RE: [load balancing] SLB + VRRP with two Active-Active-AD4

From: Lotter, Rick (Rick.LotterIZZATqg.com)
Date: Wed May 12 2004 - 14:02:31 EDT


Just a quick point:
 
>If you want to do active-standby then all the vrrps should be on the
active altoen and the server should point to that alteon for their
>default gateway. The returning traffic must pass the active alteon
before going into the outisde world.
 
In that configuration, you are effectively running active-standby. If
all VSRs are master on one Alteon, you have the exact same config. The
first time you make one of the VSRs master on the other Alteon, you will
have return-trip problems. So in a non-catastrophic failure case you
will have weird connectivity problems if one VSR switches priority due
to VRRP tracking.
 
-----Original Message-----
From: owner-lb-lIZZATvegan.net [mailto:owner-lb-lIZZATvegan.net]
Sent: Wednesday, May 12, 2004 3:04 AM
To: lb-lIZZATvegan.net
Subject: RE: [load balancing] SLB + VRRP with two Active-Active-AD4
Importance: High

Alexander,
 
Just to give some comment:
 
If you want to use active-active you have to be aware of the following.
Active-active means that both the alteon switches will handle the client
and server processing regardless if they have session information or
not. The most important thing is that direct access cannot be enabled
because this will disrupt the server processing. Direct access enabled
will look into the session table to see if there is any session
information and if not present will not do the rip-to-vip translation.
Since this can be the case in active-active direct access cannot be
enabled.
 
If you want to do active-standby then all the vrrps should be on the
active altoen and the server should point to that alteon for their
default gateway. The returning traffic must pass the active alteon
before going into the outisde world.
 
This should work. We have dozens of implementation working like that.
 
Greetings,
 
Marcel Derksen
ion-ip b.v.

-----Original Message-----
From: Alexander Puff [mailto:mailli1IZZATonline-skating.de]
Sent: woensdag 12 mei 2004 9:19
To: lb-lIZZATvegan.net
Subject: AW: [load balancing] SLB + VRRP with two Active-Active-AD4

Hi,
 
Thanks for your advice. I enabled the tracking - but the problem
persists.
 
I don't understand exactly, what do you mean by this
 "VRRP share enable" will enable
     client process (masquerade client->server packet) and
     server process (masquerade server->client response packet)
     on VRRP back-up AD4.

Can you explain this a little further ?

Thanks,

Alex.

  _____

Von: owner-lb-lIZZATvegan.net [mailto:owner-lb-lIZZATvegan.net] Im Auftrag von
Man-Su Kim
Gesendet: Mittwoch, 12. Mai 2004 00:35
An: lb-lIZZATvegan.net
Betreff: RE: [load balancing] SLB + VRRP with two Active-Active-AD4

Hello all,

Did you setup VRRP tracking for "outside-in-traffic" VIR and
"inside-out-traffic" VIR? For your case track vr is best suggestion.

And depends on your description, did you have same default gateway on
each AD4?

"VRRP share enable" will enable
   client process (masquerade client->server packet) and
   server process (masquerade server->client response packet)
   on VRRP back-up AD4.

Thanks,
-mansu
> -----Original Message-----
> From: Lotter, Rick [mailto:Rick.LotterIZZATqg.com]
> Sent: Wednesday, May 12, 2004 3:52 AM
> To: lb-lIZZATvegan.net
> Subject: RE: [load balancing] SLB + VRRP with two Active-Active-AD4
>
> Hello:
>
> We are currently running two AD4s in a hot-standby config and while we

> were researching going to an active-standby configuration what we
found
> is that you need to configure Proxy IPs on both Alteons for the return

> traffic. The reason is that if VIP #2 is configured so that the
Alteon
> #2 is master, then all return traffic must go back to Alteon #2 or the

> connection is broken. Since the default gateway for your real servers

> is a single VRRP address, all response traffic will go to one Alteon
or
> the other (unless you define a different VRRP VIR for every VIP!
Ack!).
> By defining PIPs then the Alteon that receives the traffic will
redirect
> it to the other Alteon if the session was not received by the
"correct"
> Alteon.
>
> Luck,
>
>
> Rick Lotter
> I/S - Web Systems Support
>
> Quad/Graphics
>
> Sussex, Wisconsin
> www.QG.com
>
> -----Original Message-----
> From: owner-lb-lIZZATvegan.net [mailto:owner-lb-lIZZATvegan.net]
> Sent: Tuesday, May 11, 2004 12:14 PM
> To: lb-lIZZATvegan.net
> Subject: [load balancing] SLB + VRRP with two Active-Active-AD4
>
>
> Hi,
>
> I have a problem with the following setup - perhaps anybody has a hint

> for a
> solution:
>
> We have a server network with different real servers and services,
> balanced with two
> AceDirectors4 (configured in active-active-mode) with WebOS 10 .
>
> Those two devices provide VIPs for balanced services from
> "outside-in-traffic" and VRRPs for failover-gateway addresses for the
> real server subnets for "inside-out-traffic".
> The VRRPs are configured with a defined master (defined by prio), the
> VIPs are
> balanced using hash metric to split incoming traffic almost equally
> among the real servers.
>
> Now the problem: If an inbound connection to a VIP is handled by the
> master of the
> VRRP-bundle, all works fine. The master builds a connection, redirects

> the packet to the real server, takes the answer, masquerades it and
> sends it to the client.
>
> But if the inbound connection is handled by the backup VRRP-AD
(decision
> caused by hash metric), _this_ AD establishes the session, but the
> answer-packet is send via the master VRRP-AD, who has no session and
> does not do any masquerading at all. Thus, the client rejects the
answer
> (ACK-RST) and I get no connection.
>
> I tried the VRRP-option "share enable/disable" - no solution. I tried
to
> configure a VRRP-address in parallel to the VIP-address with the
master
> on the same side as the VRRP-master - no solution.
>
> Does anybody have an idea, how to solve the problem or how to change
the
> setup, so that
> I have a working configuration ?
>
> Thanx in advance,
> Alex.
>
> ____________________
> The Load Balancing Mailing List
> Unsubscribe: mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
> Archive: http://vegan.net/lb/archive
> LBDigest: http://lbdigest.com
> MRTG with SLB: http://vegan.net/MRTG
> Hosted by: http://www.tokkisystems.com
>
>
> ____________________
> The Load Balancing Mailing List
> Unsubscribe: mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
> Archive: http://vegan.net/lb/archive
> LBDigest: http://lbdigest.com
> MRTG with SLB: http://vegan.net/MRTG
> Hosted by: http://www.tokkisystems.com

____________________
The Load Balancing Mailing List
Unsubscribe: mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
Archive: http://vegan.net/lb/archive
LBDigest: http://lbdigest.com
MRTG with SLB: http://vegan.net/MRTG
Hosted by: http://www.tokkisystems.com



This archive was generated by hypermail 2.1.4 : Wed Jun 16 2004 - 17:30:36 EDT