Installing the Internal Load Balancer (ILB)
Azure cannot recognize a [VIP protected by IP resource] in an Azure VNET. As a result, network communication using [VIP protected by IP resource] normally used in LifeKeeper for Windows cannot be performed. In this configuration, install ILB as follows and set [VIP set by ILB] as the network communication path.
Connection from the client
- Since the lkclient connects to the application (Oracle Listener in the figure above), a connection is attempted using the virtual IP address and application port number (10.20.1.200:1521).
- The ILB balances the load to either 10.20.1.11:1521 or 10.20.1.12:1521. Since LifeKeeper ensures that applications are only active on one machine, the ILB health probe always detects that only the active side is healthy. As a result, ILB always allocates requests to the active node (in the figure above, lknode01 is active, so 10.20.1. 11:1521).
- The application also waits for requests on the application port on the [Azure private address] and other arbitrary IP addresses. Connection requests to the virtual IP address and application port number (10.20.1. 200:5432) on lkclient are delivered to the application.
Connection from inside the operating server
- Since the ILB does not support the NAT loopback function, a connection to the application by specifying the virtual IP address and application port number from inside the active server cannot go through the ILB. To resolve this issue, create a LifeKeeper IP resource (10.20.1.200).
- The same IP address cannot be active on the NIC on Subnet#1 because the ILB on Subnet#1 is already using 10.20.1.200 as shown above. Set the NIC on Subnet # 2 to [VIP protected by IP resource].
- Packets specifying the virtual IP address and application port number from the active server are processed inside the active server without going outside the server through internal routing.
- The application is also listening for requests on the application port of a virtual IP address (or any IP address, including virtual IP addresses). The connection request to the virtual IP address on lkclient and the application port number (10.20.1.200:1521) is delivered to the application.
Considerations for Applications that Require IP Resources
When using ARK-protected applications (Oracle, MS SQL Server, IIS) that require IP resources in a non-Azure Azure environment, configure the virtual IP address as the IP address that waits for connections. As explained earlier, in the Azure environment, connections from clients communicate using the private address of each server, while connections from inside the server communicate using a virtual IP address. Therefore, it is necessary to configure an arbitrary IP address (INADDR_ANY) as the IP address that waits for connection, even for applications protected by ARK that requires IP resources. Oracle is used in this document as an example of such a configuration.