[Linux-cluster] heartbeat

[yvette hirth]

Dirk H. Schulz wrote:

> What I do not understand at the moment: If you can afford to restrict 
> one of every blade's two interfaces to cluster communication, why don't 
> you put them into a VLAN (the real interfaces, not virtual ones) and see 
> to it that the VLAN has not connection to any outside network?
> Then the engineers would have no means of flooding your cluster 
> communication subnet.

yes, like an old dell 5124 24-port gigE switch.  i have about a bunch of 
them laying around, and you can find them for cheap on ebay (like $100 
or so).  connect each port on the switch to one nic per blade.

make sure your hosts files on all blades list all blades so as to avoid 
dns (i'm sure it does if your cluster is working properly).  you can 
block and log dns->out on your iptables and that way any unknown hosts 
will show up pronto.

just don't connect it to your firewall or any other internal network and 
that'll work fine for a heartbeat-only subnet.  i used something like 
this on a colo-hosted site for high-security sql-only (no outside) 
access and it worked fab.

yvette hirth