[ale] iptables redirect IP

JD jdp at algoloma.com
Wed Jan 14 18:24:42 EST 2015


Just use a reverse proxy for both web front-ends? One on each side. Then if one
fails, the rev-proxy will see it and stop sending requests there. Combined with
a dual DNS entry (like google/yahoo/etc) the only remaining issue is DB data
sync. For social apps, that isn't too hard, it is the
every-transaction-needs-to-be everywhere-now apps where this gets hard.  Or you
could just point both front-ends to the same DBMS instance if you can live with
less-common data replication.

Also ... I'd lower the DNS TTL to 5 minutes while there is any issue like this.
It will take the old TTL to propagate out, but after that, 5 min is all you'll
need for DNS changes to be seen. When things get more stable again, you can push
it back to 1-6 hrs.

On 01/14/2015 05:45 PM, Chris Fowler wrote:
> RackSpace burnt me last night with a failed drive in a RAID on one of their
> hosts.  We were down 1.5 hours.
> 
> In respsonse I brought up a guest at Digital Ocean and it is now slaving off the
> RS guest.  If RS goes down again I'll just promote
> it to master.
> 
> 
> This does not solve the problem of my users going to a web address that points
> to RS.  I can't change the DNS fast enough so I'm thinking
> I could use iptables to redirect their connection to the correct site.
> 
> Failover will be automated, but human initiated.  One of the tasks will be to
> delete an iptables rule and apply another.  The system they will go to
> is at Norcross Peak 10.  The RS system is in Chicago and Digital Ocean in San
> Fran.  Each system has a public IP address and not on the same lan.
> 
> I've done this before as pranks, but looking at implementing the idea of a load
> balance without the load balancer.  When I ran some tests to redirect
> PUBLIC_A:XXXX to PUBLIC_B:SSH  I did a who on PUBLIC_B and saw the address of A.
>  Not my desktop at home.  I do have MASQ running on A,  
> 
> Is this the way this is supposed to be implemented?  Traffic will go to A then
> redirected to B.  I was hoping that A would redirect to B and then my desktop
> and B would be a direct connection.  
> 
> Is this correct?
> 
> http://wiki.vpsget.com/index.php/Forward_%28redirect/nat%29_traffic_with_iptables
> 
> Chris
> 
> 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
> 


-- 
JD Pflugrath
 Value | Results
Direct: +001.678.685.8882
Ofc: 1.866.963.2546
Managing Director
Algoloma Systems, LLC


More information about the Ale mailing list