Load balance multicast stream

Similar Messages

• Network Load Balancing - Multicast IPv6

  I have a two servers with network load balancing. They are configured to use IGMP Multicast which works well with IPv4.  The switch correctly detects the group and sends the traffic to only the ports connected to the servers.
  However i can't get IPv6 working outside of the servers subnet.  You can access the loadbalanced IPv6 address from within the servers subnet but machines outside the subnet cannot access it.
  Does load balancing properly support IPv6?  Should it not support Multicast Listerner Discovery (MLD) to work properly with IPv6? 
  Thanks

  Thanks for your reply. 
  Yes - you are correct. We are using an IPv6 address as the cluster IP address for incoming connections but it can't be access outside of the subnet. The cluster has both a link-local and global address - both are only accessible from within the subnet.
  The two servers that are part of load balancing cluster both have IPv6 address assigned to their network adapters - these are accesible outside the subnet. Infact 80% of all our network traffic is IPv6 - routing is working fine between all servers, workstations
  and devices on our various subnets.  The problem is purley affecting the load balancing IPv6 address.
  The IP config and route tables are below.  Thanks for your help.
  Regards, Daniel
  Microsoft Windows [Version 6.1.7601]
  Copyright (c) 2009 Microsoft Corporation. All rights reserved.
  M:\>ipconfig /all
  Windows IP Configuration
  Host Name . . . . . . . . . . . . : indium
  Primary Dns Suffix . . . . . . . :
  Node Type . . . . . . . . . . . . : Hybrid
  IP Routing Enabled. . . . . . . . : No
  WINS Proxy Enabled. . . . . . . . : No
  DNS Suffix Search List. . . . . . :
  Ethernet adapter Public:
  Connection-specific DNS Suffix . :
  Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Ada
  pter
  Physical Address. . . . . . . . . : 00-15-5D-CA-6C-04
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes
  IPv6 Address. . . . . . . . . . . : 2001:630:34:1010::42(Preferred)
  IPv6 Address. . . . . . . . . . . : 2001:630:34:1010::40(Preferred)
  Link-local IPv6 Address . . . . . : fe80::4c7b:41a3:be85:e6c4%10(Preferred)
  Link-local IPv6 Address . . . . . : fe80::95f6:2da7:dcdb:1fc1%10(Preferred)
  IPv4 Address. . . . . . . . . . . : 10.0.0.42(Preferred)
  Subnet Mask . . . . . . . . . . . : 255.255.252.0
  IPv4 Address. . . . . . . . . . . : 10.0.0.40(Preferred)
  Subnet Mask . . . . . . . . . . . : 255.255.252.0
  Default Gateway . . . . . . . . . : 2001:630:34:1010::1
  10.0.0.1
  DHCPv6 IAID . . . . . . . . . . . : 234886493
  DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-D0-9F-CD-00-15-5D-01-14-35
  DNS Servers . . . . . . . . . . . : 2001:630:34:1010::10
  2001:630:34:1010::8
  10.0.0.10
  10.0.0.8
  NetBIOS over Tcpip. . . . . . . . : Disabled
  Microsoft Windows [Version 6.1.7601]
  Copyright (c) 2009 Microsoft Corporation. All rights reserved.
  M:\>ipconfig /all
  Windows IP Configuration
  Host Name . . . . . . . . . . . . : aluminium
  Primary Dns Suffix . . . . . . . :
  Node Type . . . . . . . . . . . . : Hybrid
  IP Routing Enabled. . . . . . . . : No
  WINS Proxy Enabled. . . . . . . . : No
  DNS Suffix Search List. . . . . . :
  Ethernet adapter Public:
  Connection-specific DNS Suffix . :
  Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Ada
  pter
  Physical Address. . . . . . . . . : 00-15-5D-01-37-04
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes
  IPv6 Address. . . . . . . . . . . : 2001:630:34:1010::43(Preferred)
  IPv6 Address. . . . . . . . . . . : 2001:630:34:1010::40(Preferred)
  Link-local IPv6 Address . . . . . : fe80::95f6:2da7:dcdb:1fc1%10(Preferred)
  Link-local IPv6 Address . . . . . : fe80::fcab:aeb9:175d:9994%10(Preferred)
  IPv4 Address. . . . . . . . . . . : 10.0.0.43(Preferred)
  Subnet Mask . . . . . . . . . . . : 255.255.252.0
  IPv4 Address. . . . . . . . . . . : 10.0.0.40(Preferred)
  Subnet Mask . . . . . . . . . . . : 255.255.252.0
  Default Gateway . . . . . . . . . : 2001:630:34:1010::1
  10.0.0.1
  DHCPv6 IAID . . . . . . . . . . . : 234886493
  DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-BF-55-42-00-15-5D-01-13-45
  DNS Servers . . . . . . . . . . . : 2001:630:34:1010::10
  2001:630:34:1010::8
  10.0.0.10
  10.0.0.8
  NetBIOS over Tcpip. . . . . . . . : Disabled
  Microsoft Windows [Version 6.1.7601]
  Copyright (c) 2009 Microsoft Corporation. All rights reserved.
  M:\>route print
  IPv6 Route Table
  ===========================================================================
  Active Routes:
  If Metric Network Destination Gateway
  10 261 ::/0 2001:630:34:1010::1
  1 306 ::1/128 On-link
  10 261 2001:630:34:1010::/64 On-link
  10 261 2001:630:34:1010::40/128 On-link
  10 261 2001:630:34:1010::42/128 On-link
  10 261 fe80::/64 On-link
  10 261 fe80::4c7b:41a3:be85:e6c4/128
  On-link
  10 261 fe80::95f6:2da7:dcdb:1fc1/128
  On-link
  1 306 ff00::/8 On-link
  10 261 ff00::/8 On-link
  ===========================================================================
  Persistent Routes:
  If Metric Network Destination Gateway
  0 4294967295 ::/0 2001:630:34:1010::1
  ===========================================================================

• Load-balancing of transparent cache + IP spoofing + RTSP + MMS not working

  We have already in production an architecture with load-balancing of
  transparent cache + ip spoofing.
  We are unable to do the same for streaming flows (MMS and RTSP).
  We are doing PBR from our core network (2 * C6K) to redirect port 80, 554 and
  1755 toward CSS boxes, same in our access router (2* Ciso7200).
  In this config desired flows are redirected toward the CSS.
  Then CSS should load balance the traffic toward our BlueCoat proxy-cache farm.
  It's working fine for HTTP but we are unable to make it works for MMS and
  RTSP.
  Note that we are requiered to use ECMP to perform IP Spoofing on the CSS, meaning we need 4 routes for each client subnet (one route toward upstream C6K, and 3 routes for each proxy cache). We use acl to get rid off looping condition.
  Anyone who has already put in place Load-balancing of Streaming transparent cache + IP spoofing could give us some hint.
  Many thanks.
  Regards,
  Pierre Viennet

  Gilles, thanks for your input.
  Here where we are at with streaming implementation:
  - HTTP on all type off client is working
  - RTSP: TCP 554 with Real Media client is working
  - RTSP: TCP 554 with WMP not working, but it's due to a bug in Bluecoat implementation, the proxy send an error when he see a request with ( User-Agent: WMPlayer ) for RTSP content.
  - MMS: TCP 1755 not working with IP spoofing enable on the proxy but OK without IP spoofing...
  - UDP 554: not working
  - UDP 1755: not working
  I fully understand the limitation for UDP traffic.
  But I don't see why it's not working for MMS over TCP traffic.
  Note that I have the exact same configuration for RTSP and MMS.
  Why is it not working for MMS with IP spoofing? Are you aware of a difference on the way CSS handle MMS flows? or a specificity of the MMS protocol?
  Below what we can see on the different equipement when trying to launch a MMS over TCP Stream:
  c6k-Faaa#sh mls ip source 195.83.182.72
  Displaying Netflow entries in Supervisor Earl
  DstIP SrcIP Prot:SrcPort:DstPort Src i/f:AdjPtr
  Pkts Bytes Age LastSeen Attributes
  202.3.225.5 195.83.182.72 tcp :1755 :1504 0 : 0
  3 124 17 18:58:12 L3 - Dynamic
  202.3.225.5 195.83.182.72 tcp :1755 :1527 0 : 0
  2 84 3 18:58:20 L3 - Dynamic
  202.3.225.5 195.83.182.72 tcp :554 :1503 0 : 0
  4 360 17 18:58:06 L3 - Dynamic
  c6k-Faaa#
  CSS11503_CORE1# sho flows 202.3.225.5 | grep 1755
  202.3.225.5 38531 195.83.182.72 1755 0.0.0.0 TCP
  2/3 2/1
  202.3.225.5 1527 195.83.182.72 1755 195.83.182.72 TCP
  2/7 2/3
  CSS11503_CORE1# sho flows 202.3.225.5 | grep 1755
  202.3.225.5 38531 195.83.182.72 1755 0.0.0.0 TCP
  2/3 2/1
  202.3.225.5 1527 195.83.182.72 1755 195.83.182.72 TCP
  2/7 2/3
  CSS11503_CORE1# sho flows 202.3.225.5 | grep 1755
  202.3.225.5 38531 195.83.182.72 1755 0.0.0.0 TCP
  2/3 2/1
  202.3.225.5 1527 195.83.182.72 1755 195.83.182.72 TCP
  2/7 2/3
  CSS11503_CORE1#
  TCP 192.168.4.19:1491 195.83.182.72:554 TIME_WAIT
  TCP 192.168.4.19:1492 195.83.182.72:554 TIME_WAIT
  TCP 192.168.4.19:1493 195.83.182.72:1755 TIME_WAIT
  TCP 192.168.4.19:1502 195.83.182.72:554 TIME_WAIT
  TCP 192.168.4.19:1503 195.83.182.72:554 TIME_WAIT
  TCP 192.168.4.19:1504 195.83.182.72:1755 TIME_WAIT
  TCP 192.168.4.19:1525 195.83.182.72:554 TIME_WAIT
  TCP 192.168.4.19:1526 195.83.182.72:554 TIME_WAIT
  TCP 192.168.4.19:1527 195.83.182.72:1755 TIME_WAIT
  Many Thanks for your input.
  Pierre Viennet.

• ML1000 RPR load balancing and multicast problem

  Hello,
  We have SDH network consisting in a STM16 ring with 7 ONS15454 MSPP nodes, sw version 9.0.1. In each node we have a ML1000-2 card connected in a RPR configuration through VC4-8C(8x155Mbs) circuits.
  My questions:
  Q1 We had expected the ring to balance itself but instead 90% of the traffic is going anti-clockwise which is the direction of the POS-0.
  Q2 We are not able to transmit Multicast packets and we sometimes have problems with udp losses. Could this be due to a bad configuration of the ML-1000? Should we investigate higher in the core switches(6500’s)?
  Thanks

  Manuel,
  I just published a document on load balancing on the ML card.  (ML Load Balancing after 5.doc).
  Check the document section in the Optical Forum.
  Also check the on-line configuration guide.
  http://www.cisco.com/en/US/docs/optical/15000r9_0/ethernet/454/guide/45490a_mlcardovw.html
  As for question #2.  o may find some answers on multicast in the load balancing document or configuration guide.  If not, I suggest opening a TAC case so they can verify your ML configuration.
  Hope this Helps,
  Steve Noyes
  CSE Cisco TAC

• Multicast not working with Window2K Network Load Balancing.

  I'm using W2K Network Load Balancing (WBLB) for our cluster machines (2
            boxes) to load balance between IIS (one IIS instance on each box). Each IIS
            instance is a proxy to the weblogic cluster (one app server instance on each
            box). Currently I only have a single network card configured for each box,
            so I have had to enable multicast support for the WNLB. But if I do this
            I'm unable to get multicasting working correctly for the weblogic cluster.
            When I run the multicast tester (utils.MulticastTest) one box is able to
            receive multicast messages from both boxes, but the other box is only
            receiving multicast messages from itself (but not the other box). Does
            anyone have any experience with configuring weblogic clustering on machines
            with WNLB also configured?
            Thank you.
            Marko.
            

  Hi
  NLB return traffic for UDP would come from the node IPs.
  You could use NAT on your firewalls so they come from the same public IP.
  Otherwise you'd be looking at something other than MS NLB.
  Cheers
  GF

• Windows Load Balancing 2008 R2 Server, in Multicast Mode

  Hi,
  We are experiencing a problem setting up windows load balancing with (NLB) IIS . The selected mode is multicast , however after we setup the NLB cluster IP , we cannot ping it outside the OracleVM infrastructure. This applies as well if we try to access it from another VM inside OracleVM.
  We can access the private IP's however the cluster IP does not respond when the cluster is in multicast mode.
  We have programmed the switches which are layer 2 for static ARP mappings on all connected ports.
  Still the problem remains
  Does oracle VM 3.2.1 support NLB clustering for IIS servers in multicast mode?
  is there any setting that we need to adjust so that the mac of the cluster responds to requests from physical hosts connected to the OracleVM network ?

  Hi,
  We are experiencing a problem setting up windows load balancing with (NLB) IIS . The selected mode is multicast , however after we setup the NLB cluster IP , we cannot ping it outside the OracleVM infrastructure. This applies as well if we try to access it from another VM inside OracleVM.
  We can access the private IP's however the cluster IP does not respond when the cluster is in multicast mode.
  We have programmed the switches which are layer 2 for static ARP mappings on all connected ports.
  Still the problem remains
  Does oracle VM 3.2.1 support NLB clustering for IIS servers in multicast mode?
  is there any setting that we need to adjust so that the mac of the cluster responds to requests from physical hosts connected to the OracleVM network ?

• IPTV load balancing across broadcast servers.

  I know that across Archive servers in the same cluster that IPTV control server will load balance , is there is a similar function with Broadcast servers. I know broadcast servers use a different delivery mechanism (Multicast). We have multiple broadcast servers that take in an identical live stream, but the only way to advertise thru a URL is a seperate URL per server. Is there some way to hide the multiple URL's to the client population?

  No. There is no way to load balance across multiple broadcast servers for live streams. Since this is going to be multicast, there should not be any additional load on the servers when the number of users are more.

• CF 10 Load-Balancing with Remote Instances

  I was reading an article on Clustering/LB/HA using CF8, but have not found any updates for CF10.
  Using VM VirtualBox to setup a few virtual servers, I am looking to setup a load balancing of ColdFusion 10 on 2 remote instances. The goal would be have ColdFusion Cluster Manager be able to point http request to one of the two servers based on load/availability. Not really having a hardware cluster/failover setup, just managing resources on two CF instances instead of a standalone.
  The servers are Windows Server 2008 R2 with IIS7.5 and ColdFusion 10 Enterprise on installed on 3 of these machines. Let's call them CF-LBManager, CF-Web1, and CF-Web 2. In the CF Docs, they show the Cluster Manager adding the local CF instance and "if you want" a remote instance. However, this scenario would require the main instance to be running and not fail for it to direct to the other instance.
  I am trying to set this up now with CF-LBManager as just a manager of the requests coming in. In the Enterprise Manager >> Instance Manager, the local instance is shown and I add the two remote instances with the correct Remote Port, JVM Route, etc. I also made sure the <Cluster>...</Cluster> block was added to the two remote instances (CF-Web1 and CF-Web2) \runtime\conf\server.xml file too, Jetty Services also is running. Now under the Enterprise Manager >> Cluster Manager I add the two remote instances to the cluster, not the local instance on CF-LBManager with Multicast Port and Sticky Sessions enabled. On Submit, I get a green message "You must restart all the server instances and any configured webservers for these changes to take effect.". I go ahead and reboot the servers and come back.
  I now browse to the ColdFusion page as a test on CF-Web1 and CF-Web2 to make sure CF is running properly, they do. I then browse the IP of the CF-LBManager, however it only returns the local IIS web site and not redirect to one of the two cluster members. I am not seeing any message on the coldfusion-out.log on the remote instances. Am I not setting this up correctly or not enabling the Cluster Manager to take over and pass along the requests to those in the cluster?

  Unfortunatley I don't have a lot of experience with CF10 on Windows, but if you are running CF behind IIS I think  you will need to update the Tomcat connector configuraiton to do load balancing. I'm not sure if re-running the wsconfig tool on all of the servers will do this or not, but that is what I would suggest trying first. If that doesn't work you will need to update the Tomcat connector configuraiton manually. You can find more information on load balancing with the Tomcat connector here: http://tomcat.apache.org/connectors-doc/generic_howto/loadbalancers.html.

• Network Load Balancing not failing over properly

  I have 2 MS 2012 servers setup in a NLB unicast configuration, with 2 NICs each on the same subnet.  When I take down the second server (and only the second server) the FQDN goes offline.  Below are the ipconfigs for each server.  Any help
  would be greatly appreciated!
  Ethernet adapter Data NIC 192.168.220.172:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Intel(R) I350 Gigabit Network
  #4
     Physical Address. . . . . . . . . : 6C-3B-E5-B2-48-60
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 192.168.220.172(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : 192.168.220.1
     DNS Servers . . . . . . . . . . . : 192.168.220.100
                                         192.168.200.10
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Ethernet adapter Cluster NIC:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Broadcom BCM57810 NetXtreme II
  DIS VBD Client) #67
     Physical Address. . . . . . . . . : 02-BF-C0-A8-DC-AA
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 192.168.220.171(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     IPv4 Address. . . . . . . . . . . : 192.168.220.170(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : 192.168.220.1
     DNS Servers . . . . . . . . . . . : 192.168.220.100
                                         192.168.200.10
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Ethernet adapter Data NIC 192.168.220.174:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : HP FlexFabric 10Gb 2-port 533FLR-
  r #54
     Physical Address. . . . . . . . . : A0-D3-C1-F6-96-08
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 192.168.220.174(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : 192.168.220.1
     DNS Servers . . . . . . . . . . . : 192.168.220.100
                                         192.168.200.10
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Ethernet adapter Cluster NIC:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : HP NC523SFP 10Gb 2-port Server Ad
     Physical Address. . . . . . . . . : 02-BF-C0-A8-DC-AA
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 192.168.220.173(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     IPv4 Address. . . . . . . . . . . : 192.168.220.170(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : 192.168.220.1
     DNS Servers . . . . . . . . . . . : 192.168.220.100
                                         192.168.200.10
     NetBIOS over Tcpip. . . . . . . . : Enabled

  Hi MS DEF,
  A second network adapter is required to provide peer-to-peer communication between cluster hosts. Please isolate your heartbeat network. With unicast when cluster is connected
  to a switch, incoming packets are sent to all the ports on the switch, which can cause switch flooding, please confirm you have setup your switch correct, you can refer the following Cisco Switch related unicast configuration.
  The Cisco switch unicast related information:
  How to configure Microsoft Network Load Balancing on two switches
  https://supportforums.cisco.com/discussion/11918276/how-configure-microsoft-network-load-balancing-two-switches
  More information:
  Selecting the Unicast or Multicast Method of Distributing Incoming Requests
  http://technet.microsoft.com/en-us/library/cc782694(v=ws.10).aspx
  An Optimal Network Load Balancing (NLB) Configuration
  http://blogs.technet.com/b/clint_huffman/archive/2007/10/08/an-optimal-network-load-balancing-nlb-configuration.aspx
  Selecting the Unicast or Multicast Method of Distributing Incoming Requests
  http://technet.microsoft.com/en-us/library/cc782694(v=ws.10).aspx
  I’m glad to be of help to you!
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Best Option (if any) for Load Balancing Distribution Point(s) on Same LAN

  Hey Guys - 
  I've got a simple question this time.  We use SCCM 2012 R2, manage ~800 systems at 3 locations, but perform most work at our main office where this scenario takes place.  Here, we have a single DP on-site which is a separate VM than our Primary
  which is also local.
  Recently, our PC Lab tried running our OSD TS on 16 systems which were each started 1-2 minutes apart.  When run on a single  brand new PC connected via GB network, the OSD TS takes a couple of hours to complete so with 16 it really caused some
  issues.  We had a couple of Programs/Packages/Applications which actually timed out due to the default 120 minute max run time.  We don't usually image 16 at a time, but often do 2-3 at once so are looking to find a solution to speed things up anyways.
  My Question
  What is the best solution / method for implementing any type of load balancing on a single LAN?  I'm not asking for true load balancing, but simply any solution where multiple systems running a TS can pull from more than a single local source if possible.
  We do not use multicasting and from what I've been told it will not be a possibility as it causes havoc on networks so it's out. I know that some clients can share content depending on deployment configuration, but don't know how / if this applies to OSD
  Task Sequences.
  Any suggestions or ideas?  Thanks! 
  Ben K.

  Agree, 16 machines is not a lot. I would normally go for about 2000 machines per DP depending on pkg/img size etc. Whats the size of that rebuild? Image + packages? Do you do a full DL before starting or is it started from WinPE?
  Our BranchCache tools will of course help, regardless of how fast your gig link is since data will be pulled from more sources, but think your issue is more network related? If the images is 5 gig and you add another 5 gig of packges in the sequence a 1Gb/s
  link should pull that 16 * 10GB=160GB in about half an hour. So think dont think you are having 1Gb/s from server to clients.
  //Andreas
  http://2pintSoftware.com

• Load balancing with multiple clusters (HTTPProxyServlet)

            Hello!
            I'm newbie in Weblogic. I would like to have clustering and load balancing in
            development environment. I've created 2 clusters, with one managed server each.
            I've created a web application for deploying the http proxy servlet and put it
            under another managed server without clustering. Below is my configuration:
            managed server without cluster (as proxy) - Port 8002
            admin server - Port 8001
            cluster_1 - multicast address 237.0.0.11, multicast port 8004, cluster address
            - t3://localhost:8006, t3://localhost:8007
            cluster_2 - multicast address 237.0.0.10, multicast port 8014, cluster address
            - t3://localhost:8006, t3://localhost:8007
            managed_cluster1 - under cluster_1, port 8006
            managed_cluster2 - under cluster_2, port 8007
            in the web.xml of the proxy, i put the following parameters:
            <param-name>WebLogicCluster</param-name>
            <param-value>localhost:8006|localhost:8007</param-value>
            However, when i send the requests to http://localhost:8002/sms, the requests always
            go to the same server, for eg: managed_cluster2?
            If i configure using single cluster, the load balancing will be in proper. What's
            the cause fo the problem? and any solution?
            Thanx in advance.
            Regards,
            joey
            

  You have 2 options here Jordi, either you can use BGP loadbalancing, this requires multipath as BGP by default would only install one route from the BGP table to the RIB hence FIB.
  But this may result in excessive IRL (inter rack link) usage in the cluster when traffic coming in on rack0 wants to take the bGP path out on rack1
  You could also use ABF (access-list based forwarding) to forcelly push traffic received on rack0 out on the link on rack0 and use an ipsla tracker to fallback to rack1 in case the uplink is gone.
  Alternatively to extend this by IGP signaling to redirect traffic preferably to rack1 to start with to minimize the IRL usage.
  And then you also have the ability to use RPL in the uplink path to make one link more preferred on teh internet then the other in case you want to control a bit which link is preferably used on rack0 or rack1
  regards
  xander

• Load balancing on sub-interfaces (3 links)

  Hello.
  I am trying to load balance between the three links of a bundle. Traffic comes and goes with the same bundle interface.
  Launched 5 threads TCP\UDP with different SRC DST IP addresses and see the following balances:
  IOS-XR               Monitor Time: 00:00:30          SysUptime: 106:39:28
                            Last Clear:   00:00:22
  Protocol:General
  Interface             In(pps)      Out(pps)      InPkts/Delta   OutPkts/Delta
  Te0/1/0/0             11381           628        102062/25512       256/64
  Te0/1/0/1             33849         55965        303244/75700    505364/126230
  Te0/1/0/2             11363             0        100800/25200         0/0
  Quit='q',     Clear='c',    Freeze='f', Thaw='t',
  Next set='n', Prev set='p', Bytes='y',  Packets='k'
  (General='g', IPv4 Uni='4u', IPv4 Multi='4m', IPv6 Uni='6u', IPv6 Multi='6m')
  We have 10G switch connected to asr9010 three ports and the following configuration:
  interface TenGigE0/1/0/0
  bundle id 1 mode active
  bundle port-priority 2
  interface TenGigE0/1/0/1
  bundle id 1 mode active
  bundle port-priority 2
  interface TenGigE0/1/0/2
  bundle id 1 mode active
  interface Bundle-Ether1.75
  ipv4 address 25.0.0.1 255.255.255.252
  encapsulation dot1q 75
  interface Bundle-Ether1.76
  ipv4 address 26.0.0.1 255.255.255.252
  encapsulation dot1q 76
  RP/0/RSP0/CPU0: ios # sh bundle load-balancing bundle-e1 detail location 0/1/CPU0
  Tue Jun 4 07:03:07.605 UTC
  Bundle-Ether1
    Type: Ether (L3)
    Members <current/max>: 3/3
    Total Weighting: 3
    Load balance: Default
    Locality threshold: 65
    Avoid rebalancing? False
    Sub-interfaces: 3
    Member Information:
      Port: LON ULID BW
      Te0/1/0/0 0 0 1
      Te0/1/0/1 1 1 1
      Te0/1/0/2 2 2 1
    Sub-interface Information:
      Sub-interface Type Load Balance Locality
                                          Hash Threshold
      Bundle-Ether1.76 L3 Default 65
      Bundle-Ether1.75 L3 Default 65
      Bundle-Ether1.100 L3 Default 65
    Platform Information:
    =====================
                    * Bundle Summary Information *
  Interface: Bundle-Ether1 Ifhandle: 0x08000160
  Lag ID: 1 Virtual Port: 255
  Number of Members: 3 Local to LC: Yes
  Hash Modulo Index: 3
  Member Information:
  LON Interface ifhandle SFP port slot remote / rack_id
  Te0/1/0/0 0x02000140 0 12 0 1 0/0
  Te0/1/0/1 0x02000180 1 13 0 1 0/0
  Te0/1/0/2 0x020001c0 11 2 0 1 0/0
                     * Bundle Table Information *
  [NP 0]:
     Unicast (Global) LAG table
  idx local LON VQI port
     1 0 0 12 0
     2 0 1 13 0
     3 0 2 11 0
  [NP 1]
     Unicast (Global) LAG table
  idx local LON VQI port
     1 0 0 12 0
     2 0 1 13 0
     3 0 2 11 0
  [NP 2]:
     Unicast (Global) LAG table
  idx local LON VQI port
     1 0 0 12 0
     2 0 1 13 0
     3 0 2 11 0
  [NP 3]
     Unicast (Global) LAG table | Multicast (Local) LAG table
  idx local LON VQI port | idx local LON VQI port
     1 0 0 12 0 1 1 2 11 0
     2 0 1 13 0 2 0 0 0 0
     3 1 2 11 0 3 0 0 0 0
  [NP 4]:
     Unicast (Global) LAG table | Multicast (Local) LAG table
  idx local LON VQI port | idx local LON VQI port
     1 1 0 12 0 1 1 0 12 0
     2 0 1 13 0 2 0 0 0 0
     3 0 2 11 0 3 0 0 0 0
  [NP 5]
     Unicast (Global) LAG table | Multicast (Local) LAG table
  idx local LON VQI port | idx local LON VQI port
     1 0 0 12 0 1 1 1 13 0
     2 1 1 13 0 2 0 0 0 0
     3 0 2 11 0 3 0 0 0 0
  [NP 6]
     Unicast (Global) LAG table
  idx local LON VQI port
     1 0 0 12 0
     2 0 1 13 0
     3 0 2 11 0
  [NP 7]
     Unicast (Global) LAG table
  idx local LON VQI port
     1 0 0 12 0
     2 0 1 13 0
     3 0 2 11 0
  ================================================== =============================

  20 flows and a bit better result:
  IOS-XR               Monitor Time: 00:00:08          SysUptime: 133:33:44
                       Last Clear:   00:00:06
  Protocol:General
  Interface             In(pps)      Out(pps)      InPkts/Delta   OutPkts/Delta
  Te0/1/0/0             11794         14977             0/44696         0/44484
  Te0/1/0/1             10682          8786             0/37924         0/25456
  Te0/1/0/2             18243         16958             0/44596         0/57579
  Quit='q',     Clear='c',    Freeze='f', Thaw='t',
  Next set='n', Prev set='p', Bytes='y',  Packets='k'
  (General='g', IPv4 Uni='4u', IPv4 Multi='4m', IPv6 Uni='6u', IPv6 Multi='6m')
  Can the ASR9K more or less normal balance on uneven number of links?

• FTP Load-Balancing in DSR mode

  Hello Experts .. 
  Need some clarity on FTP LB under DSR mode ....  I have my DSR working fine for normal http traffic , but facing issues with FTP on the same , please find the configs attached below 
  Topology 
  Client ( 10.20.10.101)   -----> CAT6k  ( 10.20.10.110 & 10.10.15.2)  --> ACE --- > Server 
  VLAN 149                                  VLAN 149 & VLAN 150
  access-list access line 8 extended permit icmp any any
  access-list access line 16 extended permit tcp any any
  access-list acl line 8 extended permit ip any any
  rserver host real2
    ip address 10.10.15.101
    inservice
  serverfarm host ftp
    transparent
    rserver real2
      inservice
  class-map match-all ftp-vip
    2 match virtual-address 192.168.5.5 tcp eq ftp
  class-map match-any ftp_1
    2 match access-list access
  policy-map type management first-match mgmt
    class class-default
      permit
  policy-map type loadbalance first-match ftp
    class class-default
      serverfarm ftp
  policy-map multi-match LBPOL
    class vip
      loadbalance vip inservice
      loadbalance policy lbpol
      loadbalance vip icmp-reply active
    class ftp-vip
      loadbalance vip inservice
      loadbalance policy ftp
      inspect ftp
    class ftp_1
      nat dynamic 5 vlan 150
  interface vlan 61
    ip address 61.202.200.200 255.0.0.0
    access-group input acl
    service-policy input mgmt
    no shutdown
  interface vlan 150
    description server-side
    ip address 10.10.15.1 255.255.255.0
    no normalization
    access-group input acl
    nat-pool 5 10.10.15.209 10.10.15.209 netmask 255.255.255.255 pat
    service-policy input LBPOL
    service-policy input mgmt
    no shutdown
  ip route 0.0.0.0 0.0.0.0 10.10.15.2
  Client
  ======
  root@TLS_SRV ~]# ifconfig eth1.149
  eth1.149  Link encap:Ethernet  HWaddr 00:1C:23:E2:50:C4
            inet addr:10.20.10.101  Bcast:10.20.10.255  Mask:255.255.255.0
            inet6 addr: fe80::21c:23ff:fee2:50c4/64 Scope:Link
            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
            RX packets:203 errors:0 dropped:0 overruns:0 frame:0
            TX packets:68 errors:0 dropped:0 overruns:0 carrier:0
            collisions:0 txqueuelen:0
            RX bytes:10444 (10.1 KiB)  TX bytes:8408 (8.2 KiB)
  route
   192.168.5.0     10.20.10.110    255.255.255.0   UG    0      0        0 eth1.149
  CAT6k
  =======
  interface Vlan149
   ip address 10.20.10.110 255.255.255.0
  end
  interface Vlan150
   ip address 10.10.15.2 255.255.255.0
  end
  ip route 192.168.5.5 255.255.255.255 10.10.15.1    
  Server
  =======
  eth1.150  Link encap:Ethernet  HWaddr 00:1C:23:E2:50:C4
            inet addr:10.10.15.101  Bcast:10.10.15.255  Mask:255.255.255.0
            inet6 addr: fe80::21c:23ff:fee2:50c4/64 Scope:Link
            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
            RX packets:9194 errors:0 dropped:0 overruns:0 frame:0
            TX packets:408 errors:0 dropped:0 overruns:0 carrier:0
            collisions:0 txqueuelen:0
            RX bytes:503104 (491.3 KiB)  TX bytes:71884 (70.1 KiB)
  eth1.150:1 Link encap:Ethernet  HWaddr 00:1C:23:E2:50:C4
            inet addr:192.168.5.5  Bcast:192.168.5.255  Mask:255.255.255.0
            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  route
  10.20.0.0       10.10.15.2      255.255.0.0     UG    0      0        0 eth1.150
  When i do FTP from client 10.20.10.101 , my connection is getting refused.... But when i connect to my server directly bypassing ACE i am getting authenticated .. 
  As per the DSR , i made  Rserver & ACE as L2 Adjacent  , so when ACE receives the packet it will change the dest ip instead it will use VIP ip as destination , but the MAC will be rewritten to Rserver MAC address... As i said before all works fine for http DSR ... 
  I know NAT doesn't work in ACE when its configured under DSR , but for FTP i made NAT config , but even if i remove the same its not working , Is my config for FTP is correct ? 
  Could some please look into this and reply ? 
  Thanks
  Charles

  if you need to route / provide load balancing between 2 hosts, then you will need to have Route SAF . you can use web server 7 reverse proxy cli or gui to get this. however, you might want to start from a fresh configuration to avoid reverse-map / map that you have experimented with does not overlap with the 'Route' functionality that you seem to need here
  here are some reference content
  http://blogs.sun.com/amit/entry/setting_up_a_reverse_proxy
  http://blogs.sun.com/meena/entry/configuring_reverse_proxy_in_sun
  http://www.sun.com/bigadmin/features/articles/web_server_zones.jsp

• Forcing traffic through load balancer rather than zone to zone

  I have several T5140s with 2 LDOMs. Within each LDOM I have multiple zones which contain 2 environments. Each environment comprises the following, an apache instance behind a BigIP load balancer, a JBoss instance, and several misc. The jboss zone has three IP address assigned for multiple applications. Each server is configured identically as far as zone and LDOM layout. We use mod_cluster to cluster our apache and Jboss environment. What I'm trying to accomplish is forcing the apache zone's traffic through the BigIP rather than zone to zone.
  Referring to the information below, server2ldom1jboss is one jboss node which needs to connect to both server2ldom1japache and server1ldom1apache. server2ldom1jboss connects to server2ldom1apache via its DNS name which is a NAT address. So webserver2 resolves to 10.10.2.5 which NATs to 10.10.1.5 behind the BigIP. webserver2 responds directly to the jboss zone rather than through the BigIP. Not good. server1ldom1apache works correctly as it's not a local zone.
  Referring to this document, https://blogs.oracle.com/solarium/resource/solaris-container-guide-en-v3.1.pdf
  section 5.2.7.8
  "Connection of zones via external routers using the shared IP instance"
  I've created the following routes
  route add 10.10.2.5 10.10.1.5
  route add 10.10.0.34 10.10.1.5 -interface -reject
  route add 10.10.0.35 10.10.1.5 -interface -reject
  route add 10.10.0.87 10.10.1.5 -interface -reject
  route add 10.10.1.5 10.10.0.87 -interface -reject
  route add 10.10.1.5 10.10.0.34 -interface -reject
  route add 10.10.1.5 10.10.0.35 -interface -reject
  This does prevent the zone to zone traffic, but it also preventing any response. I've tried other options as well, but have not been successful yet. What concerns me is this "These interfaces must not be used elsewhere in the global zone." The 5140 has 4 ethernet ports, which are configured into two port channels. vnet0 and vnet1. The apache instances use vnet1. The remaining zones use vnet0, including the global zone (server2ldom1 10.10.0.21). I think this may be the issue, but do not see an easy resolution without breaking my port channels and losing redundancy and fail-over.
  If there is anything I'm missing or a better/different way to do this, I would greatly appreciate any input on this matter.
  Thank you.
  webserver2 10.10.2.5 NATs to 10.10.1.5
  jboss apps 10.10.0.34, 10.10.0.35, 10.10.0.87
  10.10.0.0/24 is the lan
  10.10.1.0/24 is the network behind the BigIP
  10.10.2.0/24 is the webserver network (in front of the BigIP)
  [1658]root@server2:~# ldm list-bindings
  NAME STATE FLAGS CONS VCPU MEMORY UTIL UPTIME
  primary active -n-cv- SP 4 2G 1.1% 138d 5h
  MAC
  00:14:4f:ec:20:ff
  HOSTID
  0x84ec20b8
  VCPU
  VID PID UTIL STRAND
  0 0 2.0% 100%
  1 1 1.4% 100%
  2 2 0.7% 100%
  3 3 2.1% 100%
  MAU
  ID CPUSET
  0 (0, 1, 2, 3, 4, 5, 6, 7)
  MEMORY
  RA PA SIZE
  0x8000000 0x8000000 2G
  VARIABLES
  boot-device=/pci@0/pci@0/pci@2/scsi@0/disk@0,0:a disk net
  keyboard-layout=US-English
  nvramrc=devalias rootdisk /pci@0/pci@0/pci@2/scsi@0/disk@0,0:a devalias rootmirror /pci@0/pci@0/pci@2/scsi@0/disk@1,0:a
  security-mode=none
  security-password=
  use-nvramrc?=true
  IO
  DEVICE PSEUDONYM OPTIONS
  pci@0 pci
  niu@80 niu
  VCC
  NAME PORT-RANGE
  primary-vcc0 5000-5010
  CLIENT PORT
  group1@primary-vcc0 5000
  group1@primary-vcc0 5000
  VSW
  NAME MAC NET-DEV DEVICE DEFAULT-VLAN-ID PVID VID MODE
  primary-vsw0 00:14:4f:f9:ff:ff aggr1 switch@0 1 1
  PEER MAC PVID VID
  vnet0@ldom2 00:14:4f:fb:7b:ff 1
  vnet0@ldom1 00:14:4f:fb:1a:ff 1
  NAME MAC NET-DEV DEVICE DEFAULT-VLAN-ID PVID VID MODE
  primary-vsw1 00:14:4f:fb:8e:ff aggr2 switch@1 1 1
  PEER MAC PVID VID
  vnet1@ldom1 00:14:4f:f8:17:ff 1
  vnet1@ldom2 00:14:4f:f8:c2:ff 1
  VDS
  NAME VOLUME OPTIONS MPGROUP DEVICE
  primary-vds0 ldom2_swap /ldoms/swap/server2ldom2
  ldom2_root /dev/dsk/c4t600601601CE1210018F9E37BD2AADD11d0s2
  ldom1_swap /ldoms/swap/server2ldom1
  ldom1_root /dev/dsk/c4t600601601CE121007E02166CD2AADD11d0s2
  CLIENT VOLUME
  ldom2_swap@ldom2 ldom2_swap
  ldom2_root@ldom2 ldom2_root
  ldom1_swap@ldom1 ldom1_swap
  ldom1_root@ldom1 ldom1_root
  VCONS
  NAME SERVICE PORT
  SP
  NAME STATE FLAGS CONS VCPU MEMORY UTIL UPTIME
  ldom1 active -n---- 5000 30 15G 3.7% 192d 6h
  MAC
  00:14:4f:f8:a5:ff
  HOSTID
  0x84f8a5f5
  VCPU
  VID PID UTIL STRAND
  0 4 0.4% 100%
  1 5 0.3% 100%
  2 6 0.1% 100%
  3 7 4.4% 100%
  4 8 0.2% 100%
  5 9 0.2% 100%
  6 10 14% 100%
  7 11 0.1% 100%
  8 12 8.1% 100%
  9 13 0.1% 100%
  10 14 0.1% 100%
  11 15 0.1% 100%
  12 16 0.3% 100%
  13 17 0.1% 100%
  14 18 0.1% 100%
  15 19 0.1% 100%
  16 20 0.3% 100%
  17 21 0.6% 100%
  18 22 0.3% 100%
  19 23 0.1% 100%
  20 54 1.0% 100%
  21 55 0.5% 100%
  22 56 1.2% 100%
  23 57 0.2% 100%
  24 58 4.5% 100%
  25 59 0.9% 100%
  26 60 0.0% 100%
  27 61 0.1% 100%
  28 62 0.1% 100%
  29 63 0.3% 100%
  MAU
  ID CPUSET
  1 (8, 9, 10, 11, 12, 13, 14, 15)
  2 (16, 17, 18, 19, 20, 21, 22, 23)
  6 (48, 49, 50, 51, 52, 53, 54, 55)
  7 (56, 57, 58, 59, 60, 61, 62, 63)
  MEMORY
  RA PA SIZE
  0x8000000 0x88000000 10G
  0x401800000 0x6b1800000 5G
  VARIABLES
  auto-boot?=true
  boot-device=ldom1_root:b
  NETWORK
  NAME SERVICE DEVICE MAC MODE PVID VID
  vnet0 primary-vsw0@primary network@0 00:14:4f:fb:1a:ff 1
  PEER MAC MODE PVID VID
  primary-vsw0@primary 00:14:4f:f9:ff:ff 1
  vnet0@ldom2 00:14:4f:fb:7b:ff 1
  NAME SERVICE DEVICE MAC MODE PVID VID
  vnet1 primary-vsw1@primary network@1 00:14:4f:f8:17:ff 1
  PEER MAC MODE PVID VID
  primary-vsw1@primary 00:14:4f:fb:8e:ff 1
  vnet1@ldom2 00:14:4f:f8:c2:ff 1
  DISK
  NAME VOLUME TOUT DEVICE SERVER MPGROUP
  ldom1_swap ldom1_swap@primary-vds0 disk@0 primary
  ldom1_root ldom1_root@primary-vds0 disk@1 primary
  VCONS
  NAME SERVICE PORT
  group1 primary-vcc0@primary 5000
  NAME STATE FLAGS CONS VCPU MEMORY UTIL UPTIME
  ldom2 active -n---- 5000 30 15000M 0.8% 192d 6h
  MAC
  00:14:4f:fa:e8:ff
  HOSTID
  0x84fae839
  VCPU
  VID PID UTIL STRAND
  0 24 1.0% 100%
  1 25 1.0% 100%
  2 26 0.0% 100%
  3 27 0.0% 100%
  4 28 0.1% 100%
  5 29 0.3% 100%
  6 30 0.0% 100%
  7 31 0.0% 100%
  8 32 0.0% 100%
  9 33 0.1% 100%
  10 34 1.3% 100%
  11 35 0.0% 100%
  12 36 0.1% 100%
  13 37 1.0% 100%
  14 38 1.9% 100%
  15 39 0.0% 100%
  16 40 0.0% 100%
  17 41 0.0% 100%
  18 42 0.1% 100%
  19 43 0.5% 100%
  20 44 0.2% 100%
  21 45 0.0% 100%
  22 46 0.2% 100%
  23 47 0.4% 100%
  24 48 0.2% 100%
  25 49 0.0% 100%
  26 50 0.0% 100%
  27 51 0.0% 100%
  28 52 0.0% 100%
  29 53 0.0% 100%
  MAU
  ID CPUSET
  3 (24, 25, 26, 27, 28, 29, 30, 31)
  4 (32, 33, 34, 35, 36, 37, 38, 39)
  5 (40, 41, 42, 43, 44, 45, 46, 47)
  MEMORY
  RA PA SIZE
  0x8000000 0x308000000 15000M
  VARIABLES
  auto-boot?=true
  boot-device=/virtual-devices@100/channel-devices@200/disk@1:b ldom2_root
  keyboard-layout=US-English
  NETWORK
  NAME SERVICE DEVICE MAC MODE PVID VID
  vnet0 primary-vsw0@primary network@0 00:14:4f:fb:7b:ff 1
  PEER MAC MODE PVID VID
  primary-vsw0@primary 00:14:4f:f9:ff:ff 1
  vnet0@ldom1 00:14:4f:fb:1a:ff 1
  NAME SERVICE DEVICE MAC MODE PVID VID
  vnet1 primary-vsw1@primary network@1 00:14:4f:f8:c2:ff 1
  PEER MAC MODE PVID VID
  primary-vsw1@primary 00:14:4f:fb:8e:ff 1
  vnet1@ldom1 00:14:4f:f8:17:ff 1
  DISK
  NAME VOLUME TOUT DEVICE SERVER MPGROUP
  ldom2_swap ldom2_swap@primary-vds0 disk@0 primary
  ldom2_root ldom2_root@primary-vds0 disk@1 primary
  VCONS
  NAME SERVICE PORT
  group1 primary-vcc0@primary 5000
  [1657]root@server2ldom1:~# ifconfig -a
  lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
  inet 127.0.0.1 netmask ff000000
  lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
  zone server2ldom1z3
  inet 127.0.0.1 netmask ff000000
  lo0:2: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
  zone server2ldom1z2
  inet 127.0.0.1 netmask ff000000
  lo0:3: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
  zone server2ldom1z6
  inet 127.0.0.1 netmask ff000000
  lo0:4: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
  zone server2ldom1jboss
  inet 127.0.0.1 netmask ff000000
  lo0:5: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
  zone server2ldom1apache
  inet 127.0.0.1 netmask ff000000
  lo0:6: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
  zone server2ldom1z1
  inet 127.0.0.1 netmask ff000000
  vnet0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
  inet 10.10.0.21 netmask ffffff00 broadcast 10.10.0.255
  ether 0:14:4f:fb:1a:ff
  vnet0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
  zone server2ldom1z2
  inet 10.10.0.33 netmask ffffff00 broadcast 10.10.0.255
  vnet0:2: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
  zone server2ldom1z6
  inet 10.10.0.36 netmask ffffff00 broadcast 10.10.0.255
  vnet0:3: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
  zone server2ldom1jboss
  inet 10.10.0.34 netmask ffffff00 broadcast 10.10.0.255
  vnet0:4: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
  zone server2ldom1jboss
  inet 10.10.0.35 netmask ffffff00 broadcast 10.10.0.255
  vnet0:5: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
  zone server2ldom1z1
  inet 10.10.0.32 netmask ffffff00 broadcast 10.10.0.255
  vnet0:6: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
  zone server2ldom1z1
  inet 10.10.0.74 netmask ffffff00 broadcast 10.10.0.255
  vnet0:7: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
  zone server2ldom1jboss
  inet 10.10.0.87 netmask ffffff00 broadcast 10.10.0.255
  vnet1: flags=1000842<BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
  inet 0.0.0.0 netmask 0
  ether 0:14:4f:f8:17:ff
  vnet1:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
  zone server2ldom1z3
  inet 10.10.1.101 netmask fffffc00 broadcast 10.10.47.255
  vnet1:2: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
  zone server2ldom1apache
  inet 10.10.1.5 netmask fffffc00 broadcast 10.10.47.255
  [1701]root@server2ldom1:~# zonecfg -z server2ldom1jboss info
  zonename: server2ldom1jboss
  zonepath: /zones/server2ldom1jboss
  brand: native
  autoboot: true
  bootargs:
  pool:
  limitpriv:
  scheduling-class:
  ip-type: shared
  inherit-pkg-dir:
  dir: /lib
  inherit-pkg-dir:
  dir: /platform
  inherit-pkg-dir:
  dir: /sbin
  inherit-pkg-dir:
  dir: /usr
  inherit-pkg-dir:
  dir: /opt/sfw
  inherit-pkg-dir:
  dir: /opt/
  net:
  address: 10.10.0.34
  physical: vnet0
  defrouter: 10.10.0.1
  net:
  address: 10.10.0.35
  physical: vnet0
  defrouter: 10.10.0.1
  net:
  address: 10.10.0.87
  physical: vnet0
  defrouter: 10.10.0.1
  attr:
  name: comment
  type: string
  value: server2ldom1jboss
  [1702]root@server2ldom1:~# zonecfg -z server2ldom1apache info
  zonename: server2ldom1apache
  zonepath: /zones/server2ldom1apache
  brand: native
  autoboot: true
  bootargs:
  pool:
  limitpriv:
  scheduling-class:
  ip-type: shared
  inherit-pkg-dir:
  dir: /lib
  inherit-pkg-dir:
  dir: /platform
  inherit-pkg-dir:
  dir: /sbin
  inherit-pkg-dir:
  dir: /usr
  inherit-pkg-dir:
  dir: /opt/sfw
  inherit-pkg-dir:
  dir: /opt/
  net:
  address: 10.10.1.5/22
  physical: vnet1
  defrouter not specified
  attr:
  name: comment
  type: string
  value: server2ldom1apache
  Edited by: coreyva on Feb 18, 2012 11:36 AM

  After further research, I think the best course of action will be to create a VLAN for the zone behind the BigIP and then create the corresponding interface in the vlan and zone. Using this links as my references in case anyone is interested. I'll post what I come up with.
  https://blogs.oracle.com/stw/entry/using_ip_instances_with_vlans
  https://blogs.oracle.com/stw/entry/solaris_zones_and_networking_common
  http://docs.oracle.com/cd/E19253-01/816-4554/816-4554.pdf # AdministeringVirtualLocalAreaNetworks
  http://docs.oracle.com/cd/E19053-01/ldoms.mgr11/820-4913-10/820-4913-10.pdf # Assign VLANs to a Virtual Switch and Virtual
  Network Device

• Internet Based Clients via F5 Big-IP load balancer

  Hi Guys,
  Please help with below question....
  We have the requirement to support internet based clients...we have a proper MS PKI infra in-place. The SCCM design is like this : Primary Server is on corporate LAN and I have attached a site system server which is in DMZ network ( Say ABC Zone ). Now as
  per my knowledge DMZ SCCM Site System server should be accessible to clients over internet connection and to make this happen, FQDN of site systems that support Internet-based client management must be registered as host entries on public DNS servers.
  Now the twist is... as per our company policy we cannot make that SCCM Site system server directly available on internet... Network team is saying there is another DMZ zone ( Say PQR Zone ) where they have F5 Big-IP load balancer which are internet facing
   ( HTTPS ). Now they are saying that our SCCM clients should hit those devices and then internally re-direct to our SCCM site system server kept in ABC Zone.
  VeriSign certificates will be used to encrypt in-coming network traffic to the F5 Big-IP Load Balancers configured as ADFS reverse proxy servers residing in the PQR Zone.
  Is this scenario supported ? Please let me know what alternates we can have to avoid our SCCM server not directly facing to internet.
  Thanks,
  Sam 

  Hi Jason,
  Thanks for your quick and prompt reply as always. My answers in BOLD...
  First a question, you said "we have a proper MS PKI infra in-place". Does this mean you have a CDP exposed to the Internet or is an OCSP responder Internet accessible? If not, you will have issues although this can be overcome by disabling CRL checking
  on the clients, that does lower your security posture. With "Proper PKI infra" I meant... they have if available already and supporting SCCM 2007 environment with it...but not supporting internet based clients in SCCM 2007. They implemented PKI there
  just for better security. At present PKI CRL server is on internal network and the assumption is that, machines will also VPN-in the corporate network for CRL and certificate renewal when required...at some point in time.
  To your real question here, is the F5 bridging or can it be set to pass-through? Pass-through is generally easier. Ultimately though, ConfigMgr doesn't care as long as the traffic gets to the site system hosting the roles. The main difference will be with the
  certificates used by each component. With bridging, the F5 will terminate the SSL traffic and then initiate a new SSL stream to the site system.
  This is all pretty transparent to ConfigMgr and the client as long as the certs used are configured with the proper SANs and the F5 properly passes the traffic along.
  I don't think Network team would allow 'pass-through' and would go for 'bridging' option. Can you please let me know the steps I need to follow to configure bridging in-between F5 Balancers and SCCM site system server...bottom line is...our SCCM clients
  should be able to communicate to our site server to get the MP, SUP and DP service. I'm not clear with the statement I underlined in above para.
  Is using a third-party product like an F5 supported by Microsoft. No not explicitly. They rarely support anyone else's technology. Is the scenario in general supported? Yes, however Microsoft only provides guidance for doing so in conjunction with TMG/ISA.
  If you search the web for "internet based client management bridge" you'll get lots of hits. Most (if not all) will be for ConfigMgr 2007 but they are still applicable.
  Not able to find much fruitful data... Can you please provide me with good links which would help me clear this technically.
  Now, if your F5 is set to pass-through, then there's not much extra to do at all assuming the traffic is routed properly
  THANKS AGAIN for your help in this regard.
  Sam