Wednesday, February 5, 2014

Multiple servers behind One IP

Part 1 in a series

As a systems consultant, I have to deliver a number of software and hardware solutions to customers; in order to do so, I have to know what I'm doing (I know: shocking!), and that takes study and practice. As followers of this blog know, I've got a nice little setup in my basement, and the process of teaching myself these technologies, I've gotten to the point where I want to actually use some of those things.

So, I do what lots of people do: I set up these services and enable port forwarding in my NAT firewall, sending the traffic on a port-by-port basis to the servers that are listening for connections.
Port Forwarding behind a single IP address
In some cases, I don't even have to set up a forward: the device on my network uses a protocol known as "Universal Plug 'N Play" (UPnP) to request port forwarding directly from the router. This all works well as long as I don't have more than one "inside" device listening on a given port. Unfortunately, this leaves me in a conundrum: most of these new & useful applications are using web services—or maybe just the TCP/80 and TCP/443 ports—which makes it hard to manage behind a home router.
The problem: only one destination per port
One alternative is to use non-standard ports for the connections; unfortunately, many applications don't permit the use of non-standard ports (erk!), or when they do, their use is incredibly cumbersome on the client.

Another option—less desirable, and not always functional—is co-installing everything on a single machine. This sets you up for all sorts of compatibility issues and potentially negative interactions. Plus: when we have a virtual environment available, isn't it desirable to have single-purpose machines to avoid all those annoyances?

Luckily, there's a solution: use a proxy (or, more precisely, a reverse proxy). A standard proxy will accept many different outgoing requests and act as a single point of contact for the returning requests. A reverse proxy takes a single incoming request, and after inspecting the request, decides which one among many destinations will receive the traffic.
Reverse Proxy to direct traffic
There are a lot of solutions out there that can provide this solution; this series of blog posts will focus on the Citrix NetScaler VPX Express. This solution has several things going for it, not only for use in the home lab:
  1. It's free.
  2. A pair is easy to configure for high availability (and is still covered under the no-cost license!)
  3. It can be configured for multiple protocols, not just HTTP and/or HTTPS
  4. A simple license update and it can support far more than the included 5Mb/s capacity.
  5. "Playing" with it can directly translate into using the product in business scenarios.

Parts in this series:

1 comment:

  1. Free web hosting sounds like an ideal situation, but it comes with a caveat. Somebody needs to pay for the free service; the cost is commonly offset by advertisements appearing on the served website. These advertisements are often at the discretion of the hardware owner, therefore the client has little control over the content. For personal and hobby sites, this might be an acceptable compromise.

    ReplyDelete