Hi, I have a situations where the traffic to my application server is high and I have plan to do load balance with the other application server. Is it possible to setup shorewall to do act as the load balancer? TIA. Willy ------------------------------------------------------------------------------ OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get
Only connection balancing is possible. There is option in iptables for round-robin DNAT connection if I remember correctly. Can not say how to do that in shorewall. You will have to do that on the router before the servers. There also should be an option in DNS server to round-robin several IP''s under the same host name alias, like google has done. sangprabv wrote:> Hi, > I have a situations where the traffic to my application server is high > and I have plan to do load balance with the other application server. Is > it possible to setup shorewall to do act as the load balancer? TIA. > > > > Willy > > > ------------------------------------------------------------------------------ > OpenSolaris 2009.06 is a cutting edge operating system for enterprises > looking to deploy the next generation of Solaris that includes the latest > innovations from Sun and the OpenSource community. Download a copy and > enjoy capabilities such as Networking, Storage and Virtualization. > Go to: http://p.sf.net/sfu/opensolaris-get > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get
Prasanna Krishnamoorthy
2009-Jun-04 11:23 UTC
Re: Load Balancing to Servers Behind Shorewall
On Thu, Jun 4, 2009 at 1:03 PM, Ljubomir Ljubojevic <office@plcomputers.net>wrote:> Can not say how to > do that in shorewall.Just add more IPs in the destination field of the DNAT. Iptables will do round-robin between them. This will not work if your application needs "session-tracking" for multiple connections, say via cookies. There also should be an option in DNS server to round-robin several> IP''s under the same host name alias, like google has done. >This will also not usually help with the "session-tracking" scenario. We use the plain round-robin quite successfully. Prasanna.> > sangprabv wrote: > > Hi, > > I have a situations where the traffic to my application server is high > > and I have plan to do load balance with the other application server. Is > > it possible to setup shorewall to do act as the load balancer? TIA. > > > > > > > > Willy > > > > > > > ------------------------------------------------------------------------------ > > OpenSolaris 2009.06 is a cutting edge operating system for enterprises > > looking to deploy the next generation of Solaris that includes the latest > > innovations from Sun and the OpenSource community. Download a copy and > > enjoy capabilities such as Networking, Storage and Virtualization. > > Go to: http://p.sf.net/sfu/opensolaris-get > > _______________________________________________ > > Shorewall-users mailing list > > Shorewall-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > > > > > ------------------------------------------------------------------------------ > OpenSolaris 2009.06 is a cutting edge operating system for enterprises > looking to deploy the next generation of Solaris that includes the latest > innovations from Sun and the OpenSource community. Download a copy and > enjoy capabilities such as Networking, Storage and Virtualization. > Go to: http://p.sf.net/sfu/opensolaris-get > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >-- Want to manage multiple office networks? Want to securely connect all your locations? Want to do it in a budget? www.elinanetworks.com ------------------------------------------------------------------------------ OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get
Ljubomir Ljubojevic wrote:> Only connection balancing is possible. There is option in iptables for > round-robin DNAT connection if I remember correctly. Can not say how to > do that in shorewall. You will have to do that on the router before the > servers.You specify an address range in the DEST column of a DNAT rule. Connections will be assigned to addresses in the range in round-robin fashion. Older kernels allow a list of addresses and/or ranges but that support has been dropped by the Netfilter team. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get
Ljubomir Ljubojevic wrote:> Only connection balancing is possible. There is option in iptables for > round-robin DNAT connection if I remember correctly. Can not say how to > do that in shorewall. You will have to do that on the router before the > servers.You specify an address range in the DEST column of a DNAT rule. Connections will be assigned to addresses in the range in round-robin fashion. Older kernels allow a list of addresses and/or ranges but that support has been dropped by the Netfilter team. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get
sangprabv schrieb:> Hi, > I have a situations where the traffic to my application server is high > and I have plan to do load balance with the other application server. Is > it possible to setup shorewall to do act as the load balancer? TIA. > > >Hello, we combine the small loadbalancer software pound on firewalls that need to act also as LoadBalancer. See <http://www.apsis.ch/pound/index_html> This nice tool can ensure sessions to stay on the same server and also provides kind of HA if one backend fails. Also it can act as https endpoint. Bye -- *Ralf Schenk* fon (02 41) 99 12 10 fax (02 41) 99 12 159 mail *rs@databay.de* <mailto:rs@databay.de> *Databay AG* Hüttenstraße 7 D-52068 Aachen *www.databay.de* <http://www.databay.de> Sitz/Amtsgericht Aachen • HRB:8437 • USt-IdNr.: DE 210844202 Vorstand: Ralf Schenk, Dipl.-Ing. Jens Conze, Aresch Yavari Aufsichtsratsvorsitzender: Klaus Scholzen (RA) ------------------------------------------------------------------------ *Databay kann... +++ Databay kann... +++ Databay kann... * *VPN* E-Mails direkt vom firmeninternen Mailserver abrufen ? /mehr zum Thema VPN <http://www.databay.de/homepage/de/it_security/firewalls_vpn/86.html>/ *Databay kann... +++ Databay kann... +++ Databay kann... * ------------------------------------------------------------------------------ OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Ralf Schenk wrote:> we combine the small loadbalancer software pound on firewalls that need > to act also as LoadBalancer. See <http://www.apsis.ch/pound/index_html> > This nice tool can ensure sessions to stay on the same server and also > provides kind of HA if one backend fails. Also it can act as https endpoint.Thanks, Ralf -- looks like an interesting tool -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get