router Archive

Amazon ELB and Client side certificates

The problem Amazon’s ELB only allows you to setup loadbalancer with a normal SSL certificate and does not support 2 way SSL authentication. To overcome this issue, there are certain “hacks” you can make use of. At the time of writting this post, Amazon AWS was in the process of implementing this feature, but it

Hetzner’s ban, NAT leaking internal traffic on WAN interface and New Year’s

  As I mentioned few times, we have small cluster of servers located on Hetzner’s datacenters. We use Vyatta for our core router and we NAT all additional servers thru it, becouse Hetzner’s dedicated servers don’t support direct routing. Incident On new year’s eve, my phone started ringing insanely and I noticed one of our

Installing Vyatta 6.6 R1 with software raid 1

Intro For all my routers I usually choose at least some level of raid. As routers usually don’t need any disk performance, simple raid 1 – mirroring is enough to sustain disk failure and ensure server continues to work. Now let’s get busy and install our latest Vyatta on our server. Prerequisites To ensure fast

Vyatta – SNAT – Randomly rotating public IP addresses

The problem Our contextual system uses bots/spiders to leech data from our customer’s websites in order to parse them and use extracted text for further content analysis. This means we have setup few servers that run bots/spiders. Can you imagine if 20 bots started leeching websites hosted on same webhosting using only one ip? That could be considered as sort of

Loadbalancing / failover with IPVS and keepalived

Introduction Correct failover and loadbalancing is crucial for high availablility environment. With proper setup we can eliminate single points of failure in case of server crash. I use linux kernel’s support for load balancing, since that seems as well documented and scalable method. What I want to achieve here, is actually fully redundant architecture, so