Web Server Load Balancing
-
Hi guys,
For quite a while now, we've been running clusters of servers with IPVS and ldirectord on a server after pfSense which has a pool behind it. However, the load balancers in my mind are just an extra machine with very low load that could be replaced by pfSense. I've tried using the built in Load Balancer in version 2.0.3 however I cannot seem to get it to work correctly which is probably just due to me understanding it incorrectly would someone care to shed some light?
So from both my Staff and IT networks on any machine I can access the load balanced cluster which outputs the machine hostname so I can verify that it is working. However, when trying to access it from the Internet I am unable to ping it and the browser times out immediately. Note: I am access it by IP address from the outside also all traffic on port on port 80 from outside to anywhere is allowed (for testing)
To do this I've setup the balancer which works great inside our network but when accessing it from outside it falls flat on its face. I have the virtual server running on the server network and an external IP NAted to it.
My config is as follows:
4 Interfaces involved, Server (DMZ), IT (privileged access), Internet (WAN), Staff (limited access, should act like external internet/shared permissions)
Internet
||
|| (WAN interface)
||
pfSense === (Server interface - 10.4.x.x) -> (Switch) -> WWW-pri, WWW-sec
||
|| (IT interface)
||
MELoad Balancer Pools
| Name | Mode | Servers | Port | Monitor |
| WWWSrvPool | loadbalance | 10.4.3.1, 10.4.3.2 | 80 | WWWClusterMon |Load Balancer Virtual Servers
| Name | Protocol | IP Address | Port | Pool | Fall Back Pool |
| WWWVirtServer | tcp | 10.4.3.200 | 80 | WWWSrvPool | none |Load Balancer Monitors
| Name | Type | Path | Host | HTTP Code |
| WWWClusterMon | HTTP | / | 10.4.3.200 | 200 OK |NATing
INTERFACE: OUTSIDE (internet)
EXTERNAL IP: xx.xx.xx.84
Internal IP: 10.4.3.200Virtual IP Addresses
xx.xx.xx.84/32 IP Alias
-
No one? I was considering using HA-Proxy however if the service dies randomly as far as I can tell you will be sent to the pfSense interface instead which is definitely not what I'm looking for. Anyone have any ideas?
-
Nevermind I got it working by changing my firewall rule to unblock the servers in the pool on port 80 (which I had tried) and at the same time changing the type of the virtual IP to CARP IP (It doesn't seem to work as IP Alias or Proxy ARP)