Matt_Breedlove_
Jun 04, 2009Nimbostratus
LTM to LTM transparent proxy (triangulation)
We have a situation where we want to use 3 physically separate (but same datacenter) LTM clusters (but with no http redirects (301,302) whatsoever to serve 2 distinct websites using a single website hostname
Definitions:
LTM 'A' = pair of bigip (active/standby - fault tolerant )
LTM 'B' = different pair of bigip (active/standby - fault tolerant )
LTM 'C' = yet a another pair of bigip (active/standby - fault tolerant )
So client would make connection to LTM 'A' using immutable www.website.com.
LTM 'A' would look for presence of cookie (controller by actual web servers) and transparently proxy/forward/triangulate that connection (without http redirect) to either LTM 'B' (b.website.com) or LTM 'C' (c.website.com)
depending on which the cookie indicated
p
However, from the client's perspective they should interact only with www.website.com the entire time, regardless of which backend LTM they are actually using.
And the client should never be redirected, but always talking to LTM A using initial TCP session.
Now I know this is cinch with 1 LTM and a few local pools with the ProxyPass iRule, but that doesn't work for us because we need to diversify our load among the physically separate LTM clusters. All 3 LTM clusters are in same datacenter
So one superheavy used site is on 1 LTM (b.website.com), other superheavy used site is on other LTM (c.website.com), and the third LTM acts as traffic/tcp session director and a single point of contact for the clients
So we want LTM A to transparently proxy connections to both LTM B and LTM C.
Only LTM B and LTM C would actually have real servers (serving the actual unique website content)
If LTM B went down, then LTM C's website would still work.(via LTM A)
If LTM C went down, then LTM B's website would still work (via LTM A).
Additionally, client can choose to connect directly to "b.website.com" and/or "c.website.com" and they will get that website (effectively bypassing LTM 'A')
By design, LTM A would be mission critical for both websites to be accessible via www.website.com
Reason for this all is we are not able to change the hostname that the client is requesting and we are not allowed to do any http redirects.
Additionally, we want to diversify risk/load across all 6 of the loadbalancers (2 in each LTM cluster)
Any thoughts on the approach for this would be appreciated
Thanks
Matt