[strongSwan] Load balancing

J.Witvliet at mindef.nl J.Witvliet at mindef.nl
Fri Nov 22 11:14:50 CET 2013 

See below

From: users-bounces+j.witvliet=mindef.nl at lists.strongswan.org [mailto:users-bounces+j.witvliet=mindef.nl at lists.strongswan.org] On Behalf Of Pawel Grzesik
Sent: vrijdag 22 november 2013 10:10
To: Naveen
Cc: users at lists.strongswan.org
Subject: Re: [strongSwan] Load balancing


On 21 Nov 2013, at 18:56, Naveen <pncbose at yahoo.com<mailto:pncbose at yahoo.com>> wrote:


Hi,

I would like to know if anyone has been successful in loadbalancing Strongswan using LVS so far? It would be great if any notes/direction is pointed.

I am trying to load balance VPN connections and looking for a simple cheap solution (for eg avoiding hardware solutions such as F5).
I am not considering DNS based load balancing. My understanding of Strongswan High availability is that it takes care of handling errors and at this point i dont need that and really not sure if it can solve my loadbalancing requirement.

There are few questions in LVS forum but no specific answers...

thanks in advance
Naveen

It doesn't matter witch HA/LoadBalancing you will choose, it can be LVS, Pacemaker or even haproxy before strong swan nodes. The point is how to keep the sessions. You will need to setup virtual IP on your strong swan, there is a Cluster IP.
More information you can find on the official website: http://wiki.strongswan.org/projects/strongswan/wiki/HighAvailability.

Thanks,
Pawel Grzesik

It depends on your perspective cq. what you try to achieve....

1.       Clients P.O.V., you probably want to initiate multiple tunnels, and load balance your traffic over them, see LART

2.       Server P.O.V.  multiple options though  it is more load-spreading and not really load-balancing , you can spread incoming requests, the set-ups, over multiple servers by means of iptables, dnat and the random module.

After setup, the tunnel remains bound to that machine, no swapping hosts after that.
Also, DNS/round-robin should also work

Hans

______________________________________________________________________
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het electronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131122/3c72ab8e/attachment.html>

More information about the Users mailing list