From: Brian (signal@xxxxxxxxxx)
Date: Sun Dec 09 2001 - 12:08:58 GMT-3
Just to update, the config below did end up working, I just needed to
reload the box! I had been messing with it for some time,
adding/deleting/changing, and a reload cured it
Brian
On Thu, 6 Dec 2001, Scott Decker wrote:
> Sorry, have not used an alias address on any of the LD installs I have
> done. I treat it strictly as a layer 2 devices that happens to be
> 'smart' about L3 and L4. If I must load balance off-subnet, I send it
> through a proper layer 3 device that can route.
>
> Interesting question, though. I'll see if I can dig up a config for you
> tomorrow.
>
> Scott
>
> -----Original Message-----
> From: Mas Kato [mailto:loomis_towcar@speedracer.com]
> Sent: Thursday, December 06, 2001 5:09 AM
> To: sdecker@bellsouth.net; signal@shreve.net
> Cc: ccielab@groupstudy.com
> Subject: RE: LocalDirector problem
>
> Indeed. If you consider the LD to be like a bridge, then the
> virtual-server IP address needs to be in net-10. Can you allocate a
> net-12 for a global address and then NAT it to the virtual-server's
> net-10?
>
> Regards,
>
> Mas Kato
> https://ecardfile.com/id/mkato
>
> >Date: Wed, 5 Dec 2001 21:16:42 -0600 (CST)
> > Brian <signal@shreve.net> Scott Decker <sdecker@bellsouth.net>cc:
> <ccielab@groupstudy.com>
> > RE: LocalDirector problemReply-To: Brian <signal@shreve.net>
> >
> >On Wed, 5 Dec 2001, Scott Decker wrote:
> >
> >> Brian:
> >>
> >> The LD is a 'bridge only' device from the perspective of the LAN
> segment
> >> it is on. It listens for layer three, but does not route. It reads
> the
> >> inbound layer 3 header to see if it's directed at the virtual server.
> >> If so, it performs it LB algorithm and forwards to the appropriate
> real
> >> server, which must be on the same subnet. In your example, the
> servers
> >> are addressed on a different physical subnet. Since the LD does not
> >> know how to route, you are going to have errors whenever you attempt
> to
> >> cross a subnet boundary. This seems to be the problem you are
> >
> >I assigned the LD an alias address, so that I could have it on a
> different
> >subnet. Also, I *did* try it with just the LD on 10.0.1.0/24, that
> didn't
> >fly. I may try this again though. I was under the impression that
> adding
> >the "alias ip" command would allow you to use the different subnets.
> >
> >
> >> experiencing as far as I can tell. In order to reach another subnet
> >> (which you are trying to do), you will have to put an L3 device
> between
> >> the LD and the real servers.
> >>
> >> >From CCO: " LocalDirector serves as a transparent learning bridge
> to
> >> forward data packets between its interfaces. Because of its bridge
> >> capability, LocalDirector must not be installed on the network
> parallel
> >> to another bridge. Only use LocalDirector to connect to servers
> allowing
> >> a single way in or out to the network through LocalDirector, as shown
> in
> >> Figure 2-1."
> >>
> >>
> >> Go here for more info:
> >>
> http://www.cisco.com/univercd/cc/td/doc/product/iaabu/localdir/ldv42/421
> >> guide/42ch02.htm
> >>
> >> It also includes the diagram I'm trying to describe for two different
> >> subnets (Figure 2-4 I think).
> >>
> >> HTH,
> >>
> >> Scott
> >>
> >>
> >>
> >> -----Original Message-----
> >> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> >> Brian
> >> Sent: Wednesday, December 05, 2001 6:32 PM
> >> To: ccielab@groupstudy.com
> >> Subject: LocalDirector problem
> >>
> >> I am racking my head over a problem I am having with a basic
> >> localdirector
> >> setup. I admit I don't have much experience with the LocalDirector,
> >> although it looks pretty simple to setup for basical load balancing.
> >>
> >> Below is a diagram, some show command output and a config. If anyone
> >> has
> >> some experience in these boxes and can just glance it and see if I am
> >> doing something wrong, I would appreciate it.
> >>
> >>
> >>
> >> Internet
> >> |
> >> |
> >> |
> >> | s0/0
> >> Border Router (3640)
> >> | e0/0 12.45.140.1/27
> >> | 10.0.1.1/24 (secondary)
> >> |
> >> |
> >> | ethernet 0
> >> LocalDirector 416 (12.45.140.21)
> >> | ethernet 2
> >> |
> >> |
> >> Hub
> >> |
> >> |
> >> -------------------------
> >> | | |
> >> | | |
> >> realserver1 realserver2 realserver3
> >> 10.0.1.241 10.0.1.242 10.0.1.243
> >>
> >>
> >> Notes:
> >> 1. The real servers default route to 10.1.1.1
> >> 2. I have verified a webserver is responding on port 80 of each
> >> realserver. It
> >> is reachable using the realserver ip address from the side of the hub
> >> the realservers
> >> are on.
> >> 3. The LDIR 416 cannot ping any real servers. The real servers can
> ping
> >> each other.
> >> The LDIR can ping the 3640 on either of its IP addresses.
> >> 4. The LDIR 416 is addressed on both the 12.45.140.0/27 networks and
> the
> >> 10.0.1.0/24
> >> networks. Its primary IP address is 12.45.140.21/24 and I created an
> >> alias for the
> >> 10.0.1.250 address it has. This way I can reach it from the
> Internet.
> >> If I flip flop
> >> its real ip and alias, I cannot reach it.
> >> 5. The virtual server is not pingable from the Internet or realserver
> >> side of the hub.
> >>
> >> ldAlpha# show real
> >> Real Machines:
> >>
> >> No Answer TCP
> Reset
> >> DataIn
> >> Machine Connect State Thresh Reassigns
> Reassigns
> >> Conns
> >> server3:0:0:tcp 0 IS 8 0 0
> >> 0
> >> server2:0:0:tcp 0 IS 8 0 0
> >> 0
> >> server1:0:0:tcp 0 IS 8 0 0
> >> 0
> >>
> >> ldAlpha# show virtual
> >> Machines:
> >>
> >> Machine Mode State Connect
> >> Sticky Predictor Slowstart
> >> dsdata:0:0:tcp directed local IS 0
> 0
> >> roundrobin* none
> >>
> >>
> >> ldAlpha# show bind
> >> Virtual Machine(s) Real Machines/Urls
> >> dsdata:0:0:tcp(IS)
> >> server3:0:0:tcp(IS)
> >> server2:0:0:tcp(IS)
> >> server1:0:0:tcp(IS)
> >>
> >>
> >>
> >> : Saved
> >> : LocalDirector 416 Version 4.2.3
> >> : Uptime is 0 weeks, 2 days, 3 hours, 37 minutes, 45 seconds
> >> no syslog output
> >> no syslog console
> >> enable password 000000000000000000000000000000 encrypted
> >> hostname ldAlpha
> >> no shutdown ethernet 0
> >> no shutdown ethernet 1
> >> no shutdown ethernet 2
> >> interface ethernet 0 100basetx
> >> interface ethernet 1 100basetx
> >> interface ethernet 2 100basetx
> >> mtu 0 1500
> >> mtu 1 1500
> >> mtu 2 1500
> >> no multiring all
> >> no secure 0
> >> no secure 1
> >> no secure 2
> >> ping-allow 0
> >> ping-allow 1
> >> ping-allow 2
> >> ip address 12.45.140.21 255.255.255.224
> >> alias ip address 10.0.1.250 255.255.255.0
> >> arp timeout 30
> >> no rip passive
> >> rip version 1
> >> failover ip address 0.0.0.0
> >> no failover
> >> failover hellotime 30
> >> password 5ebe2294ecd0e0f08eab7690d2a6ee69 encrypted
> >> telnet 192.168.1.100 255.255.255.0
> >> telnet 10.0.1.253 255.255.255.0
> >> telnet 10.0.1.54 255.255.255.0
> >> telnet 10.0.1.1 255.255.255.0
> >> telnet 12.45.140.1 255.255.255.224
> >> virtual 12.45.140.20:0:0:tcp is
> >> predictor 12.45.140.20:0:0:tcp roundrobin
> >> real 10.0.1.243:0:0:tcp is
> >> real 10.0.1.242:0:0:tcp is
> >> real 10.0.1.241:0:0:tcp is
> >> replicate interface 1
> >> name 10.0.1.241 server1
> >> name 10.0.1.242 server2
> >> name 10.0.1.243 server3
> >> name 12.45.140.20 dsdata
> >> bind 12.45.140.20:0:0:tcp 10.0.1.243:0:0:tcp
> >> bind 12.45.140.20:0:0:tcp 10.0.1.242:0:0:tcp
> >> bind 12.45.140.20:0:0:tcp 10.0.1.241:0:0:tcp
> >>
> >> -----------------------------------------------
> >> Brian Feeny, CCIE #8036 e: signal@shreve.net
> >> Network Engineer p: 318.222.2638x109
> >> ShreveNet Inc. f: 318.221.6612
> >-----------------------------------------------
> > I'm buying / selling used CISCO gear!!
> > email me for a quote
> >
> >Brian Feeny, CCIE #8036 Netjam, LLC
> >signal@netjam.net http://www.netjam.net
> >VISA/MC/AMEX/COD phone: 318-212-0245
> >30 day warranty fax: 318-212-0246
> ------------------------------------------------------------
> Speed Racer's Official Virtual Pit Stop.
> http://www.speedracerdsl.com/speedracer/
-----------------------------------------------
I'm buying / selling used CISCO gear!!
email me for a quote
Brian Feeny, CCIE #8036 Netjam, LLC
signal@netjam.net http://www.netjam.net
VISA/MC/AMEX/COD phone: 318-212-0245
30 day warranty fax: 318-212-0246
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:32:40 GMT-3