hi list,
we got issues concerning alteon fwlb with a firewallload-sandwich 2 x 2208
on dirty and 2 x alteon 2208 (running alteon OS 22.0.3) on clean side.
These alteons balance two netscreen 208 firewalls.
Sometimes we have "out-of-state problems" (inbound traffic across
one firewall and the outbound traffic go back across another
firewall) We have enabled "hash" in the metric in the groups in the
alteons(clean side/dirty side) but sometimes! a ACK paket was balanced to
the wrong firewall and the session accross the fw-sandwich timed out.
Do I have to enable rts on the vrrp link (trunk between the alteons)?
Which other problem could cause this? (There is no NAT between dirty and
clean side)
the fw port:
/c/slb/port 1
client ena
rts ena
the vrrp links to the second 2208:
/c/slb/port 9
client ena
server ena
rts ena
/c/slb/port 10
client ena
server ena
rts ena
real/slb config:
/c/slb/real 100
ena
rip 10.10.10.1
name "fw1"
/c/slb/real 101
ena
rip 10.10.10.2
name "fw2"
/c/slb/group 1
metric hash
add 100
add 101
name "FW"
/c/slb/filt 2000
ena
action redir
group 1
rport 0
vlan any
/c/slb/filt 2000/adv
proxy dis
fwlb ena
thx
doehni
____________________
The Load Balancing Mailing List
Unsubscribe: mailto:majordomo@vegan.net?body=unsubscribe%20lb-l
Archive: http://vegan.net/lb/archive
LBDigest: http://lbdigest.com
MRTG with SLB: http://vegan.net/MRTG
Hosted by: http://www.tokkisystems.com
Received on Thu Jan 12 21:17:23 2006
This archive was generated by hypermail 2.1.8 : Wed Jan 25 2006 - 05:09:46 EST