Hi everyone!
I'am new to the list and very glad to have found it. Good
(technical) information & people to talk to about hw load
balancers is allmost impossible to find!
I hope you don't mind throughing my big problem in front of
you guys with my first post...
We have just bought a Cisco LocalDirectory 416 which is
probably gonna be returned shortly, because of serious
troubles I had with it:
- really broken manual
- unable to get the box working (100%) with multiple
subnets (even with help from the suplier)
- IP packages on one subnet that belong on another
If anyone has succesfully set this thing up with multiple
subnets, please please reply or mail me!
But that is not my main question, since we are probably
gonna return it, I was wondering what other (good) options
I have for products in the same price range (more or less),
which do at least the following:
- TCP (FTP, HTTP, VNC, SSL)
- Fully supports different subnets (per nic would be nice,
so it becomes more like a router then a (secure) bridge)
- SNMP interface would be nice
- Secure operations (only allowing traffic that should be
traversing the lb) -> firewalling
We don't have the money to buy a full blown firewall and a
load balancer on top, so it needs to be one product. The Cisco
LocalDirector can be set in secure mode and it allmost does
what we need, however not completely.
I want to be able to setup a private network on one site of
the load balancer within one of the private ranges (10.x or
192.168.x for example). Then I want the other side to be on
the Internet (public side). The device needs to be able to do
this 100% perfect. I could not get this to work with the
LocalDirector. When running sniffers on both side of the network,
I discovered the following things that went wrong with the LD:
- ARP request & response (especially broadcast ones) where
visible on both sides of the LocalDirector. When a server in
the private range made an ARP request, it was visible on the
public side too. This is not acceptable because our hosting
partner does not ALLOW such packets on his network.
- When a webbrowser (on the public network) accessed a server
in the private network (through a VIP - virtual IP address)
the server was asked, responded and (after much work) the
LocalDirector forwarded the response on the public network,
but with the WRONG MAC ADDRESS!!! So the client never saw
the response back (IP address was correct though)
I was unable to remove the second problem, so when on two different
subnets I could not get the LocalDirector to work properly. The
first problem was also unfixable because the LD is like a secure
bridge, it forwards some packets everywhere. This is unacceptable
in our design. I would like to be able to give each NIC it's own
IP address & subnet mask so that only traffic to and from that
range is transmitted there....
Any help, information, insigths etc. would be very very much
appreciated! I'am currently looking at F5's Big/Ip LB and
Foundry's ServerIron, but I'am unable to get these details from
them.
Thanks in advance for any help!
Regards,
Rob Lohman
r.lohmanIZZATlectric.nl
This archive was generated by hypermail 2b30 : Thu Apr 19 2001 - 09:36:20 EDT