OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: Load balancing and fail-over

From: Tomas Bodzar (tomas.bodzargmail.com)
Date: Wed May 16 2012 - 04:53:41 CDT


On Wed, May 16, 2012 at 9:40 AM, Indunil Jayasooriya
<indunil75gmail.com> wrote:
> Hi,
>
> I am looking for a Load balancing and fail-over setup. So I am working on
> below 2 subjects
>
>
> How can I do equal-cost multipath routing?
>
> http://www.openbsd.org/faq/faq6.html
>
>
>
> Load Balance Outgoing Traffic
>
> http://www.openbsd.org/faq/pf/pools.html#outexample
>
>
> My first question is how to do failover when one link goes down?
>
> Can I do it with ping and ifstated ?

You can and check man trunk as well.

>
> If yes, How to ping external internet host when that link is DOWN? I find
> it difficult?
>
> I tried it with below commands
>
>
> ping -I WAN1_if_ip www.google.lk
>
> ping -I WAN2_if_ip www.google.lk
>
>
> Some times it works? some times it does NOT?
>
> Could you pls explain why?
>
>
> If it does NOT ping, How to do failover?
>
>
> So, Now, I am trying with snmpwalk command. I think it is OKAY? B your
> comments?
>
> I found a URL here?
>
> http://old.nabble.com/Re:-ifstated-and-ping-p15546523.html
>
>
> Then, the other question is that when loadbalancing works as expected ,
>
> I will have to send https via one link as described in Openbsd site.
>
> Pls see below.
>
> http://www.openbsd.org/faq/pf/pools.html#outexample
>
> # B keep https traffic on a single connection; some web applications,
> # B especially "secure" ones, don't allow it to change mid-session
> pass in on $int_if proto tcp from $lan_net to port https \
> B B route-to ($ext_if1 $ext_gw1)
>
>
> Then, If that link goes down, when, failiver happnes, How to send that
> https traffic via other link?
>
> I think delete that rule and add another rule like this? am I right?
>
> pass in on $int_if proto tcp from $lan_net to port https \
> B B route-to ($ext_if2 $ext_gw2)
>
>
> If I am right, How to delete the existing rule and add other rule when
> failover happens?
>
>
> Hope to hear from you.
>
>
>
>
> --
> Thank you
> Indunil Jayasooriya