2

I'm trying to configure Nginx as last-resort backup for F5-BIG-IP and I'm not sure if it's possible to configure it to behave similarly to F5 in terms of traffic handling?

F5 is currently deployed as gateway in L3 like this (all addresses here begin with 192.168.0.):

edge router .13/30 --- .14/30 F5 .10/30 --- .9/30 core router --- other networks

edge router performs DNAT to various addresses (which used to be single servers some time ago) like 192.168.2.4 or 192.168.1.3. They're from various networks. F5 operates as gateway and load balances traffic with such destination addresses (without performing SNAT)

So my question is - how can I deploy Nginx this way? I know that I can use iptables and ip forwarding on linux level to behave like gateway and provide routing functionality but I don't know how to allow Nginx to load balance connections with destination of 192.168.2.4 that is not IP of such Linux box itself (it's actual address of one of pool members) and without performing SNAT.

I thought about using iptables with REDIRECT but I'm not sure if Nginx supports such deployment.

Lapsio
  • 363
  • 1
  • 5
  • 15

2 Answers2

0

I found following article on nginx website:

https://www.nginx.com/blog/ip-transparency-direct-server-return-nginx-plus-transparent-proxy/

And it even seems to be supported on Nginx Open Source edition. This method doesn't seem to use -j REDIRECT though but alternate routing tables and some packet marking mechanism for egress. I didn't figure out yet how and why it wokrs exactly from iptables and Linux packet flow perspective.

It looks quite tricky.

Lapsio
  • 363
  • 1
  • 5
  • 15
0

If I understood you correctly, you want to do a loadbalancing on the nginx itself. You could do it in the following way: NGINX Load Balancing

Dmitriy Kupch
  • 471
  • 2
  • 6
  • Yes but using transparent IP configuration (load balancing traffic while preserving original src-address and balancing packets not destined to IP installed on load balancer machine) – Lapsio Nov 26 '18 at 09:55