Using Geographic Load Balancing With Firewalled Networks; Server Configuration - Coyote Point Systems Equalizer Installation And Administration Manual

For example, assume www.coyotepoint.com is to be balanced across a geographical
cluster containing two Envoy sites, east.coyotepoint.com (at 192.168.2.44) and
west.coyotepoint.com (at 10.0.0.5). In this case, the name servers configured to handle
the coyotepoint.com domain must be configured to delegate authority for
www.coyotepoint.com to both east.coyotepoint.com and
west.coyotepoint.com. When queried to resolve www.coyotepoint.com,
coyotepoint.com's name servers should return name server (NS) and alias (A) records
for both sites.

Using Geographic Load Balancing with Firewalled Networks

Equalizer sites communicate with each other using Coyote Point's UDP-based Geographic
Query Protocol. Similarly, Equalizer sites communicate with clients using the DNS
protocol. If one or more of your sites are protected by a network firewall, the firewall must
be configured to permit Equalizer packets to pass through.
To use geographic load balancing with firewalled networks, you need to configure the
firewalls so that:
Equalizer sites communicate with each other on UDP ports 5300 and 5301. The firewall
must allow traffic on these ports to pass between Envoy sites.
Equalizer sites and clients can exchange packets on UDP port 53. The firewall must
allow traffic on this port to flow freely between an Equalizer server and any Internet
clients so that clients trying to resolve hostnames via the Equalizer DNS server can
exchange packets with Equalizer sites.
Equalizer sites can send ICMP echo request packets out through the firewall and receive
ICMP echo response packets from clients outside the firewall. (When a client attempts a
DNS resolution, Equalizer sites send an ICMP echo request (ping) packet to the client and
the client might respond with an ICMP echo response packet.)

Server Configuration

How you establish this configuration depends on the server's operating system. Each
server should be configured from the system console, not through a telnet session.
When you configure the servers, the default route gateway depends on your Equalizer
configuration:
Equalizer Installation and Administration Guide
To use Equalizer, you must configure your servers so that the packets they send
to their clients are gatewayed by Equalizer. If you do not adjust the routing on
your servers, a client will never receive a response when attempting to contact the
virtual cluster and the connection will time out.
If you are using a two-network configuration, the gateway for the default route
should be Equalizer's internal address.
If you are using a single-network configuration, the gateway for the default route
should be Equalizer's external address.
If you are using a failover configuration, the default route should be set to the
failover gateway address. For more information, see "Setting up a Failover
Configuration" on page 51.
Server Configuration
29