We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Load Balancer

One-Armed Route-Path Using TCP Proxy, UDP Proxy, or a Layer 7 Service Type

  • Last updated on


A One-Armed Route-Path topology has the following benefits:

  • It is more simple to configure than the two-armed routh-path topology because all of the Real Servers and the VIP addresses are on the same subnet, and typically connected to the WAN (or, less commonly, to the LAN). See Figure 1 below.
  • No re-configuration of the network is required.

However, since the Real Servers and VIP addresses are on the same subnet, this configuration is less secure than the Two-Armed Route-Pathdeployment.

If the Service type is Layer 4 - TCP or UDP, the Real Servers will need to be configured in Direct Server Return mode. See Direct Server Return deployment. Alternatively, use the TCP Proxy Service type, the UDP Proxy Service type or one of the Layer 7 Service types. This provides a quick way to insert the Barracuda Load Balancer into an existing infrastructure with minimal changes to the network. No changes are required to the IP addresses of the Real Servers. The Barracuda Load Balancer may be on the same subnet as the Real Servers. Alternatively, the Real Servers are reachable through a router from the Barracuda Load Balancer.

  • If the Server is in the same network as the custom virtual interface, then the custom virtual interface is used to connect to the Server using the interface route/static route or the default gateway, in that order.
  • If the Server, the custom virtual interface, and the WAN IP are all in the same network, you cannot use the custom virtual interface to connect to the Server. In this scenario, the WAN IP is always used to connect to the Server.
  • The virtual interface of the service can be in any network.

Figure 1 shows a WAN-side deployment using one-armed route-path and TCP Proxy, UDP Proxy or Layer 7 Services. The gateway IP address of the Real Servers remains the same as it was before the introduction of the Barracuda Load Balancer to the network. All of the Virtual IP addresses and IP addresses of the Real Servers are connected to the WAN port.

Figure 1. One-armed Route-Path using TCP Proxy, UDP Proxy, or a Layer 7 Service.

1 arm proxy.png

If desired, you can keep an externally accessible IP address on a Real Server so that external clients can still access that address (for example, for FTP) only on that one system. Because configuration changes are not required, only that traffic which needs to be load balanced passes through the Barracuda Load Balancer.

Figure 2 shows an example of a one-armed route path deployment using TCP Proxy Services. In this case, the Services are provided by multiple Barracuda Spam & Virus Firewalls and Email servers.

Figure 2. One-armed TCP Proxy Service with Barracuda Spam & Virus Firewalls.

blb spam.png

As shown in the diagram, email passes through this network in the following way:
#1 - Email is sent to the VIP address for the TCP Proxy Service that represents the Barracuda Spam & Virus Firewalls.
#2 - It is directed to the appropriate Barracuda Spam & Virus Firewall for processing.
#3 - After passing spam and virus checks, the email is sent to the VIP address for the email Service.
#4 - The Barracuda Load Balancer load balances the email traffic and passes it to an email server.


Related Articles

Last updated on