At Tue, 8 Aug 2006 15:59:52 +1000, Bron Gondwana wrote: > > Yes, exactly - though we're thinking about asking Igor (the author > of Nginx) to allow you to choose a local bind address for each > connection. Note that, IIUC, with *BSD at least the source address is chosen based on the peer's network address when the peer is on a locally attached physical network. I.e. put several pairs of interface alias addresses on each of the front-end and back-end machines with each pair in a different logical subnet (all attached to the same interface and running over same private physical network segment, and all using RFC-1918 private addresses of course unless you have lots of spare public subnets to play with). If I'm mistaken about how interface alias addesses might work this way then it would still be possible to do what I'm saying with a virtual group of VLAN interfaces. That way the network stack would be forced to assign a local address based on the local VLAN interface the connection goes out on. That's trivial to do on FreeBSD or NetBSD with vlan(4). (You wouldn't really have to use separate subnets when each address pair is locked into its own private VLAN either, not that there aren't zillions of available private subnets to play with. :-)) -- Greg A. Woods H:+1 416 218-0098 W:+1 416 489-5852 x122 VE3TCP RoboHack <woods@xxxxxxxxxxx> Planix, Inc. <woods@xxxxxxxxxx> Secrets of the Weird <woods@xxxxxxxxx> ---- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
