Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Multiple Deployment Server, VIP Load Balancer and NO CLIENTS

cachexploit
Explorer
‎09-16-2020 06:36 AM

We setup 3 deployment servers behind a LB VIP.  We set the VIP in deploymentclient.conf but for those agents we are not seeing them check in.  We logged in locally to both a *nix and a Win machine and we can telnet to the VIP on port 8089.  The LBer shows that traffic is being distributed between all three. Also, only our original DeploymentServer is showing clients, #2 and #3 do not show any clients at all.  All serverclass.conf match and we have serverChecksum set to true in global.  All of the app files are identical.

 

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

cachexploit
Explorer
‎12-03-2020 10:55 AM

So just as an update, we were able to get this to work through an F5 Loadbalancer and VIP.  You have to make sure that there are no http profiles assigned to the VIP rule on the F5.  Once we were able to do that, we can see that the Handshakes are being completed successfully and we see all the clients checking in throughout the day to all 3 deployment servers.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

cachexploit
Explorer
‎12-03-2020 10:55 AM

So just as an update, we were able to get this to work through an F5 Loadbalancer and VIP.  You have to make sure that there are no http profiles assigned to the VIP rule on the F5.  Once we were able to do that, we can see that the Handshakes are being completed successfully and we see all the clients checking in throughout the day to all 3 deployment servers.

0 Karma
Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎09-16-2020 07:51 AM

This is new to me also, but after short googling sessio it seems to be working solution. 

How about LB’s sticky session setting. Is it on or off? Probably better if nodes call at lest some time to the same backend instead of changing it on every  request to different backend node even in same transaction.

r. Ismo

 

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎09-16-2020 06:50 AM

Hi @cachexploit,

who approved this architecture?

for my knoledge, but I could be wrong, it isn't possible to have more DSs behind a LB!

you could have more DSs that manage different clients each one but not using a LB.

If you need more DSs because you have to manage too many clients for only one, you can use more resources (CPUs and RAMs) or more DSs but, as I said, each one has to manage a different list of clients.

In my experience, one DS with normal resources (12 CPUs and 12 GB RAM) managed more than 2000 clients.

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

cachexploit
Explorer
‎09-16-2020 07:06 AM

Splunk has confirmed themselves that this should work along with multiple posts in this community about the same architecture.  I have a plan to roll out an abundance of UFs across our enterprise and was recommended this solution.

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎09-16-2020 07:09 AM

hi @cachexploit,

forget it, it's really new for me!

Ciao.

Giuseppe

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

 Are you ready to revolutionize your IT operations? As digital transformation accelerates, the demand for ...

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...