[Linux-cluster] heartbeat
yvette hirth
yvette at dbtgroup.com
Tue Feb 2 07:47:42 UTC 2010
Dirk H. Schulz wrote:
> What I do not understand at the moment: If you can afford to restrict
> one of every blade's two interfaces to cluster communication, why don't
> you put them into a VLAN (the real interfaces, not virtual ones) and see
> to it that the VLAN has not connection to any outside network?
> Then the engineers would have no means of flooding your cluster
> communication subnet.
yes, like an old dell 5124 24-port gigE switch. i have about a bunch of
them laying around, and you can find them for cheap on ebay (like $100
or so). connect each port on the switch to one nic per blade.
make sure your hosts files on all blades list all blades so as to avoid
dns (i'm sure it does if your cluster is working properly). you can
block and log dns->out on your iptables and that way any unknown hosts
will show up pronto.
just don't connect it to your firewall or any other internal network and
that'll work fine for a heartbeat-only subnet. i used something like
this on a colo-hosted site for high-security sql-only (no outside)
access and it worked fab.
yvette hirth
More information about the Linux-cluster
mailing list