[lvs-users] implement IPsec in a cluster

Gagandeep bajaj gagandeep_bajaj at rediffmail.com
Thu Feb 28 06:37:01 GMT 2008 

  
Hello everybody .... this is my first post and i guess its gonna be a long one to make you people understand my problem. 
I am new to this cluster concept, but know about LVS and IPsec though.

Here is my problem : 

Client
(40.x.x.x)                 Cluster ---> Director ( 50.x.x.x + 10.x.x.x)
                                        Real server1 (IPsec,10.x.x.x) 
                                        Real server2 (IPsec,                                      10.x.x.x)                                                      

I am working on IMS P-CSCF, so will be having around 1 million IPsec connections at one single time, and that too ESP and in transport mode. What the requirement is to distribute these IPsec connections on real servers(high end machines(8 core) till i guess may be 8). 

What should be the configuration, and which one should i use--> LVS-NAT or LVS-DR ...and 

what kind of load balancing application i have to make on the director that all the requests from one client IP address goes to the same real server. 

What can i do for redundancy of IPsec connections that the client doesnt have to reconnect, if one real server goes down ..??

As i dont have any previous experience with this, I dont have any idea, how many real servers will i need, How much CPU they will take(encryption thing) etc. 

Please help me as i have been googling for more than a week for any pointers, but everywhere it is a proprietary solution ...

TIA 

Gagandeep Bajaj
Software Engineer
India

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list