On Sat, May 12, 2012 at 02:53:45PM -0500, Andres Thomas Stivalet wrote: > >That's why I've added this to the TODO list :-) > > Thanks Willy! > > > For the same reason, you cannot safely install firewalls nor VPNs in such > > environments. > > I'd just like to mention that it's certainly possible to implement a > safe dynamic dhcp+dns environment for a private network. Just to give > you an idea of the structure we use, there are other machines > sprinkled around the network, but this is basically it: > > Routers/fw -> loadbalancers -> proxies -> backends (ws###) > |--> app > servers (app###) > |--> db layer > |--> storage layer > > We use the dynamic dhcp+dns to reassign app servers as backends and > nice versa under different load conditions. So it's as simple as > issuing a command to an app server to change it's hostname to a ws###, > reboot, and voila. The proxies are the level where we're considering > using haproxy, they do other stuff like partition certain traffic into > buckets for the backends.
Then if you have the control over all your servers, in stead of playing with the DNS, just change their IP address to be either app or backend and that's done. As long as each server always has the same IP for the same function there is no need for doing complex things. > Anyway, I don't doubt with all this hype for the "cloud" you'll be > seeing more dynamic dns usage. I'm fairly sure of this too ! Regards, Willy
