tcp loadsharing of web servers in pix DMZ

hemant.narkhede · ‎01-10-2005

how do i do tcp load sharing in the pix DMZ.that is i have 3 web servers and i want to nat all of them to a single global ip address for roundrobin basis of servicing web request from the internet.can i put three statis statements for these web servers and will it work .all help is appreciated.

hemant

ehirsel · ‎01-10-2005

Unless you use a load-blancer you will not be able to accomplish what you want. You could have a round-robin dns entry like www.myorg that contains 3 a records: www-01, www-02. and www-03.myorg. Then for each www- use a seperate static in your firewall. Thus each server has its own address - and a static will be needed since connections will originate on the outside network. The drawback is that the dns will always see the 3 as being available. Most clients will be able to work with this however, and upon seeing a failed connection to www-01, will try to connect to www-02. Using a load-balancer, such as the css 11501, is better, since that device will not only route around a failed-unit, but it can allow for in progress transactions (i.e. shopping cart) to continue in such cases. Of course this assumes that the app and/or db servers are configured properly too.

The main point is that you cannot use the pix to do load-balancing of servers the way a css can. There is a feature of IOS that does this, and I think that it works only on high end routers and switches (cat 6000).

Patrick Iseli · ‎01-10-2005

Configure an Apache server that loadbalance all to the three web servers. Kind of proxy relay with loadbalancing.

http://httpd.apache.org/docs-2.1/mod/mod_proxy_balancer.html

sincerely

Patrick