 { # Fake a multicast
>      prod1 170.109.48.68
>      prod2 170.109.48.69
>      prod3 170.109.48.70
> }
> 
> and like the following on "production":
> 
> Spread_Segment 225.0.0.1 { # Fake a multicast
>     staging 170.109.48.254
> }
> 
> Spread_Segment 225.0.0.2 { # Fake a multicast
>     prod1 192.168.50.40
>     prod2 192.168.50.100
>     prod3 192.168.50.70
> }
> 
> 
> 
> Is this valid?  I'm having a tough time getting this working for a 
> production site.
> 
>

More information about the Spread-users mailing list