Using Load Balancers in Transparent Mode – A Workaround

In my last post, I talked about two routing modes used on load balancers: NAT and transparent. As you may recall, I recommended against using transparent mode unless it is a common practice to use a load balancer as the default gateway in your environment. In this blog post, I would like to provide another workaround that would enable transparent mode without having to point the default gateway of your Log Insight nodes to the load balancer!
enet-loopback

CREDIT: Shout out to my colleague Joseph Andreatta for testing this out and providing the information.

WARNING: This is not officially supported. Proceed at your own risk.

While the Log Insight virtual appliance is a black box, it is at its core a SLES operating system. As such, you can modify the networking properties. One workaround to get transparent mode working is to configure the virtual server on the loopback interface of the Log Insight nodes.

What is a loopback interface?

The loopback interface is a virtual network interface that is primarily used for internal testing within a system. For more information see this forum.

How can you configure it for transparent mode?

On each node you must add the virtual server VIP to the loopback interface, to do so, add IPADDR_LB, NETMASK_LB, & BROADCAST_LB to /etc/sysconfig/network/ifcfg-lo and then restart lo (ifdown lo; ifup lo).

# cat /etc/sysconfig/network/ifcfg-lo
# Loopback (lo) configuration
IPADDR=127.0.0.1
NETMASK=255.0.0.0
NETWORK=127.0.0.0
BROADCAST=127.255.255.255
IPADDR_2=127.0.0.2/8
IPADDR_LB=10.162.220.4/24
NETMASK_LB=255.255.255.0
BROADCAST_LB=10.162.220.25
STARTMODE=auto
USERCONTROL=no
FIREWALL=no

This address will NOT show up in ifconfig:

# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0C:29:01:DD:FF
          inet addr:10.162.220.153  Bcast:10.162.220.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:25148 errors:0 dropped:0 overruns:0 frame:0
          TX packets:16336 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:14897540 (14.2 Mb)  TX bytes:12885377 (12.2 Mb)
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:16402840 errors:0 dropped:0 overruns:0 frame:0
          TX packets:16402840 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:18374781517 (17523.5 Mb)  TX bytes:18374781517 (17523.5 Mb)

but it will show up in ifstatus lo:

# ifstatus lo
lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
inet 10.162.220.4/24 brd 10.162.220.25 scope global lo
inet 127.0.0.2/8 brd 127.255.255.255 scope host secondary lo
Configured IPv4 routes for interface lo:
127/8 - - lo
Active IPv4 routes for interface lo:
127.0.0.0/8 scope link
1 of 1 configured IPv4 routes for interface lo up
Active IPv6 routes for interface lo:
127.0.0.0/8 scope link
lo is up

Using transparent mode

With the loop back interface configured to point to the load balancer, you can now enable transparent mode on the load balancer. Upon doing so, you should now be able to see the real client IP sending the event to the load balancer (look at the source field of events coming in over the syslog protocol)!
NOTE: the real client IP may still be a syslog aggregator so it may not be the originator of the event.

Summary

By configuring the loopback interface on Log Insight nodes to be the virtual server IP address, transparency mode on load balancers will work for a Log Insight cluster because the cluster can directly talk with the actual client – this is known as direct routing. Be aware that this workaround is technically unsupported because you are modifying the virtual appliance.

© 2014, Steve Flanders. All rights reserved.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top