I want to thank everyone for the quick responses.
The fastage and slowage feature fixed my problem.
Thanks.
At 01:15 13/02/2002, you wrote:
>Possible, but not likely. BTW, please see <http://www.securityfocus.com/archive/1/254995>http://www.securityfocus.com/archive/1/254995.
>
>Assuming a correct configuration and topology, the probable cause is the session is getting removed from the session table before the server is finished. By default the switch will remove a session table entry within 2-4 seconds upon receipt of a FIN from the client or server. A quick test for this would be to set the "/cfg/slb/adv/fastage 1". This will tell the switch to fastage the session from the table in 4-8 seconds, giving enough time for all the packets in the TCP session to pass through the switch before the session is removed. If you continue to see RIP leakage, but to a lesser extent, increase fastage to 2 (8-16 seconds). That should take care of most instances of RIP leakage.
>
>Increasing fastage can increase the number of concurrent sessions on the switch. Monitor the session count before and after adjusting fastage.
>
>With regard to the bugtraq posting. As a workaround, RIP leakage can be blocked at an upstream FW as Shahar is doing, or blocked on the Alteon's server ports by applying deny filters. VMA should be enabled (/cfg/slb/adv/ma en) and the filter should have a SIP=RIP and SPORT=RPORT with action deny. Server processing occurs before filter processing when VMA is enabled, so don't worry, you won't be denying legitimate traffic from your server farm.
>
>If you require further assistance, please open a case with Nortel Support at 1-800-4NORTEL, Express Routing Code 343.
>
>Hope this helps... Peter
>
>-----Original Message-----
>From: pewi [<mailto:pewisch1IZZATgmx.ch>mailto:pewisch1IZZATgmx.ch]
>Sent: Tuesday, February 12, 2002 4:05 PM
>To: lb-lIZZATvegan.net
>Subject: AW: [load balancing] Alteon returns server IP to customer
>
>Hi,
>
>read this info on securityfocus ( <http://www.securityfocus.com/bid/3964>http://www.securityfocus.com/bid/3964 ) it
>sounds like your problem.
>
>pe
>
>-----Ursprüngliche Nachricht-----
>Von: owner-lb-lIZZATvegan.net [<mailto:owner-lb-lIZZATvegan.net>mailto:owner-lb-lIZZATvegan.net]Im Auftrag von
>Daniel Peterson
>Gesendet: Dienstag, 12. Februar 2002 18:30
>An: lb-lIZZATvegan.net
>Betreff: Re: [load balancing] Alteon returns server IP to customer
>
>Greetings,
>
>Make sure layer3 load balancing is disabled. If I
>remember right there are some /cfg/slb/fastage and
>/cfg/slb/slowage settings that can be adjusted in case
>this situation is occurring.
>
>I think Peter Degrassi is the best person to refer
>this to. He was always the most knowledgable person
>I've dealt with at Alteon. I've seen him reply to
>some quesitons on this list.
>
>Good luck,
>
>Dan
>
>--- Gonzalo_Julián_Bécares_Fernández <gonzaloIZZATya.com>
>wrote:
>>
>> Sorry for my first answered.... I have read too
>> fast your mail......
>>
>> We have 6 alteon with 8.3 and 9.0 webos, and we
>> haven´t detected that
>> problem.
>>
>>
>> Regards.
>>
>>
>>
>>
>>
>> ----- Original Message -----
>> From: "Gonzalo Julián Bécares Fernández"
>> <gonzaloIZZATya.com>
>> To: <lb-lIZZATvegan.net>
>> Sent: Tuesday, February 12, 2002 12:47 PM
>> Subject: Re: [load balancing] Alteon returns server
>> IP to customer
>>
>>
>> >
>> > Hi,
>> >
>> > you must configure the alteon port (or trunk
>> ports) where vip go out
>> as
>> > client, and the alteon port where the servers are
>> connected as server
>> (i.e.
>> > /cfg/slb/port 1/server or /cfg/slb/port 2/client).
>> >
>> > Regards.
>> >
>> > Gonzalo Bécares.
>> > Ya.com Internet Factory
>> >
>> >
>> >
>> > ----- Original Message -----
>> > From: "Shahar Hershkovich" <shaharIZZATxor.co.il>
>> > To: <lb-lIZZATvegan.net>
>> > Sent: Tuesday, February 12, 2002 11:38 AM
>> > Subject: [load balancing] Alteon returns server IP
>> to customer
>> >
>> >
>> > > Hi all.
>> > >
>> > > I have a strange issue with an AD3 Alteon.
>> > > Once in a while it starts sending the response
>> from the web servers
>> > without replacing the source IP address to the VIP
>> address. The firewall
>> > then drops the packed seeing a response for a
>> connection that doesn't
>> > exists.
>> > > I thought that maybe it's a matter of the
>> Alteon's client to server
>> table
>> > timed out but this is not the case (the response
>> is too fast, a few
>> seconds
>> > the most).
>> > > DAM is enabled but as I see it, it shouldn't be
>> an issue? or is it?
>> > >
>> > > I'm running the Alteon with OS version 8.323.
>> > > Any one encountered this kind of problem?
>> > >
>> > > Thanks.
>> > >
>> > > Shahar Hershkovich
>> > > Xor Technologies
>> > > www.xor.co.il
>> > > +972-55-636833
>> > >
>> > >
>> > > ____________________
>> > > The Load Balancing Mailing List
>> > > Unsubscribe:
>> <mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l>mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
>> > > Archive: <http://vegan.net/lb/archive>http://vegan.net/lb/archive
>> > > LBDigest: <http://lbdigest.com>http://lbdigest.com
>> > > MRTG with SLB: <http://vegan.net/MRTG>http://vegan.net/MRTG
>> > > Hosted by: <http://www.tokkisystems.com>http://www.tokkisystems.com
>> > >
>> > >
>> >
>> > ____________________
>> > The Load Balancing Mailing List
>> > Unsubscribe:
>> <mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l>mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
>> > Archive: <http://vegan.net/lb/archive>http://vegan.net/lb/archive
>> > LBDigest: <http://lbdigest.com>http://lbdigest.com
>> > MRTG with SLB: <http://vegan.net/MRTG>http://vegan.net/MRTG
>> > Hosted by: <http://www.tokkisystems.com>http://www.tokkisystems.com
>> >
>> >
>>
>> ____________________
>> The Load Balancing Mailing List
>> Unsubscribe:
>> <mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l>mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
>> Archive: <http://vegan.net/lb/archive>http://vegan.net/lb/archive
>> LBDigest: <http://lbdigest.com>http://lbdigest.com
>> MRTG with SLB: <http://vegan.net/MRTG>http://vegan.net/MRTG
>> Hosted by: <http://www.tokkisystems.com>http://www.tokkisystems.com
>>
>
>__________________________________________________
>Do You Yahoo!?
>Send FREE Valentine eCards with Yahoo! Greetings!
><http://greetings.yahoo.com>http://greetings.yahoo.com
>____________________
>The Load Balancing Mailing List
>Unsubscribe: <mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l>mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
>Archive: <http://vegan.net/lb/archive>http://vegan.net/lb/archive
>LBDigest: <http://lbdigest.com>http://lbdigest.com
>MRTG with SLB: <http://vegan.net/MRTG>http://vegan.net/MRTG
>Hosted by: <http://www.tokkisystems.com>http://www.tokkisystems.com
>
>____________________
>The Load Balancing Mailing List
>Unsubscribe: <mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l>mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
>Archive: <http://vegan.net/lb/archive>http://vegan.net/lb/archive
>LBDigest: <http://lbdigest.com>http://lbdigest.com
>MRTG with SLB: <http://vegan.net/MRTG>http://vegan.net/MRTG
>Hosted by: <http://www.tokkisystems.com>http://www.tokkisystems.com
Shahar Hershkovich
Xor Technologies
www.xor.co.il
+972-55-636833
____________________
The Load Balancing Mailing List
Unsubscribe: mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
Archive: http://vegan.net/lb/archive
LBDigest: http://lbdigest.com
MRTG with SLB: http://vegan.net/MRTG
Hosted by: http://www.tokkisystems.com
This archive was generated by hypermail 2b30 : Wed Feb 13 2002 - 18:27:22 EST