A new feature in 3.3 is multi-VIP + tags. In this post, I would like to discuss what is it, why you would want to use it, and how to configure it. Read on to learn more!
What is it
LI has offered an Integration Load Balancer (ILB) since version 2.5. The ILB offered the ability to create a Virtual IP (VIP) in the same L2 network as the LI cluster nodes. In LI 3.3 a few enhancements have been made:
- Zero or more VIPs can be configured — previously only zero or one VIP could be configured
- Each VIP can have zero or more tags — previously tags were not supported with the ILB
- VIPs can be defined even on 1-node clusters — previously you need at least 2-nodes (note 3-nodes is the minimum supported for clusters)
Use-cases
Why have these enhancements been made? Well, a few use-cases come to mind:
- Role-Based Access Control (RBAC): LI has offered RBAC since version 2.5. In order to configure RBAC you need to define data sets and data sets require static fields. Given that static fields prior to LI 3.3 came from either syslog parsing or the ingestion API, sometimes it was not possible to define the RBAC rules desired. Now that multiple VIPs can be defined within LI and each can have their own tags (i.e. static fields), it is possible to define data sets for any data coming into LI.
- Content Packs: Content packs are made up of multiple components including dashboards, queries, alerts, and extracted fields. As you probably know, keywords and static fields are the most efficient ways to query data in LI. Unfortunately, some events do not contain keywords making it hard to include such events in content packs and ensure they are performant. Static fields can address this issue, but require that you have the ability to send them (i.e. use the LI agent). For products that cannot leverage the LI agent today, multiple VIP with tags can add static fields to eliminate this problem.
- Preparing for growth: While you might start with only a single LI node today, eventually you may need to move to a cluster to meet capacity or business requirements (e.g. HA). While adding more nodes is trivial, migrating from a standalone node to a VIP requires a few steps. To remove this overhead, you can now configure VIPs on a standalone LI instance.
How to configure it
Configuration is done on the /admin/cluster page.
Simply select the “Add New Virtual IP Address” button, assign an IP in the same L2 network, give it a FQDN that you will set in DNS (highly recommended) and enter any tags. All settings except the IP address can be changed afterwards.
Additional information
- All VIPs must be in the same L2 network — same requirement as before
- VIPs are based on IP and not port — same requirement as before
- The FQDN value should be added to DNS for proper resolution (i.e. LI does not run a DNS server) — same as before
- Changing the VIP tag(s) only applies to events that are ingested after the change — just like how tags work for other parts of the system (e.g. event forwarding)
- The VIP IP cannot be changed once set (everything else can be) — new in LI 3.3, workaround is to create a new VIP and delete the old one
© 2016, Steve Flanders. All rights reserved.
