iPrism & Load Balancing

jphilope · ‎08-22-2008

We have two iPrism Proxy appliances that we are trying to load balance for failover purposes. We have tried simple layer 3 balance rules. It appears that our proxy request are being passed to the iPrisms and the Proxy is connecting to the Internet properly. This is based on sho flows commands on the CSS and sho conn at the firewall (a FWSM).

What does not seem to be happening is the return from the page to the browser. My theory is the iPrism Proxy is passing the data directly back to the browser and bypassing the CSS. This of course results in the packet being dropped as the source IP is wrong.

The pertainent parts of the config are below (of course, they are active when we try). Anyone have any suggestions?

Thanks.

service iPrism1

protocol tcp

port 8080

redundant-index 31

ip address 192.168.66.17

service iPrism2

ip address 192.168.66.19

protocol tcp

port 8080

redundant-index 32

!*************************** OWNER ***************************

owner iPrism

email-address INTELSYSTEMSGROUP@cswg.com

billing-info "Business"

address "10 Optical Ave, Keene, NH"

content iPrism

add service iPrism1

add service iPrism2

protocol tcp

port 8080

redundant-index 39

vip address 192.168.66.18

balance leastconn

!*************************** GROUP ***************************

group iPrism

add destination service iPrism1

add destination service iPrism2

portmap disable

redundant-index 37

vip address 192.168.66.18

carenas123 · ‎08-28-2008

All the iPrisms in load balancing mode should be configured with the same access policy. We recommend you configure them in master/slave configuration mode so that configuration changes on the master are automatically replicated to slave iPrisms. It is important that all the iPrisms have the same configuration. Otherwise, users will experience inconsistent Internet access, depending on which iPrism their traffic is sent to.