Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Local Director question

I have a ld417 setup to load balance between two web servers.

I have the LD connectec to a fw. On the ld I have a switch. On that switch, I have four servers. I want these to be in a different network that the ld and the outside ip addr..

So, what I want to do:

Redirect the inbound ip addr,(Virtual) 63.104.xxx.xx to a different addr, 192.168.1.x

what I have now:

ip address 63.104.xxx.xx 255.255.255.xxx

route 0.0.0.0 0.0.0.0 63.104.xxx.1 1

arp timeout 30

no rip passive

rip version 1

failover ip address 0.0.0.0

no failover

failover hellotime 30

password xxxxxxxxxxxxxxxxxxxxxxxxxx encrypted

telnet 63.104.xxx.xx 255.255.255.xxx

telnet 63.104.xxx.yy 255.255.255.xxx

snmp-server enable traps

snmp-server community public

no snmp-server contact

no snmp-server location

virtual 63.104.xxx.zz:80:0:tcp is

real 63.104.xxx.xx:80:0:tcp is

real 63.104.xxx.yy:80:0:tcp is

bind 63.104.xxx.zz:80:0:tcp 63.104.xxx.yy:80:0:tcp

bind 63.104.xxx.zz:80:0:tcp 63.104.xxx.xx:80:0:tcp

can I use the "ip route" command?

ip route 192.168.1.0 255.255.255.0 63.104.xxx.1

whereas all of my servers for a web community will be in the 192.168.1.0 network?

what about the DNS?

Do IP Addr do I use when creating the Virtual? Real?

what is different on the ld setup (shown above)?

here is what I think it should be...

ip address 63.104.xxx.xx 255.255.255.xxx

route 192.168.1.0 255.255.255.0 63.104.xxx.1 1

arp timeout 30

no rip passive

rip version 1

failover ip address 0.0.0.0

no failover

failover hellotime 30

password xxxxxxxxxxxxxxxxxxxxxxxxxx encrypted

telnet 192.168.xxx.xx 255.255.255.xxx

telnet 192.168.xxx.yy 255.255.255.xxx

snmp-server enable traps

snmp-server community public

no snmp-server contact

no snmp-server location

virtual 63.104.xxx.zz:80:0:tcp is

real 192.168.1.10:80:0:tcp is

real 192.168.1.11:80:0:tcp is

bind 63.104.xxx.zz:80:0:tcp 192.168.1.11:80:0:tcp

bind 63.104.xxx.zz:80:0:tcp 192.168.1.10:80:0:tcp

3 REPLIES
New Member

Re: Local Director question

Tony,

You are fine getting to the remote servers via the vitual by giving the LD a route to them with "ip route". The problem is getting the replies from the servers back to the clients. The path for this reply MUST go through the LD. This is generally harder to do if the servers are not on the same segment as LD.

Whether this works depends on the topology. For instance, the server is on one side of the LD and the server's gateway to the client is on the other side of the LD, and the LD is the only way to get between the segments. In any case, you need to verify the return path from the server goes through the LD before it reaches the clients.

Michael

New Member

Re: Local Director question

it is setup as fw, ld, switch then servers..the clients will be connecting from outside the fw.

how about a route on the servers?

New Member

Re: Local Director question

If the LD has a route to the servers, traffic will get to the servers. The problem is generally in the response. So, if the response from the server to the client can only get to the client by going through the LD (for instance, crossing the LD is the only way to the firewall segment, then this should work.

If, for some reason you don't want to add a router (or can not put another address on the upstream router or firewall), and still put the servers on a separate subnet, it is possible, although it would require static arp entries on the servers. That tech tip can be found at http://www.cisco.com/warp/customer/117/local_director/ld-alias.html

87
Views
0
Helpful
3
Replies
CreatePlease to create content