Answer the question
In order to leave comments, you need to log in
Vyatta, traffic balancing - how to “bind” a client to a specific external interface for HTTPS?
Situation: there are two channels - almost equal in rights, they must reserve each other. The output is Vyatta Core 6.6r1.
I wanted to set up balancing outgoing traffic, which was done using wan-load-balancing. But after that, a problem appeared, especially noticeable in HTTPS sessions: a user enters the site, logs in, starts working - and then after a while Vyatta starts sending his requests through another channel. The external IP address changes, the site swears, authorization fails, etc. Very inconvenient.
For version VC 6.6r1, there are official Release Notes from Brocade. On page 16 you can find a similar "problem" number 7503 and recommendations for action:
The WAN load balancing feature is changing the source interface and address during outbound session from the inside. As a result, HTTPS sites (such as webmail and banking sites) are requiring the user to reauthenticate during the session.
Recommended action: To prevent this issue, create a separate WAN load balancing rule that exclusively binds HTTPS traffic to a particular outbound interface. If you do this, however, the HTTPS traffic does not receive the bandwidth aggregation benefits of load balancing.
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question