[strongSwan] Load balancing

[Naveen]

Thanks Martin.

I should have mentioned this earlier - use case is like this:
few thousand iOS clients connecting to 'n' Strongswan nodes. For now i am not worried about node failure. Once node fails, client needs to reconnect. 

"To clarify, our HA solution works on top of ClusterIP, but does not work with any generic load-balancing solution. It does load-sharing itself, and is capable of migrating live IPsec tunnels between cluster nodes."

Since i dont have need for handling node-failure, i am kind of ignoring HA solution for now. Also its mentioned that HA is limited to 2  nodes - which i am 100% sure of - is it limited to 2 load balancing nodes ?

"Alternatively, you may use a third party load-balancing solution, but then without our HA plugin. You get all the benefits from that solution, but it won't synchronize IPsec state, requiring connected clients to reconnect after a node failure."

As mentioned earlier, i am ok with reconnect on node failure. This is where i am planning to use LVS and is looking for help for setting up. Any ideas/thoughts would be helpful.
From my current understanding, one idea is to mark the incoming packets and use LVS-DR. Does any one have a working setup with this ?

regards
Naveen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131122/4d9c00ed/attachment.html>