I have a certain distributed (as in, multiple components on multiple machines) service, that should be made available from the outside world. So, in LVS terminology, the clients are "on the internet", while the realservers are in the private network. This, as I understand, is not particulary difficult to set up using LVS.
But (there's always a but!) there are some components on the private network, that should be load balanced (actually, for this part I am not concerned about "load". I just need the failover capability), but their clients are also on the private network. For example, the application server's access to queue brokers must go through a load balancer.
Can I use the same director for both tasks? Obviously, it will have at least two network interfaces (one on the external, one on the private network).
Ideally, I'll need to provide redundancy for the director via VRRP (presumably, utilizing keepalived for that).
Does this setup make any sense? Is it normal at all to do it this way? Perhaps I am better off using a separate load-balancer for internal-only traffic? It is kind of undesirable, though, since it will introduce at least 2 extra machines that will not be used much, since the queue brokers receive minimal traffic (all I need is failover).
For internal load balancing I have taken to using HAProxy on each originating server and proxying to other internal servers. This is not a great solution for load-balancing as it only has a partial view of the requests but works well for failover without having to setup a new lb pair/keepalived or using the public facing infrastructure. You can still use round-robin or leastconn balancing and maxconn to mitigate spikes from affecting the rest of your infrastructure.
This started in particular after trying to automate setting up lb-pairs for new services. After a year of use this technique hasn't had any problems unique to this setup. This also allows rolling out LB changes per originating node instead of messing with the single pair.