RE: [load balancing] Problem with SLB and DAM enable.

Alvaro,

When enabling DAM on the alteon switches the switch handles sessions a
little bit different:
1. First the switch looks in the session table. If an entry is found
the session is from an earlier load balanced session and the switch replaces
the private addresses with the public ones (etc.etc) and returns the packet
towards the client.
2. If the session is not found in the session table the switch assumes
the session to be from an direct connection to the server. No translating is
done and the session is forwarded to the client.

So with DAM enabled the session table entry is critical. You can influence
the session table with the slowage/fastage timers.
I have seen these problems in real life as well. The only thing you can do
about it is look into the timers of the server and switch and adjust to meet
each other. Often the timer on the switch is lower then the switch session
table timer. The symptom you can see on the servers is that a lott of
sessions will be in time_wait2 or some other state that indentifies the
closing of a session on the server.

To solve this completely there are two solutions:
1. Disable DAM if you do not need it.
2. Define a rule on the Cisco that block private addresses going out.

Greetings,

Marcel Derksen
Ion-ip b.v.

-----Original Message-----
From: Alvaro Valdés [mailto:avaldes@antel.net.uy]
Sent: donderdag 13 januari 2005 14:09
To: lb-l@vegan.net
Subject: [load balancing] Problem with SLB and DAM enable.

I have an Alteon AD3 with WebOS 10.0.30.7, vip with public IP and real
servers with private IP. If I enable DAM I see IP packet in the CISCO coming
from the Alteon with private source IP, these packets look like a response
of a previous SLB packet. I guess that just looking the src port, e.g:
192.168.2.1:25 to 200.40.78.4:32540 and port 25 is one of the balanced
service. If I disable DAM, everything is OK.

I understand that DAM enable access to real servers using SLB and directly,
but in this case is imposible to access directly so I really don`t know what
is happening? Can anyone help me to find the way to enable DAM and SLB could
work OK?

        Clients
                |
                |
        -------------
        |Cisco 7200 |
        |with ACL |
        -------------
                |
                | Public Word
                | client ena
  -----------------
  | |
  | Alteon AD3 |
  | |
  -----------------
                | server ena
                |
                |
        Private Real server (192.168.2.0/23)

regards,

                Alvaro

--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 265.6.11 - Release Date: 12/01/2005
____________________
The Load Balancing Mailing List
Unsubscribe:    mailto:majordomo@vegan.net?body=unsubscribe%20lb-l
Archive:        http://vegan.net/lb/archive
LBDigest:       http://lbdigest.com
MRTG with SLB:  http://vegan.net/MRTG
Hosted by:	http://www.tokkisystems.com
____________________
The Load Balancing Mailing List
Unsubscribe:    mailto:majordomo@vegan.net?body=unsubscribe%20lb-l
Archive:        http://vegan.net/lb/archive
LBDigest:       http://lbdigest.com
MRTG with SLB:  http://vegan.net/MRTG
Hosted by:	http://www.tokkisystems.com