Hi Chuck, good question.
The most similar way to configure a DR with ZenLB is through a L4xNAT farm
in DNAT mode. This is not the same behavior of DR that LVS implements, as
LVS modifies the destination MAC and ZenLB changes the destination IP.
Under a system architectural point of view, the DNAT mode requires to
create subnets in the lb-backends zone and also, configure the lb as the
gateway for your backends.
This configuration prevents to configure a virtual "lo" interface with the
same IP than the load balancer that the DR requires.
Anyway, the DR is still in a TODO list, as the DNAT solution is not capable
for all environments but surely we're not going to figure it out with LVS.
Regards.
On Tue, Sep 10, 2013 at 9:42 AM, Charles Williams <[email protected]>wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Tiago,
>
> We did the SSL session binding code for LVS back in like 2002 or so
> (not sure anymore) and I would personally use LVS normally. However, I
> find myself currently in a situation where a GUI is needed and LVS is
> kinda short on one.
>
> I read that ZLB has support for DR/DSR and was looking at the Farm
> setting in the new 3.x version and other than 3 Profile types not
> listed in the ZLB Documentation (L4TxNAT, L4UxNAT, Datalink) I have
> yet to find any further information regarding DR/DSR support in ZLB.
>
> Have you had any luck with this?
>
> Thank you,
> Chuck
>
> On 06/26/2013 10:21 PM, Tiago Soares - Netmaker wrote:
> > Robert,
> >
> > I'm asking because in an environment that if I have a lot of
> > traffic incoming to my website and I have my backends (webservers)
> > behind the loadbalancer, the loadbalancer itself can became a
> > bottleneck. Do you agree?
> >
> > Like in LVS (linux virtual server), they have an "Direct Route"
> > mode that incoming traffic goes thru loadbalancer, but the backends
> > respond directly to client.
> >
> > Regards.
> >
> > *NetMaker . Governança em TI*
> >
> > *GOI . Gerência de Operações e Infraestrutura*
> >
> > Tiago Barros Soares (21) 3257.5757 [email protected]
> > www.netmaker.com.br
> >
> >
> > Em 26-06-2013 16:47, Rob Baxter escreveu:
> >> No. The default configuration as far as i know is that traffic is
> >> "relayed" too and from your Loadbalancer.
> >>
> >> Https requires this to maintain the chain. Also... it's not
> >> standard procedure for a web server to reply to x-forwarded-for
> >> addressing.
> >>
> >> So in short, no it's not. Now that's not to say there may be a
> >> work around. But that would mean loosing a boat load of benefits.
> >> The foremost of which is perimeter security of your back end
> >> systems.
> >>
> >> Don't quote me on any of this "i'm a beginner myself". Maybe
> >> someone else will confirm / correct me. But im 99% sure in not
> >> speaking total trash! :D
> >>
> >> Regards,
> >>
> >> Robert Baxter Network Manager 01462 432009
> >>
> >>
> >>
> >> ________________________________________ From: Tiago Soares -
> >> Netmaker [[email protected]] Sent: 26 June 2013 19:35
> >> To: [email protected] Subject:
> >> [Zenloadbalancer-support] X-Forwarded-For - Direct route
> >>
> >> Hi,
> >>
> >> Enabling "X-Forwarded-For" header will my backend web servers
> >> respond directly to client, instead of send to load balance and
> >> then to client?
> >>
> >> Thank you!
> >>
> >> -- Att. Tiago Barros Soares
> >>
> >>
> >>
> ------------------------------------------------------------------------------
> >>
> >>
> This SF.net email is sponsored by Windows:
> >>
> >> Build for Windows Store.
> >>
> >> http://p.sf.net/sfu/windows-dev2dev
> >> _______________________________________________
> >> Zenloadbalancer-support mailing list
> >> [email protected]
> >> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
> >>
> >>
> MAILSERVER NOTICE: This message contains confidential information and is
> intended only for the individual named. Kingshott accepts no liability
> for the content of this email, or for the consequences of any actions
> taken on the basis of the information provided. Please note that any
> views or opinions presented in this email are solely those of the author
> and do not necessarily represent those of the Kingshott School. If you
> are not the named addressee you should not disseminate, distribute or
> copy this e-mail. If you are not the intended recipient you are notified
> that disclosing, copying, distributing or taking any action in reliance
> on the contents of this information is strictly prohibited. If you have
> received this email in error please notify the system manager or the
> sender immediately and delete this e-mail from your system. E-mail
> transmission cannot be guaranteed to be secure or error-free as
> information could be intercepted, corrupted, lost, destroyed, arrive late
> or
> >> incomplete, or contain viruses. The sender therefore does not
> >> accept liability for any errors or omissions in the contents of
> >> this message or any damage caused by any virus, which arise as a
> >> result of e-mail transmission. The recipient should check this
> >> email and any attachments for the presence of viruses.
> >>
> >>
> ------------------------------------------------------------------------------
> >>
> >>
> This SF.net email is sponsored by Windows:
> >>
> >> Build for Windows Store.
> >>
> >> http://p.sf.net/sfu/windows-dev2dev
> >> _______________________________________________
> >> Zenloadbalancer-support mailing list
> >> [email protected]
> >> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
> >>
> >
> >>
> >
> >
> ------------------------------------------------------------------------------
> >
> >
> This SF.net email is sponsored by Windows:
> >
> > Build for Windows Store.
> >
> > http://p.sf.net/sfu/windows-dev2dev
> > _______________________________________________
> > Zenloadbalancer-support mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
> >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
> Comment: Using GnuPG with undefined - http://www.enigmail.net/
>
> iEYEARECAAYFAlIuzWAACgkQIUUjp07y+ZZS9QCdF38+sHcRFb6Gg4Bz89hQFgXy
> 4VEAoMoN3U8Snnbbugf9dCyqrXgkSGRt
> =BZX5
> -----END PGP SIGNATURE-----
>
>
> ------------------------------------------------------------------------------
> How ServiceNow helps IT people transform IT departments:
> 1. Consolidate legacy IT systems to a single system of record for IT
> 2. Standardize and globalize service processes across IT
> 3. Implement zero-touch automation to replace manual, redundant tasks
> http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
> _______________________________________________
> Zenloadbalancer-support mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
>
------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. Consolidate legacy IT systems to a single system of record for IT
2. Standardize and globalize service processes across IT
3. Implement zero-touch automation to replace manual, redundant tasks
http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
_______________________________________________
Zenloadbalancer-support mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
