Difference between revisions of "Load balancing"

From securityrouter.org, an OpenBSD-based firewall
Jump to: navigation, search
Line 18: Line 18:
 
  table <servers> { 192.168.0.101 192.168.0.102 }
 
  table <servers> { 192.168.0.101 192.168.0.102 }
 
  relay "webservers" {
 
  relay "webservers" {
  listen on 192.168.0.100 port 4433 ssl
+
  listen on 192.168.0.100 port 443 ssl
  forward to <operator> port 80 mode loadbalance check tcp
+
  forward to <servers> port 80 mode loadbalance check tcp
 
  }
 
  }
 
  }
 
  }

Revision as of 15:32, 1 February 2012

The load balancer can dynamically redirect and route traffic. It can operate as

  • Load balancer
  • Application layer gateway
  • SSL accelerator
  • Transparent proxy
  • Internet failover

Currently, no graphical interface in the web administration exists. In the meantime, please use the plain-text configuration editor.

HTTPS (SSL) acceleration

This very simple example provides an HTTPS accelerator. If you are using the router exclusively as a layer 7 load balancer, it is usually sufficient to use only one Ethernet interface. Below is a more or less complete example.

interface em0 {
	address 192.168.0.100/24
	route default 192.168.0.1
}
load-balancer {
	table <servers> { 192.168.0.101 192.168.0.102 }
	relay "webservers" {
		listen on 192.168.0.100 port 443 ssl
		forward to <servers> port 80 mode loadbalance check tcp
	}
}
system {
	http-server {
		port 4433
	}
	authentication {
		user "admin" {
			password "veryhardpassword"
		}
	}
	dns {
		name-server 8.8.8.8
	}
}