Dual Nic Load Balancing Solution
Hi,
I have a very peculiar situation. I'm currently a college student with access to an almost unlimited network. But the problem is that the network limits each IP to 30 Mb/s. I have 2 nics at my disposal and have tried two options so far:
bonding
two independent nic, let network manager take care of it
I set-up bonding and got it working, but it seems limited to roughly the same speeds as a single nic, but I can see the network being slit between the two nics evenly. This is what lead me to conclude that since I have a single ip address it's limiting it by IP not mac addresses. Here I might occasionally spike above the limits but not consistently.
With the network manager solution, Im basically thrown at random and can occasionally get higher than limited speeds. Specially with torrenting clients.
Are there any other useful options that I could explore, my next stop was a load balancing routing table but I want to see what you guys know before I keep trying weirder solutions.
Thanks in advance
falconindy wrote:There's no problem here. Please don't try to circumvent the policies your network admins are defining.
Oh come on, we'd all do the same thing if we could double our available bandwidth!
I really can't provide much of a solution. I did this back with my dialup days, many many eons ago. I used 2 phone lines bonded to get my 56k speeds doubled. It was a gigantic pain in the rear to set up back then, as well. However, I'm lucky to remember what I had for breakfast, so remembering how I did something 15+ years ago is pretty much out of the question.
I'm sure linux can do this, but I'm guessing one of the BSDs would have information about how to do this written up somewhere. This is right up BSD's alley. They have all kinds of load-balancing code built into their network stack (Amazon actually had a lot of trouble keeping up with demand when they were getting big, so they wrote up their own networking stack, which has since been returned to the FreeBSD project, iirc). So it might be worth your time to check that out and possibly run a mini BSD setup on an old computer or something to route the bandwidth to an internal network (of course this would likely require three NICs in a single computer...so more complexity there too). Some of the problem you are running into may be due to the network just being congested, which could explain the differing speeds. Then there may be an issue with certain servers not being able to push out 60 MB/s worth of data to you, for whatever reason.
Either way, please keep us posted about what you do and how you do it, I'm anxious to find out the final solution here.
Best of luck to you.
Similar Messages
-
Acrhitecture of network load balancing solution
i'm working on a setup that will transition our existing data center setup to a network load balancing solution. i'm far from understanding what components to use and how to approach the problem so any help would be very welcome. here is what we currently have:
1. 3 web servers (serverA, serverB, serverC)
2. 1 sql server
3. 2 layer two unmanaged switches
4. 1 cisco firewall
each one of the web servers runs a dedicated web app. what i would like is to replace serverA with a NLB cluster of 3 servers and replace serverB with another NLB cluster of 3 servers. serverC is not getting that much usage and it can stay as is.
i have looked at possible solution with Windows Server 2008 NLB and it seems that the best way to do it would be using multicasting which requires upgrading out switches. at the same time if would much more prefer to use hardware load balancing than Windows Server. so i looked at Cisco ACE 4710 appliance. however it seems that some of the cisco switches will also do load balancing. now i'm completely confused whether to upgrade the switches and use them for load balancing or use the ACE appliance. i would appreciate any advices and suggestions. also, any recommendations on breaking up the network using VLANs - if it is necessary with either one of the solutions or if there is some benefit. i guess i'm looking for a "best practices" solution...
any links or documents would be very welcomed.
thanks.thanks for your response. i think i'm going with ace 4710. now, as far as vlans go why would i need internet, dmz and internal vlan in my datacenter? i understand that this may be a bit off topic but what is really bugging me is this: with the current setup all of the web servers have 2 nics - one with public IP and one with private IP. same goes with the sql server. on web servers nics with private IPs are used for communicating with the database server. they could very well communicate using nics with public IPs but the person that set this up (i recently inherited it) was convincing me that with the existing setup "public" nics are not burdened with communication between web servers and database server. is this "correct" way of doing it?
-
Folks:
I need to implement a load balancing solution pretty soon and I would like some ideas regarding topology, design and methodology.
This is what I have:
1.) Two 7600 Aggregation routers with 4500 L2 server farm switches hanging off of them in a looped topology.
2.) Load balancers (either an ACE module or an ACE appliance).
3.) 4 vlans with a cluster of DNS servers in one, a cluster of DHCP in another, and 2 application server clusters in the 3rd and 4th.
What I need to know is what approahes I can take regarding routing methodology, L2 adjacency, general approach, connectivity, etc.
I know this is a loaded question, but if I can get 2 or 3 complete solutions from the folks on this board, that would be awesome!
Im about to board aplane, so I cant respond to queries until about 3 hours or so.
Thanks!
VictorJason,
Quite simple....
content rule 1 (site1)
vip address xxx.xxx.xxx.xxx
port xx
prot tcp
url "//site.com/*"
advance-balance arrow-point cookies
no persistance
add service server1
add service server2
active
Second content:
content rule 2 (site2)
vip address xxx.xxx.xxx.xxx
port xx
prot tcp
url "//site2.com/*"
advance-balance arrow-point cookies
no persistance
add service server1
add service server2
add service server3
add service server4
active
Services for CSS:
Server1
ip address xyz.sss.ddd.ddd (ip address of web server1)
port xx
prot tcp
act
Server2
ip address xyz.sss.ddd.ddd (ip address of web server2)
port xx
prot tcp
act
Server3
ip address xyz.sss.ddd.ddd (ip address of web server3)
port xx
prot tcp
act
Server4
ip address xyz.sss.ddd.ddd (ip address of web server4)
port xx
prot tcp
act -
Best Load Balancing solution for NMS 4.15
What is the best load balancing solution for Messaging Server with 250 users?
What are you trying to achieve? I do not understand from your question what it is you are trying to accomplish. What component(s) of NMS are you trying to load balance?
-
Load balancing solution for 2-3 web servers
i am looking for a solution for load balancing between 2-3 servers in the same datacenter. i saw the ACE 4710 but that seems expensive compared to the rest of the the cisco gear in that datacenter. anybody knows what would be an entry level load balancing solution (2-3 web servers)? thanks in advance.
the Ace appliance is the new generation and if you take the lowest license 1/2 Gig you should pay a lower price.
You can still buy the old generation.
This would be the CSS11501.
If you need SSL offload this comes by default with ACE but no the CSS.
CSS11501-K has the SSL offload feature.
Also note the appliance has many more features which can be turned on by simply adding a new license.
So, if your site grows and you require more functionalities or more BW, you won't need new hardware.
Gilles. -
ISE 1.2 - Multiple NICs/Load Balancing for DHCP Probe
Hello guys
Just prepping an ISE 1.2 patch 8 setup in our organization. I am going for the virtual appliances with multiple NICs. It will be a distributed deployment with 4 x PSNs behind a load balancer and there is no requirement for wireless or guest user at the moment. I've got 2 points I will like to get some guidance on:
Our DC has a dedicated mgmt network and I plan to IP the gig0 interface of the PANs, MNTs and PSNs from this subnet. All device admin, clustering, config replication, etc will be over this interface. However, RADIUS/probe/other user traffic to the ISE PSNs will be over the gig1 interface which will be addressed from another L3 network. Is this a supported configuration in ISE?
I intend to use the DHCP probe as part of device profiling and will ideally like to have just an additional ip helper to add to our switch SVI config. Also, it will appear that WLCs can only be configured for 2 DHCP servers for a given network so another consideration for when we bringing our WLAN in scope. We however use ACE load balancers within our DC and from what I have read, they do not support DHCP load balancing. Are there any workarounds to using the DHCP probe with multiple PSNs without having to add each node as an ip helper/DHCP server on the NADs?
Thanks in advance
SayreHello Sayre-
For Question #1:
Management is restricted to GigabitEthernet 0 and that cannot be changed so you should be good there
You can configure Radius and Profiling to be enabled on other interfaces
Even though you are not using guest services yet, you can dedicate an interface just for that. As a result, you can separate guest traffic completely from your production network
Take a look at this link for more info:
http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/installation_guide/ise_ig/ise_app_c-ports.html
For Question #2
If you are using a Cisco WLC and running code 7.4 and newer you don't need to mess with the IP helper configurations.
The controller can be configured to act as a collector for client profiling and interact with the DHCP thread along with the RADIUS accounting task that is running on the controller. The controller receives a copy of the DHCP request packet sent from the DHCP thread and parses the DHCP packet for two options:
–Option 12—HostName of the client
–Option 60—The Vendor Class Identifier
After this information is gathered from the DHCP_REQUEST packet, a message is formed by the controller with these option fields and is sent to the RADIUS accounting thread, which is in turn transmitted to the ISE in the form of an interim accounting message.
Both DHCP and HTTP profiling settings are located under the "Advanced" configuration tab in the WLC
On the other hand, you can also use Anycast for profiling. You can check out some of Cisco Live's sessions for more info on that. Here is one that is from a couple of years (There are more recent ones that are available as well):
http://www.alcatron.net/Cisco%20Live%202013%20Melbourne/Cisco%20Live%20Content/Security/BRKSEC-3040%20%20Advanced%20ISE%20and%20Secure%20Access%20Deployment.pdf
I hope this helps!
Thank you for rating helpful posts! -
Dual ISP load balancing with 2 routers and 2 FW without using BGP
Hi all,
Based on the attachment diagram, is the design viable?
Do anyone has a similar deployment before and can you share with me the config guide to this because I'm at lost on a few configs:
1. On core switch A and B, I understood we need to have a default route pointing to the firewall interface. For this case, I have different IPs for the same context on both the firewalls.
So, how should the config be?
CoreSW_A(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.110
CoreSW_A(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.111
I don't think the above will work as the core switch will load balance the traffic to both firewalls even if one of the context is on standby mode?
2. The area from the firewall to the internet would all be public IP. Thus, if i put a switch in between the firewall and the router, then i would waste some public IP addresses but if i remove the switch, I would not have enough ports on the ASA firewall. What is the best recommended solution for this?
3. How do I load balance traffic to both R1 and R2 to their respective ISPs without using BGP? I may be using only a 2811 router.
Thanks alot!!.. really much looking forward for some guidance and tips on this as I havent found any guides on this deployment yet.. mostly are LAN HA.For policy based routing, I would need to create route maps on the core switch itself right?
Correct me if I'm wrong, if i use route-maps, i would be assigning e.g. internal network A to go through firewall context A and internal network B to go through firewall context B.
Context A will only have path to Router A and context B will only have path to Router B. But if router B goes down, network B won't be able to access the Internet, right?
I'm not sure whether it's a PI or PA for this as the ISP will assign us a block of IP address, for example 202.111.1.8/29 (these IPs can be used for webservers, etc). There will also be a public IP of /30 on the serial interface to connect to their router.
Thanks alot.. -
Dual wireless/ Load Balancing/ Link Aggregation
Hi all,
I've been reading up on this topic all day, with multiple Google and Apple searches, but haven't found the exact answer to this query. There was another post on this forum http://discussions.apple.com/thread.jspa?threadID=1660762 which was vaguely similar.
Basically I'm looking to experiment with combining 2 wireless connections, and therefore 2 seperate internet connections into one Mac.
I have seen suggestions of using a couple of wireless -> ethernet bridges, since Leopard supports Link Aggregation of ethernet devices. But the first question I have is: since I use a 3rd party wireless adaptor (Netgear wg111v3 USB dongle), it already shows up in Network Preferences as an Ethernet port. Leopard treats it as an actual ethernet device, hence is oblivious to the fact it is a wireless adaptor. Since Leopard thinks it's an ethernet port, could I use a second wireless dongle and then use Link Aggregation on them both?
Additionally, if that idea were to work, would it then be possible to connect each wireless adaptor to a seperate wireless network, or would they both have to connect to the same access point?
My DSL connection is roughly 512k on a good day, but I find this bandwidth to be choked when someone else at home is streaming videos etc. So in principle my idea was to have one connection using the regular DSL line as usual, plus connect the secondary wireless to my friend's wireless over the road when needed (and yes he's already agreed to my use since he rarely accesses the net). Therefore, giving a total theoretical bandwidth of 512k x2.
Since I aim for a load-balancing idea (spreading traffic over both connections), the main issue I can forsee is that this Mac will have problems routing traffic with both IPs since I read somewhere else that DNS problems might occur.It seems relatively easy to use Terminal to add a default route for specific destinations (e.g. all traffic to apple.com out of one interface, all traffic to yahoo.com out the other). However, I wondered if web traffic could be forwarded out one connection, whilst email traffic goes through the other. Alternatively, it would be great if web traffic could be "halved" and sent out both wireless connections simultaneously, though I don't think there's an easy way to do this (it would just be a nice feature if possible).
Your thoughts and advice on the matter would be much appreciated, and I'm going to continue experimenting with various ideas and see what I come up with.Hi all,
I've been reading up on this topic all day, with multiple Google and Apple searches, but haven't found the exact answer to this query. There was another post on this forum http://discussions.apple.com/thread.jspa?threadID=1660762 which was vaguely similar.
Basically I'm looking to experiment with combining 2 wireless connections, and therefore 2 seperate internet connections into one Mac.
I have seen suggestions of using a couple of wireless -> ethernet bridges, since Leopard supports Link Aggregation of ethernet devices. But the first question I have is: since I use a 3rd party wireless adaptor (Netgear wg111v3 USB dongle), it already shows up in Network Preferences as an Ethernet port. Leopard treats it as an actual ethernet device, hence is oblivious to the fact it is a wireless adaptor. Since Leopard thinks it's an ethernet port, could I use a second wireless dongle and then use Link Aggregation on them both?
Additionally, if that idea were to work, would it then be possible to connect each wireless adaptor to a seperate wireless network, or would they both have to connect to the same access point?
My DSL connection is roughly 512k on a good day, but I find this bandwidth to be choked when someone else at home is streaming videos etc. So in principle my idea was to have one connection using the regular DSL line as usual, plus connect the secondary wireless to my friend's wireless over the road when needed (and yes he's already agreed to my use since he rarely accesses the net). Therefore, giving a total theoretical bandwidth of 512k x2.
Since I aim for a load-balancing idea (spreading traffic over both connections), the main issue I can forsee is that this Mac will have problems routing traffic with both IPs since I read somewhere else that DNS problems might occur.It seems relatively easy to use Terminal to add a default route for specific destinations (e.g. all traffic to apple.com out of one interface, all traffic to yahoo.com out the other). However, I wondered if web traffic could be forwarded out one connection, whilst email traffic goes through the other. Alternatively, it would be great if web traffic could be "halved" and sent out both wireless connections simultaneously, though I don't think there's an easy way to do this (it would just be a nice feature if possible).
Your thoughts and advice on the matter would be much appreciated, and I'm going to continue experimenting with various ideas and see what I come up with. -
Cisco RV042 - Dual Wan Load Balancing - Secure Site (HTTPS) Trouble
PID VID :
RV042 V03
Firmware Version :
v4.0.0.07-tm (Aug 19 2010 19:19:50)
Ever since I setup my RV042 with load balancing using the Dual Wan system I have had trouble staying connected to some secure sites. After doing some searching I found that the potential issue is the IP change mid session.
"http://www.broadbandreports.com/forum/r25537589-Cisco-RV042-can-not-use-load-balancing-for-some-web-sites"
Although my interface is significantly different I was able to find the same area in my RV042 admin area however, it doesn't seem to work.
System Management
> Dual Wan
In Wan 1 & Wan 2 I have HTTPS and HTTPS Secondary all forwarded to use Wan 2 under Protocol Binding
This however has not managed to do anything at all for my network and every computer conneceted experiences the same HTTPS irregularities at some websites.
I'm sure I must be doing something wrong, but I don't know what it is.
Both incoming connections are from the same service provider although the plans are different.
Any help with this would greatly help me stop losing my mind trying to fight with my website control panel for 10 minutes to just login and get something done.
ThanksAny ideas or advice from anyone?
-
RV320 - Dual WAN - Load Balance Problem
Hi all,
I've just bought a RV320 Dual WAN router an try to get it running. My network setup looks lice the picture attached.
I have 2 WAN Connections:
- Router 1 (16Mbit Down / 512kbit up) - no public WAN IP
- Router 2 (3 Mbit Down / 512kbit up) - Fixed public IP
Router 1 ist connected to WAN1 and router 2 to WAN2 port on the RV320.
I have enabled load balancing mode.
Qustions:
1.
I want WAN1 to be the primary line to be used until capacity reached.
Currently for some reason I don't understand the cisco always uses WAN2.
That's not good as all browsing and downloading is limited to 3mbit.
When I switch to "fail-over" mode and set primry live to WAN1 that works, but WAN2 is not kept alive.
2.
I am using VOIP and need to route all VOIP traffic to WAN2 interface.
The best would be to tell the router IP 192.168.177.9 (voip phone) should use WAN2. So far I didn't figure out how to do that.
Can I put VOIP into one VLAN group and allocated VLAN to one specific WAN interface?
BrgdsSo, you can hear the phone ringing and answer it? which means that SIP pakets are coming through WAN to LAN and well redirected to the phone IP, but you cannot hear after that, which means that there could be a problem with the RTP packets.
If you have problem only with the incoming calls and not the outgoing, than try enable/disable SIP ALG (Firewall). If that doesn't fix the issue, try to allow (or even forward) from WAN to LAN RDP - UDP ports 16384-32767 to the phone IP.
Regards,
Kremena -
Cisco 1921 Dual ADSL Load Balancing/Failover?
Hello,
We have purchased a Cisco 1921 with twin ADSL after advice from a Cisco sales rep. However I am having trouble working out the load balancing/fail over config for the device.
I would like traffic to balance over both ADSL lines and if one goes down not to interrupt connectivity.
I had a look at ppp multilink but I am unsure our ISP (BT) support this?
This is my current config which I think only one ADSL line is being used. Some input would be appreciated
Robbie
! Last configuration change at 13:18:34 UTC Tue Mar 29 2011
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname xxxxxx
boot-start-marker
boot-end-marker
no logging buffered
enable secret 5 xxxxx
enable password xxxx
no aaa new-model
no ipv6 cef
ip source-route
ip cef
ip name-server 194.74.65.68
ip name-server 194.72.0.114
multilink bundle-name authenticated
crypto pki trustpoint TP-self-signed-xxxxxx
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-xxxxx0
revocation-check none
rsakeypair TP-self-signed-xxxxx!
crypto pki certificate chain TP-self-signed-xxxxxx
certificate self-signed 02 nvram:IOS-Self-Sig#4.cer
license udi pid CISCO1921/K9 xxxxx
username admin privilege 15 secret 5 xxxxxxxxxx/
interface GigabitEthernet0/0
description lan$ETH-LAN$
ip address 10.0.8.1 255.255.248.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
interface ATM0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
dsl operating-mode adsl2
interface ATM0/0/0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
ip flow ingress
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface ATM0/1/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
dsl operating-mode adsl2
interface ATM0/1/0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
ip flow ingress
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface Dialer0
mtu 1483
ip address negotiated
ip access-group spalding in
ip access-group spalding out
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname xxxxx
ppp chap password 0 xxxxx
ppp multilink
ppp multilink links minimum 2
ppp multilink fragment disable
ppp timeout multilink link add 2
no cdp enable
interface Dialer1
mtu 1483
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname xxxxx
ppp chap password 0 xxxxx
ppp link reorders
ppp multilink
ppp multilink links minimum 2
ppp multilink fragment disable
ppp timeout multilink link add 2
no cdp enable
ip forward-protocol nd
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 10.0.15.201 3389 interface Dialer0 3389
ip nat outside source static tcp 195.194.75.218 3389 10.0.15.200 3389 extendable
ip route 0.0.0.0 0.0.0.0 Dialer0
access-list 1 remark INSIDE_IF=GigabitEthernet0/0
access-list 1 permit 10.0.0.0 0.254.255.255
dialer-list 1 protocol ip permit
control-plane
line con 0
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
scheduler allocate 20000 1000
endHi,
Can anyone help me with this config? not very reliable.
Building configuration...
Current configuration : 17349 bytes
! Last configuration change at 06:08:06 UTC Sun Apr 5 2015 by Shawn
version 15.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname Router
boot-start-marker
boot system flash0:c2900-universalk9-mz.SPA.154-3.M2.bin
boot-end-marker
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 $1$sNeA$GB6.SMrcsxPf51tK2Eo9Z.
aaa new-model
aaa authentication login local_authen local
aaa authorization exec local_author local
aaa session-id common
no ip source-route
ip port-map user-protocol--8 port udp 3392
ip port-map user-protocol--9 port tcp 3397
ip port-map user-protocol--2 port udp 3391
ip port-map user-protocol--3 port tcp 14000
ip port-map user-protocol--1 port tcp 3391
ip port-map user-protocol--6 port udp 3394
ip port-map user-protocol--7 port tcp 3392
ip port-map user-protocol--4 port udp 14100
ip port-map user-protocol--5 port tcp 3394
ip port-map user-protocol--10 port udp 3397
ip dhcp excluded-address 192.168.1.1 192.168.1.49
ip dhcp excluded-address 192.168.10.1 192.168.10.49
ip dhcp pool DHCP_POOL1
import all
network 192.168.1.0 255.255.255.0
dns-server 139.130.4.4 203.50.2.71
default-router 192.168.1.1
lease infinite
ip dhcp pool ccp-pool1
import all
network 192.168.10.0 255.255.255.0
dns-server 139.130.4.4 203.50.2.71
default-router 192.168.10.1
lease infinite
no ip bootp server
ip host SHAWN-PC 192.168.1.10
ip host DIAG 192.168.1.5
ip host MSERV 192.168.1.13
ip name-server 139.130.4.4
ip name-server 203.50.2.71
ip cef
ip cef load-sharing algorithm include-ports source destination
no ipv6 cef
multilink bundle-name authenticated
cts logging verbose
crypto pki trustpoint TP-self-signed-1982477479
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1982477479
revocation-check none
rsakeypair TP-self-signed-1982477479
license udi pid
license boot module c2900 technology-package securityk9
license boot module c2900 technology-package datak9
redundancy
controller VDSL 0/0/0
operating mode adsl2+
controller VDSL 0/1/0
operating mode adsl2+
no cdp run
track timer interface 5
track 1 interface Dialer0 ip routing
delay down 15 up 10
track 2 interface Dialer1 ip routing
delay down 15 up 10
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
class-map type inspect match-all sdm-nat-user-protocol--7-1
match access-group 104
match protocol user-protocol--7
match access-group 102
class-map type inspect match-all sdm-nat-user-protocol--4-2
match access-group 101
match protocol user-protocol--4
class-map type inspect match-all sdm-nat-user-protocol--6-1
match access-group 103
match protocol user-protocol--6
class-map type inspect match-all sdm-nat-user-protocol--5-1
match access-group 103
match protocol user-protocol--5
class-map type inspect match-all sdm-nat-user-protocol--4-1
match access-group 102
match protocol user-protocol--4
class-map type inspect match-all sdm-nat-user-protocol--7-2
match access-group 101
match protocol user-protocol--7
class-map type inspect match-all sdm-nat-user-protocol--3-1
match access-group 102
match protocol user-protocol--3
class-map type inspect match-all sdm-nat-user-protocol--2-1
match access-group 101
match protocol user-protocol--2
class-map type inspect match-all sdm-nat-user-protocol--1-2
match access-group 102
match protocol user-protocol--1
class-map type inspect match-all sdm-nat-user-protocol--1-1
match access-group 101
match protocol user-protocol--1
class-map type inspect match-all sdm-nat-user-protocol--2-2
match access-group 102
match protocol user-protocol--2
class-map type inspect match-all sdm-nat-user-protocol--3-2
match access-group 101
match protocol user-protocol--3
class-map type inspect match-all sdm-nat-user-protocol--8-2
match access-group 101
match protocol user-protocol--8
class-map type inspect match-all sdm-nat-user-protocol--9-2
match access-group 104
match protocol user-protocol--9
class-map type inspect match-any ccp-skinny-inspect
match protocol skinny
class-map type inspect match-all sdm-nat-user-protocol--9-1
match access-group 101
match protocol user-protocol--9
match access-group 104
class-map type inspect match-all sdm-nat-user-protocol--8-1
match access-group 104
match protocol user-protocol--8
match access-group 102
class-map type inspect match-any ccp-h323nxg-inspect
match protocol h323-nxg
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-nat-user-protocol--10-2
match access-group 104
match protocol user-protocol--10
class-map type inspect match-all sdm-nat-user-protocol--10-1
match access-group 101
match protocol user-protocol--10
match access-group 104
class-map type inspect match-any ccp-h225ras-inspect
match protocol h225ras
class-map type inspect match-any ccp-h323annexe-inspect
match protocol h323-annexe
class-map type inspect match-any ccp-cls-insp-traffic
match protocol pptp
match protocol dns
match protocol ftp
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all SDM_GRE
match access-group name SDM_GRE
class-map type inspect match-any ccp-h323-inspect
match protocol h323
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-any ccp-sip-inspect
match protocol sip
class-map type inspect match-all ccp-protocol-http
match protocol http
class-map type inspect match-any CCP_PPTP
match class-map SDM_GRE
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class type inspect ccp-sip-inspect
inspect
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
class class-default
drop
policy-map type inspect sdm-pol-NATOutsideToInside-1
class type inspect sdm-nat-user-protocol--1-1
inspect
class type inspect sdm-nat-user-protocol--2-1
inspect
class type inspect sdm-nat-user-protocol--3-1
inspect
class type inspect sdm-nat-user-protocol--4-1
inspect
class type inspect sdm-nat-user-protocol--5-1
inspect
class type inspect sdm-nat-user-protocol--6-1
inspect
class type inspect sdm-nat-user-protocol--7-1
inspect
class type inspect sdm-nat-user-protocol--8-1
inspect
class type inspect sdm-nat-user-protocol--9-1
inspect
class type inspect sdm-nat-user-protocol--10-1
inspect
class type inspect CCP_PPTP
pass
class type inspect sdm-nat-user-protocol--7-2
inspect
class type inspect sdm-nat-user-protocol--8-2
inspect
class type inspect sdm-nat-user-protocol--1-2
inspect
class type inspect sdm-nat-user-protocol--2-2
inspect
class type inspect sdm-nat-user-protocol--9-2
inspect
class type inspect sdm-nat-user-protocol--10-2
inspect
class type inspect sdm-nat-user-protocol--3-2
inspect
class type inspect sdm-nat-user-protocol--4-2
inspect
class class-default
drop log
policy-map type inspect ccp-permit
class class-default
drop
policy-map type inspect ccp-permit-icmpreply
class type inspect ccp-icmp-access
inspect
class class-default
pass
zone security in-zone
zone security out-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
service-policy type inspect sdm-pol-NATOutsideToInside-1
interface Null0
no ip unreachables
interface Embedded-Service-Engine0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
interface GigabitEthernet0/0
description $ETH-LAN$
ip address 192.168.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
duplex auto
speed auto
no mop enabled
interface GigabitEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
duplex auto
speed auto
no mop enabled
interface ATM0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
interface ATM0/0/0.1 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface ATM0/0/0.2 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
interface Ethernet0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
no mop enabled
interface ATM0/1/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
interface ATM0/1/0.1 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 2
interface Ethernet0/1/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
no mop enabled
interface GigabitEthernet0/3/0
no ip address
interface GigabitEthernet0/3/1
no ip address
interface GigabitEthernet0/3/2
no ip address
interface GigabitEthernet0/3/3
no ip address
interface GigabitEthernet0/3/4
no ip address
interface GigabitEthernet0/3/5
no ip address
interface GigabitEthernet0/3/6
no ip address
interface GigabitEthernet0/3/7
no ip address
interface Vlan1
description $FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip nat inside
ip virtual-reassembly in
zone-member security in-zone
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip nat outside
ip virtual-reassembly in
zone-member security out-zone
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname [email protected]
ppp chap password 7 1444405858557A
ppp pap sent-username [email protected] password 7 135645415F5D54
ppp multilink
interface Dialer1
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip nat outside
ip virtual-reassembly in
zone-member security out-zone
encapsulation ppp
dialer pool 2
dialer-group 2
ppp authentication chap pap callin
ppp chap hostname [email protected]
ppp chap password 7 01475E540E5D55
ppp pap sent-username [email protected] password 7 055F5E5F741A1D
ppp multilink
router eigrp as#
router eigrp 10
network 192.168.1.1 0.0.0.0
router rip
version 2
network 192.168.1.0
no auto-summary
ip forward-protocol nd
ip http server
ip http access-class 3
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip dns server
ip nat inside source static tcp 192.168.1.10 3392 interface Dialer1 3392
ip nat inside source static udp 192.168.1.10 3392 interface Dialer1 3392
ip nat inside source static tcp 192.168.1.35 3391 interface Dialer0 3391
ip nat inside source static udp 192.168.1.35 3391 interface Dialer0 3391
ip nat inside source static tcp 192.168.1.5 3394 interface Dialer0 3394
ip nat inside source static udp 192.168.1.5 3394 interface Dialer0 3394
ip nat inside source static tcp 192.168.1.17 3397 interface Dialer0 3397
ip nat inside source static udp 192.168.1.17 3397 interface Dialer0 3397
ip nat inside source static tcp 192.168.1.10 14000 interface Dialer0 14000
ip nat inside source static udp 192.168.1.10 14100 interface Dialer0 14100
ip nat inside source route-map ADSL0 interface Dialer0 overload
ip nat inside source route-map ADSL1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer0 track 1
ip route 0.0.0.0 0.0.0.0 Dialer1 track 2
ip access-list extended NAT
remark CCP_ACL Category=18
permit ip 192.0.0.0 0.255.255.255 any
ip access-list extended SDM_GRE
remark CCP_ACL Category=1
permit gre any any
remark CCP_ACL Category=1
ip access-list extended STATIC-NAT-SERVICES
permit ip host 192.168.1.35 any
permit ip host 192.168.1.5 any
permit ip host 192.168.1.10 any
permit ip host 192.168.1.17 any
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
route-map ADSL0 permit 10
match ip address NAT
match interface Dialer0
route-map ADSL1 permit 10
match ip address NAT
match interface Dialer1
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark CCP_ACL Category=1
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 2 deny any
access-list 2 remark HTTP Access-class list
access-list 2 remark CCP_ACL Category=1
access-list 3 remark HTTP Access-class list
access-list 3 remark CCP_ACL Category=1
access-list 3 permit 192.168.1.0 0.0.0.255
access-list 3 deny any
access-list 10 remark INSIDE_IF=NAT
access-list 10 remark CCP_ACL Category=2
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip 139.130.227.0 0.0.0.255 any
access-list 100 permit ip 203.45.106.0 0.0.0.255 any
access-list 101 remark CCP_ACL Category=0
access-list 101 permit ip any host 192.168.1.10
access-list 101 remark CCP_ACL Category=0
access-list 101 permit ip any host 192.168.1.35
access-list 101 permit tcp any any eq www
access-list 102 remark CCP_ACL Category=0
access-list 102 permit ip any host 192.168.1.35
access-list 102 remark CCP_ACL Category=0
access-list 102 permit ip any host 192.168.1.10
access-list 103 remark CCP_ACL Category=0
access-list 103 permit ip any host 192.168.1.5
access-list 104 remark CCP_ACL Category=0
access-list 104 permit ip any host 192.168.1.17
control-plane
banner login ^CCE-Rescue Systems^C
line con 0
login authentication local_authen
transport output telnet
line aux 0
login authentication local_authen
transport output telnet
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
authorization exec local_author
login authentication local_authen
transport input telnet ssh
line vty 5 15
authorization exec local_author
login authentication local_authen
transport input telnet ssh
scheduler allocate 20000 1000
end
Thanks
Shawn -
Dual ADSL Load Balancing and Fault tolerance
Just wonder if this is doable with for example 2 WIC-1ADSL cards on say a 2800 series platform. The application would be simple internet access. If so could someone provide a sample config? Just a note...this application would include two static ip ADSL services. Thanks, Shawn
That is definitely doable. Here's a sample config:
ip cef
interface atm1/0.32
ip address 255.255.255.252
ip nat outside
pvc 1/32
oam-pvc manage
interface atm2/0.32
ip address 255.255.255.252
ip nat outside
pvc 1/32
oam-pvc manage
interface GigabitEthernet0/0
ip address 10.1.1.1 255.255.255.0
ip nat inside
ip route 0.0.0.0 0.0.0.0 atm1/0.32
ip route 0.0.0.0 0.0.0.0 atm2/0.32
ip nat inside source route-map ISP1-map interface atm1/0.32
ip nat inside source route-map ISP2-map interface atm2/0.32
route-map ISP11-map permit 10
match interface atm1/0.32
route-map ISP12-map permit 10
match interface atm2/0.32
Explanation:
- the use of two static routes will allow you to load-balance over the two links and provide redundancy at the same time
- the NAT config will dynamically choose the NAT'ed address depending on which interface CEF has chosen to send the packet out of...
Hope that helps - pls rate the post if it does.
Regards,
Paresh -
Hello,
I installed a VMWare Hypervisor 5.5 server and put 2 virtual machines on it.
The physical server has 2 NICs and connected to the LAN.
When I go to the virtual machine performance tab and look at the network data I see that most traffic is going over 1 vmnic.
The stats of the other NIC are most of the time plain 0 values.
see attachment...
Isn't this supposed to be spread over vmnic0 & vmnic1 ?
The vSwitch has loadbalancing on, if I turn loadbalancing on for the VMNetwork it doesn't seem to change much either.
When I add another virtual NIC and leave it unteamed I get the same result.
Will this only work when teaming 2 virtual NICs in the virtual machine or will it only use the second NIC when it reaches almost full load?
The problem is that I have issues with teaming the microsoft way, the server becomes unreachable for some reason (previous HP soft messed up something?)
I'm using the VMXNET3 NICs.I checked another host.
this has a mail and rdp server as 2 virtual machines.
the only issue I have under rds is that sometimes outlook freezes for a few seconds and gives this white/blurred screen.
so I wonder...
as these 2 VMs are on the same VM host does the traffic leave the host or is it kept internal?
if it is internal then it couldn't be a physical nic overload issue, right?
then I need to look elsewere (the vm cpu/nic stats don't give a reason for the slow down either) -
Using StoneBeat WebCluster load balancing with WebLogic
Hi,
I have done some testing of WebLogic Server with my company's StoneBeat WebCluster
distributed load balancing software. This might be one more option to consider
as a load balancing solution for WLS. It is advanced in the sense that load balancing
is really dynamic, there are no single-points of failure (distributed architecture)
and there is a very good, configurable test subsystem that runs on each cluster
node to check for overload situations, HW/OS failures, ...
In the initial testing, the WebCluster load balancing works with WebLogic replication,
although there are some cases that need mroe consideration (please see below).
I had to get a patch to WLS6SP1 on NT to make WLS' multicast work when there are
several NICs on the cluster nodes.
However, there is one case which causes problems:
- I have 3 cluster nodes
- P: 2, S: 3 (SessionServlet = 1)
- 2: offline - P: 3, S: 1 (SessionServlet = 2; WebCluster randomly selected a
new node to handle the connection)
- 2: online - P: 2, S: ? (SessionServlet = 3, WebCluster redistributes the load
when a node goes online)
- 2: offline
- P: 3, S: 1 (__SessionServlet = 1__) NB!
The log messages show that when node 2 comes back online it retrieves the replica
from the secondary (node 1) and not from the primary (node 3). After a while (5-6
minutes), node 3 tries to update the replica on node 1. Node 1 considers this
a stale update request and removes the Primary 16... (node name) and then the
secondary for 16... (the replicated object). Then there's a message (still on
node 1) that it is unable to find object 16... Back on node 3 the primary for
16... is removed.
From the WLS6 documentation (under the discussion of using replication with external
HW load balancing solutions) I thought that this case would have been handled:
- it is stated that after the failure of a node, if the HWLB box sends the next
request to a node where there is no replica, WLS is able to retrieve the replica
- to be fair, this is what happens: when node 2 came back online, it retrieved
the replica from node 1 (the secondary) - I suppose that there is an assumption
that if a request arrives to a node without a replica, the primary __must have
failed__
Is there any way to get around this problem?
Admittedly, WebCluster has a problem in that the stickyness of connections is
not perfect: - when a node goes online, a connection that was correctly persisted
(based on either source-ip or source-network address) may be moved to a new node
since the load is redistributed. Our load balancing is very dynamic, but doesn't
maintain a list of who is connected to which node when resistribution takes place
Regards,
Frank Olsen
Stonesoft
Rick,
You may want to look at the Alteon and F5 configuration we have on edocs.
Take a look at the following URLs for a possible solution
http://edocs.bea.com/wls/docs61/cluster/alteon.html#591902
http://edocs.bea.com/wls/docs61/cluster/bigip.html#591902
Chuck Nelson
DRE
BEA Technical Support -
OS level load balancing in OEL
Hi,
Would like to know if we can do OS level load balancing with OEL?
I know in Windows there is Network Load Balancing NLB, that would do this, so I am hoping is there something similar in OEL?
Thanks.Optimus prime wrote:
Would like to know if we can do OS level load balancing with OEL?Any kernel automatically "+load balances+" processing across the resources (e.g. CPUs) available to the kernel. The 2.6 kernel uses the Completely Fair Scheduler
I know in Windows there is Network Load Balancing NLB, that would do this, so I am hoping is there something similar in OEL?Kind of. There are a number of clustering options for Linux. Including commercial products like Oracle Grid.
I think the one of the oldest (and well known) Linux clustering s/w projects is Beowulf.
For networking specifically (comparing it with what I read in Microsoft's FAQ for NLB) is Linux Virtual Server. Quote:
"<i>The Linux Virtual Server as an advanced load balancing solution can be used to build highly scalable and highly available network services, such as scalable web, cache, mail, ftp, media and VoIP services.</i>"
There are also other options - such a network devices (in addition to standard switches and routers) that specifically provides load balancing for networking. Though personally, I did not like this approach much for Oracle RAC and we rolled our own load balancing using NAT and iptables.
Bonding, as mentioned above, is one of many technical considerations when implementing a load balancer. This is (in my experience) primarily for high availability - and provides redundant paths from the server to a resource. Does not need to be IP based - it can be Infiniband based too (e.g. like used by Oracle Database Machine for redundant storage fabric paths to the Exadata Storage Server).
Typically 2 separate interfaces/dual ports will be wired into separate switches that in turn will be wired into the greater network or storage system or whatever. This is then bonded on the server as a single logical interface. If an interface, port, cable or even switch fail, that logical interface still have a secondary path providing full connectivity. Bonding is discussed at http://www.linuxfoundation.org/collaborate/workgroups/networking/bonding.
This is however a very low level of dealing with load balancing (and redundancy). It alone should not be considered as a load balancing solution.
Maybe you are looking for
-
Hi there! Level of Experience: Beginner Backstory: Back when I had no idea what I was doing, I was trying to access my original aperture library over a wifi network share...bad idea lol. Well, I tried this with about 4 different libraries before I kn
-
Problem in Solaris Installation
Hi, I'm trying to use one Netra T1 105 which we are using for long. I have tried to install Solaris 2.8 2/02 version on that. The problem is, when the system is coming up I am not able to send the break signal to get it to the OK prompt, so that I ca
-
10.5.7 Jacked up my 2TB MyBook Mirror
After updating to 10.5.7 my Mac Mini is not picking up my 2TB Western Digital MyBook drive. I have tried Disk Utility and Disk Warrior 4.1.1 and neither of them pick up the drive. It just sits there flashing the full blue light. Any ideas? I really n
-
Faces expression in Javascript? Flash/Flex and Faces Session Variables
Does anyone know how to add a faces expression in Javascript? I basically want to pass a Faces Variable to Flash/Flex. The best way to do that would be in Javascript. I thought it would be fairly easy. Something like: <webuijsf:sc
-
I am using RoboHelp 7 and have been presented with htm files that have been translated into Hindi for a client. It does not appear that Hindi is a lanuage available in the html help project settings. It seems that almost every other language is supor