Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Dynamic Tunnel
Top Forums UNIX for Advanced & Expert Users Dynamic Tunnel Post 302382636 by Smiling Dragon on Thursday 24th of December 2009 05:39:23 AM
Old 12-24-2009
Ah, now I think I understand what you are after - I've implemented something similar in the past as a low budget proof of concept. If you want something more solid - stick with NAT rules on the routers but as a test case ssh tunnels should do the job for you.

You are still pretty light on the details so I'll suggest an example as it might help show the process:
Suppose you have 4 servers, 2 of which are customer facing webservers and 2 are back-end application servers. These servers operate in an active-standby mode where any pair of 2 servers (one webserver, one app server) are up and running while the other two are on standby. If the app itself is too stupid to handle this scenario, we can use ssh tunnels instead:
App server A opens a connection via ssh to webserver A and webserver B, it listens to the localhost loopback interface on some high port (use a high port so you don't need to trust an ssh as root on your webserver). Any traffic to these high ports is directed down the tunnel and to the back-end app server. Configure both webservers to connect to "back ends" on localhost:<high port>.
Traffic from either webserver will arrive at the app server automagically.

If you want to switch to the other app server (even if that's in a completly different network). You kill the ssh tunnels and reopen them from App Server B instead on the same high port. The webserver sees a brief connection loss but everything comes back right away and it carries on oblivious to the move.

You'll not be able to switch without outage at all, but the outage can be reduced to a few seconds at least this way and avoids config changes on the webservers.

Is that what you had in mind?
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Sql dynamic table / dynamic inserts

I have a file that reads File (X.txt) Contents of record 1: rdrDESTINATION_ADDRESS (String) "91 971502573813" rdrDESTINATION_IMSI (String) "000000000000000" rdrORIGINATING_ADDRESS (String) "d0 movies" rdrORIGINATING_IMSI (String) "000000000000000" rdrTRAFFIC_EVENT_TIME... (0 Replies)
Discussion started by: magedfawzy
0 Replies

2. Windows & DOS: Issues & Discussions

UDP/ tunnel

Hi, I know tcp port tunneling can be done using ssh/putty. how about udp? I have a scenario where a license server handsout licenses to machines in that network ONLY. I have a windows machine in a different subnet and even though the client software can see license server, while using the... (6 Replies)
Discussion started by: upengan78
6 Replies

3. UNIX for Advanced & Expert Users

Stopping SSH tunnel

I have initiated a tunnel for vncserver. now i want to stop it. is there any way except sleep option? (2 Replies)
Discussion started by: majid.merkava
2 Replies

4. Ubuntu

VPN tunnel to UDP tunnel

I have a program which uses TCP connection for VPN tunnel. How do i Change TCP tunnel to UDP tunnel?.. (1 Reply)
Discussion started by: sahithi
1 Replies

5. IP Networking

Help with SSH tunnel?

I have a Java web app on machine (X) that needs to talk to an LDAP server (Y) on :636, but the LDAP server is only accessible on a particular network. I can login to a machine (Z) on that network from X, and this machine can talk to the LDAP server on :636. How can I tunnel so that X can... (2 Replies)
Discussion started by: spacegoose
2 Replies

6. UNIX for Advanced & Expert Users

Ssh tunnel question

Hi all I have a suite of scripts that ssh to remote servers within a cluster and run some tests. This is done from a central server so that all of the test results can be captured in one location. Problem is I now have 509 tests and the number is growing. The scripts work by establishing a... (2 Replies)
Discussion started by: steadyonabix
2 Replies

7. Red Hat

X11 forwarding through a tunnel

Is it possible to launch an X11 application and have it use an X11 server on the other side of a bastion host? Specifically, here's my setup: my laptop ------------- bastion -------------- remote host I have putty installed on my laptop. The bastion is rhel 6.5 and the remote host is... (1 Reply)
Discussion started by: tsreyb
1 Replies

8. Proxy Server

WebSocket over SSH tunnel - is it possible?

Hello, I have a video streaming application that utilizes a WebSocket for the server <-> client communication. My goal is to make the video streaming service available over the internet in the cases where neither the server nor client have public IPs. One way to do this is over a VPN... (8 Replies)
Discussion started by: Vladislav
8 Replies

9. Solaris

Tunnel X over ssh for 11.3

Hello Solaris experts: Trying to bring the 11.3 gdm screen over ssh to a Linux Box: I did the following: 1. made chanes to /etc/ssh/sshd_config & bounced ssh daemon: # X11 tunneling options X11Forwarding yes X11DisplayOffset 10 X11UseLocalhost yes 2. From the remote Linux box: ... (6 Replies)
Discussion started by: delphys
6 Replies

10. UNIX for Advanced & Expert Users

Tunnel using SSH

I am not clear with the part of concept of Tunneling using ssh. ssh -f -N -L 1029 192.168.1.47:25 james@192.168.1.47 I found out that above code works for me . but didn't quite well understood how ti works and need to ask you guys some questions. since we are using tunnel through ssh ... (2 Replies)
Discussion started by: lobsang
2 Replies

LEARN ABOUT DEBIAN

dietforwarder

DIETFORWARDER(1)														  DIETFORWARDER(1)

NAME

       dietForwarder - DIET tool to manage ssh tunnels between DIET components

NAME

       dietForwarder  -  Tool for creating DIET forwarders. Forwarders are special components that serve as proxies and manage ssh tunnels between
       DIET components in complex networks.

SYNOPSYS

	  dietForwarder [options] ...

DESCRIPTION

       Deploying DIET on heterogeneous networks that are not reachable by means other than ssh tunnels is a delicate  task.  DIET  forwarders  are
       special DIET components that serve as proxies between DIET components by creating ssh tunnels.

       dietForwarder  is  a  command  to instantiate DIET forwarders.  Forwarders simplify the maintenance of ssh tunnels between DIET components,
       thus improving DIET's scalability and ease of configuration in complex network topologies.

       Before starting a DIET forwarder, you must:

       o launch omniNames on the local and remote hosts;

       o launch the remote peer, specifying its name and network configuration only;

       o launch the local peer and give it the remote peer's name, the ssh connection's details, the remote port to use and the 'pass  -C'  option
	 to create the ssh tunnel.

       [Remark: forwarders must be launched before the DIET hierarchy.]

OPTIONS

       --name [name]
	      String identifying the forwarder.

       --peer-name [name]
	      String identifying its peer on the other network.

       --ssh-host [host]
	      Host hosting the ssh tunnel.

       --ssh-login [login]
	      Login used to establish the ssh connection (default: current user login).

       --ssh-key [/path/to/ssh/key]
	      Path to the ssh key (the private one!) used to establish the ssh connection (default: $HOME/.ssh/id_rsa).

       --remote-port [port]
	      Port the ssh host is listening on.

       --remote-host [host]
	      Host to which the connection is made by the tunnel (corresponds to ssh options -L and -R).

       --nb-retry [nb]
	      Number of times that the local forwarder will try to bind itself to the remote forwarder (default: 3).

       --peer-ior [IOR]
	      Passes the remote forwarder's IOR. By default, the local forwarder will retrieve its peer's IOR.

       --tunnel-wait [seconds]
	      Set the number of seconds to wait before considering that the tunnel has been created.

EXAMPLE

       Here is a simple configuration example:

       o We have two domains: net1 and net2. Forwarders will be launched on hosts fwd.net1 and fwd.net2.

       o There's no link between hosts fwd.net1 and fwd.net2 but users may access fwd.net2 from fwd.net1 using a ssh connection.

       o Let's call the fwd.net1 forwarder Fwd1 and the fwd.net2 forwarder Fwd2.

       o One SeD lives in fwd.net2 while the rest of the DIET hierarchy lives on the net1 domain.

       Command line for launching Fwd1

       fwd.net1$ dietForwarder --name Fwd1 --peer-name Fwd2 
	 --ssh-host fwd.net2 --ssh-login dietUser 
	 --ssh-key id rsa net2 --remote-port 50000

       Command line to launch Fwd2

       fwd.net2$ dietForwarder --name Fwd2

RATIONALE

       DIET  uses  CORBA as its communication layer. While it is a flexible and robust middleware, it remains hard to deploy DIET on heterogeneous
       networks that are not reachable except through ssh tunnels. DIET forwarders help the administrator to configure their grid without manually
       setting-up  ssh	tunnels, which is arguably neither simple nor scalable.  DIET forwarders make it very easy to configure networks with such
       topologies.

LICENSE AND COPYRIGHT

   Copyright
       (C)2011, GRAAL, INRIA Rhone-Alpes, 46 allee d'Italie, 69364 Lyon cedex 07, France all right reserved <diet-dev@ens-lyon.fr>

   License
       This program is free software: you can redistribute it and/or mod- ify it under the terms of the GNU General Public License as pub-  lished
       by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the
       hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or  FITNESS	FOR  A	PARTICULAR
       PURPOSE.  See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with
       this program. If not, see <http://www.gnu.org/licenses/>.

AUTHORS

       GRAAL INRIA Rhone-Alpes 46 allee d'Italie 69364 Lyon cedex 07, FRANCE Email: <diet-dev@ens-lyon.fr> WWW: http://graal.ens-lyon.fr/DIET

SEE ALSO

       omniNames(1), DIETAgent(1)

BUGS

       On some systems, forwarder rules will not work unless you use IP addresses instead of hostnames.

AUTHOR

       haikel.guemar@sysfera.com

       License: GPLv3

COPYRIGHT

       DIET developers

0.1								    2011-01-10							  DIETFORWARDER(1)
All times are GMT -4. The time now is 02:43 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy