From: Scott Decker (sdecker@xxxxxxxxxxxxx)
Date: Thu Dec 06 2001 - 23:45:27 GMT-3
Sorry, have not used an alias address on any of the LD installs I have
done. I treat it strictly as a layer 2 devices that happens to be
'smart' about L3 and L4. If I must load balance off-subnet, I send it
through a proper layer 3 device that can route.
Interesting question, though. I'll see if I can dig up a config for you
tomorrow.
Scott
-----Original Message-----
From: Mas Kato [mailto:loomis_towcar@speedracer.com]
Sent: Thursday, December 06, 2001 5:09 AM
To: sdecker@bellsouth.net; signal@shreve.net
Cc: ccielab@groupstudy.com
Subject: RE: LocalDirector problem
Indeed. If you consider the LD to be like a bridge, then the
virtual-server IP address needs to be in net-10. Can you allocate a
net-12 for a global address and then NAT it to the virtual-server's
net-10?
Regards,
Mas Kato
https://ecardfile.com/id/mkato
>Date: Wed, 5 Dec 2001 21:16:42 -0600 (CST)
> Brian <signal@shreve.net> Scott Decker <sdecker@bellsouth.net>cc:
<ccielab@groupstudy.com>
> RE: LocalDirector problemReply-To: Brian <signal@shreve.net>
>
>On Wed, 5 Dec 2001, Scott Decker wrote:
>
>> Brian:
>>
>> The LD is a 'bridge only' device from the perspective of the LAN
segment
>> it is on. It listens for layer three, but does not route. It reads
the
>> inbound layer 3 header to see if it's directed at the virtual server.
>> If so, it performs it LB algorithm and forwards to the appropriate
real
>> server, which must be on the same subnet. In your example, the
servers
>> are addressed on a different physical subnet. Since the LD does not
>> know how to route, you are going to have errors whenever you attempt
to
>> cross a subnet boundary. This seems to be the problem you are
>
>I assigned the LD an alias address, so that I could have it on a
different
>subnet. Also, I *did* try it with just the LD on 10.0.1.0/24, that
didn't
>fly. I may try this again though. I was under the impression that
adding
>the "alias ip" command would allow you to use the different subnets.
>
>
>> experiencing as far as I can tell. In order to reach another subnet
>> (which you are trying to do), you will have to put an L3 device
between
>> the LD and the real servers.
>>
>> >From CCO: " LocalDirector serves as a transparent learning bridge
to
>> forward data packets between its interfaces. Because of its bridge
>> capability, LocalDirector must not be installed on the network
parallel
>> to another bridge. Only use LocalDirector to connect to servers
allowing
>> a single way in or out to the network through LocalDirector, as shown
in
>> Figure 2-1."
>>
>>
>> Go here for more info:
>>
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/localdir/ldv42/421
>> guide/42ch02.htm
>>
>> It also includes the diagram I'm trying to describe for two different
>> subnets (Figure 2-4 I think).
>>
>> HTH,
>>
>> Scott
>>
>>
>>
>> -----Original Message-----
>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
>> Brian
>> Sent: Wednesday, December 05, 2001 6:32 PM
>> To: ccielab@groupstudy.com
>> Subject: LocalDirector problem
>>
>> I am racking my head over a problem I am having with a basic
>> localdirector
>> setup. I admit I don't have much experience with the LocalDirector,
>> although it looks pretty simple to setup for basical load balancing.
>>
>> Below is a diagram, some show command output and a config. If anyone
>> has
>> some experience in these boxes and can just glance it and see if I am
>> doing something wrong, I would appreciate it.
>>
>>
>>
>> Internet
>> |
>> |
>> |
>> | s0/0
>> Border Router (3640)
>> | e0/0 12.45.140.1/27
>> | 10.0.1.1/24 (secondary)
>> |
>> |
>> | ethernet 0
>> LocalDirector 416 (12.45.140.21)
>> | ethernet 2
>> |
>> |
>> Hub
>> |
>> |
>> -------------------------
>> | | |
>> | | |
>> realserver1 realserver2 realserver3
>> 10.0.1.241 10.0.1.242 10.0.1.243
>>
>>
>> Notes:
>> 1. The real servers default route to 10.1.1.1
>> 2. I have verified a webserver is responding on port 80 of each
>> realserver. It
>> is reachable using the realserver ip address from the side of the hub
>> the realservers
>> are on.
>> 3. The LDIR 416 cannot ping any real servers. The real servers can
ping
>> each other.
>> The LDIR can ping the 3640 on either of its IP addresses.
>> 4. The LDIR 416 is addressed on both the 12.45.140.0/27 networks and
the
>> 10.0.1.0/24
>> networks. Its primary IP address is 12.45.140.21/24 and I created an
>> alias for the
>> 10.0.1.250 address it has. This way I can reach it from the
Internet.
>> If I flip flop
>> its real ip and alias, I cannot reach it.
>> 5. The virtual server is not pingable from the Internet or realserver
>> side of the hub.
>>
>> ldAlpha# show real
>> Real Machines:
>>
>> No Answer TCP
Reset
>> DataIn
>> Machine Connect State Thresh Reassigns
Reassigns
>> Conns
>> server3:0:0:tcp 0 IS 8 0 0
>> 0
>> server2:0:0:tcp 0 IS 8 0 0
>> 0
>> server1:0:0:tcp 0 IS 8 0 0
>> 0
>>
>> ldAlpha# show virtual
>> Machines:
>>
>> Machine Mode State Connect
>> Sticky Predictor Slowstart
>> dsdata:0:0:tcp directed local IS 0
0
>> roundrobin* none
>>
>>
>> ldAlpha# show bind
>> Virtual Machine(s) Real Machines/Urls
>> dsdata:0:0:tcp(IS)
>> server3:0:0:tcp(IS)
>> server2:0:0:tcp(IS)
>> server1:0:0:tcp(IS)
>>
>>
>>
>> : Saved
>> : LocalDirector 416 Version 4.2.3
>> : Uptime is 0 weeks, 2 days, 3 hours, 37 minutes, 45 seconds
>> no syslog output
>> no syslog console
>> enable password 000000000000000000000000000000 encrypted
>> hostname ldAlpha
>> no shutdown ethernet 0
>> no shutdown ethernet 1
>> no shutdown ethernet 2
>> interface ethernet 0 100basetx
>> interface ethernet 1 100basetx
>> interface ethernet 2 100basetx
>> mtu 0 1500
>> mtu 1 1500
>> mtu 2 1500
>> no multiring all
>> no secure 0
>> no secure 1
>> no secure 2
>> ping-allow 0
>> ping-allow 1
>> ping-allow 2
>> ip address 12.45.140.21 255.255.255.224
>> alias ip address 10.0.1.250 255.255.255.0
>> arp timeout 30
>> no rip passive
>> rip version 1
>> failover ip address 0.0.0.0
>> no failover
>> failover hellotime 30
>> password 5ebe2294ecd0e0f08eab7690d2a6ee69 encrypted
>> telnet 192.168.1.100 255.255.255.0
>> telnet 10.0.1.253 255.255.255.0
>> telnet 10.0.1.54 255.255.255.0
>> telnet 10.0.1.1 255.255.255.0
>> telnet 12.45.140.1 255.255.255.224
>> virtual 12.45.140.20:0:0:tcp is
>> predictor 12.45.140.20:0:0:tcp roundrobin
>> real 10.0.1.243:0:0:tcp is
>> real 10.0.1.242:0:0:tcp is
>> real 10.0.1.241:0:0:tcp is
>> replicate interface 1
>> name 10.0.1.241 server1
>> name 10.0.1.242 server2
>> name 10.0.1.243 server3
>> name 12.45.140.20 dsdata
>> bind 12.45.140.20:0:0:tcp 10.0.1.243:0:0:tcp
>> bind 12.45.140.20:0:0:tcp 10.0.1.242:0:0:tcp
>> bind 12.45.140.20:0:0:tcp 10.0.1.241:0:0:tcp
>>
>> -----------------------------------------------
>> Brian Feeny, CCIE #8036 e: signal@shreve.net
>> Network Engineer p: 318.222.2638x109
>> ShreveNet Inc. f: 318.221.6612
>-----------------------------------------------
> I'm buying / selling used CISCO gear!!
> email me for a quote
>
>Brian Feeny, CCIE #8036 Netjam, LLC
>signal@netjam.net http://www.netjam.net
>VISA/MC/AMEX/COD phone: 318-212-0245
>30 day warranty fax: 318-212-0246
------------------------------------------------------------
Speed Racer's Official Virtual Pit Stop.
http://www.speedracerdsl.com/speedracer/
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:32:39 GMT-3