Load balancing with use of router 881.
Hello,
I have two MPLS line and i want load balancing with the help of CISCO router 881. is it necessary that i require two router on both location.? if one location have firewall and one location have cisco router 881 then can i do a load balancing or i require two router each on both location ? What are the basic requirement that i need.
Thanks,
Kuntal
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
An 881 should be able to load share across multiple ports. Many routing protocol support ECMP, including BGP, but you need "special" hidden/secret commands to enable. EIGRP also supports unequal cost load sharing.
If an 881 supports OER or PfR, those too will do unequal load sharing, dynamically.
Similar Messages
-
CF 10 Load-Balancing with Remote Instances
I was reading an article on Clustering/LB/HA using CF8, but have not found any updates for CF10.
Using VM VirtualBox to setup a few virtual servers, I am looking to setup a load balancing of ColdFusion 10 on 2 remote instances. The goal would be have ColdFusion Cluster Manager be able to point http request to one of the two servers based on load/availability. Not really having a hardware cluster/failover setup, just managing resources on two CF instances instead of a standalone.
The servers are Windows Server 2008 R2 with IIS7.5 and ColdFusion 10 Enterprise on installed on 3 of these machines. Let's call them CF-LBManager, CF-Web1, and CF-Web 2. In the CF Docs, they show the Cluster Manager adding the local CF instance and "if you want" a remote instance. However, this scenario would require the main instance to be running and not fail for it to direct to the other instance.
I am trying to set this up now with CF-LBManager as just a manager of the requests coming in. In the Enterprise Manager >> Instance Manager, the local instance is shown and I add the two remote instances with the correct Remote Port, JVM Route, etc. I also made sure the <Cluster>...</Cluster> block was added to the two remote instances (CF-Web1 and CF-Web2) \runtime\conf\server.xml file too, Jetty Services also is running. Now under the Enterprise Manager >> Cluster Manager I add the two remote instances to the cluster, not the local instance on CF-LBManager with Multicast Port and Sticky Sessions enabled. On Submit, I get a green message "You must restart all the server instances and any configured webservers for these changes to take effect.". I go ahead and reboot the servers and come back.
I now browse to the ColdFusion page as a test on CF-Web1 and CF-Web2 to make sure CF is running properly, they do. I then browse the IP of the CF-LBManager, however it only returns the local IIS web site and not redirect to one of the two cluster members. I am not seeing any message on the coldfusion-out.log on the remote instances. Am I not setting this up correctly or not enabling the Cluster Manager to take over and pass along the requests to those in the cluster?Unfortunatley I don't have a lot of experience with CF10 on Windows, but if you are running CF behind IIS I think you will need to update the Tomcat connector configuraiton to do load balancing. I'm not sure if re-running the wsconfig tool on all of the servers will do this or not, but that is what I would suggest trying first. If that doesn't work you will need to update the Tomcat connector configuraiton manually. You can find more information on load balancing with the Tomcat connector here: http://tomcat.apache.org/connectors-doc/generic_howto/loadbalancers.html.
-
Anyone and everyone,
When configuring load balancing with Weblogic clusters, does load
balancing take effect for all services or just EJB and RMI? Or another
way of saying the same thing, can I setup weighted load balancing for
the JSP engines across 2 weblogic servers.
Thanks in advance,
MikeThe load-balancing documentation you read describing the different algorithms only applies to RMI stubs (e.g., EJB clients). Please see http://www.weblogic.com/docs51/cluster/concepts.html#1026091 for a description of how load-balancing/clustering works with servlets/JSPs.
The short answer is that in using servlet clustering, most people want/need/use in-memory replication for HttpSession objects. In WLS 5.1 (and before), in-memory replication requires one or more proxy servers be set-up in front of the cluster. Typically, most people use something like BigIP to load-balance
across the proxy servers and let the weblogic plug-in for the proxy server handle the routing to the cluster. The plug-in uses round-robin until an HttpSession is established for a user, then it always tries to route to the server where the user's session is located.
Hope this helps,
Robert
Brian Lin wrote:
All,
I have a quesiton here regarding load balancing with DNS round robin. As of Chapter Adminstration of Clustering Weblogic server, Weblogic can be configured to balance by weight. How about Weblogic handle weight based balancing after DNS round robin ip response? or just can choose one way instead of both?
What's the big difference between choosing BigIP and software balancing (WL)?
Brian
"Wei Guan" <[email protected]> wrote:
I don't think you can configure this load balancing in weblogic in current
release. However, if you have Big-IP or LocalDireoctr, you can set up
weighted load-balancing there. Otherwise, weblogic proxy will use DNS round
robin to do the load-balancing between JSP engins.
My 2 cents.
Cheers - Wei
Michael Yakimisky <[email protected]> wrote in message
news:[email protected]...
Anyone and everyone,
When configuring load balancing with Weblogic clusters, does load
balancing take effect for all services or just EJB and RMI? Or another
way of saying the same thing, can I setup weighted load balancing for
the JSP engines across 2 weblogic servers.
Thanks in advance,
Mike -
Multihomed eBGP load balancing with 3 ISP's
We currently peer with 2 ISPs using BGP in an active/failover configuration. My company wants to move to a 3 ISP model where Internet traffic is split across the 3 providers so that bandwidth is equally distributed on outgoing traffic across our 2 /22 ARIN IP ranges. This is from our 2 edge switches that have VSS.
Within my limited knowledge of BGP, I have determined that we could do load sharing pretty easily by adding multiple default routes and breaking up our /22's into /24 and advertising them that way. However, I don't think this satisfies the request that downtime must be seamless, should one link drop.
Currently, our ISP's advertise default routes. From the research that I've done, we could get close to load balanced links if we receive full BGP routes and community settings and definitions. I'm nervous about this because it looks really complicated, and I don't want our AS to turn into a transit AS. I've been told the same can be accomplished with only partial BGP routes and community settings and definitions.
Personally, I think we just need a WAN load balancer. However, given the request, is there a thread out there that can explain this, or can someone discuss this requested scenario a little bit?
Thanks!Hi there
First question would be what is the required reconvergence time for the applications using the Internet? Should an outage occur, when do they lose their state? Once you know that, you then have a target to aim for in terms of recovery
With regards load-balancing, with BGP we are always talking inbound and outbound.
The outbound solution is relatively simple - each ISP advertises a default route to your Internet edge router(s). Create an eBGP session from each edge router to the core, advertise the default route and redistribute into the IGP. Ensure the IGP cost to each BGP next hop is equal and you have ECMP for outbound routing.
Inbound influence is usually via MED (not likely in this case given 3 ISPs), adjusting local-pref in the ISP via BGP EXT communities configured your end, or via AS-PATH prepending for longer prefixes from your /22. Prepending would be simplest, but your unlikely to get an exact inbound traffic split, however a relatively even distribution should be sufficient. -
How does load-balancing with WebCache work - is there still a bottleneck?
Hello,
We're migrating an old Forms 6i app to 10.1.2.0.2 (apps servers = Redhat Linux), and are starting to consider using WebCache to loadbalance between two application servers.
My question is this - say we have apps servers A and B, both running Forms and Reports Services. We use Webcache on server A (don't have the luxury of a third apps server...) to load balance between A and B. So all initial requests come into A, which in some cases may then be diverted to start a new Forms session on B.
For those users whose middle-tier sessions are now running on B - will all network traffic for their Forms session continue to be routed through Webcache on A, then to B, over the course of the session? Or does Webcache somehow shunt the whole connection to be straight between the client PC and server B, for the duration of that Forms session?
If the former, does that mean that the server hosting Webcache can still be a significant bottleneck for network traffic? Have people found load-balancing with Webcache to be useful..?
Thanks in advance,
JamesHi gudnyc,
Thanks for posting on Adobe forums.
For HDPI you do not have to do any It will adjust automatically.
http://helpx.adobe.com/photoshop-elements/using/whats-new.html
Regards,
Sandeep -
Cluster/load balance weblogic using L4 switch like Alteon
Can I install weblogic as a standalone server on 2 or more server and
cluster/load balance weblogic using a hardware balancer like Alteon Layer4
switch (of course I will use a centralised storage to maintain a single copy
of data which will eliminate syncronizing problem among servers)?
BTW, Alteon can support persistent binding. The reason to use a Layer 4
switch is that it is very fast, and this will make the application server
layer transparent to client, the client can think this is a single server
(it don't need to know whether there are 5 weblogic servers or 20 weblogic
servers behind switch), and hardware are more reliable, sacalable and fast.
I am not sure whether the normal weblogic clustered servers need to
share/exchange info on the running memory, if it does, this approach will
fail.
So My understanding is:
Alteon with WL 6.0 can do load balancing for:
entity bean
stateless session bean
but can't do load balancing for:
stateful session bean (will persistent/sticky binding solve part of the
problem except fail-over)
in-memory replication
am I right?
Pao Wan
"Don Ferguson" <[email protected]> wrote in message
news:[email protected]...
> It is possible to configure Alteon to understand the WebLogic 6.0 cookie
format
> and have a proxy-less cluster configuration that performs load balancing
and
> fail over of session state.
>
> It is also possible to configure Alteon's hardware-based SSL decryption
for really
> fast HTTPS processing.
>
> We are working on a white paper that describes how to configure Alteon for
use
> with WebLogic Server 6.0.
>
> -Don
>
>
> Robert Patrick wrote:
>
> > Cameron,
> >
> > I believe that BEA tested their new proxy-less web clustering solution
with
> > load-balancing products from Alteon and several other vendors
(Arrowpoint ?--
> > which is now Cisco). However, it was my understanding that these
products do
> > not understand how to decrypt our cookies and extract IP addresses but
rather
> > these products are capable of doing sticky load balancing based on the
Session
> > ID contained in our cookie.
> >
> > If this is correct, then what this means is that when the primary server
fails,
> > the request will be routed to "some other server" in the cluster but not
> > necessarily the one that holds the secondary copy of the user's session.
The
> > change in WLS 6.0 is that WLS will accept these misdirected requests and
it will
> > go out to the correct server and "migrate" the session to the server
that
> > received the request making that server the new primary (and
regenerating the
> > Session ID).
> >
> > I am sure if this is wrong that our product manager or one of our
engineers will
> > correct me (please?)...
> >
> > Hope this helps,
> > Robert
> >
> > Cameron Purdy wrote:
> >
> > > Hi Robert,
> > >
> > > FWIW - There are several vendors (Primeon? Arrowpoint?) who claim to
> > > understand WL cookies and parse the IPs out. (I haven't verified it
myself
> > > though.)
> > >
> > > --
> > > Cameron Purdy
> > > Tangosol, Inc.
> > > http://www.tangosol.com
> > > +1.617.623.5782
> > > WebLogic Consulting Available
> > >
> > > "Robert Patrick" <[email protected]> wrote in message
> > > news:[email protected]...
> > > > There are not any hardware vendors (yet) that can understand
WebLogic's
> > > session
> > > > ID. While you might be able to use the load balancer without the
proxy on
> > > 5.1,
> > > > you would not be able to take advantage of in-memory replication
failover
> > > unless
> > > > you only had two machines in the cluster. Like you said, everything
will
> > > work
> > > > with 6.0 regardless of how the load balancer works (though you
really,
> > > really
> > > > want to minimize the number of times the requests come into the
wrong
> > > server by
> > > > utilizing sticky load balancing).
> > > >
> > > > Hope this helps,
> > > > Robert
> > > >
> > > > Cameron Purdy wrote:
> > > >
> > > > > Rajesh,
> > > > >
> > > > > I meant that it would work in lieu of a proxy (such as Apache or
NES)
> > > with
> > > > > 5.1, but only if both the hw load balancer and WL were set up to
use
> > > > > cookies. Some hw load balancers rely on IP and that doesn't
work -- AOL
> > > > > connections for example can change the source IP on the fly.
Others
> > > produce
> > > > > their own cookies, that will work. Some even can use WL cookies
and
> > > parse
> > > > > them to determine where to go. According to what I've read, with
6.0 if
> > > the
> > > > > WL primary dies or for some other reason the request shows up at
the
> > > "wrong"
> > > > > server, it will be handled correctly. That means you are pretty
safe
> > > with
> > > > > hw load balancers and 6.0, almost regardless of the sticky
> > > implementation
> > > > > that they use.
> > > > >
> > > > > --
> > > > > Cameron Purdy
> > > > > Tangosol, Inc.
> > > > > http://www.tangosol.com
> > > > > +1.617.623.5782
> > > > > WebLogic Consulting Available
> > > > >
> > > > > "Rajesh" <[email protected]> wrote in message
> > > > > news:[email protected]...
> > > > > >
> > > > > > Hi Cameron,
> > > > > > Can you elaborate on how it would work with WL5.1 since no in
memory
> > > > > replication
> > > > > > would happen if the servers are standalone.
> > > > > >
> > > > > > "Cameron Purdy" <[email protected]> wrote:
> > > > > > >Yes, this will work fine with WL6. (WL5.1 will work fine as
long as
> > > > > cookies
> > > > > > >are used by the load balancer.)
> > > > > > >
> > > > > > >--
> > > > > > >Cameron Purdy
> > > > > > >Tangosol, Inc.
> > > > > > >http://www.tangosol.com
> > > > > > >+1.617.623.5782
> > > > > > >WebLogic Consulting Available
> > > > > > >
> > > > > > >
> > > > > > >"paowan" <[email protected]> wrote in message
> > > > > > >news:[email protected]...
> > > > > > >> Can I install weblogic as a standalone server on 2 or more
server
> > > and
> > > > > > >> cluster/load balance weblogic using a hardware balancer like
Alteon
> > > > > Layer4
> > > > > > >> switch (of course I will use a centralised storage to
maintain a
> > > single
> > > > > > >copy
> > > > > > >> of data which will eliminate syncronizing problem among
servers)?
> > > > > > >>
> > > > > > >> BTW, Alteon can support persistent binding. The reason to use
a
> > > Layer
> > > > > > >4
> > > > > > >> switch is that it is very fast, and this will make the
application
> > > > > server
> > > > > > >> layer transparent to client, the client can think this is a
single
> > > > > server
> > > > > > >> (it don't need to know whether there are 5 weblogic servers
or 20
> > > > > weblogic
> > > > > > >> servers behind switch), and hardware are more reliable,
sacalable
> > > and
> > > > > > >fast.
> > > > > > >>
> > > > > > >> I am not sure whether the normal weblogic clustered servers
need to
> > > > > > >> share/exchange info on the running memory, if it does, this
> > > approach
> > > > > will
> > > > > > >> fail.
> > > > > > >>
> > > > > > >>
> > > > > > >
> > > > > > >
> > > > > >
> > > >
>
-
Cache and Load Balancing with Oracle APEX Listener
Hi,
I intend to use only HTTP access.
How to implement a Cache and Load Balancing with the Oracle APEX Listener?
Is it possible to do with the the standalone running APEX Listener?
Thanks by advance for any tips/documentation/references.
Kind Regards.Hi,
I think this question is best asked in the APEX Listener forum:
ORDS, SODA & JSON in the Database
Kind regards
Sandro -
Load Balancing with BigIP / SSL question
I have an oddball question. We're load balancing ColdFusion
MX7 across 3 servers using a BigIP load balancing server. We
decided to go the hardware approach and it has been great except
for one small configuration issue.
We use a mix of SSL and non SSL pages, prior to the switch
from a single server to a load balanced setup I used to script that
would determine if a page that was supposed to be SSL had the
variable CGI.HTTPS turned on or off. If it was off, the page would
redirect back to itself with the SSL turned on.
The problem we have is that we followed BigIP's instruction
to secure the load balancing hardware instead of the three servers
running behind it. So what happens is that the traffic goes to the
load balancer port 441, but then the calls from the load balancer
to the individual servers is port 80. So even if a page is called
as HTTPS://... the coldfusion server says that CGI.HTTPS is "off"
since the traffic is port 80.
This isn't much of a problem, our SSL pages are linked as
HTTPS:// and the only problem would actually arise if someone was
to type in the URL and call it as HTTP rather than HTTPS.
My questions is this, does anyone know of a way that I can
detect if the page should be HTTPS and is not without changing our
configuration and putting SSL certificates on each individual
server?Hey,
Well the load balancing with the BigIP device is really very
amazing. I think
what i liked most was swapping out servers when their lease
was up, through the
BigIP manager I just stopped all traffic to a server, shut it
down, plugged in
the new one and turned traffic back on. It was really very
easy.
The SSL stuff still gives me a headache to think about. but
I should mention I
no longer work where I was, plus now I'm all .net C# but
that's a different
story.
I think if I was going to do this all again I would not have
secured the bigIP
unit. It was nice to buy one SSL cert for all the servers I
attached rather
than one per server, but getting the SSL sites to work
properly was a headache.
We also use windows file replication where now I would go
with like a pair of
Dell MD1000's mirrored for storage and just have tons of ram
and cpu on the
front end units. Depends what you want to spend I guess. I
think the bigIP unit
we bought was like 20 grand, i think they are cheaper now
though.
Hope I helped. -
Load Balancing With Round Robin
Hi,
I have two iAS instances, each on their own box, and one iWS instance
running on a third box. I have setup the web connector to use round
robin and added the server weights. I believe that is all that is to it
to do simple load balancing with iAS. The problem is is that the
requests only go to one iAS instance. The server weights are 1 and 1.
Am I missing something here?
ThanksCould be lots of things.
The most common misconfiguration is testing an application that is deployed "local". This application option effectively disables load balancing.
Another common mistake is to either not update the configuration of the webconnector (if the webconnector
has a seperate configuration LDAP) or to not restart
the webconnector after the configuration change.
Hope this helps. There's more things we could try, but I'll hope its one of these two easy things. -
ACE 4710 and load balancing with sticky cookie
Configuring load balancing with SSL termination and stickiness for a couple of citrix xenapp servers. I'm doing a source-NAT as the ACE resides in the DMZ and these particular servers reside on the inside arm of the firewall. The ACE is in bridged mode to load balance web servers that reside in the DMZ. Everything seems to work just fine, but the cookie stickiness does not seem to be working.
Hi David,
As you may know, using Wireshark to look at an HTTPS capture is only useful if you've installed the server SSL key.This is why I find it easier to use something like LiveHTTPHeaders or HTTPWatch.
When using cookie-insert, the ACE will not create any dynamic cookie entries. It will simply create one static entry for each rserver with a cookie value, such as R3911631338, and any client that gets load balanced to that rserver will receive a cookie with that value. So what you see there is what is expected.
You are correct in that when using location cookies that the server supplies, the ACE will create a dynamic entry when it sees the server response with the cookie. The cookie is included in the server's response, and the ACE will look for the value as configured. The cookie will also be sent to the client. If the cookie is not in the server's first response, you will need enable persistence-rebalance so that it will look in subsequent server responses. If the browser opens new connections with that cookie, then the ACE will stick to the same server.
My suggestion would be to get sticky working with cookie-insert first. Then if that meets your needs, go with that permanently. If you need to use server cookies, then once cookie insert is working, migrate your sticky to cookie location.
Sean -
T3 Load Balancing with Weblogic Server 6.1
We are using rwo weblogic 6.1 servers A and B behind a load balancer with a DNS name (eg. www.loadbalancer.com). We are using T3 for Java client to application server communication. The client creates the Initial context with the load balancer url,creates remote objects using the context, closes the initial context and then tries to get a new initial Context. What we noticed is even though the client closes the first context and gets a new one, the client is always hooked on to only one server making load balancing ineffective. Is there a T3 configuration to release the connection when we close the context ? The documentation says only one T3 is established per client JVM.
Rick,
You may want to look at the Alteon and F5 configuration we have on edocs.
Take a look at the following URLs for a possible solution
http://edocs.bea.com/wls/docs61/cluster/alteon.html#591902
http://edocs.bea.com/wls/docs61/cluster/bigip.html#591902
Chuck Nelson
DRE
BEA Technical Support -
CSS Load Balancing with Cookies
We are trying to load balance 2 backend servers hosted on Websphere with advance balance cookies method.
Restrictions
ServerA is unable to accept cookies generated from ServerB.
ServerA and ServerB are generating random cookies
Unable to modify cookie string with a constant.
How can we load balance based on cookies considering the above restrictions?
We have attempted to do hash based load balancing with cookies but the problem we run into is the servers do not accept cookies generated from another server.
The configuration we tried is written below:
service ServerA
ip address 192.168.10.2
keepalive type tcp
keepalive port 80
active
service ServerB
ip address 192.168.20.2
keepalive type tcp
keepalive port 80
active
content ABC
url "/*"
add service ServerA
string prefix "JSESSIONID="
advanced-balance cookies
port 80
add service ServerB
string skip-length 5
string process-length 16
string operation hash-xor
protocol tcp
vip address 172.16.32.1
active
Can we change the string prefix to JSESSION instead of JSESSIONID= ?
The only place the app guys can add a constant string to match on is before the = sign.
Is it possible for CSS to match on a constant string before = sign e.g below:
service ServerA
ip address 192.168.10.2
keepalive type tcp
keepalive port 80
string id567=
active
service ServerB
ip address 192.168.20.2
keepalive type tcp
keepalive port 80
string id123=
active
content ABC
url "/*"
add service ServerA
string prefix "JSESSION"
advanced-balance cookies
port 80
add service ServerB
string skip-length 0
string process-length 6
protocol tcp
vip address 172.16.32.1
activeIt should work.
There is no reason for it not to work...
This is the best method you can have on the CSS for stickyness.
Get a sniffer trace on the client and server with arrowpoint cookie configured on the CSS and capture a failure so we can see what is going on.
also send me the config so I can verify everything is ok.
If you have a service request open with the TAC, you can also give the SR # so I can review what has been done.
Gilles. -
Hi All,
I wish to configure my single W-Gate (Linux) to load balance with 2 A-Gate (Window). Can anyone help?
Regards
LauranHello Lauran,
I'm assuming that you already have the ITS working with one AGate server. To load balance between two you need to install the ITS AGate again on the second server with the same ITS instance name. Then on the WGate server you will need to modify the ItsRegistryWgate.xml. Under the <key name="Instances"> you will find a section already for this ITS instance name, like ITS1. You will need to copy and paste the Agate1 section and make it Agate2, change the Host name and the PortAGate and PortMManager and then save and restart. The finished section should look like:
- <key name="ITS1">
- <key name="Values">
<value name="Available" type="text">yes</value>
<value name="Name" type="text">ITS1</value>
<value name="DocumentRoot" type="text">c:\its1081</value>
<value name="ServerName" type="text">Apache2 (virtual host: default:1081)</value>
<value name="NIReceiveRetryCount" type="text">0</value>
<value name="NIReceiveTimeout" type="text">0</value>
<value name="NISendTimeout" type="text">0</value>
</key>
- <key name="Agates">
- <key name="Agate1">
<value name="Host" type="text">Hostname1</value>
<value name="PortAGate" type="text">sapavw00_ITS1</value>
<value name="PortMManager" type="text">sapavwmm_ITS1</value>
<value name="Type" type="text">1</value>
<value name="SncNameAGate" type="text" />
<value name="SncNameWGate" type="text" />
<value name="MultiProcess" type="text">no</value>
<value name="Available" type="text">yes</value>
</key>
- <key name="Agate2">
<value name="Host" type="text">Hostname2</value>
<value name="PortAGate" type="text">sapavw00_ITS1</value>
<value name="PortMManager" type="text">sapavwmm_ITS1</value>
<value name="Type" type="text">1</value>
<value name="SncNameAGate" type="text" />
<value name="SncNameWGate" type="text" />
<value name="MultiProcess" type="text">no</value>
<value name="Available" type="text">yes</value>
</key>
</key> -
Load balancing weirdness using NAT and same-metric route
Hi.
I'm trying to set up a double-WAN load-balancing scenario:
I decided to attempt the "multiple same-metric routes with NAT" approach so I went for the example used in the IOS NAT Load-Balancing for Two ISP Connections Configuration Guide [1].
I decided to use an upside-down Cisco 871-SEC/K9: use Vlan1 and Vlan2 for the routers and Fa4 for the LAN. I am hoping this is not an issue.
There is this weirdness with some connections, particularly FTP. I pinpointed the problem to the following scenario: if I do a couple of pings to 100.1.1.1 using the FastEthernet4 as the source address, this is what I get in the logs:
=== PING 1 ECHO REQUEST ===
*Mar 3 04:38:43.521: IP: tableid=0, s=192.168.60.4 (FastEthernet4), d=100.1.1.1 (Vlan1), routed via RIB
*Mar 3 04:38:43.521: NAT: s=192.168.60.4->10.129.124.2, d=100.1.1.1 [14152]
*Mar 3 04:38:43.521: IP: s=10.129.124.2 (FastEthernet4), d=100.1.1.1 (Vlan1), g=10.129.124.1, len 60, forward
*Mar 3 04:38:43.521: ICMP type=8, code=0
=== PING 1 ECHO REPLY ===
*Mar 3 04:38:45.589: NAT*: s=100.1.1.1, d=10.129.124.2->192.168.60.4 [19824]
*Mar 3 04:38:45.589: IP: tableid=0, s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), routed via RIB
*Mar 3 04:38:45.589: IP: s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), g=192.168.60.4, len 60, forward
*Mar 3 04:38:45.589: ICMP type=0, code=0
=== (something else) ===
*Mar 3 04:38:52.353: RT: SET_LAST_RDB for 0.0.0.0/0
OLD rdb: via 10.129.124.33, Vlan2
NEW rdb: via 10.129.124.1, Vlan1
=== PING 2 ECHO REQUEST ===
*Mar 3 04:38:52.353: IP: tableid=0, s=192.168.60.4 (FastEthernet4), d=100.1.1.1 (Vlan2), routed via RIB
*Mar 3 04:38:52.353: NAT: s=192.168.60.4->10.129.124.2, d=100.1.1.1 [14159]
*Mar 3 04:38:52.353: IP: s=10.129.124.2 (FastEthernet4), d=100.1.1.1 (Vlan2), g=10.129.124.33, len 60, forward
*Mar 3 04:38:52.353: ICMP type=8, code=0
=== PING 2 ECHO REPLY ===
*Mar 3 04:38:53.029: NAT*: s=100.1.1.1, d=10.129.124.2->192.168.60.4 [19825]
*Mar 3 04:38:53.029: IP: tableid=0, s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), routed via RIB
*Mar 3 04:38:53.033: IP: s=100.1.1.1 (Vlan1), d=192.168.60.4 (FastEthernet4), g=192.168.60.4, len 60, forward
*Mar 3 04:38:53.033: ICMP type=0, code=0
In the section "Ping 2 Echo Request" line 2 shows the NAT translating the packet to the address for the first provider but line 3 shows it routing it through the second one.
In this case, the ICMP packet goes through but it is problematic if the ISP restricts the service by source-address (like RPF) or there is some acceleration mechanism inside the provider cloud, other than just plain routing.
What am I missing? Here is the relevant part of the configuration. I deliberately disabled CEF to be able to debug the messages, but I *think* this may be altering the actual router behavior. This router does not have a "debug ip cef packet" command.
no ip cef
ip dhcp pool lan-side
import all
network 192.168.60.0 255.255.255.0
default-router 192.168.60.1
domain-name doublewan.local
dns-server 8.8.8.8 8.8.4.4
lease infinite
ip domain name doublewan
interface FastEthernet0
!doesn't appear on running-config: vlan 1 is the default access vlan
!switchport access vlan 1
interface FastEthernet1
switchport access vlan 2
interface FastEthernet2
shutdown
interface FastEthernet3
shutdown
interface FastEthernet4
ip address 192.168.60.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache
duplex auto
speed auto
interface Vlan1
ip address 10.129.124.2 255.255.255.224
ip nat outside
ip virtual-reassembly
no ip route-cache
interface Vlan2
ip address 10.129.124.35 255.255.255.224
ip nat outside
ip virtual-reassembly
no ip route-cache
ip route 0.0.0.0 0.0.0.0 Vlan1 10.129.124.1
ip route 0.0.0.0 0.0.0.0 Vlan2 10.129.124.33
ip nat inside source route-map nat1 interface Vlan1 overload
ip nat inside source route-map nat2 interface Vlan2 overload
ip access-list standard acl4-nexthop-vlan1
permit 10.129.124.1
ip access-list standard acl4-nexthop-vlan2
permit 10.129.124.33
route-map nat2 permit 10
match ip address 102
match ip next-hop acl4-nexthop-vlan2
match interface Vlan2
route-map nat1 permit 10
match ip address 101
match ip next-hop acl4-nexthop-vlan1
match interface Vlan1
control-plane
Of course, there is some configuration pending for redundancy and stuff.
Thanks a lot in advance.
[1] http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/100658-ios-nat-load-balancing-2isp.htmlHello.
This might be a bug in debug command or the IOS (without ip cef) you use; as routing is done before NAT (inside to outside).
To make sure it works fine with ip cef, just enable strict uRPF (or just ACL) on .1 and .33 interfaces and see if you see any packet sent over wrong interface.
PS: please check "sh ip cef 100.1.1.1"; I guess ip cef would tell you "per-destination sharing". -
Dual ISP load balancing with 2 routers and 2 FW without using BGP
Hi all,
Based on the attachment diagram, is the design viable?
Do anyone has a similar deployment before and can you share with me the config guide to this because I'm at lost on a few configs:
1. On core switch A and B, I understood we need to have a default route pointing to the firewall interface. For this case, I have different IPs for the same context on both the firewalls.
So, how should the config be?
CoreSW_A(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.110
CoreSW_A(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.111
I don't think the above will work as the core switch will load balance the traffic to both firewalls even if one of the context is on standby mode?
2. The area from the firewall to the internet would all be public IP. Thus, if i put a switch in between the firewall and the router, then i would waste some public IP addresses but if i remove the switch, I would not have enough ports on the ASA firewall. What is the best recommended solution for this?
3. How do I load balance traffic to both R1 and R2 to their respective ISPs without using BGP? I may be using only a 2811 router.
Thanks alot!!.. really much looking forward for some guidance and tips on this as I havent found any guides on this deployment yet.. mostly are LAN HA.For policy based routing, I would need to create route maps on the core switch itself right?
Correct me if I'm wrong, if i use route-maps, i would be assigning e.g. internal network A to go through firewall context A and internal network B to go through firewall context B.
Context A will only have path to Router A and context B will only have path to Router B. But if router B goes down, network B won't be able to access the Internet, right?
I'm not sure whether it's a PI or PA for this as the ISP will assign us a block of IP address, for example 202.111.1.8/29 (these IPs can be used for webservers, etc). There will also be a public IP of /30 on the serial interface to connect to their router.
Thanks alot..
Maybe you are looking for
-
ACS 5.3 incremental backup error
Hi , I have ACS 5.3 that recently having problems with the incremental backup. The error is : on demand back failed and the details is: SQL Anywhere backup utility connection error: insufficient system resources- failed to allocate a SYSV semphorenu
-
I purchased 8 songs on September the 18th, for some reason I am not able to dwnload on to my ipod. When I try I get a error that the songs cannot be found. Wha t can I do?
-
Can only get audio when trying to AirPlay from Dish app
Since updating to IOS 6 I only get audio when air playing from my Dish Network app on my iPad. I can get audio and video when mirroring; however the quality is horrible and it doesn't fill my screen. I was able to get audio and video both before up
-
802.1x Failed Authentication with WS-C3750G-24T
Hi, I have already set up a lab comprising of 1x2950-24 switch, 2x3750-24T in stack mode and 2x MS Domain Controller with AD 2008 Servers and NPS enabled (Domain level 2008). I use NPS as a Radius Server. I am trying to test the 802.1x framework in
-
Problem starting Sun One Application - JMS Exception
Hello, I'm having some trouble trying to start SunONE JMS sever via the Sun ONE application server v7 running on RedHat Linux 7.3. When I start the app server via the asadmin tool I receive the following exception, [root@sc-test1 config]# asadmin sta