Mark Blackman
2019-Jan-15 10:24 UTC
Any suggestions for a layer 3 load ablancer for 12, as relayd doesnt work anymore
> On 14 Jan 2019, at 18:44, Dave Cottlehuber <dch at skunkwerks.at> wrote: > > > > >> On Mon, 14 Jan 2019, at 17:15, Pete French wrote: >> So, until the middle of this afternoon I was, doing my load >> balancing using> relayd from ports and PF. My own fault for not checking, but I >> upgraded> one of the firewall pair to 12 and then discovered that the >> relayd port is> no >> Am now puzzling over solutions to this - I dont really want to stay on> 11 forevere. Moving to OpenBSD to get their PF and relayd is a bit of> an uncomfortable idea as we gain a lot from having one OS >> everywhere that> people know, so does anyone have any suggestions ? >> >> PF round robin is not good enough for this as I have some dynamic >> problems> which indicate when a node is up or down. Relayd will check >> these, but the> basic PF wil not as far as I know. >> >> What do other people do ? > > haproxy does proper failover and allows custom health checks either via > URL or real world traffic of external scripts. Traefik has lots of > container oriented features. > DaveThere?s also the very venerable (hence reliable) HTTP proxy/load balancer, Apache Traffic Manager, https://trafficserver.apache.org - Mark
Pete French
2019-Jan-15 14:43 UTC
Any suggestions for a layer 3 load ablancer for 12, as relayd doesnt work anymore
On 15/01/2019 10:24, Mark Blackman wrote:>> On 14 Jan 2019, at 18:44, Dave Cottlehuber <dch at skunkwerks.at> wrote: >> haproxy does proper failover and allows custom health checks either via >> URL or real world traffic of external scripts. Traefik has lots of >> container oriented features. >> Dave > > There?s also the very venerable (hence reliable) HTTP proxy/load balancer, Apache Traffic Manager, https://trafficserver.apache.orgThanks for the suggestions - unfortunately both of those (unless I misread them) terminate the TCP connection and make a new one to the backends. I was after something where I can see the original IP address on the socket. Though I could put a procy in front and add the headers I suppse, but thats a biut more work as it involves changing the code. Interested in the apache traffic manager - I hadnt come across that one before, tahnks, -pete.