VIPs and routed solutions

Looking for the pros and cons of where VIPs are defined. In a layer 3 setup a VIP can be either 'in front' of the AX (in network x) or defined 'behind' the AX in the same network as the real servers (network z).

What's the recommended best practice and or under what situations would you use the alternative (your not best practice option)?

Comments

  • mcyorkmcyork Member ✭✭
    edited February 2014
    Ignoring direct server return and one arm situation. Only a clean L3 path as such:
    Client -> Router -> AX -> Server(s)
  • kumakuma Member
    edited February 2014
    Most of the time, I see the deployment with "in front" pattern.
    By having VIP "in front" you can hide server network and it should be a good reason from security perspective.

    The good thing on having VIP "behind" would be separating the networking design per purpose of the servers, if the network up to AX is secure enough.
    (easy to understand VIP z belongs to network z, and so on.)

    I hope this helps.
Sign In or Register to comment.