Re: [squid-users] kerberos auth failing behind a load balancer

From: Eliezer Croitoru <eliezer_at_ngtech.co.il>
Date: Thu, 23 May 2013 09:11:19 +0300

On 5/23/2013 8:42 AM, Brett Lymn wrote:
> One problem with using L2 is that you then lose the ability to log the
> client IP address, everything appears to come from the load balancer.
> Using L7 you can, at least on some load balancers, insert a
> X-FORWARDED-FOR header with the client IP in it so you can log this in
> squid using a custom log line.
Unless you use TPROXY which is very simple to use if you understand the
concepts and ideas.
Also there is an option to use LVS or PROXY protocol in many cases.
I dont remeber if squid support proxy protocol stickily but L2 LB is far
more easy to debug and use rather then a L7 one which requires a much
more advanced CPU ram and other stuff.

Eliezer
Received on Thu May 23 2013 - 06:11:41 MDT

This archive was generated by hypermail 2.2.0 : Thu May 23 2013 - 12:00:35 MDT