[Spread-users] Complex Spread Configuration
Yair Amir
yairamir at cnds.jhu.edu
Tue Apr 30 09:16:44 EDT 2002
Hi,
Nice way of thinking but it will not work with Spread.
All of the cross-segment messages in your setting will be rejected
as messages that are illegal because they come from outside of the
specified configuration.
So no, this is not valid. But I am not sure it is impossible to achieve
the same effect in a different way...
Cheers,
:) Yair.
Matthew T. Kromer wrote:
> I have a complex Spread configuration I am trying to set up. The
> complexity comes about due to some severe firewalling, IP NAT
> translation, and IP aliasing.
>
> Here is the configuration of machines.
>
> "development" is at IP address 170.109.46.240. This machine is not
> available outside of the local LAN due to firewall rules.
>
> "staging" is at IP address 170.109.46.240. This machine is not
> available outside the local LAN with one caveat, that from the
> production pod, packets destined for 170.109.48.254 are rewritten to
> 170.109.46.240. This address is an IP alias on the box; the base
> address of the box is 170.109.46.181.
>
> "production 1" is at IP address 192.168.50.40 -- Clearly, private
> address space. All packets arriving at this address from 170.109.46.240
> are rewritten to be as from 170.109.48.254. A NAT rewriting rule will
> allow packets destined to this machine to be delivered to 170.109.48.68.
> This box has IP aliases from 192.168.50.40 to 192.168.50.69.
>
> "production 2" is at IP address 192.168.50.70 -- Clearly, private
> address space. All packets arriving at this address from 170.109.46.240
> are rewritten to be as from 170.109.48.254. A NAT rewriting rule will
> allow packets destined to this machine to be delivered to 170.109.48.69.
> This box has IP aliases from 192.168.50.70 to 192.168.50.99.
>
> "production 3" is at IP address 192.168.50.100 -- Clearly, private
> address space. All packets arriving at this address from 170.109.46.240
> are rewritten to be as from 170.109.48.254. A NAT rewriting rule will
> allow packets destined to this machine to be delivered to 170.109.48.70.
> This box has IP aliases from 192.168.50.100 to 192.168.50.129.
>
> I *think* it should be possible to configure spread, albeit with two
> caveats: 1) since the "development" machine is not ever reachable from
> the production cluster, it may need to be dropped from the spread
> config. 2) the production and staging configurations may need to be
> different; because of the address translation that takes place.
>
> I would *think* that I could get away with something like this on
> "staging":
>
> Spread_Segment 225.0.0.1 { # Fake a multicast
> staging 170.109.46.240 {
> D 170.109.46.18
> C 170.109.46.240
> }
> }
> Spread_Segment 225.0.0.2 { # Fake a multicast
> prod1 170.109.48.68
> prod2 170.109.48.69
> prod3 170.109.48.70
> }
>
> and like the following on "production":
>
> Spread_Segment 225.0.0.1 { # Fake a multicast
> staging 170.109.48.254
> }
>
> Spread_Segment 225.0.0.2 { # Fake a multicast
> prod1 192.168.50.40
> prod2 192.168.50.100
> prod3 192.168.50.70
> }
>
>
>
> Is this valid? I'm having a tough time getting this working for a
> production site.
>
>
More information about the Spread-users
mailing list