[strongSwan] Load balancing

J.Witvliet at mindef.nl J.Witvliet at mindef.nl
Sun Nov 24 16:57:58 CET 2013


Hi,

As you are faced with thousands clients, i would suggest to get multiple strong-swan servers. (Just to avoid SPOF's) and use DNS-round-robin to select them. Probably the easiest solution.

Oh, i mist the C-key, i meant to write "lartc" : an indepth howto about linux advanced routing and traffic control. Priceless!

Hans.


Van: Naveen [mailto:pncbose at yahoo.com]
Verzonden: Friday, November 22, 2013 08:27 PM W. Europe Standard Time
Aan: users at lists.strongswan.org <users at lists.strongswan.org>
Onderwerp: Re: [strongSwan] Load balancing


Thanks Hans for responding. Sorry for changing the mail thread as i am having issues with mail client.

> "It depends on your perspective cq. what you try to achieve...."
use case is like this: few thousand iOS clients connecting to 'n' Strongswan nodes. For now i am not worried about node failure. Once node fails, client needs to reconnect.

> 1. Clients P.O.V., you probably want to initiate multiple tunnels, and load balance your traffic over them, see LART
Not sure what LART means.. Please elaborate.


> 2. Server P.O.V.  multiple options though  it is more load-spreading and not really load-balancing , you can spread incoming requests, the set-ups, over multiple servers by means of iptables, dnat and the random module.
Could you point me to a working config/example that i could start experimenting.

> After setup, the tunnel remains bound to that machine, no swapping hosts after that.Also, DNS/round-robin should also work
Hans
Yes - no swapping after tunnel connection. while DNS/round-robin works, i believe it has a limitation of not considering load of the nodes.

regards
Naveen


______________________________________________________________________
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het electronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131124/70bde65e/attachment.html>


More information about the Users mailing list