A One-Armed Route-Path topology has the following benefits:
- It is more simple to configure than the two-armed routh-path topology because all of the Real Servers and the VIP addresses are on the same subnet, and typically connected to the WAN (or, less commonly, to the LAN). See Figure 1 below.
- No re-configuration of the network is required.
However, since the Real Servers and VIP addresses are on the same subnet, this configuration is less secure than the Two-Armed Route-Pathdeployment.
If the Service type is Layer 4 - TCP or UDP, the Real Servers will need to be configured in Direct Server Return mode. See Direct Server Return deployment. Alternatively, use the TCP Proxy Service type, the UDP Proxy Service type or one of the Layer 7 Service types. This provides a quick way to insert the Barracuda Load Balancer into an existing infrastructure with minimal changes to the network. No changes are required to the IP addresses of the Real Servers. The Barracuda Load Balancer may be on the same subnet as the Real Servers. Alternatively, the Real Servers are reachable through a router from the Barracuda Load Balancer.
Figure 1 shows a WAN-side deployment using one-armed route-path and TCP Proxy, UDP Proxy or Layer 7 Services. The gateway IP address of the Real Servers remains the same as it was before the introduction of the Barracuda Load Balancer to the network. All of the Virtual IP addresses and IP addresses of the Real Servers are connected to the WAN port.
Figure 1. One-armed Route-Path using TCP Proxy, UDP Proxy, or a Layer 7 Service.
If desired, you can keep an externally accessible IP address on a Real Server so that external clients can still access that address (for example, for FTP) only on that one system. Because configuration changes are not required, only that traffic which needs to be load balanced passes through the Barracuda Load Balancer.
Figure 2 shows an example of a one-armed route path deployment using TCP Proxy Services. In this case, the Services are provided by multiple Barracuda Spam & Virus Firewalls and Email servers.
Figure 2. One-armed TCP Proxy Service with Barracuda Spam & Virus Firewalls.
As shown in the diagram, email passes through this network in the following way:
#1 - Email is sent to the VIP address for the TCP Proxy Service that represents the Barracuda Spam & Virus Firewalls.
#2 - It is directed to the appropriate Barracuda Spam & Virus Firewall for processing.
#3 - After passing spam and virus checks, the email is sent to the VIP address for the email Service.
#4 - The Barracuda Load Balancer load balances the email traffic and passes it to an email server.