I need a suggestion to realize a proper solution to this problem:
As you can see in the image above, I have 2 application servers that need to talk with and external third party provider over the internet, at the moment the configuration is very simple, the firewall have a ptp VPN with the remote provider and the application server call directly the remote host with a firewall rule ad-hoc to enable the communication to the remote host via the ptp VPN.
This kind of configuration have no redundancy, because the actual remote host have 2 different public IPs, in different part of the world. The problem is that when the remote host IP 1 is down the whole thing doesn't work, but the firewall is not "smart" enough to switch in real time to the other IP and provide some sort of NAT.
So my idea was to move all this logic to a software installed on a layer4/layer7 load balancer installed on another host, so the 2 app servers should call a Virtual IP on the local network and automatically the load balancer will switch in case of failure of node 1 to node 2 in a completely transparent way for the applications (see image below).
Anyway my question is: what kind of software I should use on the load balancer to satisfy my requirements? I was thinking about IPLVS + Keepalived or something similar, if someone have some better suggestion will be appreciated. The system is Red Hat 5 based and the application servers are Jboss 5 with a Cisco ASA as firewall.
🙂
(P.S. The setup of this should be done in less than 1 week).
Best Answer
Well it actually depends on your desired goal.
Do you want to distribute load (and client requests) between both of your webservers (multiple active arch) or you just need to be "fully" redundant in case of webserver failure?
If you just need the redundancy aspect and are not worried about distributing load I would suggest using pacemaker to achieve this.
You basically have to define resource groups for jboss and the other services you might need running and define a single VIP that would work as the redundant point of entrance for your active webserver.