RE: [load balancing] struggling alteon 180e dsr config

We will arp for the real server's mac address but we can send health-checks
to the VIP address if so configured. /cfg/slb/gr x/viphlth - enabled by
default.

Henry

-----Original Message-----
From: owner-lb-l@vegan.net [mailto:owner-lb-l@vegan.net] On Behalf Of
Richard Golding
Sent: Friday, April 08, 2005 3:50 PM
To: lb-l@vegan.net
Subject: Re: [load balancing] struggling alteon 180e dsr config

Todd,

The Alteon should still only have to Arp for the real server addresses (for
health checking purposes)

The difference to normal SLB is that only the dest Mac is modified after the
SLB decision (as opposed to DestIP/Mac). Yovr chosen real server will then
receive packets with a dest IP of VIP which it accepts due to the fact that
this exists on loopback interface.

Hope that helps?

Regards,

Richard

>>> todd@renesys.com 04/08/05 18:54 PM >>>
folx,

i have a "working" one-armed NAT-in config using filters, but i was never
able to use filters to allow the servers to route out through the alteon.
so i've been rearchitecting a bit and considering seriously the DSR route
for a number of reasons.

but i can't get the DSR config to work at all! i have linux boxes with the
vip bound to lo, i configured them to not arp for that address using the 2.6
kernel /proc/sys/net/ipv4/conf/arp_ignore=1 setting.
but for some reason, i can't get the alteon to arp up for the vip.

i'm sure it's something simple, but i can't seem to get it. here's the
config:

/c/ip/if 1
        ena
        addr 192.168.1.150
/c/ip/gw 1
        ena
        addr 192.168.1.1
/c/slb
        on
/c/slb/adv
        submac ena
/c/slb/real 1
        ena
        rip 192.168.1.5
        submac ena
/c/slb/real 2
        ena
        rip 192.168.1.6
        submac ena
/c/slb/group 1
        add 1
        add 2
/c/slb/virt 1
        ena
        vip 192.168.1.160
/c/slb/virt 1/service http
        group 1
        nonat ena
/

everything is in one vlan hanging off of a dumb switch for right now and the
client i'm testing from is on the same lan. i can ping 192.168.1.160, 1.5
and 1.6. i have verified that each of 1.5 and 1.6 answers queries for 1.160
(and i see the health checks coming in and working). but i never arp for
1.160

any thoughts? am i missing something obvious?

thanks again,

todd

--
_____________________________________________________________________
todd underwood
director of operations & security
renesys - interdomain intelligence
todd@renesys.com   www.renesys.com
____________________
The Load Balancing Mailing List
Unsubscribe:    mailto:majordomo@vegan.net?body=unsubscribe%20lb-l
Archive:        http://vegan.net/lb/archive
LBDigest:       http://lbdigest.com
MRTG with SLB:  http://vegan.net/MRTG
Hosted by: http://www.tokkisystems.com
____________________
The Load Balancing Mailing List
Unsubscribe:    mailto:majordomo@vegan.net?body=unsubscribe%20lb-l
Archive:        http://vegan.net/lb/archive
LBDigest:       http://lbdigest.com
MRTG with SLB:  http://vegan.net/MRTG
Hosted by:	http://www.tokkisystems.com
____________________
The Load Balancing Mailing List
Unsubscribe:    mailto:majordomo@vegan.net?body=unsubscribe%20lb-l
Archive:        http://vegan.net/lb/archive
LBDigest:       http://lbdigest.com
MRTG with SLB:  http://vegan.net/MRTG
Hosted by:	http://www.tokkisystems.com