[ale] iptables redirect IP
JD
jdp at algoloma.com
Wed Jan 14 18:24:42 EST 2015
Just use a reverse proxy for both web front-ends? One on each side. Then if one
fails, the rev-proxy will see it and stop sending requests there. Combined with
a dual DNS entry (like google/yahoo/etc) the only remaining issue is DB data
sync. For social apps, that isn't too hard, it is the
every-transaction-needs-to-be everywhere-now apps where this gets hard. Or you
could just point both front-ends to the same DBMS instance if you can live with
less-common data replication.
Also ... I'd lower the DNS TTL to 5 minutes while there is any issue like this.
It will take the old TTL to propagate out, but after that, 5 min is all you'll
need for DNS changes to be seen. When things get more stable again, you can push
it back to 1-6 hrs.
On 01/14/2015 05:45 PM, Chris Fowler wrote:
> RackSpace burnt me last night with a failed drive in a RAID on one of their
> hosts. We were down 1.5 hours.
>
> In respsonse I brought up a guest at Digital Ocean and it is now slaving off the
> RS guest. If RS goes down again I'll just promote
> it to master.
>
>
> This does not solve the problem of my users going to a web address that points
> to RS. I can't change the DNS fast enough so I'm thinking
> I could use iptables to redirect their connection to the correct site.
>
> Failover will be automated, but human initiated. One of the tasks will be to
> delete an iptables rule and apply another. The system they will go to
> is at Norcross Peak 10. The RS system is in Chicago and Digital Ocean in San
> Fran. Each system has a public IP address and not on the same lan.
>
> I've done this before as pranks, but looking at implementing the idea of a load
> balance without the load balancer. When I ran some tests to redirect
> PUBLIC_A:XXXX to PUBLIC_B:SSH I did a who on PUBLIC_B and saw the address of A.
> Not my desktop at home. I do have MASQ running on A,
>
> Is this the way this is supposed to be implemented? Traffic will go to A then
> redirected to B. I was hoping that A would redirect to B and then my desktop
> and B would be a direct connection.
>
> Is this correct?
>
> http://wiki.vpsget.com/index.php/Forward_%28redirect/nat%29_traffic_with_iptables
>
> Chris
>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
--
JD Pflugrath
Value | Results
Direct: +001.678.685.8882
Ofc: 1.866.963.2546
Managing Director
Algoloma Systems, LLC
More information about the Ale
mailing list