Re: Suggestion for implementing OVZ? [message #22824 is a reply to message #22823] |
Mon, 05 November 2007 13:28 |
ugob
Messages: 271 Registered: March 2007
|
Senior Member |
|
|
zenny wrote on Mon, 05 November 2007 06:21 | I am writing to you in connection with how to implement something in an already setup network (but needs to be replaced, and I am thinking of going the OVZ path!).
I am handling a network in which every workstation has a static public IP including the servers (Do you think it is an ideal?). But I am thinking the other way around.
|
I think private IP addresses for everyone. Servers that offer services to the internet should be using port forwarding or 1-to1 NAT (in a separate firewall zone if you can).
zenny wrote on Mon, 05 November 2007 06:21 |
Since the workload is not much (some 22 clients and three monolithic servers: 1 gateway with firewall, 1 all-combined services server and another winNT4 server running a proprietary business processing software which I love to replace), I would like to implement like this:
DHCPD hosted in one of the VEs so that the workstations can access the DHCP server from the network and get the dynamic IPs or assign them Class C static IPs. The other VE in the same machine would host a voip server.
|
I would not put dhcpd in a VE. DHCP must be always up. If one workstation needs to renew its dhcp lease and your VE is down, it will not be able to get its ip address. Most firewall solutions offer a dhcp server. I think that the firewall will have more uptime than a VE, so I'd put it there.
zenny wrote on Mon, 05 November 2007 06:21 |
One of the VEs hosts mailserver, another web server and other services in different VEs.
But I am a bit confused whether HN to be given a static public IP or local Class C IP? And in the case of VEs, whether they be assigned the static public IP? In that case do I need to use veth instead of venet? (but I read somewhere that veth is slower?)
|
I would not give a public IP address to your HN. Don't forget that if your HN is compromised, all your VE's are compromised.
venet can get a public or private static IP address.
quote title=zenny wrote on Mon, 05 November 2007 06:21]
Is there any hints and input that I could get from the forum users here so that I could implement a migration towards openvz- based architecture? Thanks in advance.[/quote]
1- Read the manual
2- Use vzdump to do backups and cloning
3- Be careful about resources management and check /var/log/messages and /proc/user_beancounters once in a while
Please read the manual before asking questions:
http://download.openvz.org/doc/OpenVZ-Users-Guide.pdf
Please have a look at the wiki before asking questions:
http://wiki.openvz.org/Main_Page
[Updated on: Mon, 05 November 2007 13:30] Report message to a moderator
|
|
|