05-24-2011 10:31 AM
We're considering the ACE 4710. I'm new to load balancers, and have two questions:
The clients will connect to a VIP owned by the 4710. It will then load balance between two back end servers. The application also requires that the server make a connection directly back to the client (on a new port). So client -> 4710 -> node1 on https. Then node1 needs to reach the client on tcp4444. Is that possible? (Since node1 will think the client IP is the 4710?)
If we're using HTTPS, do we need to use SSL offloading on the 4710? We don't require it for performance reasons. But if we don't use it, how would the certificates work? Would node1 and node2 just both have node.domain.com, with reverse DNS entries matching that?
Thanks!
Solved! Go to Solution.
05-25-2011 12:30 AM
Hi Bill,
if you do not perform source NAT on the ACE 4710 (this is the most common scenario) then the server will know the IP address of the client and hence it will be able to initiate a connection directly to it.
So from the perspective of the TCP/IP everything should work.
You should check if other restrictions (at application level for instance) may apply.
Alessandro
--
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
05-25-2011 12:30 AM
Hi Bill,
if you do not perform source NAT on the ACE 4710 (this is the most common scenario) then the server will know the IP address of the client and hence it will be able to initiate a connection directly to it.
So from the perspective of the TCP/IP everything should work.
You should check if other restrictions (at application level for instance) may apply.
Alessandro
--
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide