Using Load Balancers in Transparent Mode – A Workaround

In my last post, I talked about two routing modes used on load balancers: NAT and transparent. As you may recall, I recommended against using transparent mode unless it is a common practice to use a load balancer as the default gateway in your environment. In this blog post, I would like to provide another workaround that would enable transparent mode without having to point the default gateway of your Log Insight nodes to the load balancer!

enet-loopback

CREDIT: Shout out to my colleague Joseph Andreatta for testing this out and providing the information.

WARNING: This is not officially supported. Proceed at your own risk.

While the Log Insight virtual appliance is a black box, it is at its core a SLES operating system. As such, you can modify the networking properties. One workaround to get transparent mode working is to configure the virtual server on the loopback interface of the Log Insight nodes.

What is a loopback interface?

The loopback interface is a virtual network interface that is primarily used for internal testing within a system. For more information see this forum.

How can you configure it for transparent mode?

On each node you must add the virtual server VIP to the loopback interface, to do so, add IPADDR_LB, NETMASK_LB, & BROADCAST_LB to /etc/sysconfig/network/ifcfg-lo and then restart lo (ifdown lo; ifup lo).

This address will NOT show up in ifconfig:

but it will show up in ifstatus lo:

Using transparent mode

With the loop back interface configured to point to the load balancer, you can now enable transparent mode on the load balancer. Upon doing so, you should now be able to see the real client IP sending the event to the load balancer (look at the source field of events coming in over the syslog protocol)!

NOTE: the real client IP may still be a syslog aggregator so it may not be the originator of the event.

Summary

By configuring the loopback interface on Log Insight nodes to be the virtual server IP address, transparency mode on load balancers will work for a Log Insight cluster because the cluster can directly talk with the actual client – this is known as direct routing. Be aware that this workaround is technically unsupported because you are modifying the virtual appliance.

© 2014 – 2015, Steve Flanders. All rights reserved.

Leave a Reply