Dear DataPower team.

I have a question on Load balancing using DataPower Gateway.

< Purpose>

- Multi-zone fail over

< Network configuration >

- DMZ gateway cluster is located in DMZ for serving external traffic

- "Public" API gateway cluster is for public zone, another cluster named "Private" is for private zone.

- External traffic should go via DMZ.

- So, there are 2 scenarios for external traffic :

1) external --> DMZ --> Public

2) external --> DMZ --> Private

< Requirements >

- In normal situation, traffic should be directed to the right target, identified by URI

- In failure situation (one of clusters is gone down). traffic should be directed to the remaining one to serve traffic continuously.

- To cover fail-over scenario, of course APIs would be published to both Public/Private gateway equally.

In my initial thoughts,

- Set up 2 static LBGs with same members but different primary cluster.

- Set up LBGs with First alive and do other ones like health check etc

- Include 2 LBGs in XML manager in DMZ cluster

- dynamic rule in MPG to direct traffic to necessary LBG.

Any comments? And also any other more decent solutions?

Hi,

your reasoning seems straightforward. Are you already thinking some pitfalls or?

--Hermanni

Just curious if there's more efficient approach. - e.g. handling same requirements with just 1 LBG etc.

Ok, I see... Just thinking that if the traffic is still allowed to go through the private cluster in case of a fail-over is there really a strict requirement to divide the traffic into "public" and "private"?

--Hermanni

I believe it might be "reasonably" strict. - Not any security policy or regulation. But zone is physically different, (private, on-prem vs AWS/GCP ) and service continuity using multi zone HA would be more important than security constraints.