On Mon, 8 Oct 2007 [EMAIL PROTECTED] wrote:
> > On Sun, 7 Oct 2007 [EMAIL PROTECTED] wrote:
> >
> >>
> >> The diagram looks like:
> >>
> >> Ax Bx
> >> | |
> >> Xa---Xb
> >> | |
> >> LBa--LBb
> >> \ /
> >> B{1..n} (backend) servers 1 through N
> >>
> >> On Xa, the preferred path for S is -> LBa.
> >> On Xb, the preferred path for S is -> LBb.
> >
> >
> >> The load balancers do not have unique IP addresses. They have the same
> >> IP address, call it S1. No other IP addresses from S are in use.
> >
> > The load balancers in this picture are not Anycast. I think you
> > misunderstand both Anycast and HSRP/VRRP. The second one takes over IP
> > address S1 when the primary fails.
>
> The diagram above was created by me. I said both LBa and LBb have the
> same IP address, and that the two LB's are independent.
Well, that's probably where you are wrong. The LBs probably aren't
independent. At least, they aren't _normally_ independent. They use a
health monitoring protocol to make sure that only one is doing the work
and the other is a hot standby. When the health monitoring indicates a
failure, the standby takes over the primary IP address. The load
balancers would normally share a lan on the router side, and a lan on
the backend server side.
> This means that they operate *without knowledge* of each other's state,
> and only inter-operate at the routing level - both announce S into their
> IGP (e.g. OSPF). BGP announces the prefix, once only, and only from the
> ASN in question (X).
I suppose it is possible to turn off the HSRP/VRRP/etc health monitoring
protocols and actually Anycast Load Balancers, but that would be quite
unusual. It would suffer the usual problems with Anycast:
An ISP Z that used BGP multipath with A and B would send subsequent tcp
packets to LBa and LBb. Only one of the LBs received the syn packet, and
the other one would send a reset back, closing the connection.
Z
/ \
Ax Bx
| |
Xa---Xb
| |
LBa--LBb
\ /
B{1..n} (backend) servers 1 through N
I'm not aware of any vendors that would recommend your scheme.
Certainly F5 doesn't.
While I've seen stranger things, my hunch is that you didn't set it up
and that it isn't actually Anycast, but rather instead that you just
don't know the difference between pictures that are similar.
BTW, It is _possible_ for a vendor make a state maintanence protocol
that keeps the state of each tcp connection in sync on both systems. In
fact, linux clustering technology does this. However, this isn't Anycast
either, but is a single cluster computer assembled out of generic
computers with a special operating system that makes them work as a
single computer system. I don't know of any loadbalancer vendor that
does this. The F5 LTM doesn't do this.
--Dean
--Dean
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www1.ietf.org/mailman/listinfo/dnsop
