Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Some sort of makeshift high availability setup?
So back in the day I used to do networking as a career. I worked closely with our team that supported load balances.
Almost inevitably every fuck up load balance wise was because some folks whose competency was as a developer (and I'm sure they were fine at that... I hope) just threw routes at shit until it worked. There was almost no underlying rhyme or reason anyone could ever come up with.
Literally they'd have physical equipment they routed around and they weren't aware of it until something else went down and they wondered why that other thing didn't take the traffic...
vomitmachine52433dThat's some bone hurting juice.
sladuled810233dHo Li Shit o.O
AtuM59032dPerhaps you are missing the big picture. I have the same exact setup, but I work from the higher level down. Some db services talk to some internet hosted services via an application server, which is in a cluster. So the traffic crosses 3 vlans to get to the internet. There are many such intermediate application services - some talk to each other through their specific loadbalancers. If I were to examine this traffic bottom-up, I'd probably end up in an asylum.
Don't continue reading except you want to hurt self.
They've "tried" to establish a seperation / firewalling. But were (not my words) "afraid the router couldn't handle the traffic".
Instead they "segregated" not via routing on a central firewall / route, but rather utilized loadbalancer's and DNS for it.
You've got service "elastic.local" (fictional).
You've got an environment "production", which is on it's own VLAN.
Instead of an central router / fw, you've now an loadbalancer in "production".
And an DNS server in "production".
DNS server in "production" makes sure that "elastic.local" points to an loadbalancer inside "production".
This loadbalancer has the additional routes to traverse to another VLAN.
In this VLAN you've got the same shitty setup - "elastic.local" points to another loadbalancer, but now with an IP address from the different VLAN.
(the VLAN from "production" points directly to the other loadbalancer in the other VLAN...)
the loadbalancer has ACLs based on IP addresses / DNS.
I'm so happy that I'll only need to advise it to burn it down till there's no atom left.
But really... Madness. Sheer utter madness.