OSDir


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Anyone using LB to solve Console Proxy DNS..


Hi Andrija,

This is actually using a Netscaler VPX which has the health check function built in and allows for a simple IP range specification. 

Looking at the HAproxy docs it doesn’t give the impression it can do the same so I suspect you may have to just hand crank the config line by line – never tried this though so can’t vouch for it:
https://www.haproxy.com/documentation/aloha/7-0/traffic-management/lb-layer7/health-checks/

There’s obviously other options out there as well – pfSense springs to mind: https://www.howtoforge.com/how-to-use-pfsense-to-load-balance-your-web-servers 


Regards,
Dag Sonstebo
Cloud Architect
ShapeBlue

On 10/05/2018, 23:21, "Andrija Panic" <andrija.panic@xxxxxxxxx> wrote:

    Hi Dag,
    
    sorry for being a noob - but if you have 1000 (even 200 only) Public IPs,
    do you have some special option (on your special LB)  to add :backend/proxy
    target in a form of a CIDR range, or you need, like in HaProxy to make 1000
    lines with 1000 possible server backedns... ?
    
    Sorry for boring details, just trying to understand how you do it (pre 4.11
    obviously) when you have a ton of public IPs...
    
    Thx
    
    
Dag.Sonstebo@xxxxxxxxxxxxx 
www.shapeblue.com
53 Chandos Place, Covent Garden, London  WC2N 4HSUK
@shapeblue
  
 

On 11 May 2018 at 00:10, Dag Sonstebo <Dag.Sonstebo@xxxxxxxxxxxxx> wrote:
    
    > Hi Andrija,
    >
    > We use your second option – “create a LB (single public IP and thus single
    > DNS A entry), BUT do loadbalancing on top of 1000 backend public IPs”.
    > This depends on which load balancer you use and what functions this has
    > available – but in our case, we simple set up the full public range as
    > possible load balancer targets, with health checks that simply determine
    > which IP addresses actually host a CPVM.
    >
    > Regards,
    > Dag Sonstebo
    > Cloud Architect
    > ShapeBlue
    >
    > On 10/05/2018, 22:48, "Andrija Panic" <andrija.panic@xxxxxxxxx> wrote:
    >
    >     Hi Rohit,
    >
    >     thx a lot for sharing that - here, if I understand correctly, you
    > relly on
    >     the static IP (range) for the systemVM (4.11) - right - and then use
    > LB on
    >     top of that...
    >
    >     But any viable solution for pre-4.11 releases, where CPVM can get any
    > of
    >     the public IPs - LB is possible but even worse than DNS wildcard
    > (because
    >     infinite backends / proxy targets) since we have bunch of possible
    > public
    >     IP that systemVM can get...
    >
    >     Thx again
    >     Andrija
    >
    >
    > Dag.Sonstebo@xxxxxxxxxxxxx
    > www.shapeblue.com
    > 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
    > @shapeblue
    >
    >
    >
    > On 9 May 2018 at 18:45, Rohit Yadav <rohit.yadav@xxxxxxxxxxxxx> wrote:
    >
    >     > Hi Andrija,
    >     >
    >     >
    >     > I'm running a small CI/homelab where I've solved the console proxy
    > access
    >     > using `consoleproxy.url.domain` global setting to fill in a
    > non-wildcard
    >     > domain like lab.yadav.cloud.
    >     >
    >     >
    >     > Next, on the server I use apache2 which can be thought as some LB,
    > as it
    >     > proxies the request on: /aa
    >     >
    >     >
    >     >         ProxyPass /ajax http://<console proxy ip:port>/ajax
    >     >         ProxyPassReverse /ajax http://<console<http://%3Cconsole/>
    > proxy
    >     > ip:port>/ajax
    >     >
    >     >         ProxyPass /ajaximg http://<console<http://%3Cconsole/> proxy
    >     > ip:port>/ajaximg
    >     >         ProxyPassReverse /ajaximg http://<console<http://%
    > 3Cconsole/>
    >     > proxy ip:port>/ajaximg
    >     >
    >     >         ProxyPass /resource http://<console<http://%3Cconsole/>
    > proxy
    >     > ip:port>/resource
    >     >         ProxyPassReverse /resource http://<console<http://%
    > 3Cconsole/>
    >     > proxy ip:port>/resource
    >     >
    >     > For any guest VM, I get to access the console proxy via the same
    > domain as
    >     > the mgmt server which proxies to the CPVM IP. In 4.11 there is also
    > a new
    >     > option to dedicate a public IP (range) to systemvms in a way could be
    >     > useful to fix public IP - dns mapping.
    >     >
    >     >
    >     > For this to work, on 4.11 I made this change:
    >     >
    >     > https://github.com/apache/cloudstack/commit/
    > 392f62dae0f59b3b00437d61ab8cee
    >     > 0ebfb9e60a
    >     >
    >     >
    >     > - Rohit
    >     >
    >     > <https://cloudstack.apache.org>
    >     >
    >     >
    >     >
    >     > ________________________________
    >     > From: Andrija Panic <andrija.panic@xxxxxxxxx>
    >     > Sent: Sunday, May 6, 2018 4:10:24 AM
    >     > To: users
    >     > Subject: Anyone using LB to solve Console Proxy DNS..
    >     >
    >     > Hi,
    >     >
    >     > instead of using DNS A records in form x-y-w-z.domain.com -->
    > x.y.w.zz,
    >     > there is another way as stated in CWIKI to fix an IP/A record in DNS
    > that
    >     > will point to single public IP of the LB, and this LB should do
    >     > loadbalancing across all public IPs that could be potentially
    > assigned to
    >     > CPVM... or something like that..
    >     >
    >     > Anyone using it, and care to share LB setup - specifically I would
    > like to
    >     > know if I understand the requirement above ^^^  - to do LB on top of
    > many
    >     > public IPS..
    >     >
    >     > Example:
    >     > I have more than 1000 public IPs and CPVM can in theory get ANY of
    > these
    >     > 1000 IPs, so here solution is to either:
    >     >
    >     > - create 1000 DNS A records in from x-y-w-z.domain.com and access
    > CPVM by
    >     > some of those 1000 A records..
    >     > - create a LB (single public IP and thus single DNS A entry), BUT do
    >     > loadbalancing on top of 1000 backend public IPs...
    >     >
    >     > Not sure which solution is worse to be honest, but I currently use
    > the
    >     > first one :) on a dedicated domain for Console Proxy... although
    > when CPVM
    >     > is destroyed, the same public IP is usually recycled, so it mostly
    > keeps
    >     > the same always...
    >     >
    >     > Thx for any opinions.
    >     >
    >     > --
    >     >
    >     > Andrija Panić
    >     >
    >     > rohit.yadav@xxxxxxxxxxxxx
    >     > www.shapeblue.com
    >     > 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
    >     > @shapeblue
    >     >
    >     >
    >     >
    >     >
    >
    >
    >     --
    >
    >     Andrija Panić
    >
    >
    >
    
    
    -- 
    
    Andrija Panić