[strongSwan] Load balancing

Pawel Grzesik pawel.grzesik at brainstorm.co.uk
Mon Nov 25 09:50:06 CET 2013


Hi,

I don't get it. How DNS round robin can help if each strong swan node has his own bind/ipaddress. If there will be a cluster (virtual ip) it make sense but without that it’s not the point or I’m missing somethings :-)

Thanks,
Pawel Grzesik

On 24 Nov 2013, at 15:57, J.Witvliet at mindef.nl wrote:

> Hi,
> 
> As you are faced with thousands clients, i would suggest to get multiple strong-swan servers. (Just to avoid SPOF's) and use DNS-round-robin to select them. Probably the easiest solution.
> 
> Oh, i mist the C-key, i meant to write "lartc" : an indepth howto about linux advanced routing and traffic control. Priceless!
> 
> Hans.
> 
>  
> Van: Naveen [mailto:pncbose at yahoo.com] 
> Verzonden: Friday, November 22, 2013 08:27 PM W. Europe Standard Time
> Aan: users at lists.strongswan.org <users at lists.strongswan.org> 
> Onderwerp: Re: [strongSwan] Load balancing 
>  
> Thanks Hans for responding. Sorry for changing the mail thread as i am having issues with mail client.
> 
> > "It depends on your perspective cq. what you try to achieve...."
> use case is like this: few thousand iOS clients connecting to 'n' Strongswan nodes. For now i am not worried about node failure. Once node fails, client needs to reconnect.
> 
> > 1. Clients P.O.V., you probably want to initiate multiple tunnels, and load balance your traffic over them, see LART
> Not sure what LART means.. Please elaborate.
> 
> 
> > 2. Server P.O.V.  multiple options though  it is more load-spreading and not really load-balancing , you can spread incoming requests, the set-ups, over multiple servers by means of iptables, dnat and the random module.
> Could you point me to a working config/example that i could start experimenting.
> 
> > After setup, the tunnel remains bound to that machine, no swapping hosts after that.Also, DNS/round-robin should also work
> Hans
> Yes - no swapping after tunnel connection. while DNS/round-robin works, i believe it has a limitation of not considering load of the nodes.
> 
> regards
> Naveen
> 
> Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het electronisch verzenden van berichten.
> 
> This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131125/8f43eaaf/attachment.html>


More information about the Users mailing list