load balancing 2 shibboleth IdP servers

Joseph Fischetti Joseph.Fischetti at marist.edu
Wed Aug 5 16:55:16 UTC 2020

>    I should have noted that unlike most sites, our NetScaler setup is layer 4, not layer 7. I used to use an obscure feaure called Direct Server Response that plays tricks with ARP tables, and now I just route TCP through the NetScalers directly to servers running on subnets managed by them. There's no HTTP proxying and it's end to end, client to my Jetty servers. My life is immeasurably more pleasant as a result.
WELL we could dive into the conversation of DSR and its benefits but it's not the time or place for that one... but I do just want to say "interesting..."

Our load balancers do SSL so we can do WAF and the like.  I also like having a few less places that need SSL certs updated.  6 of one...

More information about the users mailing list