Now that you know what the integrated load balancer feature is in Log Insight 2.5, you probably are interested in how you can switch from your already configured external load balancer (ELB) to the new integrated load balancer (ILB) and if you should switch. I will cover these topics in this post.
How to Switch
The process is very straightforward, but there are a couple gotchas to be aware of:
- Configure the ILB – I covered the steps in my previous post
- Reconfigure the DNS record currently pointed to the ELB to point to the VIP on the ILB
GOTCHA: This assumes that a DNS record was configured and that all clients are forwarding events via the DNS name. If clients are forwarding events via an IP address then you will need to update all client configurations to point to the new FQDN (do not point to the new IP to prevent this issue in the future).
- Wait for the DNS TTL to expire on the clients – until the client DNS cache expires the new changes will not take effect
- Restart (not stop) the ELB (external not internal) Log Insight VIP (not the entire ELB in case other VIPs are being hosted on the device)
GOTCHA: client TCP sessions are long-lived (I covered long-lived sessions in this post), which means even after the client DNS cache has expired events will continue to be sent to the ELB. Restarting the ELB will force the clients to reconnect and those with the updated DNS record will now send traffic to the ILB. The reason why you should restart the ELB is to ensure that if a client does not connect to the ILB as expected (e.g. DNS cache did not expire or new DNS record did not get propagated properly) that events continue to get ingested.
- Check the ELB and confirm that no clients are sending events – if they are address the configuration problem and repeat step 4
- Stop the ELB Log Insight VIP (not the entire ELB in case other VIPs are being hosted on the device)
That’s it!
Should You Switch?
If you are already using an ELB you might be wondering if you should switch to the ILB. While both serve the same purpose of providing ingestion HA for Log Insight, here are the questions I would ask to determine if you should switch:
- Is the team that runs the Log Insight instance the same as the team that runs the ELB? If no, then you may consider switching to the ILB as relying on different teams can make managing any application more difficult. For example, prior to upgrading a Log Insight worker node you are supposed to remove it from the ELB configuration, which may require another team in order to execute.
- Did you dedicate an ELB for Log Insight? If yes, then you may consider switching to the ILB due to the addition cost, resources and management overhead.
- Do you want to have one point-of-contact for all Log Insight support issues? If yes, then you may consider switching to the ILB as ELB issues will need to be handled separately from Log Insight support issues.
- Do you want the source field of events to be something other than the address of the external load balancer? If yes, then while this is a potential workaround to this issue, you may consider switching to the ILB as it passes the source address properly.
© 2015, Steve Flanders. All rights reserved.
