> > I've also used multi-master configurations with GTID before but there's
> > still the problem of how to restrict the connection accepted on the slave
> > to only be the host with the VIP.

> Firewall rules?

I was thinking about that ... it would requiring sync'ing iptables rules with VIP movement.

Then I could selectively NAT to force outgoing connections to appear as if they come from the VIP.

Is it possible to run a script when a VIP moves as some kind of event based action?