Re: [Zenloadbalancer-support] Moving from TCP Farm to L4xNAT farm

Wed, 27 Apr 2016 04:36:54 -0700 

Here goes the Output:

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
MARK tcp -- 0.0.0.0/0 10.1.28.84 statistic mode random probability 1.00000000000 multiport dports 9105 /* FARM_TST-AppInfo_1_ */ MARK set 0x208 MARK tcp -- 0.0.0.0/0 10.1.28.84 statistic mode random probability 0.50000000000 multiport dports 9105 /* FARM_TST-AppInfo_0_ */ MARK set 0x207 MARK tcp -- 0.0.0.0/0 10.1.28.84 recent: CHECK seconds: 120 name: _TST-AppInfo_0x207_sessions side: source mask: 255.255.255.255 multiport dports 9105 /* FARM_TST-AppInfo_0_ */ MARK set 0x207 MARK tcp -- 0.0.0.0/0 10.1.28.84 recent: CHECK seconds: 120 name: _TST-AppInfo_0x208_sessions side: source mask: 255.255.255.255 multiport dports 9105 /* FARM_TST-AppInfo_1_ */ MARK set 0x208 

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            mark match 
0x207 recent: SET name: _TST-AppInfo_0x207_sessions side: source mask: 
255.255.255.255 /*  FARM_TST-AppInfo_0_  */ to:10.1.28.72:9105
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            mark match 
0x208 recent: SET name: _TST-AppInfo_0x208_sessions side: source mask: 
255.255.255.255 /*  FARM_TST-AppInfo_1_  */ to:10.1.28.71:9105


Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

MASQUERADE  tcp  --  0.0.0.0/0            0.0.0.0/0            mark 
match 0x207 /*  FARM_TST-AppInfo_0_  */
MASQUERADE  tcp  --  0.0.0.0/0            0.0.0.0/0            mark 
match 0x208 /*  FARM_TST-AppInfo_1_  */


Thank you again!

Filipe Sousa

On 27-04-2016 12:18, Emilio Campos wrote:

please execute the following command and paste us the outuput.

iptables -nL -t mangle; iptables -nL -t nat

Thanks!



2016-04-27 13:05 GMT+02:00 Filipe Sousa <filipe.so...@pdmfc.com 
<mailto:filipe.so...@pdmfc.com>>:


    Hi Emilio,

    My config file only has this:

    TST-AppInfo;tcp;10.1.28.84;9105;nat;weight;ip;120;up
    ;server;10.1.28.72;9105;0x207;1;1;up
    ;server;10.1.28.71;9105;0x208;1;1;up

    What we want to balance is port 9105.

    Our servers have Mutual SSL/TLS authentication.

    As the HTTPS Farm does not supplies this authentication to the backend
    servers we went with a TCP farm and the packages we're all delivered
    directly to the backend server.

    Right now, we are not being able to do make the clients connect to
    this
    service, but they can do it directly, avoiding the load balancer.

    If you want to, I can do some kind of diagram to clarify our
    configuration.

    Thank you,

    Filipe Sousa


    On 2016-04-26 17:57, Emilio Campos <emilio.martin@gm...> wrote:

     > Dear Filipe in zen 3.10.1 if you try to configure a l4xnat farm, by
    default
     > the behaviour is the same than TCP profiles.
     >
     > paste your current configuration of your new l4xnat farm with
    us and
     > explain a little bit what port you want to balance.
     >
     > Thanks!
     >
     > 2016-04-26 16:33 GMT+02:00 Filipe Sousa <filipe.sousa@...>:
     >
     > > Hi all,
     > >
     > > We are using zenloadbalancer community version and we want to
    move
     > from
     > > version 3.05 to 3.10.1.
     > >
     > > In our environment we are balancing HTTPS Services, that have
    client
     > > authentication with certificate. The TLS tunnel is made
    directly with
     > > client and the backend server.
     > >
     > > In the previous version, the 3.05, the TCP farm was able to
    do this
    kind
     > > of load balancing.
     > >
     > > With the version 3.10.1, using the farm type L4xNAT, we are
    not being
     > > successful to load balance this services.
     > >
     > > Our question is: what is your suggested configuration to load
    balance
     > > services that require Client Authentication with client
    certificate?
     > >
     > > Please feel free to ask for more relevant information.
     > >
     > > Thank you,
     > >
     > > Filipe Sousa
     > >
     > >
     > >
     > >
     > >
    
------------------------------------------------------------------------------
     > > Find and fix application performance issues faster with
    Applications
     > > Manager
     > > Applications Manager provides deep performance insights into
    multiple
     > > tiers of
     > > your business applications. It resolves application problems
    quickly and
     > > reduces your MTTR. Get your free trial!
     > >
     > > _______________________________________________
     > > Zenloadbalancer-support mailing list
     > > Zenloadbalancer-support@...
     > >
    https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support

    
------------------------------------------------------------------------------
    Find and fix application performance issues faster with
    Applications Manager
    Applications Manager provides deep performance insights into
    multiple tiers of
    your business applications. It resolves application problems
    quickly and
    reduces your MTTR. Get your free trial!
    https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
    _______________________________________________
    Zenloadbalancer-support mailing list
    Zenloadbalancer-support@lists.sourceforge.net
    <mailto:Zenloadbalancer-support@lists.sourceforge.net>
    https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support




--
Load balancer distribution - Open Source Project
http://www.zenloadbalancer.com

Distribution list (subscribe): 
zenloadbalancer-support@lists.sourceforge.net 
<mailto:zenloadbalancer-support@lists.sourceforge.net>



------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z


_______________________________________________
Zenloadbalancer-support mailing list
Zenloadbalancer-support@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support



------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Zenloadbalancer-support mailing list
Zenloadbalancer-support@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support






















					Reply via email to