>That's why I've added this to the TODO list :-)
Thanks Willy!
> For the same reason, you cannot safely install firewalls nor VPNs in such
> environments.
I'd just like to mention that it's certainly possible to implement a
safe dynamic dhcp+dns environment for a private network. Just to give
you an idea of the structure we use, there are other machines
sprinkled around the network, but this is basically it:
Routers/fw -> loadbalancers -> proxies -> backends (ws###)
|--> app
servers (app###)
|--> db layer
|--> storage layer
We use the dynamic dhcp+dns to reassign app servers as backends and
nice versa under different load conditions. So it's as simple as
issuing a command to an app server to change it's hostname to a ws###,
reboot, and voila. The proxies are the level where we're considering
using haproxy, they do other stuff like partition certain traffic into
buckets for the backends.
Anyway, I don't doubt with all this hype for the "cloud" you'll be
seeing more dynamic dns usage. Good luck and thanks for creating
haproxy for us.
Cheers!
Andres
On Sat, May 12, 2012 at 10:46 AM, Willy Tarreau <[email protected]> wrote:
> On Sat, May 12, 2012 at 10:24:16AM -0500, Andres Thomas Stivalet wrote:
>> The name lookup during health checks + not erroring out on start-up,
>> seems like this would correct the problem. Currently, it seems haproxy
>> is rather unsafe to use for a dynamic dhcp+dns farm setup.
>
> This is clearly true. For the same reason, you cannot safely install
> firewalls nor VPNs in such environments. That's why using DNS to announce
> servers should be avoided as much as possible, and hosting costs are not
> a valid excuse for this considering that most VPS environments provide
> you with free private addresses.
>
> Regards,
> Willy
>
