I am trying to configure server load balancing in IOS on a 6509 using the NAT or directed method. I believe that I am missing one small piece of the configuration, but I cannot figure out where. Pings to the three addresses all respond, but telnet to port 25 fails to establish a 3-way handshake. I can see my response go to the virtual, then I see it get natted and forwarded to the "real" servers, but the source address remains my IP address. Therefore, the "real" server sends the SYN/ACK to my IP directly and my pc drops this packet and sends a tcp reset since this was viewed as unsolicited. Please let me know if there is something that I am missing.
Also, when this is finally working, we plan on implimenting it twice more on the same switch. All three virtuals are in various positions within the email flow for the company. Are there any performance issues that this may cause since this will be utilizing NAT for these servers? If so, would dispatched be a better choice?
Yes, they are directly connected to this switch. I have disabled server nat, but once disabled, any requests to the virtual IP are not forwarded and subsequently time out. If server nat is enabled, requests to the virtual address get natted and forwarded to one of the real server addresses, but remains sourced from the original sender. Thus a syn to the virtual causes a syn/ack from the real to be returned to the requestor and is dropped with a reset.
In looking deeper into some sources on the Cisco site, it seems that although you can achieve server load balancing in either directed or dispatched mode, one might need to change the switching mechanism. Some material suggests that we may need to enable MLS flow to full in order to get this to work. We are currently running CEF and feel that enabling MLS will be a step back. As this is one of the core server switches, simply trying this change is not a luxury we can afford without feeling completely confident that it will not harm our existing production and will also give us the increased functionality of server load balancing.
Any information you may have would be appreciated.
After contacting TAC, it is now working. I did not enable mls flow ip full in order to get it to work. By creating a NAT pool for the clients, and applying this client pool to the serverfarm, the IOS SLB took care of the server and client NATting and sessions were able to be established. One note: originally, I had the virtual addresses in the same vlan with the real servers as well as other servers. This created a problem for me since those other servers could not utilize the NATting that was previously set up. To correct this, I secured a private class C and subnetted this for my virtuals and the NAT pools. After doing this, simply add static routes to the null interface for these networks and redistribute these routes to your other network devices and you are good to go. One caveat, since everything seems to point to needing MLS (including TAC), I am still a little unsure of the robustness of the solution. Stress testing will come in the next few days. I will post again to share the results.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.