06-14-2017 07:44 AM
Hello,
At this moment I am doing a PoC for a client in Azure with two VM-300 in the so called "Sandwich" mode. So for traffic coming from the internet I have the following path: ELB > VM-300 (x2) > ILB > Webserver (x2). Both VM-300 and Webservers are both in a seperate availabilty set.
I managed to load balance the traffic from the internet on the ELB, over both VM-300s and the via the ILB to both Webservers. So far so good!
Now I ask myself the question, how do I load balance the traffic, that initiates from the webservers to the internet? on the UDR I can only point to one VM-300, not both. I cannot use a ILB for anykind of SNAT or put in in routed mode.
As far as I can see, they only thing I can do is change the UDR via a script (e.g. zookeeper) in case one of the VM-300s goes down. how do you guys handle this? How do you achieve load balance/HA for outbound server traffic to the internet or other zones in the case of two VM-300s?
Many thanks
regards
Michel van Kessel
12-16-2021 10:52 PM
Ive found the symmetric flow to be an issue. I have an external client coming in through an Azure public load balancer, through my pair of PA firewalls, and into an internal load balancer which delivers the traffic to the servers. However the reply traffic doesnt work unless i make the firewalls source NAT the inbound traffic. The default route outbound from the backend servers is an internal load balancer across the two firewalls. sometimes the reply traffic goes back through the other firewall, therefore breaking symmetry.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
