Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

barracuda load balancer !

Posted on 2010-01-03
11
Medium Priority
?
1,122 Views
Last Modified: 2012-05-08
Hi there,
Just wondering if anybody has experienced using the Barracuda Load balancer. I have 2 servers behind it with a single NIC because as per my understanding, it doesn't work if we enable 2 NICs; please correct me if am wrong ?

Requirement is that we need to be able to access both the servers behind the load balancer at the same time. I've created an RDP service using TCP port 3389. Now, if I type in the public I.P or virtual I.P, it takes me to first one. If I close that RDP session and re-open another one, it would still take me to server 1. My requirement is to be able to view both of them at one because we need to monitor the performance of the two at the same time. How can I get around this situation ?
0
Comment
Question by:nabeel92
  • 6
  • 4
11 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 26168060
Sometimes I'm a little slow.  Do you mean that each server has two phyiscal NIC's but only one NIC on each server is enabled?

If you want both NIC's enabled, you would most likely have to a) create a new IP subnet/VLAN and put the 2nd into the new subnet/VLAN or b) NIC team the NIC's so that they act like a single NIC.
0
 

Author Comment

by:nabeel92
ID: 26168266
Ok, so that means I have to enable the second NIC at all cost, there is no other way around it by using that only available NIC. Because I am not sure how barracuda will behave when I enabled the second NIC and assign it in a separate VLAN. I mean I can do that but given below is my fear ...

If the return traffic then starts going via that second NIC to the core router. Router will then send this traffic out via another firewall. So, it means that traffic to Barracuda entered via one firewall and return traffic will be going via the second NIC to the core-router and out via another firewall ? And with firewalls, we know that traffic must enter/exit the same interface, otherwise it might get dropped. That's what I think might happen but am not sure of the return traffic behavior through Barracuda.

Thanks for your help -:)
0
 

Author Comment

by:nabeel92
ID: 26168279
But I don think teaming the NIC will serve the purpose since my goal is to access both servers at the same time.  
0
The Growing Need for Data Analysts

As the amount of data rapidly increases in our world, so does the need for qualified data analysts. WGU's MS in Data Analytics and maximize your leadership opportunities as a data engineer, business analyst, information research scientist, and more.

 
LVL 57

Expert Comment

by:giltjr
ID: 26168291
O.K., then maybe I'm missing something.

Why can't you access both servers now?  Each server should have its own unique IP address, unless I am missing something.

Or do you mean you want the load balancer to use both servers at the same time?  And currently the load balancer is using them in a active/standby mode?
0
 

Author Comment

by:nabeel92
ID: 26168322
Sorry, I might have missed out explaining properly ...
Both servers have private I.P's and are sitting behind barracuda that has a Public I.P (or virtual I.P). Now, to access the servers, I defined a service on Barracuda TCP Port 3389 (Used for remote desktop connection) so that when anybody types in that public I.P in RDP, it redirects to that private I.P's RDP port and hence opens the RDP session, no problem ! Now, question is that how can I use that same public I.P to open another RDP session to the second server ? Actually, I think it may not be possible for me to do that using 1 I.P, i have to use a secondary IP and if I do that, then as mentioned before am not sure how traffic flow gets affected when the PIX firewall comes into equation ! Have you experienced Barracuda working with 2 NICs enabled ?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 26168340
I have not used Barracuda with 2 NIC's but I have used other load balancers.  It's not the number of NIC's on the server(s), its what VIP's on the load blancer are forwarding what ports to which server.

What you may need to do is setup a second VIP that forwards port 3389 to the second server's IP address.  

Either than or have RDP listen on another port, say 3390 or 3489, and have the Barracuda forward port 3389 to the 1st server and 3390 (or 3489) to the second server.

Where is the PIX in the picture, I am assuming it is in front of the Barracuda.  
0
 

Author Comment

by:nabeel92
ID: 26168410
I am forwarding port 3389 on barracuda's VIP to Internal Server's port 3389. you mentioned forwarding port 3390 too by using just 1 VIP ? Can I define a rule forwarding tcp port 3390 from vip to private I.P's which port so that I can RDP at the same time ?

At the moment, I have 2 port forwarding rules on Barracuda

1. Forward TCP 3389 from pub I.P to private server-1 3389
2. Forward TCP 3389 from pub I.P to private server-2 3389

First rule is correct. I dont know how can i modify the second rule so that I can RDP at same time using 1 VIP.

yes you're right. Barracuda is sitting behind a PIX firewall.

Incoming traffic Flow Into Barracuda
Internet --> PIX Firewall 2 --> DMZ Switch --> Barracuda NIC 1

Outgoing traffic Flow (If I enable the second NIC, I think it would be)
Barracuda NIC 2 --> Core Router 2 --> PIX Firewall 1 --> Internet
0
 
LVL 7

Accepted Solution

by:
marmata75 earned 1200 total points
ID: 26169167
The second rule should read something like this:

2. Forward TCP 3390 from pub I.P to private server-2 3389

You would then connect via RDP  to pubIP:3390

Cheers,
]\/[arco
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 800 total points
ID: 26170349
You don't need both NIC's enabled on either of the servers for this.

marmata75 is correct, you from the outside you would RDP to say port 3390, then you would port forward port 3390 to the server2 IP address port 3389.
0
 

Author Comment

by:nabeel92
ID: 26176513
Yay, it worked !
Just b4 I close the question, what if in future a 3rd server needs to be added in ? I think I'll just add an entry to forward pub:3391 to priv:3389 ?
0
 

Author Comment

by:nabeel92
ID: 26176527
Infact, obviously. that was stupid of me to even ask. it's basic forwarding. Thanks guys -:)
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we’ll look at how to deploy ProxySQL.
LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question