I got an interesting project to migrate an existing infrastructure based of VMs to a Nomad cluster.
Though I still have lot of work regarding the network side of it ( keeping the nomad default VS fancier CNI ) I’m stuck on the load balancer setup.
We want to keep our existing loadbalancers which are facing Internet and that’s not something we want to move inside the nomad cluster.
LB are baremetals servers, capable to handle lots of traffic, main reason is to be able to handle DDoS and garbage traffic.
Backends should have mostly legitimate traffic to them.
From my understanding, Consul and the Service Discovery magic would allow to discover the backend containers for a given service which is okay.
All the documentation and video I read/saw were about classic LB where the return path is going back via the LB to be server to the clients.
Now the problem:
Our current Loadbalancer setup uses DSR aka Direct Server Return, where an IPIP tunnel
is setup between the LB to each backend, and backend replies with the service VIP directly to the client.
Is that something that can be replicated inside the nomad environment ?
Is there any example of search setup in production somewhere ?
Thanks for any help !