Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Port mapping to several ip addresses
  •  
asdert2

Messages: 10
Karma: 0
Send a private message to this user
Hi!

Currently I have a traffic rule which maps https port to two IP addresses. So "Translate to the following host" field looks like this: 192.168.1.2;192.168.1.3.

I'm trying to get some kind of load balancing and failover in case one of my internal servers goes down.

This rule works, but I'm not sure what order does it use for connections. It seems most of connections go to first IP only.

How does Kerio Control works with such rule? Shouldn't it divide connections equally between two internal servers? Maybe it would be better to specify a dns name here and assign those two IP addresses to that name in Kerio Control's hosts table for example?

Thanks!
  •  
asdert2

Messages: 10
Karma: 0
Send a private message to this user
Anybody?
Maybe somebody from Kerio can answer this question?
  •  
asdert2

Messages: 10
Karma: 0
Send a private message to this user
  •  
Brian Carmichael (Kerio)

Messages: 662
Karma: 66
Send a private message to this user
Kerio Control will use whichever rule comes first (at the top of the list). It does not load balance or provide failover for inbound connections. For this type of functionality you would need to look into some type of load balancing proxy like nginx or use a service like Cloudflare.

Brian Carmichael
Senior Technical Marketing Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
asdert2

Messages: 10
Karma: 0
Send a private message to this user
Yes, I understand that kerio will use upper rule. But I think you have misunderstood my question. I have specified two ip addresses in "Translate to the following host" field. I'm using single rule for that.
How will kerio deal with this situation?

And one more question. What if I enter internal dns name in that filed? Something like myname.myinternaldomain.local. And that dns name will resolve to two ip addresses on my internal DNS server. Will it work like DNS round robin? How often will kerio resolve that name?
  •  
Brian Carmichael (Kerio)

Messages: 662
Karma: 66
Send a private message to this user
To my knowledge, if you put multiple IPs in the box as you described earlier, it will choose the first listed IP. However, using a hostname with round robin DNS may provide some type of load balancing, although I believe in this type of situation Kerio Control uses a separate cache, so it may not work well.
You'll need to make sure Kerio Control (in the network interface properties) is directing all DNS queries to a server where you can manage a round robin configuration.

Brian Carmichael
Senior Technical Marketing Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
asdert2

Messages: 10
Karma: 0
Send a private message to this user
Yes, my Kerio is directing all DNS queries to my internal dns server. So it resolves any internal name fine. Can someone clarify about kerio's internal cache? How often will kerio update it?
  •  
Brian Carmichael (Kerio)

Messages: 662
Karma: 66
Send a private message to this user
I confirmed with one of the developers that it will use the TTL defined by the DNS server. However it does have a built in 10 seconds cache.

Brian Carmichael
Senior Technical Marketing Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
Previous Topic: Kerio Control 9.2.2 - automatic authentication with MAC does not working
Next Topic: Log rotation - recommended?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon May 29 09:48:13 CEST 2017

Total time taken to generate the page: 0.00996 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.