This is probably a stupid question but I'm looking for some advice on my plans.
The network I want is something similar to this:
firewall -> load balancer -> httpd
Now if the firewall server goes down it would mean that the entire network would be unavailable so I was curious if I could anycast the firewall IP address and then have multiple firewall servers to make sure the site stays up if one fails. The same would be true for the load balancer and the httpd server except anycast would not be required as I can set the internal IP addresses as I please in the pf config file.
I'd like to keep all the servers behind the firewall unable to connect directly to the internet so that if I wanted to SSH into them for example I'd have to login to the firewall server via SSH and then connect to the backend servers from there. Basically the firewall(s) would be the only machines with a public IP address.
I'm not sure if my plan is reasonable so I'd love to hear feedback from you.
The network I want is something similar to this:
firewall -> load balancer -> httpd
Now if the firewall server goes down it would mean that the entire network would be unavailable so I was curious if I could anycast the firewall IP address and then have multiple firewall servers to make sure the site stays up if one fails. The same would be true for the load balancer and the httpd server except anycast would not be required as I can set the internal IP addresses as I please in the pf config file.
I'd like to keep all the servers behind the firewall unable to connect directly to the internet so that if I wanted to SSH into them for example I'd have to login to the firewall server via SSH and then connect to the backend servers from there. Basically the firewall(s) would be the only machines with a public IP address.
I'm not sure if my plan is reasonable so I'd love to hear feedback from you.