Today I fear a datacenter with several ASG and we are building a cluster environment to provide the VMWare virtual firewall service to our customers.
Lately, we have received many demands for load-balance/fail-over of bundled applications. We would like that feature in Sophos UTM was a little more mature ... so we would not need to use other appliances for this solution.
Today, Astaro allows only load-balance for TCP, UDP, HTTP, HTTPS, but without much intelligence.
A good example would be load-balance/fail-over to be implemented as below:
Method Description:
Source IP Hash: The traffic load is statically spread evenly across all real servers.
However, sessions are not assigned According to how busy individual
Real servers are. This load balancing method Provides some
persistence because all sessions from the same source address always
go to the same real server. However, the distribution is stateless, so if the
real server is added or removed (or goes up or down) the distribution is
changed and persistence Could Be Lost.
Round Robin:
Directs new requests to the next real server, and treats all real servers
equals regardless of the response time or number of connections. Dead
Real servers or non responsive real servers are avoided.
Weighted:
Real servers with a higher weight value receive a larger percentage of
connections. Set the real server weight When adding the real server.
First Alive:
Always directs sessions to the first real server alive. This load balancing
schedule Provides real server failover protection by sending all
sessions to the first real server alive and If That real server fails, sending
all sessions alive next to the real server. Sessions are not distributed to
all real servers so all sessions are processed by the "first" real server
only.
Refers to the first order of the real servers in the virtual server
configuration. For example, if you add real servers A, B and C in That
order, then all sessions always go to the A long as it is alive. If A goes
sessions then go down to B and if B goes down sessions go to C. If the
Comes back up sessions go back to A. Real servers are ordered in the
Virtual server configuration in the order in Which you add Them, with the
most recently added last real server. If you want to change the order
you must delete and re-add real servers in the required order.
Least RTT:
Directs sessions to the real server with the least round trip time. The
round trip time is determined by the health check monitor and Ping is
defaulted to 0 if no ping health check monitors are added to the virtual
server.
Least Session:
Directs requests to the real server that has the least number of current
connections. This method works best in environments where the real
servers or other looked equipment you are load balancing all have similar
capabilities. This load balancing method uses the FortiGate session
table to track the number of sessions being wellness processed by each real
server. The FortiGate unit can not detect the number of sessions
Actually being wellness processed by the real server.
HTTP Host:
HTTP Load balances across multiple host connections real servers
using the host's HTTP header to guide the connection to the correct
real server
L7: HTTP, HTTPS, SSL
L4: TCP,UDP
L3: IP
If something in the documentation (http://docs.fortinet.com/fgt/handbook/40mr3/fortigate-load-balance-40-mr3.pdf)[:)] inspire and still have time to ASG9. Thank you, our intention is to keep Sophos UTM solutions to our customers without the need to support other manufacturers / equipment.
Guest User!
You are not Sophos Staff.
