What is PEN?

PEN is a  highly available, highly scalable, and amazing load balancer (LB) for TCP and UDP-based protocols such as DNS, TFTP, HTTP or SMTP. It allows a lot of servers to appear as only one to the cloud, detects if any servers are down, and distributes requests among the servers that are available online. For these reasons, it is high availability and has scalable performance.

It works on Linux, *BSD, Solaris, and other Posix systems. It can be installed as a service on Windows Systems. It can be configured for SSL termination, reverse proxy, and direct server return.

When the PEN service detects that a server is unavailable or offline, it scans for another one beginning with the server after the last one used. It is 100% compatible with IPv4 and IPv6.

The algorithm used in this load-balancing service keeps track of clients and will try to send them back to the server they visited the last time. The request table has a number of slots (2048 b is the default, but it is configurable). This is not a simple round-robin algorithm, which sends a client that connects to different servers.

Perfectly configured, this LB can ensure that a server cluster is always available, even when individual servers are down or offline. The last single point of failure can be eliminated by running this LB service on several servers, using a virtual router redundancy protocol to decide which one is alive & running.

Used As a Transparent Reverse Proxy in Linux

PEN can work as a proxy: The client connects to PEN and opens a new connection to an available server.

NOTE: Keep in mind, the server cannot see the original client IP address.

For HTTP and HTTPS, the X-Forwarded-For header option can be used to communicate with the client IP address. This option can be activated using the -H flag .

We need to create some firewall rules before we proceed with deployment:

root@intraway:~# iptables -t mangle -N DIVERT

root@intraway:~# iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT

root@intraway:~# iptables -t mangle -A DIVERT -j MARK –set-mark 1

root@intraway:~# iptables -t mangle -A DIVERT -j ACCEPT

After we create the firewall rules, we need to set a special route, using the “ip” command:

root@intraway:~# ip rule add fwmark 1 lookup 100

root@intraway:~# ip route add local 0.0.0.0/0 dev lo table 100

Now, We Can Start the PEN Service

 Execute the following command line in your terminal, as root.

./pen -df -O transparent 192.168.1.11:5001 192.168.101.3

In this case, “intraway2” is the client with IP 192.168.100.2 and “intraway3” is the server with IP 192.168.101.3. PEN is in the middle with the following IP addresses 192,168,100,10/11.

Intraway2 and Intraway3 have static routes, so they can reach each other through the host if PEN is running.

The client observes a connection from IP 192.168.100.2 to IP 192.168.100.11, while the PEN sees an active connection from IP 192.168.100.2 to IP 192.168.101.3.

 

Selection_136

Server

Menu