Re: [fw-wiz] Load Balancing

From: Mark Tinberg (mtinberg_at_securepipe.com)
Date: 11/18/04

  • Next message: Daniel Chemko: "RE: [fw-wiz] Load Balancing"
    To: Nathaniel Hall <halln@otc.edu>
    Date: Thu, 18 Nov 2004 11:17:23 -0600 (CST)
    
    

    On Tue, 16 Nov 2004, Nathaniel Hall wrote:
    >
    > LDAP request goes to 172.16.0.63
    > Request is routed to interface on same network and destination address is
    > correctly changed to a random system to be load balanced.
    > Once there is an answer for LDAP, the answer goes directly to the requesting
    > machine, not the firewall that routed it.

    I'm sure there are many ways to fix this, by in my pre-coffee state I can
    think of two.

    1) NAT the traffic on the FW so that responses are sure to go to the right
        place.

    2) Set the LDAP cluster with limited routing table, a /29 for example, so
        the traffic has to route through the firewall to get back to the rest
        of your network.

    Q: Why do you have source, dest and firewall on same segment?
    Q: Maybe dns round robin would be better for load balancing

    -- 
    Mark Tinberg <MTinberg@securepipe.com>
    Network Administrator, SecurePipe Inc.
    Key fingerprint = FAEF 15E4 FEB3 08E8 66D5  A1A1 16EE C5E4 E523 6C67
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Daniel Chemko: "RE: [fw-wiz] Load Balancing"