I have successfully PoC’d the use of two HAProxy servers w/ heartbeat to load balance traffic between two squid servers with pass through Kerberos authentication in our shared services office. I’ve been exploring the idea of separating internal load balancing from our Citrix NetScalers that currently have a leg both inside the private network and in the DMZ (terrible security practice so we’re changing that). One of the things that I can’t seem to find anywhere is assigning more than one floating IP to an HA pair. The reason for this is that we load balance many things and want to use a different IP for each service being load balanced (I.e., squid, DNS, LDAP, web servers, etc). Could use some direction on this.
You can add multiple Subnet IP addresses to be used for traffic towards your backend servers.
Doing so requires the following steps:
- Add a Subnet IP Address (System –> Network –> IP)
- Create an IP Set (System –> Network –> IPSets) and assign the Subnet IP address to the set
- Create a Network Profile (System –> Network –> Net Profile) and assign the IPSet to the Network Profile
- Assign the network profile to a load balancing virtual server or to the services/service groups belonging to the load balancing virtual server
By using separate network profiles per type of service, you can easily control the traffic.
Nowadays, even VIP addresses can be used as source IP addresses to the backend, given there is at least one Subnet IP address in the subnet.