Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Dynamic Tunnel
Top Forums UNIX for Advanced & Expert Users Dynamic Tunnel Post 302382636 by Smiling Dragon on Thursday 24th of December 2009 05:39:23 AM
Old 12-24-2009
Ah, now I think I understand what you are after - I've implemented something similar in the past as a low budget proof of concept. If you want something more solid - stick with NAT rules on the routers but as a test case ssh tunnels should do the job for you.

You are still pretty light on the details so I'll suggest an example as it might help show the process:
Suppose you have 4 servers, 2 of which are customer facing webservers and 2 are back-end application servers. These servers operate in an active-standby mode where any pair of 2 servers (one webserver, one app server) are up and running while the other two are on standby. If the app itself is too stupid to handle this scenario, we can use ssh tunnels instead:
App server A opens a connection via ssh to webserver A and webserver B, it listens to the localhost loopback interface on some high port (use a high port so you don't need to trust an ssh as root on your webserver). Any traffic to these high ports is directed down the tunnel and to the back-end app server. Configure both webservers to connect to "back ends" on localhost:<high port>.
Traffic from either webserver will arrive at the app server automagically.

If you want to switch to the other app server (even if that's in a completly different network). You kill the ssh tunnels and reopen them from App Server B instead on the same high port. The webserver sees a brief connection loss but everything comes back right away and it carries on oblivious to the move.

You'll not be able to switch without outage at all, but the outage can be reduced to a few seconds at least this way and avoids config changes on the webservers.

Is that what you had in mind?
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Sql dynamic table / dynamic inserts

I have a file that reads File (X.txt) Contents of record 1: rdrDESTINATION_ADDRESS (String) "91 971502573813" rdrDESTINATION_IMSI (String) "000000000000000" rdrORIGINATING_ADDRESS (String) "d0 movies" rdrORIGINATING_IMSI (String) "000000000000000" rdrTRAFFIC_EVENT_TIME... (0 Replies)
Discussion started by: magedfawzy
0 Replies

2. Windows & DOS: Issues & Discussions

UDP/ tunnel

Hi, I know tcp port tunneling can be done using ssh/putty. how about udp? I have a scenario where a license server handsout licenses to machines in that network ONLY. I have a windows machine in a different subnet and even though the client software can see license server, while using the... (6 Replies)
Discussion started by: upengan78
6 Replies

3. UNIX for Advanced & Expert Users

Stopping SSH tunnel

I have initiated a tunnel for vncserver. now i want to stop it. is there any way except sleep option? (2 Replies)
Discussion started by: majid.merkava
2 Replies

4. Ubuntu

VPN tunnel to UDP tunnel

I have a program which uses TCP connection for VPN tunnel. How do i Change TCP tunnel to UDP tunnel?.. (1 Reply)
Discussion started by: sahithi
1 Replies

5. IP Networking

Help with SSH tunnel?

I have a Java web app on machine (X) that needs to talk to an LDAP server (Y) on :636, but the LDAP server is only accessible on a particular network. I can login to a machine (Z) on that network from X, and this machine can talk to the LDAP server on :636. How can I tunnel so that X can... (2 Replies)
Discussion started by: spacegoose
2 Replies

6. UNIX for Advanced & Expert Users

Ssh tunnel question

Hi all I have a suite of scripts that ssh to remote servers within a cluster and run some tests. This is done from a central server so that all of the test results can be captured in one location. Problem is I now have 509 tests and the number is growing. The scripts work by establishing a... (2 Replies)
Discussion started by: steadyonabix
2 Replies

7. Red Hat

X11 forwarding through a tunnel

Is it possible to launch an X11 application and have it use an X11 server on the other side of a bastion host? Specifically, here's my setup: my laptop ------------- bastion -------------- remote host I have putty installed on my laptop. The bastion is rhel 6.5 and the remote host is... (1 Reply)
Discussion started by: tsreyb
1 Replies

8. Proxy Server

WebSocket over SSH tunnel - is it possible?

Hello, I have a video streaming application that utilizes a WebSocket for the server <-> client communication. My goal is to make the video streaming service available over the internet in the cases where neither the server nor client have public IPs. One way to do this is over a VPN... (8 Replies)
Discussion started by: Vladislav
8 Replies

9. Solaris

Tunnel X over ssh for 11.3

Hello Solaris experts: Trying to bring the 11.3 gdm screen over ssh to a Linux Box: I did the following: 1. made chanes to /etc/ssh/sshd_config & bounced ssh daemon: # X11 tunneling options X11Forwarding yes X11DisplayOffset 10 X11UseLocalhost yes 2. From the remote Linux box: ... (6 Replies)
Discussion started by: delphys
6 Replies

10. UNIX for Advanced & Expert Users

Tunnel using SSH

I am not clear with the part of concept of Tunneling using ssh. ssh -f -N -L 1029 192.168.1.47:25 james@192.168.1.47 I found out that above code works for me . but didn't quite well understood how ti works and need to ask you guys some questions. since we are using tunnel through ssh ... (2 Replies)
Discussion started by: lobsang
2 Replies

LEARN ABOUT OSF1

gateways

gateways(4)						     Kernel Interfaces Manual						       gateways(4)

NAME

       gateways - Specifies Internet routing information to the routed daemon

SYNOPSIS

       /etc/gateways

DESCRIPTION

       The  /etc/gateways  file  identifies  gateways for the routed daemon.  Ordinarily, the routed daemon queries the network and builds routing
       tables.	The routed daemon builds the tables from routing information transmitted by other hosts directly connected to  the  network.  How-
       ever,  there may be gateways that this command cannot identify through its queries.  These unidentified gateways are known as distant gate-
       ways. Such gateways should be identified in the /etc/gateways file, which the routed daemon reads when it starts.

       The general format of an file entry in the /etc/gateways file is: Destination Name1 gateway Name2 metric Value Type

       The following is a brief description of each element in an /etc/gateways file entry: A keyword that indicates whether the  route  is  to  a
       network	or  to	a specific host. The two possible keywords are net and host.  The name associated with Destination.  Name1 can be either a
       symbolic name (as used in the /etc/hosts or /etc/networks file) or an Internet address specified in dotted-decimal  format.   An  indicator
       that  the following string identifies the gateway host.	The name or address of the gateway host to which messages should be forwarded.	An
       indicator that the next string represents the hop count to the destination host or network.  The hop count, or number of gateways, from the
       local  network to the destination network.  A keyword that indicates whether the gateway should be treated as active, passive, or external.
       The three possible keywords are as follows: An active gateway is treated like a network interface.  That is, it is expected to exchange RIP
       (Routing  Information  Protocol)  routing  information.	Information about it is maintained in the internal routing tables as long as it is
       active and is included in any routing information that is transmitted through RIP. If it does not respond for a period of time,	the  route
       associated  with  it  is  deleted from the internal routing tables.  A passive gateway is not expected to exchange RIP routing information.
       Information about it is maintained in the routing tables indefinitely and is included  in  any  routing	information  that  is  transmitted
       through RIP.  An external gateway is identified to inform the routed daemon that another routing process will install such a route and that
       alternative routes to that destination should not be installed. Information about external gateways is not maintained in the internal rout-
       ing tables and is not transmitted through RIP.
       Note that these routes must be to networks.

EXAMPLES

       To specify a route to a network through a gateway host with an entry in the gateways file, enter: net net2 gateway host4 metric 4 passive

	      This  example specifies a route to a network, net2, through the gateway host4. The hop count metric to net2 is 4, and the gateway is
	      treated as passive.  To specify a route to a host through a gateway host with an entry in the gateways file, enter: host host2 gate-
	      way host4 metric 4 passive

	      This  example  specifies a route to a host, host2, through the gateway host4. The hop count metric to host2 is 4, and the gateway is
	      treated as passive.  To specify a route to a host through an active Internet gateway with an entry in the gateways file, enter: host
	      host10 gateway 192.100.11.5 metric 9 active

	      This example specifies a route to a specific host, host10, through the gateway 192.100.11.5. The hop count metric to host10 is 9 and
	      the gateway is treated as active.  To specify a route to a host through a passive Internet gateway with an  entry  in  the  gateways
	      file, enter: host host10 gateway 192.100.11.5 metric 9 passive

	      This  example  specifies	a route to a specific host, host10, through the gateway 192.100.11.5.  The hop metric count to host10 is 9
	      and the gateway is treated as passive.  To specify a route to a network through an external gateway, enter a line in  the  following
	      format: net net5 gateway host7 metric 11 external

	      This  example specifies a route to a network, net5, through the gateway host7. The hop count metric to net5 is 11 and the gateway is
	      treated as external (that is, it is not advertised through RIP, but is advertised through an unspecified routing protocol).

RELATED INFORMATION

       Daemons: gated(8), routed(8) delim off

																       gateways(4)
All times are GMT -4. The time now is 03:02 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy