cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Communication from one pool member to another

Brett_Williams
Nimbostratus
Nimbostratus

So, in normal circumstances, I wouldn't want my pool members communicating with each other. However, I am trying to load balance syslog. Yes, I know this sounds crazy. But bear with me.

 

I suspected I might be losing syslog events, so I wanted to rule out the load balancer as a potential bottleneck. I have a stateless virtual server, stateless UDP profile, two pool members. For diagnostic purposes, I am generating a finite number of syslog messages from each of my pool members and sending them at the virtual server in front of them. I noticed an interesting trend. Only about half of the packets arrive. If my first pool member sends the packets, only it receives packets via the virtual server. Same goes for the second pool member. I am not using any source address translation.

 

Any thoughts?

2 REPLIES 2

If your not using any address translation then packets will arrive back to you from an address your device is not expecting and so will be dropped. Its hard to visualize what you are trying to do so a diagram would be useful here.

Brett_Williams
Nimbostratus
Nimbostratus

Not a concern. Syslog is a stateless "fire and forget" protocol for the most part.

 

I drew up a diagram in LucidChart. Attaching.

 

Virtual server is UDP stateless. Load balancer is green. Ingress/virtual server side is on the left, and egress/node side is on the right.

 

Pool members run on the same port as the virtual server, so there is no port or address translation happening, except for routing packets to a pool member. No SNAT, no AutoMap.

 

Syslog packets coming from devices on the network are spread relatively equally across my pool members. This is working as expected and designed.

 

I also generate syslog packets from the pool members, pointed back at the virtual server. So, like a loopback, except pointed at the virtual server. These syslog-generating scripts run on both servers. And it touches every mode of transport I have ingress to the servers to serve as an advanced health monitor for our own purposes. So, on pool member 1, if I point to localhost:30514, I see all the packets, because they never leave the network stack of the pool member. However, if I point to virtual_server:30514, I see only about half the packets. The other half of the packets, which should be arriving on pool member 2, do not arrive on pool member 2.

 

0691T000008t8wjQAA.png