From: Peter Degrassi (degrassiIZZATnortelnetworks.com)
Date: Wed Sep 18 2002 - 23:04:53 EDT
Hi Jon,
Ken is correct. To re-state, when VMA is enabled, DAM or not, all
processing is done on the designated processor. This allows WebOS to
perform processing in the following order, Server, Filter, Client, depending
on ingress port settings.
With VMA disabled and DAM enabled Server processing takes place AFTER Filter
processing. Why? Because the session table lookup occurs AFTER filter
processing, AFTER the frame is forwarded to the egress port.
With both VMA and DAM disabled, there is no session table lookup. Server
processing happens regardless , if configured and SIP=RIP and SPORT=RPORT,
on the ingress port. Then Filter, then Client, if configured.
Prior to the introduction to VMA (with 8.0 in May 2000), FWLB+SLB+DAM were
not easy to do. The problem being the re-direction filter would fire before
the RIP to VIP (unNAT) opening up the possibility of assymetrical flow
through the FW sandwich. VMA solved all that, refer to my first paragraph.
Regards... Peter
-----Original Message-----
From: jon.hartmanIZZATverizon.com [mailto:jon.hartmanIZZATverizon.com]
Sent: Wednesday, September 18, 2002 5:01 PM
To: lb-lIZZATvegan.net
Subject: RE: [load balancing] Alteon mult. gatways
While the alteon will move the server-side processing to the client ASIC,
that doesn't mean that that physical port is required to be the egress point
for the un-NATing to occur. If that were true, then the server-side
processing would be configured on the client-side port. That being the case
(to the best of my knowledge it is) VMA shouldn't be required. The
server-side processing will still occur on the same physical
(ingress/server-side) port; DAM simply gives it the intellegence to check
the session table to find out if it should really change the source back to
the VIP. That all occurs before the filter process, so VMA shouldn't be
needed.
Having said that, I'd like to also mention that this is all based around my
understanding of the Alteon's logic. I'll gladly defer to those with a more
in depth knowledge of the product.
_____
Jon Hartman
Network Engineering
Verizon Internet Operations
Phone:
Cell: 214-513-6792
940-453-1111
"Kenneth Thurman" <kthurm1IZZATnortelnetworks.com>
Sent by: owner-lb-lIZZATvegan.net
09/16/2002 01:23 PM
Please respond to lb-l
To: "'lb-lIZZATvegan.net'" <lb-lIZZATvegan.net>
cc:
Subject: RE: [load balancing] Alteon mult. gatways
Jon,
With DAM enabled Server processing happens on Client port, with VMA
disabled Client processing will happen on the Physical ingress port, and
when the server replies the translation from RIP to VIP will not happen
until it egresses on the Client port. SO if you have a filter to redirect
server replies based on VIP you won't see the VIP as the source IP on the
server port, as server processing hasn't happened yet. BUT with VMA both
client and server will happen on the same port, which will probalby not be
the phyiscal port for either the server or the client connection. So you can
put in a filter that looks for VIP replies back to client and redirect them
to the correct gateway.
Does that answer the question?
Regards,
Ken
-----Original Message-----
From: jon.hartmanIZZATverizon.com [mailto:jon.hartmanIZZATverizon.com]
Sent: Monday, September 16, 2002 11:32 AM
To: lb-lIZZATvegan.net
Subject: RE: [load balancing] Alteon mult. gatways
Ken-
Could you please expand a bit on why VMA would be required if DAM is
enabled?
_____
Jon Hartman
Network Engineering
Verizon Internet Operations
Phone:
Cell: 214-513-6792
940-453-1111
"Kenneth Thurman" <kthurm1IZZATnortelnetworks.com>
Sent by: owner-lb-lIZZATvegan.net
09/12/2002 09:05 AM
Please respond to lb-l
To: "'lb-lIZZATvegan.net'" <lb-lIZZATvegan.net>
cc:
Subject: RE: [load balancing] Alteon mult. gatways
Jay,
What you can do is the following;
1) create 2 reals, 1 being the ISP1 router, other being ISP2 router.
2) put the reals in separate groups;
3) Create redirect filters, with the following Criteria;
SIP = 12.34.56.78 smask = 255.255.255.255 action redirect group = ISP1
Router group.
SIP = 23.45.67.89 smask = 255.255.255.255 action redirect group = ISP2
Router group.
4) Apply filters to server ports.
This should work, as server processing will happen before filter processing.
If DAM is enabled then VMA must be enabled for this to work.
Regards,
Ken T.
-----Original Message-----
From: Jay Kline [ <mailto:listIZZATslushpupie.com> mailto:listIZZATslushpupie.com]
Sent: Wednesday, September 11, 2002 8:13 PM
To: lb-lIZZATvegan.net
Subject: [load balancing] Alteon mult. gatways
I have an alteon 180e running webos 10, and need to get multiple gateways
set
up. Here is what we want:
port 8 -> direct connection to ISP1
port 7 -> direct connection to ISP2
We have a web server load balanced (private IP space) running on port 1, and
will have a virtual IP on both ISP1's network, and ISP2's network (ie, vip
12.34.56.78 and vip 23.45.67.89). We have not set this up yet, so I do not
know the behavior with multiple default gateways. I have port 1 on VLAN1,
port 7 on VLAN7 and port 8 on VLAN8. I currently have a default gateway set
up for ISP1, with the vip on that network, and all is fine. As of tommrow,
we
will get a our second connection in. If I add a second default gateway, does
the Alton know which to use (based off which interface/vlan/network it came
from)? Is there some way of specifying this? The doc's vaguely mention
multiple gateways, and apparently only 184's can do gateways based on VLANs.
Any advice?
Jay
-- Jay Kline <http://www.slushpupie.com/> http://www.slushpupie.com/ ____________________ The Load Balancing Mailing List Unsubscribe: <mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l> mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l Archive: <http://vegan.net/lb/archive> http://vegan.net/lb/archive LBDigest: <http://lbdigest.com/> http://lbdigest.com MRTG with SLB: <http://vegan.net/MRTG> http://vegan.net/MRTG Hosted by: <http://www.tokkisystems.com/> http://www.tokkisystems.com____________________ The Load Balancing Mailing List Unsubscribe: mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l Archive: http://vegan.net/lb/archive LBDigest: http://lbdigest.com MRTG with SLB: http://vegan.net/MRTG Hosted by: http://www.tokkisystems.com
This archive was generated by hypermail 2.1.4 : Wed Sep 18 2002 - 23:10:00 EDT