Has anyone had success is pushing BGP sessions through an LB along with netflow? Interested in the solution below but would like to have BGP aligned with netflow as well.
> On Sep 4, 2017, at 9:48 AM, Aaron Finney <aaron.fin...@openx.com> wrote: > > Great to hear, nice work! > > Aaron > > On Sep 4, 2017 1:55 AM, "Yann Belin" <y.belin...@gmail.com > <mailto:y.belin...@gmail.com>> wrote: > Hi all, > > Updating on this, in case someone is interested. > > Consul was indeed the way to go: > > * nginx is doing the actual UDP load balancing, based on source IP > hash (to optimize aggregation). > * consul keeps track of nfacctd collectors, of their health, and of > the health of their dependencies (rabbitmq in my case). > * consul-template uses the information provided by consul (servers + > health) to generate nginx configuration files, and reloads nginx > service if needed; if a collector becomes unhealthy (e.g. rabbitmq > crashes), it will be removed from nginx configuration and will stop > receiving flows. > > The great thing with consul is that you can write your own checks. For > now my checks are relatively basic (process + port binding checks) but > I am working on a more advanced one for rabbitmq (e.g. queue length / > ram usage). I'm still thinking about more advanced ways to check > nfacctd health, if anyone has a suggestion. > > Cheers, > > Yann > > > On Mon, Aug 21, 2017 at 4:02 PM, Aaron Finney <aaron.fin...@openx.com > <mailto:aaron.fin...@openx.com>> wrote: > > Hi Yann > > > > We use Consul for this, it works very well. > > > > https://www.consul.io <https://www.consul.io/> > > > > > > Aaron > > > > > > > > On Aug 21, 2017 6:44 AM, "Yann Belin" <y.belin...@gmail.com > > <mailto:y.belin...@gmail.com>> wrote: > > > > Hello, > > > > I have been looking into solutions to achieve reliable load balancing > > of my incoming flows across multiple nfacctd servers / daemons. > > > > Basic load balancing is relatively easy (see Nginx configuration > > below), but *reliable* load balancing (only sending flows to servers > > that have a running nfacctd daemon) is quite more complicated. For > > instance, Nginx normally monitors UDP responses from the remote > > servers to determine if those servers are health, but this approach > > will not work in the case of netflow or ipfix. > > > > Did anybody already managed to solve this? Or has a suggestion perhaps? > > > > Thanks in advance! > > > > *-*-*-*-*-*-*-* > > stream { > > upstream ipfix_traffic { > > hash $binary_remote_addr; > > server 10.20.10.10:9055 <http://10.20.10.10:9055/>; > > server 10.20.10.20:9055 <http://10.20.10.20:9055/>; > > } > > > > server { > > listen 9055 udp; > > proxy_responses 0; > > proxy_pass ipfix_traffic; > > proxy_bind $remote_addr transparent; > > error_log /var/log/nginx/ipfix_traffic.error.log; > > } > > } > > *-*-*-*-*-*-*-* > > > > Kind regards, > > > > Yann > > > > _______________________________________________ > > pmacct-discussion mailing list > > http://www.pmacct.net/#mailinglists <http://www.pmacct.net/#mailinglists> > > > > > > > > _______________________________________________ > > pmacct-discussion mailing list > > http://www.pmacct.net/#mailinglists <http://www.pmacct.net/#mailinglists> > > _______________________________________________ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists <http://www.pmacct.net/#mailinglists> > > _______________________________________________ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists