Difference between revisions of "Load balancing"

From securityrouter.org, an OpenBSD-based firewall
Jump to: navigation, search
(Created page with "The load balancer can dynamically redirect and route traffic. It can operate as * Load balancer * Application layer gateway * SSL accelerator * Transparent proxy * Internet failover")
 
Line 5: Line 5:
 
* Transparent proxy
 
* Transparent proxy
 
* Internet failover
 
* Internet failover
 +
 +
Currently, no graphical interface in the web administration exists. In the meantime, please use the plain-text configuration editor.
 +
 +
== HTTPS (SSL) acceleration ==
 +
This very simple example provides an HTTPS accelerator. If you are using the router exclusively as a layer 7 load balancer, it is usually sufficient to use only one Ethernet interface. Below is a more or less complete example.
 +
 +
interface em0 {
 +
address 192.168.0.100/24
 +
route default 192.168.0.1
 +
}
 +
load-balancer {
 +
table <servers> { 192.168.0.101 192.168.0.102 }
 +
relay "webservers" {
 +
listen on 192.168.0.100 port 4433 ssl
 +
forward to <operator> port 80 mode loadbalance check tcp
 +
}
 +
}
 +
system {
 +
http-server {
 +
port 4433
 +
}
 +
authentication {
 +
user "admin" {
 +
password "veryhardpassword"
 +
}
 +
}
 +
dns {
 +
name-server 8.8.8.8
 +
}
 +
}

Revision as of 15:32, 1 February 2012

The load balancer can dynamically redirect and route traffic. It can operate as

  • Load balancer
  • Application layer gateway
  • SSL accelerator
  • Transparent proxy
  • Internet failover

Currently, no graphical interface in the web administration exists. In the meantime, please use the plain-text configuration editor.

HTTPS (SSL) acceleration

This very simple example provides an HTTPS accelerator. If you are using the router exclusively as a layer 7 load balancer, it is usually sufficient to use only one Ethernet interface. Below is a more or less complete example.

interface em0 {
	address 192.168.0.100/24
	route default 192.168.0.1
}
load-balancer {
	table <servers> { 192.168.0.101 192.168.0.102 }
	relay "webservers" {
		listen on 192.168.0.100 port 4433 ssl
		forward to <operator> port 80 mode loadbalance check tcp
	}
}
system {
	http-server {
		port 4433
	}
	authentication {
		user "admin" {
			password "veryhardpassword"
		}
	}
	dns {
		name-server 8.8.8.8
	}
}