I need load balance server. LB should listen multiple ports and forward to backend servers with the same ports.
Logic for backed should be always send tcp requests to A server with same ports which is defined in LB server, and if A server is down forward to Server B.
Example:
LB port 10202 to Backend port 10202
LB port 10203 to Backend port 10203
Is it possible?
Unless I miss-understand then that sounds fairly simple. Just use a port range. Any port in the range is accepted and DONT specify the port on the backend i.e. keep the one you come in on:
listen L7_HTTP
bind 10.0.0.20:10202-10203
server RS001 127.0.127.1 check
server RS002 127.0.127.2 check
Related
I open IE explorer & Chrome in my computer and type localhost:80 and I get the index page.
Here I think my machine's IP is same to both connections (IE explorer & Chrome) and ports are too (80).
Note: Source port will be different (as destination is same: localhost IP), this is my second question.
So how webserver (lets say apache) handles this port 80 connections without failing? Does it port forwarding? In OS level even I tried with addr re-use, port re-use parameters and it is all same we cannot make multiple connection with same IPs & ports.
Now, probably you have came up with a solution: although source ports and IPs are same, destination port is different in package: <protocol>, <src addr>, <src port>, <dest addr>, <dest port>.
A. I got 49483~50004 ports as you can see on image. How client knows which destination port (49483~50004) is bound by webserver? If it is random between 0 and 65355 the webserver always binds all ports, it is very resource consuming. How webservers avoid from this?
Look at this image: command prompt-> netstat
If this question is related with low level sources it is OK, I understand Embedded TCP/IP/UDP, Phy MAC communication and package structures.
You have this all back to front.
All the port numbers at the server are the same: 80. So the client only has to know port 80.
All the port numbers at the client are different: 49483-50004 etc. So there is no ambiguity in the connection, because the 4-tuple you mentioned is unique.
All http request by default call to servers in the port 80, because servers listen by default in that port. So you only give an IP or hostname and the web browser add the default port (80). You can give a custom port if you web server is listenning in another port (usually Tomcat listen by default in 8080) for example you call it in: http://www.youamazingweb.com:8080.
A good example is see the IP as the home and the port is the door where clients enter to consume some resource hosted in server.
The Apache webserver uses port 80 to listen for incoming requests and replies over port 80. Firefox uses port 80 to send requests to webservers and then listens on port 80 for the response from the webserver. I have run Apache and Firefox simultaneously before and am just wondering how two different programs can share the same port.
Each side of a TCP network connection is defined by a touple of (ipaddress, port #). When a packet leaves your system all it knows is that it needs to find ip address 192.168.1.1 and go the whoever has a socket bound to port 80.
A server socket is going to be defined by the address on which Apache is listening and port 80. The client socket open by Firefox will have the same ip address but a different randomly assign port number which you normally do not see.
You can see it using netstat or tcpview (Windows)
For example when I run netstat right now I see:
tcp4 0 0 x.x.x.x.62993 stackoverflow.co.https ESTABLISHED
where x.x.x.x is my laptops ip address and 62993 is the random port number assigned to my web browser.
Firefox isn't listening to port 80. It's making a request to a server port and handling the response.
I was looking for an answer on my question on google and also here, but a didn't find a proper answer.
So here is the context:
I have a software running on some server (without firewall) in one subnet.
There is another software running on some PC in a different subnet.
Both subnets are connected to a gateway server. All computers are running CentOS or RHEL.
On the gateway server, there is a firewall, preventing multicast traffic from leaving the one subnet and allow clients from outside to connect to computers inside this subnet. Therefore xinetd is used. The computer from outside needs to send a packet to a specific port, the computer on the inside answers to another specific port depending on the sender. So there is no need for the gateway to keep track of sender-receiver relations. It just needs to forward UDP on specific ports to specific computers from one subnet to another.
So I added one service in /etc/services (for one direction):
udp-gateway 6000/udp
And created the according configuration file in /etc/xinetd.d/gateway like:
service udp-gateway
{
disable = no
socket_type = dgram
protocol = udp
wait = no
user = root
redirect = 192.168.1.1 6000 #Server inside the 192.168.1.0 subnet
}
Now the problem is, that the server doesn't open an UDP-port to listen on ('netstat -nulp' says). When I change the protocol to TCP and the socket_type to stream, it works. But I need this for UDP.
Is it possible that this is not possible for UDP? Or is netstat just not showing the ports? Or is my xinetd-configuration missing something?
Thanks in advance, every hint is appreciated.
Benny
redirect = 192.168.1.1 6000 #Server inside the 192.168.1.0 subnet
from the man page of xinetd:
redirect
Allows a tcp service to be redirected to another host.
This means usage of redirect for udp is not possible. And I don't see any other way to do this with xinetd.
When I connect to SSH I use port 22 as destination, but when the reply comes back, does it come in on port 22 as well? Or is the client source port randomly assigned as in other TCP communication?
If set up a firewall allowing outbound traffic to port 22 - Do I also need to allow incoming traffic on port 22?
The client SSH port is randomly assigned, as in most client/server systems over TCP/IP.
Were the client port fixed, you would not be able to open multiple SSH connections from the same client IP address, as the connections would be indistinguishable on an IP protocol level. The client port number is the only piece that makes the connection unique (client IP, server IP and server port being the same).
You do not need to allow the incoming traffic though. There is only one outgoing connection in SSH (the responses from the server come over an existing connection).
I'm new in GCE, and I am confused about setting up the load balancer.
If I have two instances, serving on Port 9000, I want to setup a balancer that accepts on port 80, then route requests to my instances in port 9000..
a diagram like this..
LB:port:80 -> VM:port:9000
I have other load balancers from other providers which has a settings like pointing to VM's port. but in GCE, I cant seem to find it, or I am missing something..
I hope I am making a sense, here. thank you in advance
It isn't possible in GCE to do a port rewriting. As a workaround I use port forwarding using iptables
Then in GCE, you can create a health check on port 9000, your target pool will have your instances listing on port 9000 and your forwarding rule will be on port 80 with your target pool.
Another workaround will be to run HAProxy on the instance to locally forward port 80 on the instance to port 9000.
If your app is HTTP-based (looks like it), then please have a look at the new HTTP load balancing announced in June. It can take incoming traffic at port 80 and forward to a user-specified port (eg. port 9000) on the backend. The doc link for the command is here:
https://developers.google.com/compute/docs/load-balancing/http/backend-service#creating_a_backend_service
Hope it helps.