ssh round-robin redirect?

I'm not an f5 guru, so I'm hoping there are some out there who who can suggest solutions to this situation.

 

 

[situation]

 

The customer uses a client script that transfers files to my application using the following steps in sequence.

 

* ssh to a target IP and verify that landing zone has enough space

 

* ssh/scp file to the IP using temporary name (real.name.gz.tmp.1234)

 

* ssh to the IP, verify file transfer integrity (via md5sum), and then rename transferred file to its permanent name (real.name.gz)

 

I don't know if the client app is configured with an IP address, or if it resolves a host name via DNS.

 

All connections come from the same client IP address.

 

 

Due to political issues, I need to minimize changes to this client script - and ideally not require any changes. (yeah, *oof*)

 

 

I have multiple members in the pool, and the load-balancing should be round-robin. (i.e. all members taking traffic unless there's a problem or I take it offline manually) For the transfer to succeed, all 3 ssh sessions should terminate to a single pool member. A file may be transferred to any pool member.

 

 

Ideally, if a pool member goes offline, the client can complete its active file transfers, (i.e. all 3 ssh sessions) rather than have to restart. (yes, this is subject to the pool member completing the transfer...) If the in-flight transfers are lost, then the client would need to retry and the pool members would need logic added to cleanup the orphaned files that were scp'ed, but not renamed for pickup by the app running on the pool members.

 

 

Yeah, I want the f5 to do all the work here, and not change anything in the client script or my app. I'm lazy that way. :)

 

[/situation]

 

 

[ideas]

 

I don't think there's any "redirect" concept in ssh. (that would seems to defeat the whole purpose...)

 

 

I don't think there's any way for the f5 to determine whether any given ssh connection request is the first, second, or third ssh session of a file transfer. So I don't see a way for the f5 to group multiple ssh sessions for routing to a single member. (with http, I believe I could do this with cookies)

 

 

I'm thinking one solution is to have the client to do a simple function call to identify a target IP for each transfer. (and use the IP for all 3 steps in the transfer process) I don't mind if the IP addresses are direct to the pool members. (i.e. the ssh sessions don't need to transit the f5), This would require a change to the client script, but I think it's small enough to get approved.

 

 

I'd prefer to have the f5 handle this redirection. That way, the client script would run with minimum modification, and my app would not need to worry about blocking file transfers to the pool member's landing zone if it were offline.

 

 

I don't think persistence with only one server "active" at a time is the right answer (at least as I understand persistence), because we'd lose all transfers in-flight when the persistence switched to a new server. (I'd need to switch every 30 minutes to a new server so that the formerly active server would have enough time to digest the transferred files - this would result in an unacceptable level of retransmits. (>5%)

 

 

I'd prefer a solution that allows all pool members to simultaneously handle traffic. If necessary, I could sell within my organization a solution with a dedicated standby.

 

[/ideas]

 

 

So what options are out there? Can I do this without major client script rework?

 

 

Thanks in advance...