nabeel92
asked on
barracuda load balancer !
Hi there,
Just wondering if anybody has experienced using the Barracuda Load balancer. I have 2 servers behind it with a single NIC because as per my understanding, it doesn't work if we enable 2 NICs; please correct me if am wrong ?
Requirement is that we need to be able to access both the servers behind the load balancer at the same time. I've created an RDP service using TCP port 3389. Now, if I type in the public I.P or virtual I.P, it takes me to first one. If I close that RDP session and re-open another one, it would still take me to server 1. My requirement is to be able to view both of them at one because we need to monitor the performance of the two at the same time. How can I get around this situation ?
Just wondering if anybody has experienced using the Barracuda Load balancer. I have 2 servers behind it with a single NIC because as per my understanding, it doesn't work if we enable 2 NICs; please correct me if am wrong ?
Requirement is that we need to be able to access both the servers behind the load balancer at the same time. I've created an RDP service using TCP port 3389. Now, if I type in the public I.P or virtual I.P, it takes me to first one. If I close that RDP session and re-open another one, it would still take me to server 1. My requirement is to be able to view both of them at one because we need to monitor the performance of the two at the same time. How can I get around this situation ?
ASKER
Ok, so that means I have to enable the second NIC at all cost, there is no other way around it by using that only available NIC. Because I am not sure how barracuda will behave when I enabled the second NIC and assign it in a separate VLAN. I mean I can do that but given below is my fear ...
If the return traffic then starts going via that second NIC to the core router. Router will then send this traffic out via another firewall. So, it means that traffic to Barracuda entered via one firewall and return traffic will be going via the second NIC to the core-router and out via another firewall ? And with firewalls, we know that traffic must enter/exit the same interface, otherwise it might get dropped. That's what I think might happen but am not sure of the return traffic behavior through Barracuda.
Thanks for your help -:)
If the return traffic then starts going via that second NIC to the core router. Router will then send this traffic out via another firewall. So, it means that traffic to Barracuda entered via one firewall and return traffic will be going via the second NIC to the core-router and out via another firewall ? And with firewalls, we know that traffic must enter/exit the same interface, otherwise it might get dropped. That's what I think might happen but am not sure of the return traffic behavior through Barracuda.
Thanks for your help -:)
ASKER
But I don think teaming the NIC will serve the purpose since my goal is to access both servers at the same time.
O.K., then maybe I'm missing something.
Why can't you access both servers now? Each server should have its own unique IP address, unless I am missing something.
Or do you mean you want the load balancer to use both servers at the same time? And currently the load balancer is using them in a active/standby mode?
Why can't you access both servers now? Each server should have its own unique IP address, unless I am missing something.
Or do you mean you want the load balancer to use both servers at the same time? And currently the load balancer is using them in a active/standby mode?
ASKER
Sorry, I might have missed out explaining properly ...
Both servers have private I.P's and are sitting behind barracuda that has a Public I.P (or virtual I.P). Now, to access the servers, I defined a service on Barracuda TCP Port 3389 (Used for remote desktop connection) so that when anybody types in that public I.P in RDP, it redirects to that private I.P's RDP port and hence opens the RDP session, no problem ! Now, question is that how can I use that same public I.P to open another RDP session to the second server ? Actually, I think it may not be possible for me to do that using 1 I.P, i have to use a secondary IP and if I do that, then as mentioned before am not sure how traffic flow gets affected when the PIX firewall comes into equation ! Have you experienced Barracuda working with 2 NICs enabled ?
Both servers have private I.P's and are sitting behind barracuda that has a Public I.P (or virtual I.P). Now, to access the servers, I defined a service on Barracuda TCP Port 3389 (Used for remote desktop connection) so that when anybody types in that public I.P in RDP, it redirects to that private I.P's RDP port and hence opens the RDP session, no problem ! Now, question is that how can I use that same public I.P to open another RDP session to the second server ? Actually, I think it may not be possible for me to do that using 1 I.P, i have to use a secondary IP and if I do that, then as mentioned before am not sure how traffic flow gets affected when the PIX firewall comes into equation ! Have you experienced Barracuda working with 2 NICs enabled ?
I have not used Barracuda with 2 NIC's but I have used other load balancers. It's not the number of NIC's on the server(s), its what VIP's on the load blancer are forwarding what ports to which server.
What you may need to do is setup a second VIP that forwards port 3389 to the second server's IP address.
Either than or have RDP listen on another port, say 3390 or 3489, and have the Barracuda forward port 3389 to the 1st server and 3390 (or 3489) to the second server.
Where is the PIX in the picture, I am assuming it is in front of the Barracuda.
What you may need to do is setup a second VIP that forwards port 3389 to the second server's IP address.
Either than or have RDP listen on another port, say 3390 or 3489, and have the Barracuda forward port 3389 to the 1st server and 3390 (or 3489) to the second server.
Where is the PIX in the picture, I am assuming it is in front of the Barracuda.
ASKER
I am forwarding port 3389 on barracuda's VIP to Internal Server's port 3389. you mentioned forwarding port 3390 too by using just 1 VIP ? Can I define a rule forwarding tcp port 3390 from vip to private I.P's which port so that I can RDP at the same time ?
At the moment, I have 2 port forwarding rules on Barracuda
1. Forward TCP 3389 from pub I.P to private server-1 3389
2. Forward TCP 3389 from pub I.P to private server-2 3389
First rule is correct. I dont know how can i modify the second rule so that I can RDP at same time using 1 VIP.
yes you're right. Barracuda is sitting behind a PIX firewall.
Incoming traffic Flow Into Barracuda
Internet --> PIX Firewall 2 --> DMZ Switch --> Barracuda NIC 1
Outgoing traffic Flow (If I enable the second NIC, I think it would be)
Barracuda NIC 2 --> Core Router 2 --> PIX Firewall 1 --> Internet
At the moment, I have 2 port forwarding rules on Barracuda
1. Forward TCP 3389 from pub I.P to private server-1 3389
2. Forward TCP 3389 from pub I.P to private server-2 3389
First rule is correct. I dont know how can i modify the second rule so that I can RDP at same time using 1 VIP.
yes you're right. Barracuda is sitting behind a PIX firewall.
Incoming traffic Flow Into Barracuda
Internet --> PIX Firewall 2 --> DMZ Switch --> Barracuda NIC 1
Outgoing traffic Flow (If I enable the second NIC, I think it would be)
Barracuda NIC 2 --> Core Router 2 --> PIX Firewall 1 --> Internet
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yay, it worked !
Just b4 I close the question, what if in future a 3rd server needs to be added in ? I think I'll just add an entry to forward pub:3391 to priv:3389 ?
Just b4 I close the question, what if in future a 3rd server needs to be added in ? I think I'll just add an entry to forward pub:3391 to priv:3389 ?
ASKER
Infact, obviously. that was stupid of me to even ask. it's basic forwarding. Thanks guys -:)
If you want both NIC's enabled, you would most likely have to a) create a new IP subnet/VLAN and put the 2nd into the new subnet/VLAN or b) NIC team the NIC's so that they act like a single NIC.