It will also help with other protocols that require some sort of security checking on source address like smtp relays ...
Regards Robby Pedrica On 04/17/2012 09:44 AM, Andreas M. Iwanowski wrote: > > I’m glad that this will be possible in V3. Transparent mode in UDP > would greatly help with RADIUS. > > I will be checking the planning page now eagerly :] > > Thank you for this excellent project! > > -Andy > > *From:*Emilio Campos [mailto:[email protected]] > *Sent:* Tuesday, April 17, 2012 8:33 AM > *To:* [email protected] > *Subject:* Re: [Zenloadbalancer-support] UDPP Load balancing (#2) - RADIUS > > I reply down in your lines. > > 2012/4/16 Andreas M. Iwanowski <[email protected] > <mailto:[email protected]>> > > Dear Zen folks. > > I have to follow up with another question about UDP load balancing. > > I’m trying to balance 3 RADIUS backends. > > However, in UDP mode, Zen NATs the package and sends it off with its > own IP to the RADIUS server (which then doesn’t respond since it’s not > a client that it knows). > > This problem goes away if I add the Zen load balancer as a RADIUS > client. However, then all clients using the load balanced solution > will need to use the same shared secret (less optimal). > > E.g.: > > Zen primary IP: 10.0.0.10 > > Zen Farm IP (Carped): 10.0.0.11 > > Radius Client: 10.0.0.1 > > Radius Server: 10.0.0.50 > > Essentially, an exchange goes like this: > > 10.0.0.1 -> 10.0.0.11 Radius Request > > 10.0.0.10 -> 10.0.0.50 Radius Request > > *** nothing if zen primary IP is not a RADIUS client on 10.0.0.50 > > *** or if it is: > > 10.0.0.50 -> 10.0.0.10 Radius Accept > > 10.0.0.11 -> 10.0.0.1 Radius Accept > > Ideally, is there a way to disable the NATing and just forward the > packet to a backend? > > > No, There isn't, This is named sNAT method, Zen LB works only in this > way at the moment > > Is there any other way around this or do I have a fundamental > misunderstanding here? > > > There is not misunderstanding, all is fine, We are working now in v3, > we are going to add other methods to work that allow Zen to work in > transparent mode, but now, the only one solution is your own > workaround defined in this email. > > Otherwise I have to add both Zen cluster members as RADIUS clients > and then configure each “real client” to use the same shared secret. > > -Andy > > > > ------------------------------------------------------------------------------ > For Developers, A Lot Can Happen In A Second. > Boundary is the first to Know...and Tell You. > Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! > http://p.sf.net/sfu/Boundary-d2dvs2 > > _______________________________________________ > Zenloadbalancer-support mailing list > [email protected] > <mailto:[email protected]> > https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support > > > > > -- > Load balancer distribution - Open Source Project > http://www.zenloadbalancer.com > Distribution list (subscribe): > [email protected] > <mailto:[email protected]> > > > > ------------------------------------------------------------------------------ > Better than sec? Nothing is better than sec when it comes to > monitoring Big Data applications. Try Boundary one-second > resolution app monitoring today. Free. > http://p.sf.net/sfu/Boundary-dev2dev > > > _______________________________________________ > Zenloadbalancer-support mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support ------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev _______________________________________________ Zenloadbalancer-support mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
