Re: [load balancing] Alteon and Firewall load balancing...

From: Richard Golding (Richard.GoldingIZZATomnetica.com)
Date: Thu Jul 01 2004 - 13:42:03 EDT


Cihan,

Yes experienced the same. Found to be due to URL worm checking process
of Smart Defense. Try disabing the feature (just worm checking not Smart
Defense globally) to prove issue does not lie with Alteons.

Regards,

Richard

>>> CihanSIZZATgaranti.com.tr 07/01/04 15:28 PM >>>

Hi,

I am doing FLB with 2 alteons on top and 2 down...And I am using
Nokia+CKP NG as firewall. When I turn on SynDefender on firewall my drop
rate increases dramatically due to syn defense. Firewall assumes most of
the requests syn attack and rejects the connections..

The log entry on firewall is, "SmartDefense warning syn-->syn
ack-->timeout"

I have talked to checpoint they mentioned that this could be because of
the alteon behaviour when doing load balancing. Anybody has ever
encountered such a problem....And how can I prevent it?

Thanks

***********************************************************
Cihan SUBASI
Garanti Technology
Internet ve Yazilim Hizmetleri
Tel:(90)(212)4783426 GSM:(90)(533)(2750353)
Fax:(90)(212)6576150
http://www.garantitechnology.com <http://www.garantitechnology.com/>
mailto:cihansIZZATgaranti.com.tr
Success is a wonderful thing, but never underestimate the value of
failure. Failure teaches many more things than success ever can.
***********************************************************

This message and attachments are confidential and intended solely for
the individual(s) stated in this
message.If you received this message although you are not the addressee
you are responsible to keep the
message confidential .The sender has no responsibility for the accuracy
or correctness of the
information in the message and its attachments.Our company shall have no
liability for any changes
or late receiving,loss of integrity and confidentiality,viruses and any
damages caused in
anyway to your computer system.

Bu mesaj ve ekleri mesajda gonderildigi belirtilen kisi/kisilere ozeldir
ve gizlidir.Bu mesajin muhatabi
olmamaniza ragmen tarafiniza ulasmis olmasi halinde mesaj iceriginin
gizliligi ve bu gizlilik yukumlulugune
uyulmasi zorunlulugu tarafiniz icin de soz konusudur.Mesaj ve eklerinde
yer alan bilgilerin dogrulugu ve
guncelligi konusunda gonderenin ya da sirketimizin herhangi bir
sorumlulugu bulunmamaktadir.Sirketimiz
mesajin ve bilgilerinin size degisiklige ugrayarak veya gec
ulasmasindan, butunlugunun ve gizliliginin
korunamamasindan, virus icermesinden ve bilgisayar sisteminize
verebilecegi herhangi bir zarardan
sorumlu tutulamaz.

**********************************************************************
Omnetica are recognised as the experts for enterprise networks. By combining business insight with network know-how, we help customers select, deploy and manage robust networking solutions that create value, enhance return on investment and accelerate the achievement of business objectives.
For further information visit http://www.omnetica.com

This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom it is addressed. If you have received this e-mail in error you should not disseminate, distribute or copy it. Please notify the sender immediately and delete this e-mail from your system.

This footnote also confirms that this email message has been swept for the presence of computer viruses. However, it is the responsibility of the recipient to ensure that this email and any attachments are free from the presence of viruses. Omnetica accepts no responsibility for any loss or damage arising from the use of this email or its attachments.
**********************************************************************

____________________
The Load Balancing Mailing List
Unsubscribe: mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
Archive: http://vegan.net/lb/archive
LBDigest: http://lbdigest.com
MRTG with SLB: http://vegan.net/MRTG
Hosted by: http://www.tokkisystems.com



This archive was generated by hypermail 2.1.4 : Tue Jul 13 2004 - 03:42:48 EDT