IP address Archive

Amazon ELB and Client side certificates

The problem Amazon’s ELB only allows you to setup loadbalancer with a normal SSL certificate and does not support 2 way SSL authentication. To overcome this issue, there are certain “hacks” you can make use of. At the time of writting this post, Amazon AWS was in the process of implementing this feature, but it

ip_conntrack: table full, dropping packet / conclusions about connection tracking

The problem Recently one of our clients started a very large campaign and my servers got hit by twice the traffic it was handling normally. We actually didn’t have any problems, but from time to time you would notice this error message on our main firewall: ip_conntrack: table full, dropping packet Investigation I have seen this

Vyatta – SNAT – Randomly rotating public IP addresses

The problem Our contextual system uses bots/spiders to leech data from our customer’s websites in order to parse them and use extracted text for further content analysis. This means we have setup few servers that run bots/spiders. Can you imagine if 20 bots started leeching websites hosted on same webhosting using only one ip? That could be considered as sort of

Loadbalancing / failover with IPVS and keepalived

Introduction Correct failover and loadbalancing is crucial for high availablility environment. With proper setup we can eliminate single points of failure in case of server crash. I use linux kernel’s support for load balancing, since that seems as well documented and scalable method. What I want to achieve here, is actually fully redundant architecture, so

Vyatta / VyOS: site-to-site OpenVPN + Open Shortest Path First (OSPF) setup

When you scale your network from one location to another, sooner or later you may want to merge those networks and have only one. To merge networks, you need to setup 2 routers and site-to-site connection between them. One of open source solutions is OpenVPN and Vyatta/VyOS. This article will cover setting up site-to-site connection