[strongSwan] Load balancing
Martin Willi
martin at strongswan.org
Fri Nov 22 10:29:45 CET 2013
Hi,
> It doesn’t matter witch HA/LoadBalancing you will choose, it can be
> LVS, Pacemaker or even haproxy before strong swan nodes. The point is
> how to keep the sessions. You will need to setup virtual IP on your
> strong swan, there is a Cluster IP.
To clarify, our HA solution works on top of ClusterIP, but does not work
with any generic load-balancing solution. It does load-sharing itself,
and is capable of migrating live IPsec tunnels between cluster nodes.
Alternatively, you may use a third party load-balancing solution, but
then without our HA plugin. You get all the benefits from that solution,
but it won't synchronize IPsec state, requiring connected clients to
reconnect after a node failure.
Regards
Martin
More information about the Users
mailing list