> Spencer wrote: > > We are currently using iproute2 to perform a round robin type load > balancing. > ip route add default proto static scope global > nexthop via XXX.XXX.XXX.XXX dev eth0 weight 1 > nexthop via XXX.XXX.XXX.XXX dev eth1 weight 1 > nexthop via XXX.XXX.XXX.XXX dev eth2 weight 1 > > From my understanding this is destination based load balancing. And > it has worked fine 99% of the time. The problem we are running into is > for web sites that have a separate authentication server. For example > a user authenticates on an authentication server through eth0. After > authentication the user is redirected to the application server, > however since the application server is a different destination the > user can now be routed out through eth1 or eth2. In the case that the > user is routed out through either eth1 or eth2 the application server > now sees a different ip address than the one used to authenticate and > thus denies the user access. > It is also possible that I'm way off base and this is not at all > what is happening and is not the reason for users getting denied > access after authenticating, but that's what it looks like to me. I > was wondering if anyone else had seen a similar problem and had a > possible solution. I didn't see anything in the archives right off > but I wasn't sure exactly what to search for either. > > Thanks > Spencer I've never seen this happen, so I can't comment except to say that your explanation sounds plausible to me. The "normal" cure is to install Julian's routing patch http://www.ssi.bg/~ja/ and use connmark http://selab.edu.ms/twiki/bin/view/Networking/MultihomedLinuxNetworking You may also want to investigate the KeepState stuff in nano.txt (on Julian's site). HTH (but no guarantees...), gypsy _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
