• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1126
  • Last Modified:

barracuda load balancer !

Hi there,
Just wondering if anybody has experienced using the Barracuda Load balancer. I have 2 servers behind it with a single NIC because as per my understanding, it doesn't work if we enable 2 NICs; please correct me if am wrong ?

Requirement is that we need to be able to access both the servers behind the load balancer at the same time. I've created an RDP service using TCP port 3389. Now, if I type in the public I.P or virtual I.P, it takes me to first one. If I close that RDP session and re-open another one, it would still take me to server 1. My requirement is to be able to view both of them at one because we need to monitor the performance of the two at the same time. How can I get around this situation ?
0
nabeel92
Asked:
nabeel92
  • 6
  • 4
2 Solutions
 
giltjrCommented:
Sometimes I'm a little slow.  Do you mean that each server has two phyiscal NIC's but only one NIC on each server is enabled?

If you want both NIC's enabled, you would most likely have to a) create a new IP subnet/VLAN and put the 2nd into the new subnet/VLAN or b) NIC team the NIC's so that they act like a single NIC.
0
 
nabeel92Author Commented:
Ok, so that means I have to enable the second NIC at all cost, there is no other way around it by using that only available NIC. Because I am not sure how barracuda will behave when I enabled the second NIC and assign it in a separate VLAN. I mean I can do that but given below is my fear ...

If the return traffic then starts going via that second NIC to the core router. Router will then send this traffic out via another firewall. So, it means that traffic to Barracuda entered via one firewall and return traffic will be going via the second NIC to the core-router and out via another firewall ? And with firewalls, we know that traffic must enter/exit the same interface, otherwise it might get dropped. That's what I think might happen but am not sure of the return traffic behavior through Barracuda.

Thanks for your help -:)
0
 
nabeel92Author Commented:
But I don think teaming the NIC will serve the purpose since my goal is to access both servers at the same time.  
0
Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

 
giltjrCommented:
O.K., then maybe I'm missing something.

Why can't you access both servers now?  Each server should have its own unique IP address, unless I am missing something.

Or do you mean you want the load balancer to use both servers at the same time?  And currently the load balancer is using them in a active/standby mode?
0
 
nabeel92Author Commented:
Sorry, I might have missed out explaining properly ...
Both servers have private I.P's and are sitting behind barracuda that has a Public I.P (or virtual I.P). Now, to access the servers, I defined a service on Barracuda TCP Port 3389 (Used for remote desktop connection) so that when anybody types in that public I.P in RDP, it redirects to that private I.P's RDP port and hence opens the RDP session, no problem ! Now, question is that how can I use that same public I.P to open another RDP session to the second server ? Actually, I think it may not be possible for me to do that using 1 I.P, i have to use a secondary IP and if I do that, then as mentioned before am not sure how traffic flow gets affected when the PIX firewall comes into equation ! Have you experienced Barracuda working with 2 NICs enabled ?
0
 
giltjrCommented:
I have not used Barracuda with 2 NIC's but I have used other load balancers.  It's not the number of NIC's on the server(s), its what VIP's on the load blancer are forwarding what ports to which server.

What you may need to do is setup a second VIP that forwards port 3389 to the second server's IP address.  

Either than or have RDP listen on another port, say 3390 or 3489, and have the Barracuda forward port 3389 to the 1st server and 3390 (or 3489) to the second server.

Where is the PIX in the picture, I am assuming it is in front of the Barracuda.  
0
 
nabeel92Author Commented:
I am forwarding port 3389 on barracuda's VIP to Internal Server's port 3389. you mentioned forwarding port 3390 too by using just 1 VIP ? Can I define a rule forwarding tcp port 3390 from vip to private I.P's which port so that I can RDP at the same time ?

At the moment, I have 2 port forwarding rules on Barracuda

1. Forward TCP 3389 from pub I.P to private server-1 3389
2. Forward TCP 3389 from pub I.P to private server-2 3389

First rule is correct. I dont know how can i modify the second rule so that I can RDP at same time using 1 VIP.

yes you're right. Barracuda is sitting behind a PIX firewall.

Incoming traffic Flow Into Barracuda
Internet --> PIX Firewall 2 --> DMZ Switch --> Barracuda NIC 1

Outgoing traffic Flow (If I enable the second NIC, I think it would be)
Barracuda NIC 2 --> Core Router 2 --> PIX Firewall 1 --> Internet
0
 
marmata75Commented:
The second rule should read something like this:

2. Forward TCP 3390 from pub I.P to private server-2 3389

You would then connect via RDP  to pubIP:3390

Cheers,
]\/[arco
0
 
giltjrCommented:
You don't need both NIC's enabled on either of the servers for this.

marmata75 is correct, you from the outside you would RDP to say port 3390, then you would port forward port 3390 to the server2 IP address port 3389.
0
 
nabeel92Author Commented:
Yay, it worked !
Just b4 I close the question, what if in future a 3rd server needs to be added in ? I think I'll just add an entry to forward pub:3391 to priv:3389 ?
0
 
nabeel92Author Commented:
Infact, obviously. that was stupid of me to even ask. it's basic forwarding. Thanks guys -:)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now