How to use IPTables for redudancy and redirecting?
Basically, I have a service that redirects users to an active server. I have multiple remote servers, each at a different address running a particular server software at a specific port (port is same for all servers). If the primary server goes down, the service will seek out the next available server, and redirect accordingly until the primary one comes back online. If the primary one doesn't come back online, and the secondary server goes down, it then goes down the list seeking the next available server. I have about 5 remote servers on the list, ordered from the primary, secondary, and so on (from most preferable to use to least desired to use). If the primary goes down, and the secondary isn't online, it then redirects to the third server (if its online).
The way I currently have it is via a script which does the following:
1. Connect to the current primary server.
2. If primary server is down then seek next available
3. When next available is found, modify DNS zone file (change cname to direct to the new address)
4. Restart services (named/httpd)
5. Attempt to connect to primary server occasionally
6. When primary is back online, modify dns, restart
7 Rinse and repeat
That method is terribly inefficient, and I would dearly love to be able to track how much traffic goes through the redirector service.
Is there a way I can set it up so the server can do the same as above, without restarting the named/httpd services, via iptables or any other method? Hopefully there's a much better and more efficient method to achieving that. If you know how I can accomplish that, is there also a way I can also track traffic of people using the redirector service (mainly how many connects regardless of ip per day, how many unique IPs per day)?
A friend on a different forum (@ mediatemple website) told me this:
I wasn't able to figure out how to do what he suggested, and he ceased being responsive to further attempts to contact. Ideas?
To accomplish the same ends as the DNS list, you could employ a routing table and local DNS on your server that maintained that list. Running DNS/Bind on your server is a much better option than hacking the primary DNS records for your server, and I should have thought of that first...! big_smile
In this method, requests to [sub].[domain].[tld] would be routed to the IPs on the list instead of redirected, so content would be served by your own machine from those external hosts. It occurred to me that the programatic passthrough was a lot like a router... Wait, servers are routers! Duh! You could perform much of the same integrity tests with a local DNS, so look into that. Hope you've got a (dv) for this...! smile