RE: [load balancing] struggling alteon 180e dsr config

From: Peter Degrassi <degrassiIZZATlayer227.com>
Date: Fri Apr 08 2005 - 16:44:10 EDT

You may also want to ensure that your Linux box is indeed NOT responding
to ARP requests for the VIP. I tihnk you need a patched linux kernel to
get it working properly. That would break layer 2 if it is.

Peter

-----Original Message-----
From: owner-lb-l@vegan.net [mailto:owner-lb-l@vegan.net] On Behalf Of
Richard Golding
Sent: Friday, April 08, 2005 3:50 PM
To: lb-l@vegan.net
Subject: Re: [load balancing] struggling alteon 180e dsr config

Todd,

The Alteon should still only have to Arp for the real server addresses
(for health checking purposes)

The difference to normal SLB is that only the dest Mac is modified after
the SLB decision (as opposed to DestIP/Mac). Yovr chosen real server
will then receive packets with a dest IP of VIP which it accepts due to
the fact that this exists on loopback interface.

Hope that helps?

Regards,

Richard

>>> todd@renesys.com 04/08/05 18:54 PM >>>
folx,

i have a "working" one-armed NAT-in config using filters, but i was
never able to use filters to allow the servers to route out through the
alteon. so i've been rearchitecting a bit and considering seriously the
DSR route for a number of reasons.

but i can't get the DSR config to work at all! i have linux boxes with
the vip bound to lo, i configured them to not arp for that address using
the 2.6 kernel /proc/sys/net/ipv4/conf/arp_ignore=1 setting.
but for some reason, i can't get the alteon to arp up for the vip.

i'm sure it's something simple, but i can't seem to get it. here's the
config:

/c/ip/if 1
        ena
        addr 192.168.1.150
/c/ip/gw 1
        ena
        addr 192.168.1.1
/c/slb
        on
/c/slb/adv
        submac ena
/c/slb/real 1
        ena
        rip 192.168.1.5
        submac ena
/c/slb/real 2
        ena
        rip 192.168.1.6
        submac ena
/c/slb/group 1
        add 1
        add 2
/c/slb/virt 1
        ena
        vip 192.168.1.160
/c/slb/virt 1/service http
        group 1
        nonat ena
/

everything is in one vlan hanging off of a dumb switch for right now and
the client i'm testing from is on the same lan. i can ping
192.168.1.160, 1.5 and 1.6. i have verified that each of 1.5 and 1.6
answers queries for 1.160 (and i see the health checks coming in and
working). but i never arp for 1.160

any thoughts? am i missing something obvious?

thanks again,

todd

--
_____________________________________________________________________
todd underwood
director of operations & security
renesys - interdomain intelligence
todd@renesys.com   www.renesys.com
____________________
The Load Balancing Mailing List
Unsubscribe:    mailto:majordomo@vegan.net?body=unsubscribe%20lb-l
Archive:        http://vegan.net/lb/archive
LBDigest:       http://lbdigest.com
MRTG with SLB:  http://vegan.net/MRTG
Hosted by: http://www.tokkisystems.com
____________________
The Load Balancing Mailing List
Unsubscribe:    mailto:majordomo@vegan.net?body=unsubscribe%20lb-l
Archive:        http://vegan.net/lb/archive
LBDigest:       http://lbdigest.com
MRTG with SLB:  http://vegan.net/MRTG
Hosted by:	http://www.tokkisystems.com
____________________
The Load Balancing Mailing List
Unsubscribe:    mailto:majordomo@vegan.net?body=unsubscribe%20lb-l
Archive:        http://vegan.net/lb/archive
LBDigest:       http://lbdigest.com
MRTG with SLB:  http://vegan.net/MRTG
Hosted by:	http://www.tokkisystems.com
Received on Fri Apr 8 17:50:14 2005

This archive was generated by hypermail 2.1.8 : Fri Apr 08 2005 - 18:01:17 EDT