From: julian.herzelIZZATaccenture.com
Date: Mon Jan 05 2004 - 23:03:16 EST
Jan,
Other than the SLB's documented approach (such as proxying the client
IP) for dealing with this, you could try, if you're not happy with any
other option, a "multi-VIP, host exclusion" approach (for want of a
better term).
This would be useful if you don't want to apply the Proxy method (i.e.
if you need to maintain client IPs in frames as the original IPs so that
they are recorded correctly in application/network logs - a
troubleshooting comfort, and usually a necessity).
What I mean by "multi-VIP, host exclusion" is as follows:
For a connection coming from one host to another host on same subnet
(via a VIP), ensure the VIP contains a grouping of only the other hosts.
The host that initiates the connection should not be in the VIP (since
in the response it is trying to return to an interface on itself it
won't ever go through the loadbalancer for the required frame
translation).
Once you set up a VIP for a given group of exclusive hosts, on each host
under the VIP you need to add to the route table (of the server OS) a
static route for the interface of all other hosts to enforce the frame
return via the loadbalancer. This interface should be the one which the
client connection is made from and the route should be the host gateway
on your SLB.
There are annoyances with scalability and maintenance for this approach,
depending on your capacity outlook, since when you add a server:
(i) it needs to be added to multiple VIPs/groups on the SLB
(ii) you would also need to add a new VIP containing all the other
servers for the new host to use
(iii) you need to add a new host route on each server
(iv) each webmail service would need to have a configurable, static
reference to know which VIP it is supposed to talk to
Not exactly an elegant solution, but it may be something you can
entertain for your given implementation. However, I would recommend
testing this thoroughly.
Julian Herzel
-----Original Message-----
From: owner-lb-lIZZATvegan.net [mailto:owner-lb-lIZZATvegan.net] On Behalf Of
Jan Chrillesen
Sent: Tuesday, 6 January 2004 12:14 AM
To: lb-lIZZATvegan.net
Subject: [load balancing] Accessing VIP from the inside on Cisco CSM
Hi,
We're running a pair of Cisco Catalyst 6509 switches with the CSM
content blade. We loadbalance a setup of servers, each running several
services, like smtp, pop3 and webmail. We have configured a VIP for each
service and everything works fine. Now we need to access a VIP from the
inside (the webmail servers needs to talk to the SMTP VIP). Since the
request originates from the server VLAN, and not the client VLAN, the
request just times out. Is there any way to make this work in a bridged
configuration?
Creating seperate VLAN's for each services is not an option since
that'll
mean we can only run one service on each server.
Regards
Jan
____________________
The Load Balancing Mailing List
Unsubscribe: mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
Archive: http://vegan.net/lb/archive
LBDigest: http://lbdigest.com
MRTG with SLB: http://vegan.net/MRTG
Hosted by: http://www.tokkisystems.com
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited.
____________________
The Load Balancing Mailing List
Unsubscribe: mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
Archive: http://vegan.net/lb/archive
LBDigest: http://lbdigest.com
MRTG with SLB: http://vegan.net/MRTG
Hosted by: http://www.tokkisystems.com
This archive was generated by hypermail 2.1.4 : Mon Jan 05 2004 - 23:28:57 EST