From: Scott Decker (sdecker@xxxxxxxxxxxxx)
Date: Wed Dec 05 2001 - 23:06:17 GMT-3
Brian:
The LD is a 'bridge only' device from the perspective of the LAN segment
it is on. It listens for layer three, but does not route. It reads the
inbound layer 3 header to see if it's directed at the virtual server.
If so, it performs it LB algorithm and forwards to the appropriate real
server, which must be on the same subnet. In your example, the servers
are addressed on a different physical subnet. Since the LD does not
know how to route, you are going to have errors whenever you attempt to
cross a subnet boundary. This seems to be the problem you are
experiencing as far as I can tell. In order to reach another subnet
(which you are trying to do), you will have to put an L3 device between
the LD and the real servers.
>From CCO: " LocalDirector serves as a transparent learning bridge to
forward data packets between its interfaces. Because of its bridge
capability, LocalDirector must not be installed on the network parallel
to another bridge. Only use LocalDirector to connect to servers allowing
a single way in or out to the network through LocalDirector, as shown in
Figure 2-1."
Go here for more info:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/localdir/ldv42/421
guide/42ch02.htm
It also includes the diagram I'm trying to describe for two different
subnets (Figure 2-4 I think).
HTH,
Scott
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Brian
Sent: Wednesday, December 05, 2001 6:32 PM
To: ccielab@groupstudy.com
Subject: LocalDirector problem
I am racking my head over a problem I am having with a basic
localdirector
setup. I admit I don't have much experience with the LocalDirector,
although it looks pretty simple to setup for basical load balancing.
Below is a diagram, some show command output and a config. If anyone
has
some experience in these boxes and can just glance it and see if I am
doing something wrong, I would appreciate it.
Internet
|
|
|
| s0/0
Border Router (3640)
| e0/0 12.45.140.1/27
| 10.0.1.1/24 (secondary)
|
|
| ethernet 0
LocalDirector 416 (12.45.140.21)
| ethernet 2
|
|
Hub
|
|
-------------------------
| | |
| | |
realserver1 realserver2 realserver3
10.0.1.241 10.0.1.242 10.0.1.243
Notes:
1. The real servers default route to 10.1.1.1
2. I have verified a webserver is responding on port 80 of each
realserver. It
is reachable using the realserver ip address from the side of the hub
the realservers
are on.
3. The LDIR 416 cannot ping any real servers. The real servers can ping
each other.
The LDIR can ping the 3640 on either of its IP addresses.
4. The LDIR 416 is addressed on both the 12.45.140.0/27 networks and the
10.0.1.0/24
networks. Its primary IP address is 12.45.140.21/24 and I created an
alias for the
10.0.1.250 address it has. This way I can reach it from the Internet.
If I flip flop
its real ip and alias, I cannot reach it.
5. The virtual server is not pingable from the Internet or realserver
side of the hub.
ldAlpha# show real
Real Machines:
No Answer TCP Reset
DataIn
Machine Connect State Thresh Reassigns Reassigns
Conns
server3:0:0:tcp 0 IS 8 0 0
0
server2:0:0:tcp 0 IS 8 0 0
0
server1:0:0:tcp 0 IS 8 0 0
0
ldAlpha# show virtual
Machines:
Machine Mode State Connect
Sticky Predictor Slowstart
dsdata:0:0:tcp directed local IS 0 0
roundrobin* none
ldAlpha# show bind
Virtual Machine(s) Real Machines/Urls
dsdata:0:0:tcp(IS)
server3:0:0:tcp(IS)
server2:0:0:tcp(IS)
server1:0:0:tcp(IS)
: Saved
: LocalDirector 416 Version 4.2.3
: Uptime is 0 weeks, 2 days, 3 hours, 37 minutes, 45 seconds
no syslog output
no syslog console
enable password 000000000000000000000000000000 encrypted
hostname ldAlpha
no shutdown ethernet 0
no shutdown ethernet 1
no shutdown ethernet 2
interface ethernet 0 100basetx
interface ethernet 1 100basetx
interface ethernet 2 100basetx
mtu 0 1500
mtu 1 1500
mtu 2 1500
no multiring all
no secure 0
no secure 1
no secure 2
ping-allow 0
ping-allow 1
ping-allow 2
ip address 12.45.140.21 255.255.255.224
alias ip address 10.0.1.250 255.255.255.0
arp timeout 30
no rip passive
rip version 1
failover ip address 0.0.0.0
no failover
failover hellotime 30
password 5ebe2294ecd0e0f08eab7690d2a6ee69 encrypted
telnet 192.168.1.100 255.255.255.0
telnet 10.0.1.253 255.255.255.0
telnet 10.0.1.54 255.255.255.0
telnet 10.0.1.1 255.255.255.0
telnet 12.45.140.1 255.255.255.224
virtual 12.45.140.20:0:0:tcp is
predictor 12.45.140.20:0:0:tcp roundrobin
real 10.0.1.243:0:0:tcp is
real 10.0.1.242:0:0:tcp is
real 10.0.1.241:0:0:tcp is
replicate interface 1
name 10.0.1.241 server1
name 10.0.1.242 server2
name 10.0.1.243 server3
name 12.45.140.20 dsdata
bind 12.45.140.20:0:0:tcp 10.0.1.243:0:0:tcp
bind 12.45.140.20:0:0:tcp 10.0.1.242:0:0:tcp
bind 12.45.140.20:0:0:tcp 10.0.1.241:0:0:tcp
-----------------------------------------------
Brian Feeny, CCIE #8036 e: signal@shreve.net
Network Engineer p: 318.222.2638x109
ShreveNet Inc. f: 318.221.6612
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:32:39 GMT-3