Redundant Interface Question relating to Fate sharing

Unanswered Question
Aug 19th, 2008

Hi,

Our server guys are wanting to view real ip's of client requests on server logs, so we are turning off source nat and using redundant interfaces with fate sharing, I just need to run this by you guys on here.

Please also see the attached basic topology diagram. Your comments suggestions are welcome.

Can you do the following;

1) We have a flat network i.e server and vip are in same subnet (I know not good, but was done before we came in) If i was to create a redundant interface for the server side would this have any impact on a redundant interface for vip side?

2) Under 1 circuit VLAN we have multiple redundant VIPS, my question is will I have to create a seperate Redundant Interface for each one of these vips or will 1 redundant interface be enough for all the VIPs?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Syed Iftekhar Ahmed Tue, 08/19/2008 - 09:15

If you are turning off Nat then you should be aware of follwoing issues.

1.If you have a flat network then if any of the clients belong to the same network (where the Real Server belong) then the return traffic from Real servers will bypass the CSS and clients wont be able to access the Load balance applications

2. If Real Server's default gateway is any upstream device (not CSS ) then again return traffic can bypass CSS.

For any loadbalance APP, you need to make sure that the return traffic should first hit the LB.

Syed

mbaylis Wed, 08/20/2008 - 00:51

hi,

but if we are changing the real servers default gateway to a redunant interface on the css, will this be ok?

Syed Iftekhar Ahmed Wed, 08/20/2008 - 01:12

If client reside on the same network as the Real Servers then setting default gateway on servers wont make any difference.

Lets say you are using 10.10.10.0/24 such that

client is at 10.10.10.1 , VIP is 10.10.10.100 & Real Servers are at 10.10.10.101 (REAL1) & 10.10.10.102 (REAL2).

Now if client (10.10.10.1) hits VIP (10.10.10.100) the CSS will loadbalance it to either REAL1/2. Lets suppose REAL2 is selected by CSS.

CSS will forward this request to REAL2 with

(Src-ip: 10.10.10.1 , Dest-ip:10.10.10.102).

Since REAL2 sees 10.10.10.1 as the source it will simply use ARP to send the response back and will attempt handover the response directly to client.

Since client never sent any request to REAL2 (10.10.10.102) It will discard any packet from REAL2.

Hope it make sense

Syed Iftekhar Ahmed

mbaylis Wed, 08/20/2008 - 01:56

The clients for this network design are external ip's i.e. from the internet, so internet addresses coming in.

Can you also please answer my original question which was;

Under 1 circuit VLAN we have multiple redundant VIPS, my question is will I have to create a seperate Redundant Interface for each one of these vips or will 1 redundant interface be enough for all the VIPs?

Thanks for your help

Syed Iftekhar Ahmed Wed, 08/20/2008 - 02:09

one will be enough.

for example

circuit VLAN1

ip address 10.1.1.100 255.255.255.0

ip virtual-router 1 priority 230 preempt

ip redundant-interface 1 10.1.1.200

ip redundant-vip 1 10.1.1.4

ip redundant-vip 1 10.1.1.8

ip redundant-vip 1 10.1.1.12

mbaylis Wed, 08/20/2008 - 04:03

what if i have different virtual routers i.e

circuit VLAN1

ip address 10.1.1.100 255.255.255.0

ip virtual-router 1 priority 230 preempt

ip virtual-router 2 priority 230 preempt

ip virtual-router 3 priority 230 preempt

ip redundant-interface 1 10.1.1.200

ip redundant-vip 1 10.1.1.4

ip redundant-vip 2 10.1.1.8

ip redundant-vip 3 10.1.1.12

do you see what i mean?

mbaylis Thu, 08/21/2008 - 01:16

any updates for this please;

what if i have different virtual routers i.e

circuit VLAN1

ip address 10.1.1.100 255.255.255.0

ip virtual-router 1 priority 230 preempt

ip virtual-router 2 priority 230 preempt

ip virtual-router 3 priority 230 preempt

ip redundant-interface 1 10.1.1.200

ip redundant-vip 1 10.1.1.4

ip redundant-vip 2 10.1.1.8

ip redundant-vip 3 10.1.1.12

do you see what i mean?

Syed Iftekhar Ahmed Thu, 08/21/2008 - 02:04

Different Virtual routers are used in ACTIVE/ACTIVE config.

In ACTIVE/ACTIVE config one CSS is active for one set of VIPs and the other CSS is active for another set of VIPs.

If you are using ACTIVE-ACTIVE then you need a unique Redundant-Interface on the backend for each VIP.

for e.g

CSS#1:

circuit VLAN1

ip address 192.168.0.1 255.255.255.0

ip virtual-router 1 priority 101 preempt

ip virtual-router 2

ip-redundant-interface 1 192.168.0.253

ip-redundant-interface 2 192.168.0.254

CSS#2:

circuit VLAN1

ip address 192.168.0.2 255.255.255.0

ip virtual-router 1

ip virtual-router 2 priority 101 preempt

ip-redundant-interface 1 192.168.0.253

ip-redundant-interface 2 192.168.0.254

Syed

mbaylis Thu, 08/21/2008 - 04:44

Hi,

thanks for your reply, so just to confirm , for each VIP i need a redundant interface if I am using the Active/Active design (which I am)

Actions

This Discussion