Does anyone have some experience with proxy in HA with two legs? One leg to clients and second leg to internet?
If my assumption is correct the config. is same like with normal proxy HA, but it needs also static routes so that the traffic is returned to clients and not leaves to def. gw., right?
I have one environment where I deployed the proxy like this, but customer is complaining, that the connection is slow and some appliacations transactions are failling with timeout(or whatever...). So I made some pcaps and such and although I've seen some resets on the scanning node, those were usually following after e.g. FIN,ACK, so not really that bad, the packets looked quite fine.
So I tried to simulate it in my testlab, made similar configuration(just different networks) and when I made pcap on the director node with static routes, it looks quite weird, like following (192.168.21.56 is client, 192.168.21.154 is the VIP):
After that I thought that I could check how it looks like when there are no static routes, and the pcap on director looked much better:
With that, I'm now thinking if this is intended behaviour or if we can't use the proxyHA with two legs or I just messed up something 🙂