Hi,
I’m looking to deploy the L4 load balancers for domain controller services LDAP(S), NTP, & DNS, you know they type of thing that gets addresses programmed into devices/applications.
I can create a LB session for an IP and have it listen on multiple ports 53,123,636 but when I gets round to selecting the destination VM Nic's I can only specify a single port for the destination. Is there any way to balance multiple services from a set of hosts with a single VIP, or will I need to create an LB session and separate VIP for each of the services?
Also some of the documentation i read said that It’s possible to use VM Categories to select the destination VM’s, but I don’t seem to have that option, which version do I need to be running to get that?
Flow Networking L4 Load balancer - Multi-service
+3Hi, I am just curious why you want to use a LB for these services.
which version of Flow are you currently using?
+8In this blogpost I’m describing how to create a load balancer (scroll down in the post) https://www.jeroentielen.nl/getting-started-with-flow-network-security-next-gen-part-3-create-a-vpc-and-load-balancer/
Hi, I am just curious why you want to use a LB for these services.
which version of Flow are you currently using?
So the reason for wanting to LB them, is because we’ve got a domain controller migration project in place, and have a bunch of things configured to point directly to IP/Hostname of one or more current DC’s (Network devices, and application LDAP) I’m using flow and elastic to identify the traffic sources, and then want to re-configure them to point to the LB instead of the new DC’s so that the Job never has to be done again next time the DC’s are replaced. (We are only moving to Server 2022 so it will need to be done again soonish)
We’re running
| Flow Network Security PE | 5.2.0 |
In this blogpost I’m describing how to create a load balancer (scroll down in the post) https://www.jeroentielen.nl/getting-started-with-flow-network-security-next-gen-part-3-create-a-vpc-and-load-balancer/
Thanks, I managed to work out the steps. Just curious why you’d want to listen on multiple ports, but only forward traffic to a single port.
Having created the LB’s with some success, it seems very limited and very much targeted at services like Web instead of infrastructure being only able to bind a single service to a VIP. Especially with TCP/UDP. for example, DNS you should need TCP and UDP, but would have to have that operating on different VIP’s.
Whilst I realise it’s not supposed to replace dedicated LB/WAF products like Kemp/F5 it’s a little too basic to be truly useful for more than a webserver type use case.
+8In this blogpost I’m describing how to create a load balancer (scroll down in the post) https://www.jeroentielen.nl/getting-started-with-flow-network-security-next-gen-part-3-create-a-vpc-and-load-balancer/
Thanks, I managed to work out the steps. Just curious why you’d want to listen on multiple ports, but only forward traffic to a single port.
Having created the LB’s with some success, it seems very limited and very much targeted at services like Web instead of infrastructure being only able to bind a single service to a VIP. Especially with TCP/UDP. for example, DNS you should need TCP and UDP, but would have to have that operating on different VIP’s.
Whilst I realise it’s not supposed to replace dedicated LB/WAF products like Kemp/F5 it’s a little too basic to be truly useful for more than a webserver type use case.
You are right. To have a full blown loadbalancer I always deploy a Citrix NetScaler. There is a free express version. ;)
In this blogpost I’m describing how to create a load balancer (scroll down in the post) https://www.jeroentielen.nl/getting-started-with-flow-network-security-next-gen-part-3-create-a-vpc-and-load-balancer/
Thanks, I managed to work out the steps. Just curious why you’d want to listen on multiple ports, but only forward traffic to a single port.
Having created the LB’s with some success, it seems very limited and very much targeted at services like Web instead of infrastructure being only able to bind a single service to a VIP. Especially with TCP/UDP. for example, DNS you should need TCP and UDP, but would have to have that operating on different VIP’s.
Whilst I realise it’s not supposed to replace dedicated LB/WAF products like Kemp/F5 it’s a little too basic to be truly useful for more than a webserver type use case.
You are right. To have a full blown loadbalancer I always deploy a Citrix NetScaler. There is a free express version. ;)
I Think if just had the ability to have multiple listeners and port maps, it would be fine for the use case.
I’ll take a look at netscaler express. We’ve got Kemp’s in some of the domains/VPC’s but not all, so i’ll take a look at those too, but i was trying to standardise using something we already had access to.
Been a fun learning experience so far though :-P
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.