1 Reply Latest reply on Sep 11, 2016 6:06 PM by xspader

    HW load balanced DXL hub in a DMZ

    ryanstillions

      Hello community,

       

      Does anyone have experience or success with putting a pair of DXL brokers (configured as a hub) behind a hardware based load balancer in a DMZ deployment scenario?    If so, I'd be curious to know the right settings for the DXL Topology configs under Menu, Server Settings, DXL Topology.

       

      A completely hypothetical and yet to be tested config / scenario I'm considering would be something along the lines of this:

       

      System Name: brokerA.something.local

      Published System Name: dxl.company.com

      IP Address: 10.0.0.10

      Published IP Address: 1.2.3.4

      Port: 8883

       

      System Name: brokerB.something.local

      Published System Name: dxl.company.com

      IP Address: 10.0.0.11

      Published IP Address: 1.2.3.4

      Port: 8883

       

      These two brokers would then become a DXL hub sitting behind a hardware based load balancer listening on a NAT'd internal IP behind a firewall but exposed as a public IP of 1.2.3.4 also resolving publicly to dxl.company.com

       

      The benefits to this (if it works) would be:

      1. more evenly balanced distribution of DXL connections across the hub.  Maybe? e.g. 90K endpoints are distributed somewhat evenly 45K/45K
      2. fewer public IP addresses consumed to facilitate having the service.
      3. fewer domain names published (reducing the publicly visible footprint / knowledge of the infrastructure, # of hosts, etc.)
      4. easer to scale.  Additional brokers & hubs could be added behind the HW based LB's without change to public IP / DNS footprint.

       

      Does anyone know if this would be a technically supported deployment configuration?  Would it work for DXL but break TIE? etc.   Not looking to integrate ATD, so no need factor in for file submissions to TIE, just basic TIE client queries coming in from off-network hosts needing to hit a DXL broker.

       

      Thanks,

      ryan