[ejabberd] network setup question - several servers, one public IP.

zarrabeitia at gmail.com zarrabeitia at gmail.com
Mon Feb 13 07:15:40 MSK 2006


------
Summary: I need to run multiple, independent jabber servers on
multiple hosts, and I only have one public IP address available. What
would be the best setup?
------

Hi.
I've been looking for an answer to my problem for some time now, and I
found one that mostly suits my needs, but not completely. I'm writing
to this list in hopes that someone could provide me a better solution,
or perhaps point some flaws to the one I proposed. (The problem is not
specific to ejabberd, but that is the server that I use and i'd like
to keep using it).

I am a sysadmin in my organization, and I would like to deploy jabber
on it. We are composed of several [distant] subnodes, so jabber's
descentralization comes in very handy: I plan on installing an
ejabberd server on each subnode, so that each one can mantain its
autonomy and internal conectivity even in the case they get
disconnected from the rest of the network.

However, we have a serious lack of public IP addresses. We can reserve
only one for the jabber service, so it presents a problem for s2s
comunication between the subnodes and the rest of the internet, as we
must route somehow every s2s connection through that IP (and the c2s
for all external users).

My planned solution, so far, is to NAT all internal subnodes, so they
can establish outgoing s2s connection, DNAT/port forward some ports on
the public IP to the internal servers, and make their
_xmpp-server._tcp SRV records point to the forwarded ports on the
public IP. I have not tested this yet, but it should give them
conectivity. This solution, though feasible, still presents some
problems, mainly in the form of accounting and traffic shaping: if the
subnodes are fully NATted, they can bypass all of our per-protocol
accounting system (by accessing the services through the natted box),
and the very useful "shapers" of ejabberd would become unusable
centrally.

A better solution could be to have some kind of 'jabber proxy'
(hopefuly ejabberd itself, so the shapers can be used) whose only task
would be to accept connections from the subnodes and route them to the
internet, and back (and, as an extra, accept c2s connection from
anywhere and route them to the appropiate subnode). Ejabberd supports
virtual hosts, clustering and there is talk about "routing" in the
documentation, wich makes me think it may already support the feature
I'm looking for. Does it? If it dowsn't, do you know of any software
that I could use for "proxying" the jabber protocol, fully compatible
with ejabberd if possible?

Do you have a better idea or suggestion? A criticism for any of the two?

Thanks in advance,
                                Luis.


More information about the ejabberd mailing list