![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
I have two Linux servers acting as pure gateway boxes for the Lounge. The are both the same except in the dsl connection they have. The primary has a 2mb connection and the secondary (backup) has a 512k. My goal is to have 100% internet and networking redundancy and total hardware redundancy. IE if one box physically dies the other should seamlessly take over serving up the necessary functions to keep the network alive. I.e. iptables, dhcp, bind, and squid.
The next goal is to have weighted load balancing across the connections for optimal use. The third goal is to incorporate squid as part of the solution as it allows us to keep anonymous stats of customer usage. These last two goals are not fixed. I.e. if the final failover solution does not require them thats fine. At a bare minimum I need fail over of all services. The last bit is I dont want to buy or make one box that has both connections going into it as this does not meet the 100% hardware failover requirement.
My current selection of solutions is this:
Two NICs in each client. Down side is I have to allocate dhcp leases to mac address for each card and each pc. Not so good when I am doing ghosting. Up side is its pretty straight forward to execute. I have squid running transparently on the gateways so there is no need to for auto proxy scripts. This is 100% failover.
Implement the DHCP failover protocol to operate between the two servers. I am not sure though how seamless this would be in failover as the primary connection would be broadcasting 192.168.1.1 as the default gateway and the secondary would be broadcasting itself.. 192.168.1.2 as the primary gateway. How would I flush out the now dead info on the clients?? This is 100% failover.
Use the squid caches in a parent/ child relationship. This is only 60% failover for the network because the clients would be pointing to the primary as its gateway. If the just primary connection went down the cache would pass requests onto to the parent cache, the secondary connection. However if the primary BOX went offline completely then nothing would go out.
DNS round robin Although very easy to implement, round robin DNS has important drawbacks, such as those inherited from the DNS hierarchy itself and TTL times, which causes undesired address caching to be very difficult to manage. Also once a tcp connection has been established the client will keep accessing that address via the dns server that handled the request initially. this is not ideal as the primary connection is 2mb. I can weight the allocation but the clients will keep using the secondary for any successful requests. This is turn does not give our customers a consistent user experience which is one of our management goals as the backup connection is noticeably slower.
Automatic re writing of routing table on the primary serer to pass requests onto the secondary server. This only 60% failover for the network because the clients would be pointing to the primary as its gateway. However if the primary BOX went offline completely then nothing would go out.
Have a third NIC in the primary connection. When the connection goes down, eth0 turns off, eth1 turns on, iptables turns of, eth1 then sends request to the secondary gateway. This only 60% failover for the network because the clients would be pointing to the primary as its gateway. However if the primary BOX went offline completely then nothing would go out.
Setup a cluster using Linux HA. Might be out of our skill set to implement.
Any help would be greatly appreciated.
Cheers,
Lindsay Rex
The next goal is to have weighted load balancing across the connections for optimal use. The third goal is to incorporate squid as part of the solution as it allows us to keep anonymous stats of customer usage. These last two goals are not fixed. I.e. if the final failover solution does not require them thats fine. At a bare minimum I need fail over of all services. The last bit is I dont want to buy or make one box that has both connections going into it as this does not meet the 100% hardware failover requirement.
My current selection of solutions is this:
Two NICs in each client. Down side is I have to allocate dhcp leases to mac address for each card and each pc. Not so good when I am doing ghosting. Up side is its pretty straight forward to execute. I have squid running transparently on the gateways so there is no need to for auto proxy scripts. This is 100% failover.
Implement the DHCP failover protocol to operate between the two servers. I am not sure though how seamless this would be in failover as the primary connection would be broadcasting 192.168.1.1 as the default gateway and the secondary would be broadcasting itself.. 192.168.1.2 as the primary gateway. How would I flush out the now dead info on the clients?? This is 100% failover.
Use the squid caches in a parent/ child relationship. This is only 60% failover for the network because the clients would be pointing to the primary as its gateway. If the just primary connection went down the cache would pass requests onto to the parent cache, the secondary connection. However if the primary BOX went offline completely then nothing would go out.
DNS round robin Although very easy to implement, round robin DNS has important drawbacks, such as those inherited from the DNS hierarchy itself and TTL times, which causes undesired address caching to be very difficult to manage. Also once a tcp connection has been established the client will keep accessing that address via the dns server that handled the request initially. this is not ideal as the primary connection is 2mb. I can weight the allocation but the clients will keep using the secondary for any successful requests. This is turn does not give our customers a consistent user experience which is one of our management goals as the backup connection is noticeably slower.
Automatic re writing of routing table on the primary serer to pass requests onto the secondary server. This only 60% failover for the network because the clients would be pointing to the primary as its gateway. However if the primary BOX went offline completely then nothing would go out.
Have a third NIC in the primary connection. When the connection goes down, eth0 turns off, eth1 turns on, iptables turns of, eth1 then sends request to the secondary gateway. This only 60% failover for the network because the clients would be pointing to the primary as its gateway. However if the primary BOX went offline completely then nothing would go out.
Setup a cluster using Linux HA. Might be out of our skill set to implement.
Any help would be greatly appreciated.
Cheers,
Lindsay Rex
