From: Mas Kato (loomis_towcar@xxxxxxxxxxxxxx)
Date: Fri Dec 07 2001 - 07:03:54 GMT-3
[demime could not interpret encoding binary - treating as plain text]
Oh, no problem. I don't need the config. I was suggesting Brian do the NATing o
n his perimeter router.
Mas
>Reply-To: <sdecker@bellsouth.net>
> "Scott Decker" <sdecker@bellsouth.net> "'Mas Kato'" <loomis_towcar@speedracer
.com>, <signal@shreve.net>Cc: <ccielab@groupstudy.com>
> RE: LocalDirector problemDate: Thu, 6 Dec 2001 21:45:27 -0500
>
>Sorry, have not used an alias address on any of the LD installs I have
>done. I treat it strictly as a layer 2 devices that happens to be
>'smart' about L3 and L4. If I must load balance off-subnet, I send it
>through a proper layer 3 device that can route.
>
>Interesting question, though. I'll see if I can dig up a config for you
>tomorrow.
>
>Scott
>
>-----Original Message-----
>From: Mas Kato [mailto:loomis_towcar@speedracer.com]
>Sent: Thursday, December 06, 2001 5:09 AM
>To: sdecker@bellsouth.net; signal@shreve.net
>Cc: ccielab@groupstudy.com
>Subject: RE: LocalDirector problem
>
>Indeed. If you consider the LD to be like a bridge, then the
>virtual-server IP address needs to be in net-10. Can you allocate a
>net-12 for a global address and then NAT it to the virtual-server's
>net-10?
>
>Regards,
>
>Mas Kato
>https://ecardfile.com/id/mkato
>
>>Date: Wed, 5 Dec 2001 21:16:42 -0600 (CST)
>> Brian <signal@shreve.net> Scott Decker <sdecker@bellsouth.net>cc:
><ccielab@groupstudy.com>
>> RE: LocalDirector problemReply-To: Brian <signal@shreve.net>
>>
>>On Wed, 5 Dec 2001, Scott Decker wrote:
>>
>>> Brian:
>>>
>>> The LD is a 'bridge only' device from the perspective of the LAN
>segment
>>> it is on. It listens for layer three, but does not route. It reads
>the
>>> inbound layer 3 header to see if it's directed at the virtual server.
>>> If so, it performs it LB algorithm and forwards to the appropriate
>real
>>> server, which must be on the same subnet. In your example, the
>servers
>>> are addressed on a different physical subnet. Since the LD does not
>>> know how to route, you are going to have errors whenever you attempt
>to
>>> cross a subnet boundary. This seems to be the problem you are
>>
>>I assigned the LD an alias address, so that I could have it on a
>different
>>subnet. Also, I *did* try it with just the LD on 10.0.1.0/24, that
>didn't
>>fly. I may try this again though. I was under the impression that
>adding
>>the "alias ip" command would allow you to use the different subnets.
>>
>>
>>> experiencing as far as I can tell. In order to reach another subnet
>>> (which you are trying to do), you will have to put an L3 device
>between
>>> the LD and the real servers.
>>>
>>> >From CCO: " LocalDirector serves as a transparent learning bridge
>to
>>> forward data packets between its interfaces. Because of its bridge
>>> capability, LocalDirector must not be installed on the network
>parallel
>>> to another bridge. Only use LocalDirector to connect to servers
>allowing
>>> a single way in or out to the network through LocalDirector, as shown
>in
>>> Figure 2-1."
>>>
>>>
>>> Go here for more info:
>>>
>http://www.cisco.com/univercd/cc/td/doc/product/iaabu/localdir/ldv42/421
>>> guide/42ch02.htm
>>>
>>> It also includes the diagram I'm trying to describe for two different
>>> subnets (Figure 2-4 I think).
>>>
>>> HTH,
>>>
>>> Scott
>>>
>>>
>>>
>>> -----Original Message-----
>>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
>Of
>>> Brian
>>> Sent: Wednesday, December 05, 2001 6:32 PM
>>> To: ccielab@groupstudy.com
>>> Subject: LocalDirector problem
>>>
>>> I am racking my head over a problem I am having with a basic
>>> localdirector
>>> setup. I admit I don't have much experience with the LocalDirector,
>>> although it looks pretty simple to setup for basical load balancing.
>>>
>>> Below is a diagram, some show command output and a config. If anyone
>>> has
>>> some experience in these boxes and can just glance it and see if I am
>>> doing something wrong, I would appreciate it.
>>>
>>>
>>>
>>> Internet
>>> |
>>> |
>>> |
>>> | s0/0
>>> Border Router (3640)
>>> | e0/0 12.45.140.1/27
>>> | 10.0.1.1/24 (secondary)
>>> |
>>> |
>>> | ethernet 0
>>> LocalDirector 416 (12.45.140.21)
>>> | ethernet 2
>>> |
>>> |
>>> Hub
>>> |
>>> |
>>> -------------------------
>>> | | |
>>> | | |
>>> realserver1 realserver2 realserver3
>>> 10.0.1.241 10.0.1.242 10.0.1.243
>>>
>>>
>>> Notes:
>>> 1. The real servers default route to 10.1.1.1
>>> 2. I have verified a webserver is responding on port 80 of each
>>> realserver. It
>>> is reachable using the realserver ip address from the side of the hub
>>> the realservers
>>> are on.
>>> 3. The LDIR 416 cannot ping any real servers. The real servers can
>ping
>>> each other.
>>> The LDIR can ping the 3640 on either of its IP addresses.
>>> 4. The LDIR 416 is addressed on both the 12.45.140.0/27 networks and
>the
>>> 10.0.1.0/24
>>> networks. Its primary IP address is 12.45.140.21/24 and I created an
>>> alias for the
>>> 10.0.1.250 address it has. This way I can reach it from the
>Internet.
>>> If I flip flop
>>> its real ip and alias, I cannot reach it.
>>> 5. The virtual server is not pingable from the Internet or realserver
>>> side of the hub.
>>>
>>> ldAlpha# show real
>>> Real Machines:
>>>
>>> No Answer TCP
>Reset
>>> DataIn
>>> Machine Connect State Thresh Reassigns
>Reassigns
>>> Conns
>>> server3:0:0:tcp 0 IS 8 0 0
>>> 0
>>> server2:0:0:tcp 0 IS 8 0 0
>>> 0
>>> server1:0:0:tcp 0 IS 8 0 0
>>> 0
>>>
>>> ldAlpha# show virtual
>>> Machines:
>>>
>>> Machine Mode State Connect
>>> Sticky Predictor Slowstart
>>> dsdata:0:0:tcp directed local IS 0
>0
>>> roundrobin* none
>>>
>>>
>>> ldAlpha# show bind
>>> Virtual Machine(s) Real Machines/Urls
>>> dsdata:0:0:tcp(IS)
>>> server3:0:0:tcp(IS)
>>> server2:0:0:tcp(IS)
>>> server1:0:0:tcp(IS)
>>>
>>>
>>>
>>> : Saved
>>> : LocalDirector 416 Version 4.2.3
>>> : Uptime is 0 weeks, 2 days, 3 hours, 37 minutes, 45 seconds
>>> no syslog output
>>> no syslog console
>>> enable password 000000000000000000000000000000 encrypted
>>> hostname ldAlpha
>>> no shutdown ethernet 0
>>> no shutdown ethernet 1
>>> no shutdown ethernet 2
>>> interface ethernet 0 100basetx
>>> interface ethernet 1 100basetx
>>> interface ethernet 2 100basetx
>>> mtu 0 1500
>>> mtu 1 1500
>>> mtu 2 1500
>>> no multiring all
>>> no secure 0
>>> no secure 1
>>> no secure 2
>>> ping-allow 0
>>> ping-allow 1
>>> ping-allow 2
>>> ip address 12.45.140.21 255.255.255.224
>>> alias ip address 10.0.1.250 255.255.255.0
>>> arp timeout 30
>>> no rip passive
>>> rip version 1
>>> failover ip address 0.0.0.0
>>> no failover
>>> failover hellotime 30
>>> password 5ebe2294ecd0e0f08eab7690d2a6ee69 encrypted
>>> telnet 192.168.1.100 255.255.255.0
>>> telnet 10.0.1.253 255.255.255.0
>>> telnet 10.0.1.54 255.255.255.0
>>> telnet 10.0.1.1 255.255.255.0
>>> telnet 12.45.140.1 255.255.255.224
>>> virtual 12.45.140.20:0:0:tcp is
>>> predictor 12.45.140.20:0:0:tcp roundrobin
>>> real 10.0.1.243:0:0:tcp is
>>> real 10.0.1.242:0:0:tcp is
>>> real 10.0.1.241:0:0:tcp is
>>> replicate interface 1
>>> name 10.0.1.241 server1
>>> name 10.0.1.242 server2
>>> name 10.0.1.243 server3
>>> name 12.45.140.20 dsdata
>>> bind 12.45.140.20:0:0:tcp 10.0.1.243:0:0:tcp
>>> bind 12.45.140.20:0:0:tcp 10.0.1.242:0:0:tcp
>>> bind 12.45.140.20:0:0:tcp 10.0.1.241:0:0:tcp
>>>
>>> -----------------------------------------------
>>> Brian Feeny, CCIE #8036 e: signal@shreve.net
>>> Network Engineer p: 318.222.2638x109
>>> ShreveNet Inc. f: 318.221.6612
>>-----------------------------------------------
>> I'm buying / selling used CISCO gear!!
>> email me for a quote
>>
>>Brian Feeny, CCIE #8036 Netjam, LLC
>>signal@netjam.net http://www.netjam.net
>>VISA/MC/AMEX/COD phone: 318-212-0245
>>30 day warranty fax: 318-212-0246
>------------------------------------------------------------
>Speed Racer's Official Virtual Pit Stop.
>http://www.speedracerdsl.com/speedracer/
------------------------------------------------------------
Speed Racer's Official Virtual Pit Stop.
http://www.speedracerdsl.com/speedracer/
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:32:39 GMT-3