IOS SLB Exclusively for Internal Clients

gbolger · ‎08-28-2007

We would like to turn up IOS SLB in dispatched mode on (core) SUP720 MSFCs in an HSRP environment. We would sequester the farm(s) of IIS and Citrix servers on an 'SLB VLAN', with our internal client base on an 'Office VLAN'. All databases and other supporting servers for the SLB servers are also on the 'Office VLAN'.

Question: are there any issues, caveats, or compromises related to the back-end SLB servers accessing required resources on the Office VLAN? I am thinking that normal database and supporting traffic initiated by the SLB servers would just traverse the MSFC (as the default gateway) via inter-VLAN routing and that only the client-initiated, VIP-destined traffic on the Office VLAN would be handled by the IOS SLB feature and policies. In this thinking, supporting traffic replies from the databases back to the SLB server would use the routed SLB server's real IP address.

Thanks in advance for any input and experiences with this topology. I'm hoping that this is a forest-for-the-trees situation, but I haven't seen many references to an all-internal deployment of either IOS SLB or appliance-based SLBs.

Thanks,

Gene

hadbou · ‎09-03-2007

If you are using dispatched mode, it needs to be L2 adjacent.In dispatched mode, the virtual server address is known to the real servers and IOS SLB redirects packets to the real servers at the media access control (MAC) layer.Phase I of IOS SLB implements dispatch mode only for packet redirection.In this mode, the real servers must be Layer 2 adjacent to the device redirecting packets,not beyond an additional router.