[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: performance issue behind a a load balancer 2.3.32



> When behind the F5 in the LDAP server logs all connections 
> appear to come from the F5's IP

This strikes me as odd.  Load balancers (including the F5) typically
preserve the client IP...  The most common case I've seen of this is
when the load balancer is proxying a request vs rerouting it to a
server in the pool, which tends to happen when you are using the F5 
also as an SSL accelerator (i.e. client does SSL to the F5, 
then F5 load balances in clear text from it to a backend server.  
Are you doing something like this (and if so, when you use RR dns, 
are you doing SSL on the ldap serverr)?  Or is there something 
else going on that is causing the F5 to replace the originating 
client IP with it's own?

The other case I can think of is if the servers are not "behind" the
load balancers (i.e. the LB is not their default gateway that traffic
to them is routed through) - in cases like that, the LB may need to
proxy it like this to avoid an async routing issue, but that's really
not a good way to use load balancers, because of problems like this
(this kind of setup tends to cause all kinds of problems).

i.e. usually they are set up like:

  server
    |
  ----------------------
          |
          LB
          |
  ----------------------
    |
   client

But if they are set up like

             LB
             |
---------------------------
  |                     |
client                server

You need to do some unpleasant tricks to avoid routing issues.