RE: Load Balancing; help explain [7:74376]

[Priscilla Oppenheimer]

lazy mentor wrote:
> 
> I've seen where people load balanced two T1's on a per packet
> basis and achieved 1.5 megs on both circuits. Which would give
> them a total of 3Megs, but the provider said that they are load
> balancing 1.5 megs over two T1's. I asked different person same
> provider, that if I'm load balancing two T1's and utilizing
> 100% on both circuits, isn't that 3Megs of data. 

More than 3 Megs of data (hopefully) which means 3 MBytes of data in my
dictionary. ;-)

To get to your real point, I agree with you that they should be able to
achieve 3 Mbps when doing per-packet load balancing across 2 T1s. Actually 6
Mbps since it's full duplex (assuming symmetic upload and download
requirements). Gotta run.

Priscilla

> They stuck to
> their guns and yelled 1.5. They couldn't prove it other than
> the fact that it came down from a higher source. I tried to
> google my questions for answers but no luck.If load balancing
> two circuits on the same router you can go with per packet. But
> it isn't recommended because it can be CPU intensive. But as
> for load balancing for servers, it is recommended to go with
> per destination. This will achieve better data transfer and
> once the connection is established to a server is will use only
> that T1 until the data transfer is complete so using a per
> destination you will never achieve more than 1.5.
> Some ISP's will strongly recommend per destination. I knew of
> one that would configure customers on a per packet, but is now
> only doing per destination.
> Muxing two T1's together with an ATM IMA, I know will give you
> a 3M circuit. Maybe the provider is right but I was just
> looking for some facts. I usually do research before I spead
> gossip.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74421&t=74376
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Load Balancing; help explain [7:74376]

[lazy mentor]

I've seen where people load balanced two T1's on a per packet basis and
achieved 1.5 megs on both circuits. Which would give them a total of 3Megs,
but the provider said that they are load balancing 1.5 megs over two T1's. I
asked different person same provider, that if I'm load balancing two T1's
and utilizing 100% on both circuits, isn't that 3Megs of data. They stuck to
their guns and yelled 1.5. They couldn't prove it other than the fact that
it came down from a higher source. I tried to google my questions for
answers but no luck.If load balancing two circuits on the same router you
can go with per packet. But it isn't recommended because it can be CPU
intensive. But as for load balancing for servers, it is recommended to go
with per destination. This will achieve better data transfer and once the
connection is established to a server is will use only that T1 until the
data transfer is complete so using a per destination you will never achieve
more than 1.5.
Some ISP's will strongly recommend per destination. I knew of one that would
configure customers on a per packet, but is now only doing per destination.
Muxing two T1's together with an ATM IMA, I know will give you a 3M circuit.
Maybe the provider is right but I was just looking for some facts. I usually
do research before I spead gossip.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74418&t=74376
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Load Balancing; help explain [7:74376]

[[EMAIL PROTECTED]]

What kind of process do you want to balance, ie what layer? Fail-over or
load-balance defined on source/destination/traffic or true server cpu load?

Sometimes you want do watch a 
quorum process (or critical application) and monitor that from a
serverfarm instead of doing 
a layer 2 (nic) or 
layer 3 (routers or w2k NLB).

Define your critical service (availability), go from there to
capacity(load).

This is the real stuff.

Martijn 


-Oorspronkelijk bericht-
Van: Aspiring Cisco Gurl [mailto:[EMAIL PROTECTED]
Verzonden: dinsdag 26 augustus 2003 5:01
Aan: [EMAIL PROTECTED]
Onderwerp: Load Balancing; help explain [7:74376]


I was asked a question about load balancing on routers and servers.  Ive
looked it up on the websites but can someone give me their 2 cents about it?
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74395&t=74376
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Load Balancing; help explain [7:74376]

[Aspiring Cisco Gurl]

I was asked a question about load balancing on routers and servers.  Ive
looked it up on the websites but can someone give me their 2 cents about it?


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74376&t=74376
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: RADIUS load-balancing [7:73138] LONG [7:73138]

[Rodrigo Kazuo Yamamoto]

Hi Martijn,

Many tks for your comments.

The problem is that we have a production network and we are using a RADIUS
service with a huge DB (no chance to change it). Actually, this is an ISP
service (server authenticating Internet users), so all users asks for
authentication to the same Virtual IP (many servers behind with distributed
DB)

One solution we had in mind was to change the source-port portion of every
packet, so the Content Switch would correctly perform the SLB... As we did
not find any feature to perform this job, we are thinking in changing boxes
to Radware. =)

Best regards,
Rodrigo Kazuo Yamamoto

 escreveu na mensagem
news:[EMAIL PROTECTED]
No radius load-balancing here, just sysadmin handy. Maybe you should check
Steel-Belted or something for scalability. My experience is that
Radiusserver load is VERY low due to little amount of packets (small DB
ofcourse).

Loadbalancing VPN client scenario:
Imagine 2 windows 2000 boxes (sorry) with ias installed and configured (MS
Radius=works ok)

Then based on for example 2 different VPN-groups (say in PIX) the PIX is
configured to contact Radiusserver1 or for the other group Radiusserver2.

So preferred for 50% of the users (different vpn-group) 1st server, other 50
% second server.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/ab.h
tm#1070086
For pix:
AAA server group tag (max 14 server groups)
(max 14 servers per group , so fail-over)



For hardware boxes IOS 12.2 SAYS:
You can put multiple hosts in a server group. Just do Radiusserver1 1st in
servergroup in 50% of the routers, say westcoast, south of state, and 50%
Radiusserver 2 1st in servergroup.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsec
ur_c/fsecsp/scfrad.htm#1001000

If two different host entries on the same RADIUS server are configured for
the same service-for example, accounting-the second host entry configured
acts as failover backup to the first one. Using this example, if the first
host entry fails to provide accounting services, the network access server
will try the second host entry configured on the same device for accounting
services. (The RADIUS host entries will be tried in the order in which they
are configured.)



Martijn

-Oorspronkelijk bericht-
Van: Rodrigo Kazuo Yamamoto [mailto:[EMAIL PROTECTED]
Verzonden: dinsdag 29 juli 2003 5:17
Aan: [EMAIL PROTECTED]
Onderwerp: RADIUS load-balancing [7:73138]


Hi list,

Does anyone have experience with CSS' server load-balancing, specifically
RADIUS load-balancing?

We got the following situation: LAC is generating all user authentication
packets using an unique source port / source address pair. What happens: CSS
treats all packets as an unique flow (as they seems to come from the same
IP+port pair), so we got a problem with the server load-balancing...

This behavior does make sense in almost all IP transactions, but not with
RADIUS (as there is no need for flow persistence) so we'd like to overcome
this limitation, due to our specific situation...

Anyone has some idea to change this behavior on CSS boxes?
* By the way, any thoughts in Alteon or Radware boxes? We have heard we can
change this behavior on an Alteon box (with some limitations) and that the
Radware box has an specific feature called RADIUS load-balancing, that
solves this problem... is that right?

Best regards.
Rodrigo Kazuo Yamamoto




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73163&t=73138
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RADIUS load-balancing [7:73138] LONG [7:73146]

[[EMAIL PROTECTED]]

No radius load-balancing here, just sysadmin handy. Maybe you should check
Steel-Belted or something for scalability. My experience is that
Radiusserver load is VERY low due to little amount of packets (small DB
ofcourse).

Loadbalancing VPN client scenario:
Imagine 2 windows 2000 boxes (sorry) with ias installed and configured (MS
Radius=works ok)

Then based on for example 2 different VPN-groups (say in PIX) the PIX is
configured to contact Radiusserver1 or for the other group Radiusserver2.

So preferred for 50% of the users (different vpn-group) 1st server, other 50
% second server.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/ab.h
tm#1070086 
For pix:
AAA server group tag (max 14 server groups)
(max 14 servers per group , so fail-over)



For hardware boxes IOS 12.2 SAYS:
You can put multiple hosts in a server group. Just do Radiusserver1 1st in
servergroup in 50% of the routers, say westcoast, south of state, and 50%
Radiusserver 2 1st in servergroup. 

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsec
ur_c/fsecsp/scfrad.htm#1001000

If two different host entries on the same RADIUS server are configured for
the same service-for example, accounting-the second host entry configured
acts as failover backup to the first one. Using this example, if the first
host entry fails to provide accounting services, the network access server
will try the second host entry configured on the same device for accounting
services. (The RADIUS host entries will be tried in the order in which they
are configured.) 



Martijn 

-Oorspronkelijk bericht-
Van: Rodrigo Kazuo Yamamoto [mailto:[EMAIL PROTECTED]
Verzonden: dinsdag 29 juli 2003 5:17
Aan: [EMAIL PROTECTED]
Onderwerp: RADIUS load-balancing [7:73138]


Hi list,

Does anyone have experience with CSS' server load-balancing, specifically
RADIUS load-balancing?

We got the following situation: LAC is generating all user authentication
packets using an unique source port / source address pair. What happens: CSS
treats all packets as an unique flow (as they seems to come from the same
IP+port pair), so we got a problem with the server load-balancing...

This behavior does make sense in almost all IP transactions, but not with
RADIUS (as there is no need for flow persistence) so we'd like to overcome
this limitation, due to our specific situation...

Anyone has some idea to change this behavior on CSS boxes?
* By the way, any thoughts in Alteon or Radware boxes? We have heard we can
change this behavior on an Alteon box (with some limitations) and that the
Radware box has an specific feature called RADIUS load-balancing, that
solves this problem... is that right?

Best regards.
Rodrigo Kazuo Yamamoto




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73146&t=73146
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RADIUS load-balancing [7:73138]

[Rodrigo Kazuo Yamamoto]

Hi list,

Does anyone have experience with CSS' server load-balancing, specifically
RADIUS load-balancing?

We got the following situation: LAC is generating all user authentication
packets using an unique source port / source address pair. What happens: CSS
treats all packets as an unique flow (as they seems to come from the same
IP+port pair), so we got a problem with the server load-balancing...

This behavior does make sense in almost all IP transactions, but not with
RADIUS (as there is no need for flow persistence) so we'd like to overcome
this limitation, due to our specific situation...

Anyone has some idea to change this behavior on CSS boxes?
* By the way, any thoughts in Alteon or Radware boxes? We have heard we can
change this behavior on an Alteon box (with some limitations) and that the
Radware box has an specific feature called RADIUS load-balancing, that
solves this problem... is that right?

Best regards.
Rodrigo Kazuo Yamamoto




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73138&t=73138
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Per-destination load balancing [7:72944]

[Howard C. Berkowitz]

At 2:34 PM + 7/25/03, p b wrote:
>Here's some text from CCO regarding CEF and using source
>and destination IPs to map a packet to one of a set of
>load sharing links:
>
>Configuring Per-Destination Load Balancing
>
>Per-destination load balancing is enabled by default when you enable CEF. To
>use per-destination load balancing, you do not perform any additional tasks
>once you enable CEF.
>
>Per-destination load balancing allows the router to use multiple paths to
>achieve load sharing. Packets for a given source-destination host pair are
>guaranteed to take the same path, even if multiple paths are available.
>Traffic destined for different pairs tend to take different paths.
>Per-destination load balancing is enabled by default when you enable CEF,
>and is the load balancing method of choice for most situations.
>
>The URL for the above is (watch wrap):
>
>http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_configuration_guide_chapter09186a00800ca6ca.html#1000956

I think the problem here is the documentation author, not IOS. It 
seems fairly clear to me that said author doesn't understand the 
difference between traditional destination cache and 
source-destination hash.

This hasn't been the first time strange things have happened. I 
remember that I looked at the original description of OSPF demand 
circuits and just blinked.  First, I knew from the OSPF Working Group 
how they were supposed to work.  Second, I knew the developer who 
wrote the code, and also wrote English very well.

I sent him an email, and he responded he had absolutely no idea, 
either, what the documentation was trying to say.  He observed his C 
code, even uncommented, was more readable.

>
>
>
>John Neiberger wrote:
>>
>>  Priscilla Oppenheimer wrote:
>>  >
>>  > John Neiberger wrote:
>>  > >
>>  > > Tim Champion wrote:
>>  > > >
>>  > > > Could someone please confirm the following to be true
>>  (taken
>>  > > > from CCO):
>>  > > >
>>  > > > "Per-destination load balancing allows the router to
>>  > > distribute
>>  > > > packets
>>  > > > based on the destination address, and uses multiple paths
>>  to
>>  > > > achieve load
>>  > > > sharing. Packets for a given source-destination host pair
>>  > are
>>  > > > guaranteed to
>>  > > > take the same path, even if multiple paths are available.
>>  > For
>>  > > > example, given
>>  > > > two paths to the same network, all packets for
>>  destination1
>>  > on
>>  > > > that network
>>  > > > go over the first path, all packets for destination2 on
>>  that
>>  > > > network go over
>>  > > > the second path, and so on. Per-destination load balancing
>>  > is
>>  > > > enabled by
>>  > > > default when you start the router, and is the preferred
>>  load
>>  > > > balancing for
>>  > > > most situations."
>>  > > >
>>  > > > It was my understanding that per-destination load
>>  balancing
>>  > > was
>>  > > > based on the
>>  > > > destination address only and not on the source/destination
>>  > > pair.
>>  > > >
>>  > > > If someone could clarify it would be much appreciated.
>>  > > >
>>  > > > Cheers
>>  > > > Tim
>>  > >
>>  > > This probably depends on the switching mechanism in place.
>>  > Fast
>>  > > switching, as I recall, simply caches the outgoing interface
>>  > > for any given destination so it's relying on the destination
>>  > > information only.
>>  >
>>  > Yes, fast-switching caches the outgoing interface for a
>>  > destination. All packets to a particular destination go out
>>  the
>>  > same interface. CEF works that way too if you use the default.
>>  >
>>  > > CEF uses both the source and destination.
>>  >
>>  > I don't think that is true? CEF doesn't look at source
>>  > addresses.
>>
>>  I just checked this on our 7513 running 12.2(17a). If you use
>>  the command "show ip cef exact-route sourceip destinationip"
>>  you'll see the cached exit interface. If you do this with
>>  several source addresses going to the same destination when
>>  there are multiple paths you'll see that they use different
>>  exit interfaces.
>>
>>  I wonder if the default behavior has changed as CEF has evolved?
>  >
>>  John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73031&t=72944
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Per-destination load balancing [7:72944]

[p b]

Here's some text from CCO regarding CEF and using source
and destination IPs to map a packet to one of a set of
load sharing links:

Configuring Per-Destination Load Balancing

Per-destination load balancing is enabled by default when you enable CEF. To
use per-destination load balancing, you do not perform any additional tasks
once you enable CEF.

Per-destination load balancing allows the router to use multiple paths to
achieve load sharing. Packets for a given source-destination host pair are
guaranteed to take the same path, even if multiple paths are available.
Traffic destined for different pairs tend to take different paths.
Per-destination load balancing is enabled by default when you enable CEF,
and is the load balancing method of choice for most situations.

The URL for the above is (watch wrap):

http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_configuration_guide_chapter09186a00800ca6ca.html#1000956




John Neiberger wrote:
> 
> Priscilla Oppenheimer wrote:
> > 
> > John Neiberger wrote:
> > > 
> > > Tim Champion wrote:
> > > > 
> > > > Could someone please confirm the following to be true
> (taken
> > > > from CCO):
> > > > 
> > > > "Per-destination load balancing allows the router to
> > > distribute
> > > > packets
> > > > based on the destination address, and uses multiple paths
> to
> > > > achieve load
> > > > sharing. Packets for a given source-destination host pair
> > are
> > > > guaranteed to
> > > > take the same path, even if multiple paths are available.
> > For
> > > > example, given
> > > > two paths to the same network, all packets for
> destination1
> > on
> > > > that network
> > > > go over the first path, all packets for destination2 on
> that
> > > > network go over
> > > > the second path, and so on. Per-destination load balancing
> > is
> > > > enabled by
> > > > default when you start the router, and is the preferred
> load
> > > > balancing for
> > > > most situations."
> > > > 
> > > > It was my understanding that per-destination load
> balancing
> > > was
> > > > based on the
> > > > destination address only and not on the source/destination
> > > pair.
> > > > 
> > > > If someone could clarify it would be much appreciated.
> > > > 
> > > > Cheers
> > > > Tim
> > > 
> > > This probably depends on the switching mechanism in place.
> > Fast
> > > switching, as I recall, simply caches the outgoing interface
> > > for any given destination so it's relying on the destination
> > > information only. 
> > 
> > Yes, fast-switching caches the outgoing interface for a
> > destination. All packets to a particular destination go out
> the
> > same interface. CEF works that way too if you use the default.
> > 
> > > CEF uses both the source and destination.
> > 
> > I don't think that is true? CEF doesn't look at source
> > addresses.
> 
> I just checked this on our 7513 running 12.2(17a). If you use
> the command "show ip cef exact-route sourceip destinationip"
> you'll see the cached exit interface. If you do this with
> several source addresses going to the same destination when
> there are multiple paths you'll see that they use different
> exit interfaces.
> 
> I wonder if the default behavior has changed as CEF has evolved?
> 
> John
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73026&t=72944
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Per-destination load balancing [7:72944]

[Tim Champion]

Thank you for your replies, think I've got it now.
""Tim Champion""  wrote in message
news:[EMAIL PROTECTED]
> Could someone please confirm the following to be true (taken from CCO):
>
> "Per-destination load balancing allows the router to distribute packets
> based on the destination address, and uses multiple paths to achieve load
> sharing. Packets for a given source-destination host pair are guaranteed
to
> take the same path, even if multiple paths are available. For example,
given
> two paths to the same network, all packets for destination1 on that
network
> go over the first path, all packets for destination2 on that network go
over
> the second path, and so on. Per-destination load balancing is enabled by
> default when you start the router, and is the preferred load balancing for
> most situations."
>
> It was my understanding that per-destination load balancing was based on
the
> destination address only and not on the source/destination pair.
>
>
>
> If someone could clarify it would be much appreciated.
>
>
>
> Cheers
>
>
>
> Tim




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73009&t=72944
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Per-destination load balancing [7:72944]

[Howard C. Berkowitz]

At 4:01 PM + 7/24/03, Tim Champion wrote:
>Could someone please confirm the following to be true (taken from CCO):
>
>"Per-destination load balancing allows the router to distribute packets
>based on the destination address, and uses multiple paths to achieve load
>sharing. Packets for a given source-destination host pair are guaranteed to
>take the same path, even if multiple paths are available. For example, given
>two paths to the same network, all packets for destination1 on that network
>go over the first path, all packets for destination2 on that network go over
>the second path, and so on. Per-destination load balancing is enabled by
>default when you start the router, and is the preferred load balancing for
>most situations."
>
>It was my understanding that per-destination load balancing was based on the
>destination address only and not on the source/destination pair.

There are two distinct modes.

Fast, silicon, autonomous and optimum switching are destination only.

CEF is source/destination pair.

I would consider CEF superior in just about any case I can think of, 
as long as the platform and IOS supports it.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72996&t=72944
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Per-destination load balancing [7:72944]

[John Neiberger]

If there are multiple levels of Heaven and our final destination has been
predetermined in order to equalize the number of people in each level, would
this be considered pre-destination load-balancing?

>>> Priscilla Oppenheimer 7/24/03 1:24:34 PM >>>
Packets for a given source-destination pair are a subset of packets for a
given destination. It's true that with per-destination load balancing, all
packets for a destination go out the same interface. Thus, it is true that
all packets for a given source-destination pair go out the same interface.

But I doubt the router acutally looks at the source address with basic
packet forwarding, so the tech writer who wrote the paragraph below
probably
should not have embellished it with that addition, unless it was somehow
relevant to some other part of the discussion. It's hard to tell without
seeing the entire context.

Hope that makes sense.

Priscilla

Tim Champion wrote:
> 
> Could someone please confirm the following to be true (taken
> from CCO):
> 
> "Per-destination load balancing allows the router to distribute
> packets
> based on the destination address, and uses multiple paths to
> achieve load
> sharing. Packets for a given source-destination host pair are
> guaranteed to
> take the same path, even if multiple paths are available. For
> example, given
> two paths to the same network, all packets for destination1 on
> that network
> go over the first path, all packets for destination2 on that
> network go over
> the second path, and so on. Per-destination load balancing is
> enabled by
> default when you start the router, and is the preferred load
> balancing for
> most situations."
> 
> It was my understanding that per-destination load balancing was
> based on the
> destination address only and not on the source/destination pair.
> 
> 
> 
> If someone could clarify it would be much appreciated.
> 
> 
> 
> Cheers
> 
> 
> 
> Tim




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72970&t=72944
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Per-destination load balancing [7:72944]

[Priscilla Oppenheimer]

Packets for a given source-destination pair are a subset of packets for a
given destination. It's true that with per-destination load balancing, all
packets for a destination go out the same interface. Thus, it is true that
all packets for a given source-destination pair go out the same interface.

But I doubt the router acutally looks at the source address with basic
packet forwarding, so the tech writer who wrote the paragraph below probably
should not have embellished it with that addition, unless it was somehow
relevant to some other part of the discussion. It's hard to tell without
seeing the entire context.

Hope that makes sense.

Priscilla

Tim Champion wrote:
> 
> Could someone please confirm the following to be true (taken
> from CCO):
> 
> "Per-destination load balancing allows the router to distribute
> packets
> based on the destination address, and uses multiple paths to
> achieve load
> sharing. Packets for a given source-destination host pair are
> guaranteed to
> take the same path, even if multiple paths are available. For
> example, given
> two paths to the same network, all packets for destination1 on
> that network
> go over the first path, all packets for destination2 on that
> network go over
> the second path, and so on. Per-destination load balancing is
> enabled by
> default when you start the router, and is the preferred load
> balancing for
> most situations."
> 
> It was my understanding that per-destination load balancing was
> based on the
> destination address only and not on the source/destination pair.
> 
> 
> 
> If someone could clarify it would be much appreciated.
> 
> 
> 
> Cheers
> 
> 
> 
> Tim
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72954&t=72944
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Per-destination load balancing [7:72944]

[John Neiberger]

Tim Champion wrote:
> 
> Could someone please confirm the following to be true (taken
> from CCO):
> 
> "Per-destination load balancing allows the router to distribute
> packets
> based on the destination address, and uses multiple paths to
> achieve load
> sharing. Packets for a given source-destination host pair are
> guaranteed to
> take the same path, even if multiple paths are available. For
> example, given
> two paths to the same network, all packets for destination1 on
> that network
> go over the first path, all packets for destination2 on that
> network go over
> the second path, and so on. Per-destination load balancing is
> enabled by
> default when you start the router, and is the preferred load
> balancing for
> most situations."
> 
> It was my understanding that per-destination load balancing was
> based on the
> destination address only and not on the source/destination pair.
> 
> If someone could clarify it would be much appreciated.
> 
> Cheers
> Tim

This probably depends on the switching mechanism in place. Fast switching,
as I recall, simply caches the outgoing interface for any given destination
so it's relying on the destination information only. CEF uses both the
source and destination. Multiple sources trying to reach the same
destination might not use the same outgoing interface.

John



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72962&t=72944
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Per-destination load balancing [7:72944]

[Tim Champion]

Could someone please confirm the following to be true (taken from CCO):

"Per-destination load balancing allows the router to distribute packets
based on the destination address, and uses multiple paths to achieve load
sharing. Packets for a given source-destination host pair are guaranteed to
take the same path, even if multiple paths are available. For example, given
two paths to the same network, all packets for destination1 on that network
go over the first path, all packets for destination2 on that network go over
the second path, and so on. Per-destination load balancing is enabled by
default when you start the router, and is the preferred load balancing for
most situations."

It was my understanding that per-destination load balancing was based on the
destination address only and not on the source/destination pair.



If someone could clarify it would be much appreciated.



Cheers



Tim




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72944&t=72944
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: How do I check if load balancing works ? Catalyst 2900 and [7:72700]

[Tom Martin]

Chris,

Since you are choosing the link based on MAC addresses and only one 
switch LED is blinking, is your test traffic to stations located across 
a router? The router will obviously have a single MAC address, so 
EtherChannel based on MACs will use only a single link. Perhaps you 
should change to IP balancing.

Regarless of whether you use MAC or IP balancing, make sure that your 
test includes multiple destinations or you will only ever use one link!

- Tom

Chris wrote:
> Hi everybody
> 
> 
> I have a Compaq server with 2 NC3121 cards. According with the docs, the
> card supports Fast Etherchannel
> static configuration (ON).
> I couldn't find a procedure to set up Fast Etherchannel for the network
card
> so I did what I thought it was better.
> 
> I selected the following :
> Teaming control =Load balancing
> Load balancing options:
> ---
> [x]Switch assisted load balancing
> [ ]Transmit load balancing
> ---
> [x ]Balance with MAC addresses
> [ ]Balance with IP addresses
> ---
> 
> On the switch side I set up the following:
> 
> interface Port-channel
>  no ip address
>  flowcontrol send off
> !
> interface FastEthernet0/1
>  no ip address
>  channel-group 1 mode on
> !
> interface FastEthernet0/2
>  no ip address
>  channel-group 1 mode on
> 
> Everything looks fine, the redundancy works but how can I see if it works ?
> I mean the load balancing.
> I don't know the SNMP OID to monitor that interface. Judging by the
blinking
> lights it works only on one interface.
> I made the tests selecting different classes of IPs (10 mod 2 and 10 mod 5)
> for transmission on the server side
> I set up the switch on source balancing. Not very sure that both MAC aren't
> in the same class (MAC) mod 2.
> The 'show int' command shows me load only on the first interface of the
> channel.
> The 'debug etherchanel' shows that the switch senses the disconnecting of
> the interfaces (if I test this).
> 
> Any clue ?
> Thank you
> Chris




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72700&t=72700
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: How do I check if load balancing works ? (silly [7:72635]

[Howard C. Berkowitz]

I do have this horrible mental image of Blind Justice standing there 
with a packet stream going into each pan of the balance. Of course, 
one needs to decide on the weight of a packet...




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72635&t=72635
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: How do I check if load balancing works ? Catalyst 2900 and [7:72605]

[Larry Letterman]

Look at the switch counters for the interfaces, they should
Both be counting up bits and frames when the port channel 
Is moving data...


Larry Letterman
Cisco Systems




-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Chris
Sent: Friday, July 18, 2003 2:45 PM
To: [EMAIL PROTECTED]
Subject: How do I check if load balancing works ? Catalyst 2900 and
[7:72601]


Hi everybody


I have a Compaq server with 2 NC3121 cards. According with the docs, the
card supports Fast Etherchannel static configuration (ON). I couldn't
find a procedure to set up Fast Etherchannel for the network card so I
did what I thought it was better.

I selected the following :
Teaming control =Load balancing
Load balancing options:
---
[x]Switch assisted load balancing
[ ]Transmit load balancing
---
[x ]Balance with MAC addresses
[ ]Balance with IP addresses
---

On the switch side I set up the following:

interface Port-channel
 no ip address
 flowcontrol send off
!
interface FastEthernet0/1
 no ip address
 channel-group 1 mode on
!
interface FastEthernet0/2
 no ip address
 channel-group 1 mode on

Everything looks fine, the redundancy works but how can I see if it
works ? I mean the load balancing. I don't know the SNMP OID to monitor
that interface. Judging by the blinking lights it works only on one
interface. I made the tests selecting different classes of IPs (10 mod 2
and 10 mod 5) for transmission on the server side I set up the switch on
source balancing. Not very sure that both MAC aren't in the same class
(MAC) mod 2. The 'show int' command shows me load only on the first
interface of the channel. The 'debug etherchanel' shows that the switch
senses the disconnecting of the interfaces (if I test this).

Any clue ?
Thank you
Chris




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72605&t=72605
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

How do I check if load balancing works ? Catalyst 2900 and [7:72601]

[Chris]

Hi everybody


I have a Compaq server with 2 NC3121 cards. According with the docs, the
card supports Fast Etherchannel
static configuration (ON).
I couldn't find a procedure to set up Fast Etherchannel for the network card
so I did what I thought it was better.

I selected the following :
Teaming control =Load balancing
Load balancing options:
---
[x]Switch assisted load balancing
[ ]Transmit load balancing
---
[x ]Balance with MAC addresses
[ ]Balance with IP addresses
---

On the switch side I set up the following:

interface Port-channel
 no ip address
 flowcontrol send off
!
interface FastEthernet0/1
 no ip address
 channel-group 1 mode on
!
interface FastEthernet0/2
 no ip address
 channel-group 1 mode on

Everything looks fine, the redundancy works but how can I see if it works ?
I mean the load balancing.
I don't know the SNMP OID to monitor that interface. Judging by the blinking
lights it works only on one interface.
I made the tests selecting different classes of IPs (10 mod 2 and 10 mod 5)
for transmission on the server side
I set up the switch on source balancing. Not very sure that both MAC aren't
in the same class (MAC) mod 2.
The 'show int' command shows me load only on the first interface of the
channel.
The 'debug etherchanel' shows that the switch senses the disconnecting of
the interfaces (if I test this).

Any clue ?
Thank you
Chris




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72601&t=72601
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: load balancing switch? [7:72295]

[Ants]

equipment... 6 network segments, 2 switches and 2 firewalls in a clustered
environment.

have networks 1; 2; 3; 4;5 and 6 going into 2 switches (1;2;3 into A and
4;5;6 into B)
A connects to both Firewall C and D which belongs to a clustered firewall
environment.
B connects to both Firewall C and D which belongs to a clustered firewall
environment.

need to load balance the data between switches and the firewalls...

need to find out whether this is possible.. and possible desing thereoff...
but not sure what switches / catalysts i'll need..
hope this helps.
cheers



""lat tos""  wrote in message
news:[EMAIL PROTECTED]
> load balancing? could u give more details




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72320&t=72295
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: load balancing switch? [7:72295]

[lat tos]

load balancing? could u give more details 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72307&t=72295
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

load balancing switch? [7:72295]

[Ants]

Hi,
Anyone knows what model (entry level) cisco switch/catalyst  I'll need that
can do load balancing?
cheers




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72295&t=72295
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: EIGRP Load Balancing ??'s [7:71607]

[Zsombor Papp]

Hi,

if you are running CEF (generally a good idea), then per-packet load 
balancing can be turned on with the command 'ip load-sharing per-packet'. 
You have to configure this on the outgoing interfaces (if I remember 
correctly).

Note however that per-destination load balancing means only that packets 
for a given source-destination host pair take the same path, so if you have 
more than one host on any side of the network and traffic is more or less 
evenly distributed among them, then it should work even with 
per-destination load balancing (which is the default setting if you use CEF).

The command 'no ip route-cache' turns off fast switching, which would also 
result in per-packet load balancing but also in a performance hit. I think 
this is what you have heard about. I don't think per-packet load balancing 
with CEF will decrease performance.

Thanks,

Zsombor

At 11:58 PM 6/28/2003 +, Stephen Manuel wrote:
>Group,
>
>
>
>I have a customer that has two locations connected via 2-Full
>point-to-point T1's.
>
>
>
>The customer has a 1720 at each location.
>
>
>
>The customer is using EIGRP to load balance the two locations.
>
>
>
>The networks at each location show in the routing tables with the same
>administrative distance.
>
>
>
>Everything is fine up to this point.
>
>
>
>However, when I look at the traffic statistics for each of the T1's, the
>first T1 has significantly higher utilization.
>
>
>
>My research has led me to believe the reason that traffic isn't spread
>more evenly over the T1's is due to the way the 1720's switch the
>traffic.
>
>
>
>It's my understanding that by default the 1720's use per-destination
>load balancing in the type of scenario my customer has.
>
>
>
>Since only one network is at each location this would explain the
>utilization issues.
>
>
>
>The solution appears to be for the customer to implement per packet load
>balancing.
>
>
>
>Am I correct on my points so far ??
>
>
>
>If I implement per packet load-balancing for the customer, is the
>command to do this no ip route-cache ??
>
>
>
>If yes, on what interface do I place the command, if not what are the
>command or commands and how are they implemented ??
>
>
>
>One of the warnings I've read about concerning per packet load-balancing
>is that low end routers like the 1720 may not be able to handle, should
>I be concerned about the 1720's ??
>
>The customer has a pair of 2621's we could use in place of the 1720's.
>
>
>
>Bottomline, the customer would like to load balance the two locations
>via the two T1's move evenly, am I proceeding the right direction ??
>
>
>
>If not, what recommendations would others offer.
>
>
>
>Thanks in advance.
>
>
>
>Stephen Manuel




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=71610&t=71607
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

EIGRP Load Balancing ??'s [7:71607]

[Stephen Manuel]

Group, 

 

I have a customer that has two locations connected via 2-Full
point-to-point T1's. 

 

The customer has a 1720 at each location. 

 

The customer is using EIGRP to load balance the two locations. 

 

The networks at each location show in the routing tables with the same
administrative distance. 

 

Everything is fine up to this point. 

 

However, when I look at the traffic statistics for each of the T1's, the
first T1 has significantly higher utilization. 

 

My research has led me to believe the reason that traffic isn't spread
more evenly over the T1's is due to the way the 1720's switch the
traffic. 

 

It's my understanding that by default the 1720's use per-destination
load balancing in the type of scenario my customer has. 

 

Since only one network is at each location this would explain the
utilization issues. 

 

The solution appears to be for the customer to implement per packet load
balancing. 

 

Am I correct on my points so far ??

 

If I implement per packet load-balancing for the customer, is the
command to do this no ip route-cache ??

 

If yes, on what interface do I place the command, if not what are the
command or commands and how are they implemented ??

 

One of the warnings I've read about concerning per packet load-balancing
is that low end routers like the 1720 may not be able to handle, should
I be concerned about the 1720's ??  

The customer has a pair of 2621's we could use in place of the 1720's.

 

Bottomline, the customer would like to load balance the two locations
via the two T1's move evenly, am I proceeding the right direction ?? 

 

If not, what recommendations would others offer. 

 

Thanks in advance. 

 

Stephen Manuel




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=71607&t=71607
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: one 1720 with 2 ADSL load balancing or bounding 2 adsl [7:70966]

[Groupstudy.com]

He, I would like to ask  if somebody tried balance the traffic over 2 adsl
(internet) in one router  ( or bound them)  to increase the bandwidth
using only one ISP. ?

Thanks for your help.
Amalker


""Tim Champion""  escribis en el mensaje
news:[EMAIL PROTECTED]
> I have a situation whereby I want to perform load balancing across 2
links.
> The problem is that the router which will have to perform the load
balancing
> learns one route via EIGRP and the other from a static route. I know how
to
> alter the administrative distance of the static route but I'm not sure on
> how to tweak the metric. I guess I need to either increase the metric of
the
> static route of reduce the metric of the EIGRP route.
>
> Any suggestions would be appreciated.
>
>
> Tim




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70966&t=70966
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: so how does IGRP unequal load-balancing work anywa [7:66795]

[Scott Roberts]

your example is fair. I haven't seen many real example of load balancing. in
the case you're describing you can simply change the metrics on one of the
routers 'secondary' link to the other router. this would prevent it from
passing anything it received from the one router back to itself. yes the way
you've created the example things would 'loop' between them, but as an
experienced cisco person, you've recognized the misconfiguration and have
avoid the conflict in this setup.

I can come up with dozens of normal operation scenarios where if put
together in such a manner (which taken alone work fine), would fall apart
because they were assembled without a perspective on the greater network.
its like me wondering about the validity of marriage if the possibility
exists that  could marry my own sister. its a possibilty if I can think of
the right scenario, but with this knowledge in mind, I can be on the lookout
for anyone that resembles me a bit too closely.

scott

""nwo""  wrote in message
news:[EMAIL PROTECTED]
> OK, consider this scenario.
>
> You have a large network of IGRP routers.  You have routers A and B who
each
> have a metric of, say, 10 to a given destination (I am going to use simple
> values for the metrics of IGRP to make things easy).  Routers A and B are
> also directly connected, and the link between them has a metric of 1.
> Router A sends an update to B that the destination has a metric of 10, and
> router B adds the value of the link to arrive at a total metric of 11.
> Therefore, router B has 2 ways to get to the destination, the first would
be
> through the normal way (through the path that has a metric of 10) and the
> other through router A (which has a metric of 11).  Vice versa is also
true
> with respect to router A.  When you configure variance of larger than 1,
> then both paths will be entered into the route table.
>
> If this is the case, then you can see that some packets can bounce around.
> For example, router A may, through unequal load-balancing, send some of
the
> dest packets to B, and then B will, again through unequal balancing, send
> some of those packets back to A, etc.  Yes, the number of packets sent the
> 'wrong way' decreases exponentially but the point is that there is still
> some bouncing around.
>
> The only way I can see that this would not happen is if a router would
> compare the metric of a received route (before the cost of the link is
> added) to the metric that the router is currently holding for that route,
> and if it is equal to or greater than that value, the route is rejected
> unconditionally for unequal balancing.  This would be something similar to
> what the whole EIGRP successor algorithm accomplishes.  Does anybody know
> for a fact whether this is in the IGRP algorithm?
>
>
> ""Priscilla Oppenheimer""  wrote in message
> news:[EMAIL PROTECTED]
> > nwo wrote:
> > >
> > > It occurs to me that I do not understand how IGRP unequal load
> > > balancing
> > > works.
> > >
> > > Yes, I understand what the commands are, and I am well aware of
> > > the
> > > intricacies involved in fast-switching and CEF.  So please
> > > don't respond by
> > > telling me to configure 'variance' or stuff like that.  I
> > > already know all
> > > that.
> > >
> > > What I don't understand is this.  A fundamental part of EIGRP
> > > unequal load
> > > balancing is the concept of the feasible successor, where
> > > routes of unequal
> > > metric to a particular destination will be considered only if
> > > the
> > > corresponding neighbor is a feasible successor for the
> > > destination in
> > > question.  This is in order to prevent the problem of packets
> > > being sent to
> > > to a router that is actually further away from the destination
> > > than the
> > > sending router is to that destination.
> > >
> > > Yet, I am aware of no such safeguards in IGRP.  IGRP has no
> > > such concept of
> >
> > I don't think such a safeguard is necessary. A router running even a
> simple
> > distance-vector protocol like IGRP knows the metric of its neighbors
> because
> > the neighbors report it in update packets. The router can add routes to
> the
> > routing table based on this information alone and knowledge of the
> variance
> > and maximum-paths values. It would be a broken protocol indeed if it
added
> > routes that included a next-hop neighbor that was farther away.
> >
> > The business of feasible successors, unique to EIGRP,

Re: so how does IGRP unequal load-balancing work anywa [7:66727]

[nwo]

OK, consider this scenario.

You have a large network of IGRP routers.  You have routers A and B who each
have a metric of, say, 10 to a given destination (I am going to use simple
values for the metrics of IGRP to make things easy).  Routers A and B are
also directly connected, and the link between them has a metric of 1.
Router A sends an update to B that the destination has a metric of 10, and
router B adds the value of the link to arrive at a total metric of 11.
Therefore, router B has 2 ways to get to the destination, the first would be
through the normal way (through the path that has a metric of 10) and the
other through router A (which has a metric of 11).  Vice versa is also true
with respect to router A.  When you configure variance of larger than 1,
then both paths will be entered into the route table.

If this is the case, then you can see that some packets can bounce around.
For example, router A may, through unequal load-balancing, send some of the
dest packets to B, and then B will, again through unequal balancing, send
some of those packets back to A, etc.  Yes, the number of packets sent the
'wrong way' decreases exponentially but the point is that there is still
some bouncing around.

The only way I can see that this would not happen is if a router would
compare the metric of a received route (before the cost of the link is
added) to the metric that the router is currently holding for that route,
and if it is equal to or greater than that value, the route is rejected
unconditionally for unequal balancing.  This would be something similar to
what the whole EIGRP successor algorithm accomplishes.  Does anybody know
for a fact whether this is in the IGRP algorithm?


""Priscilla Oppenheimer""  wrote in message
news:[EMAIL PROTECTED]
> nwo wrote:
> >
> > It occurs to me that I do not understand how IGRP unequal load
> > balancing
> > works.
> >
> > Yes, I understand what the commands are, and I am well aware of
> > the
> > intricacies involved in fast-switching and CEF.  So please
> > don't respond by
> > telling me to configure 'variance' or stuff like that.  I
> > already know all
> > that.
> >
> > What I don't understand is this.  A fundamental part of EIGRP
> > unequal load
> > balancing is the concept of the feasible successor, where
> > routes of unequal
> > metric to a particular destination will be considered only if
> > the
> > corresponding neighbor is a feasible successor for the
> > destination in
> > question.  This is in order to prevent the problem of packets
> > being sent to
> > to a router that is actually further away from the destination
> > than the
> > sending router is to that destination.
> >
> > Yet, I am aware of no such safeguards in IGRP.  IGRP has no
> > such concept of
>
> I don't think such a safeguard is necessary. A router running even a
simple
> distance-vector protocol like IGRP knows the metric of its neighbors
because
> the neighbors report it in update packets. The router can add routes to
the
> routing table based on this information alone and knowledge of the
variance
> and maximum-paths values. It would be a broken protocol indeed if it added
> routes that included a next-hop neighbor that was farther away.
>
> The business of feasible successors, unique to EIGRP, helps maintain the
> routing table when changes happen, such as when a directly connected link
> fails or when update or queries arrive. I don't know if it's used for load
> balancing though. It wouldn't need to be.
>
> If you have a URL that explains what feasible successor has to do with
load
> balancing, please send it. Thanks. But I would probably still say that
it's
> not necessary for load balancing to work.
>
> > a topology table with neighbor's advertised distances and
> > whatnot.
> > Therefore it seems that packets could easily be forwarded away
> > from the
> > destination.
>
> Not if the distance-vector protocol is working correctly.
>
> > Furthermore, it would seem to me that packets
> > could actually
> > bounce back and forth between 2 routers for awhile.
>
> Once again, not if the distance-vector protocol is working correctly,
unless
> I'm missing something.
>
> Priscilla
>
>
> >
> > Please say it ain't so.  Yet I am unaware of any construct
> > within IGRP that
> > would prevent it from being so.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66727&t=66727
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: so how does IGRP unequal load-balancing work anyway? [7:66722]

[Scott Roberts]

considering hold-down times and split horison, why do you think that packets
would bounces in a loop under normal conditions? I think under normal
conditions if a route is considered valid enough to be included in a routing
table, its not going to be a loop.

I think EIGRP only looked for alternate successors when the feasible
successor was a really bad cost, was because of an optimization standpoint
and not a loop issue.

I agree that there can be some issues with classful protocols and routing,
but I think the issue of load balancing legitimately discovered routes isn't
worrisome. you'll pretty much have an eye on your network and know if
something isn't right, but it seems like you're worried that if you setup a
network and leave it for a few years unattended there might be problems,
well what network won't under those circumstances?

scott

""nwo""  wrote in message
news:[EMAIL PROTECTED]
> It occurs to me that I do not understand how IGRP unequal load balancing
> works.
>
> Yes, I understand what the commands are, and I am well aware of the
> intricacies involved in fast-switching and CEF.  So please don't respond
by
> telling me to configure 'variance' or stuff like that.  I already know all
> that.
>
> What I don't understand is this.  A fundamental part of EIGRP unequal load
> balancing is the concept of the feasible successor, where routes of
unequal
> metric to a particular destination will be considered only if the
> corresponding neighbor is a feasible successor for the destination in
> question.  This is in order to prevent the problem of packets being sent
to
> to a router that is actually further away from the destination than the
> sending router is to that destination.
>
> Yet, I am aware of no such safeguards in IGRP.  IGRP has no such concept
of
> a topology table with neighbor's advertised distances and whatnot.
> Therefore it seems that packets could easily be forwarded away from the
> destination.  Furthermore, it would seem to me that packets could actually
> bounce back and forth between 2 routers for awhile.
>
> Please say it ain't so.  Yet I am unaware of any construct within IGRP
that
> would prevent it from being so.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66722&t=66722
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: so how does IGRP unequal load-balancing work anywa [7:66665]

[Priscilla Oppenheimer]

nwo wrote:
> 
> It occurs to me that I do not understand how IGRP unequal load
> balancing
> works.
> 
> Yes, I understand what the commands are, and I am well aware of
> the
> intricacies involved in fast-switching and CEF.  So please
> don't respond by
> telling me to configure 'variance' or stuff like that.  I
> already know all
> that.
> 
> What I don't understand is this.  A fundamental part of EIGRP
> unequal load
> balancing is the concept of the feasible successor, where
> routes of unequal
> metric to a particular destination will be considered only if
> the
> corresponding neighbor is a feasible successor for the
> destination in
> question.  This is in order to prevent the problem of packets
> being sent to
> to a router that is actually further away from the destination
> than the
> sending router is to that destination.
> 
> Yet, I am aware of no such safeguards in IGRP.  IGRP has no
> such concept of

I don't think such a safeguard is necessary. A router running even a simple
distance-vector protocol like IGRP knows the metric of its neighbors because
the neighbors report it in update packets. The router can add routes to the
routing table based on this information alone and knowledge of the variance
and maximum-paths values. It would be a broken protocol indeed if it added
routes that included a next-hop neighbor that was farther away.

The business of feasible successors, unique to EIGRP, helps maintain the
routing table when changes happen, such as when a directly connected link
fails or when update or queries arrive. I don't know if it's used for load
balancing though. It wouldn't need to be.

If you have a URL that explains what feasible successor has to do with load
balancing, please send it. Thanks. But I would probably still say that it's
not necessary for load balancing to work.

> a topology table with neighbor's advertised distances and
> whatnot.
> Therefore it seems that packets could easily be forwarded away
> from the
> destination. 

Not if the distance-vector protocol is working correctly.

> Furthermore, it would seem to me that packets
> could actually
> bounce back and forth between 2 routers for awhile.

Once again, not if the distance-vector protocol is working correctly, unless
I'm missing something.

Priscilla


> 
> Please say it ain't so.  Yet I am unaware of any construct
> within IGRP that
> would prevent it from being so.
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66717&t=5
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: so how does IGRP unequal load-balancing work anyway? [7:66667]

[Tim Champion]

I can't remember the exact terminology but an IGRP router is aware of a
neighbors metric to a destination as well as its own metric to the same
destination. The router will only consider routes to be valid if the
upstream router's metric to the destination is lower than its own metric to
the same destination. This prevents the problems you mentioned below. You
may want to get a second opinion on this!

Tim

""nwo""  wrote in message
news:[EMAIL PROTECTED]
> It occurs to me that I do not understand how IGRP unequal load balancing
> works.
>
> Yes, I understand what the commands are, and I am well aware of the
> intricacies involved in fast-switching and CEF.  So please don't respond
by
> telling me to configure 'variance' or stuff like that.  I already know all
> that.
>
> What I don't understand is this.  A fundamental part of EIGRP unequal load
> balancing is the concept of the feasible successor, where routes of
unequal
> metric to a particular destination will be considered only if the
> corresponding neighbor is a feasible successor for the destination in
> question.  This is in order to prevent the problem of packets being sent
to
> to a router that is actually further away from the destination than the
> sending router is to that destination.
>
> Yet, I am aware of no such safeguards in IGRP.  IGRP has no such concept
of
> a topology table with neighbor's advertised distances and whatnot.
> Therefore it seems that packets could easily be forwarded away from the
> destination.  Furthermore, it would seem to me that packets could actually
> bounce back and forth between 2 routers for awhile.
>
> Please say it ain't so.  Yet I am unaware of any construct within IGRP
that
> would prevent it from being so.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=7&t=7
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

so how does IGRP unequal load-balancing work anyway? [7:66665]

[nwo]

It occurs to me that I do not understand how IGRP unequal load balancing
works.

Yes, I understand what the commands are, and I am well aware of the
intricacies involved in fast-switching and CEF.  So please don't respond by
telling me to configure 'variance' or stuff like that.  I already know all
that.

What I don't understand is this.  A fundamental part of EIGRP unequal load
balancing is the concept of the feasible successor, where routes of unequal
metric to a particular destination will be considered only if the
corresponding neighbor is a feasible successor for the destination in
question.  This is in order to prevent the problem of packets being sent to
to a router that is actually further away from the destination than the
sending router is to that destination.

Yet, I am aware of no such safeguards in IGRP.  IGRP has no such concept of
a topology table with neighbor's advertised distances and whatnot.
Therefore it seems that packets could easily be forwarded away from the
destination.  Furthermore, it would seem to me that packets could actually
bounce back and forth between 2 routers for awhile.

Please say it ain't so.  Yet I am unaware of any construct within IGRP that
would prevent it from being so.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=5&t=5
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Server Load Balancing Options [7:66272]

[Jay Greenberg]

Hello, would someone please validate this list, and or recommend less
alternatives?  I would appreciate it a lot!

Our requirements: 
1) Server Load Balancing (IP address translation) LAYER 3 ONLY
2) Server availability monitoring (ping?)
3) Redundant Switch Capability (SLB HSRP?)
4) medium load - DNS, LDAP, mail, radius, etc..

As far as I can tell, my options are

1) 6500 SLB CSM - 40-100 grand ?? what modules are needed here?
2) 6500 cat/native OS SLB ??? what modules are needed here?
3) 4840G - 30 grand
4) 7200 Router IOS SLB 
CCIE #11021




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66272&t=66272
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Load Balancing and NAT [7:64904]

[Me]

Interesting.  I am looking at doing the same thing after my Sprint circuit
was down three times in three business days for ~4 hours each time.
Something that makes my situation difficult is I have control of the 1700 on
my quest circuit but not the sprint router, it is owned by sprint.  So I
have to leave the sprint router in place and run its eth0 to an ethernet wic
in the 1700 and let it hadle the load balancing.  I'm thinking of trying to
let the 1700 do NAT as well so the ip blocks of both quest and sprint
circuits to appear within the same NAT'ed block inside.  The other part of
the design I have is a vpn established between the firewall behind the
router and a firewall in my co-lo.  I'm thinking of trying to establish the
vpn with an ip on each isp's block for redundancy there then start settign
up all traffic in and out of my site to go through the vpn so I shouldn't
have to worry about the different ip blocks.

""Terry Oldham""  wrote in message
news:[EMAIL PROTECTED]
> Hello all,
>
>  I am attempting to setup a Cisco 1721 Router with load balancing and
> NAT so that we can provide a dual T1 connection to the network. This is
the
> first time I have done anything like this and I was wanting to know if
> anyone had any good pointers they could give me or any commands that I
> should beware of or add.
>
> Thanks,
>
> Terry O




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65247&t=64904
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Load Balancing and NAT [7:64904]

[Howard C. Berkowitz]

At 5:41 PM + 3/10/03, Logan, Harold wrote:
>I have a question about this setup, but it's more deisgn-oriented than
>configuration. What's the benefit of having redundant ISPs if they both
>connect to one router?

Single router with multiple ISPs:  Protects you against failure in the
ISP routing system. Both ISPs still
may get bad routing data. No guard
against
router or local loop failure.

Multiple routers to different POPs of the same ISP:  Protects you against
local loop failure, lets you contract
for physical route diversity within
the ISP. No guard against ISP-wide
routing failure. You may be able to
negotiate multiple upstreams.

Multiple routers to different ISPs: may or may not protect against local
loop failure, depending on how far apart
you place the routers. Potentially decent
protection against routing failure. Still
vulnerable if there is a common upstream.

>I realize that a WAN circuit is more likely to have
>problems than the router hardware is, but it seems like both the
>configuration problem and the single point of failure can be addressed by
>adding a second router. From there, I see two options. #1, break up the LAN
>into two DHCP scopes (if DHCP is used) and assign the IP's of both routers
>as the default gateway, but alternate them. Scope 1 would have R1's IP as
>the primary default gateway, and R2's as the secondary, and vice versa for
>scope 2. #2, Use a layer 3 switch at the core of the LAN, and configure
>routed ports. Give the switch two default routes with the same AD, and it
>will load balance between the two routers.
>
>Does either of these sound feasible?
>
>Hal
>
>>  -Original Message-
>>  From: Terry Oldham [mailto:[EMAIL PROTECTED]
>>  Sent: Monday, March 10, 2003 11:07 AM
>>  To: [EMAIL PROTECTED]
>>  Subject: Re: Load Balancing and NAT [7:64904]
>>
>>
>>  The T1's are from different providers, Qwest and Sprint.  And
>>  no we will not
>>  be running BGP...
>>
>>
>>  ""Troy Leliard""  wrote in message
>>  news:[EMAIL PROTECTED]
>>  > First big question, are your T1's from the same provider, or from a
>>  > different provider, and thus different "public" ip address
>>  space?  If it
>>  is
>>  > from a different provider, you may well run into some
>>  problems with NAT.
>>  >
>>  > Say for example, client A connects to your webserver (via
>>  ISP A's public
>>  IP
>>  > address that is assigned to you, say x.x.x.x) which is then
>>  Nat'd to your
>>  > internal RFC1918 address  That will work all fine and
>>  dandy, but what
>>  about
>>  > if your default gateway is ISP B's T1.  Outbound packets,
>>  returning to
>>  > Client A, will be NAT'd to ISB B's outside address, say y.y.y.y.  If
>>  Client
>>  > A is behind a stateful firewall, return packets will be
>>  dropped, as it
>>  will
>>  > have ISP B's SRC address, and it will be expecting ISP A's.
>>  >
>>  > There are a number of ways around this, but I will wait for
>>  more detauls
>>  > before going on.  Presumably you are not / will not be
>>  running BGP, and
>>  have
>  > > your own AS?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64989&t=64904
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Load Balancing and NAT [7:64904]

[Amar KHELIFI]

ot;"  a icrit dans le message de news:
> > [EMAIL PROTECTED]
> > > The T1's are from different providers, Qwest and Sprint.  And no we
will
> > not
> > > be running BGP...
> > >
> > >
> > > ""Troy Leliard""  wrote in message
> > > news:[EMAIL PROTECTED]
> > > > First big question, are your T1's from the same provider, or from a
> > > > different provider, and thus different "public" ip address space?
If
> it
> > > is
> > > > from a different provider, you may well run into some problems with
> NAT.
> > > >
> > > > Say for example, client A connects to your webserver (via ISP A's
> public
> > > IP
> > > > address that is assigned to you, say x.x.x.x) which is then Nat'd to
> > your
> > > > internal RFC1918 address  That will work all fine and dandy, but
what
> > > about
> > > > if your default gateway is ISP B's T1.  Outbound packets, returning
to
> > > > Client A, will be NAT'd to ISB B's outside address, say y.y.y.y.  If
> > > Client
> > > > A is behind a stateful firewall, return packets will be dropped, as
it
> > > will
> > > > have ISP B's SRC address, and it will be expecting ISP A's.
> > > >
> > > > There are a number of ways around this, but I will wait for more
> detauls
> > > > before going on.  Presumably you are not / will not be running BGP,
> and
> > > have
> > > > your own AS?
> > > >
> > > > Terry Oldham wrote:
> > > > >
> > > > > Hello all,
> > > > >
> > > > >  I am attempting to setup a Cisco 1721 Router with load
> > > > > balancing and
> > > > > NAT so that we can provide a dual T1 connection to the network.
> > > > > This is the
> > > > > first time I have done anything like this and I was wanting to
> > > > > know if
> > > > > anyone had any good pointers they could give me or any commands
> > > > > that I
> > > > > should beware of or add.
> > > > >
> > > > > Thanks,
> > > > >
> > > > > Terry O




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64932&t=64904
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Load Balancing and NAT [7:64904]

[Logan, Harold]

I have a question about this setup, but it's more deisgn-oriented than
configuration. What's the benefit of having redundant ISPs if they both
connect to one router? I realize that a WAN circuit is more likely to have
problems than the router hardware is, but it seems like both the
configuration problem and the single point of failure can be addressed by
adding a second router. From there, I see two options. #1, break up the LAN
into two DHCP scopes (if DHCP is used) and assign the IP's of both routers
as the default gateway, but alternate them. Scope 1 would have R1's IP as
the primary default gateway, and R2's as the secondary, and vice versa for
scope 2. #2, Use a layer 3 switch at the core of the LAN, and configure
routed ports. Give the switch two default routes with the same AD, and it
will load balance between the two routers.

Does either of these sound feasible?

Hal

> -Original Message-
> From: Terry Oldham [mailto:[EMAIL PROTECTED]
> Sent: Monday, March 10, 2003 11:07 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Load Balancing and NAT [7:64904]
> 
> 
> The T1's are from different providers, Qwest and Sprint.  And 
> no we will not
> be running BGP...
> 
> 
> ""Troy Leliard""  wrote in message
> news:[EMAIL PROTECTED]
> > First big question, are your T1's from the same provider, or from a
> > different provider, and thus different "public" ip address 
> space?  If it
> is
> > from a different provider, you may well run into some 
> problems with NAT.
> >
> > Say for example, client A connects to your webserver (via 
> ISP A's public
> IP
> > address that is assigned to you, say x.x.x.x) which is then 
> Nat'd to your
> > internal RFC1918 address  That will work all fine and 
> dandy, but what
> about
> > if your default gateway is ISP B's T1.  Outbound packets, 
> returning to
> > Client A, will be NAT'd to ISB B's outside address, say y.y.y.y.  If
> Client
> > A is behind a stateful firewall, return packets will be 
> dropped, as it
> will
> > have ISP B's SRC address, and it will be expecting ISP A's.
> >
> > There are a number of ways around this, but I will wait for 
> more detauls
> > before going on.  Presumably you are not / will not be 
> running BGP, and
> have
> > your own AS?
> >
> > Terry Oldham wrote:
> > >
> > > Hello all,
> > >
> > >  I am attempting to setup a Cisco 1721 Router with load
> > > balancing and
> > > NAT so that we can provide a dual T1 connection to the network.
> > > This is the
> > > first time I have done anything like this and I was wanting to
> > > know if
> > > anyone had any good pointers they could give me or any commands
> > > that I
> > > should beware of or add.
> > >
> > > Thanks,
> > >
> > > Terry O




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64930&t=64904
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Load Balancing and NAT [7:64904]

[Terry Oldham]

More Info:

FastEthernet Int0   172.16.100.2/24
Serial0144.228.52.114 255.255.255.252   Sprint
IP Block 65.160.124.193   -65.160.124.222

Serial1 65.123.132.166  255.255.255.252  Qwest
 IP Block 65.120.161.161   -   65.120.161.190

Honestly I have bitten off a little more than I can chew on this one,
however I really need to make it work so all and
any advice will be taken.

I have been talking with Cisco a little and here is the example they sent
me:

Current configuration : 1941 bytes

version 12.2

service timestamps debug uptime

service timestamps log datetime msec localtime show-timezone

service password-encryption

hostname Inet_Router

logging buffered 4096 debugging

enable secret 5 $1$L3f5$owQH/giYdx/Gui/nASA9F1

enable password 7 13041200045D51

ip subnet-zero

ip cef

ip name-server 198.6.1.122

interface FastEthernet0/0

ip address 10.30.25.201 255.255.255.0

ip nat inside

speed 100

full-duplex

interface Serial0/0

description Verio

ip address 165.254.203.110 255.255.255.252

ip nat outside

interface Serial0/1

description Cable&Wireless

ip address 166.63.156.102 255.255.255.252

ip nat outsid

ip nat pool Verio 209.139.11.98 209.139.11.98 netmask 255.255.255.224

ip nat pool Cable 208.168.204.2 208.168.204.2 netmask 255.255.255.0

ip nat inside source route-map Cable1 pool Cable overload

ip nat inside source route-map Verio1 pool Verio overload

ip nat inside source static 10.30.25.27 209.139.11.122

ip nat inside source static 10.30.25.25 209.139.11.120

ip nat inside source static 10.30.25.63 209.139.11.111

ip nat inside source static 10.30.25.62 209.139.11.110

ip nat inside source static 10.30.25.33 208.168.204.6

ip nat inside source static 10.30.25.32 208.168.204.5

ip nat inside source static 10.30.25.31 209.139.11.101

ip nat inside source static 10.30.25.30 209.139.11.100

ip nat inside source static 10.30.25.137 209.139.11.105

ip classless

ip route 0.0.0.0 0.0.0.0 165.254.203.109

ip route 0.0.0.0 0.0.0.0 166.63.156.101

ip route 10.0.0.0 255.0.0.0 FastEthernet0/0

ip http server

ip pim bidir-enable

access-list 10 permit 10.30.25.0 0.0.0.255

route-map Verio1 permit 10

match ip address 10

match interface Serial0/0

route-map Cable1 permit 10

match ip address 10

match interface Serial0/1

line con 0

login

line aux 0

line vty 0 3

login

line vty 4

login

no scheduler allocate

end



""Amar KHELIFI""  wrote in message
news:[EMAIL PROTECTED]
> could u give us more info pls, as far as the IP's that you will be using.
> wasn't it u that wanted to assign 2 ip's for each server you have?
> if that is so,u can do the following:
> creat 2 VLAN's on ur switch.
> creat 2 subinterfaces on the router(must have fast ether) for the vlans.
> PBR every thing from ISP A to VLAN A, both ways.
> PBR every thing from ISP B to VLAN B, both ways.
> make sure the servers don't symetrically route the packets.
> with the above, u will have control over traffic that crosses ur router,
but
> then which IP will the clients use, depends on the DNS config, wether it
> will load balance on DNS queries is also another issue, so more or less u
> will have no control over traffic coming to ur network.
>
> if you had ur own net block, it would be easy to load balance, u'd have to
> call ur ISP's they will give u a community that u will joing from which
they
> will load balance, but you will need BGP, of courrse.
>
> but please give more information to further think it out.
>
>
> ""Terry Oldham""  a icrit dans le message de news:
> [EMAIL PROTECTED]
> > The T1's are from different providers, Qwest and Sprint.  And no we will
> not
> > be running BGP...
> >
> >
> > ""Troy Leliard""  wrote in message
> > news:[EMAIL PROTECTED]
> > > First big question, are your T1's from the same provider, or from a
> > > different provider, and thus different "public" ip address space?  If
it
> > is
> > > from a different provider, you may well run into some problems with
NAT.
> > >
> > > Say for example, client A connects to your webserver (via ISP A's
public
> > IP
> > > address that is assigned to you, say x.x.x.x) which is then Nat'd to
> your
> > > internal RFC1918 address  That will work all fine and dandy, but what
> > about
> > > if your default gateway is ISP B's T1.  Outbound packets, returning to
> > > Client A, will be NAT'd to ISB B's outside address, say y.y.y.y.  If
> > Client
> > > A is behind a stateful firewall, return packets will be dropped, as it
> > will
> > > have ISP B's SRC address, and it will be expecting ISP A's.
> > >
> > > There are a nu

Re: Load Balancing and NAT [7:64904]

[Troy Leliard]

Hi Terry, 

I think I have already responded to a similar, if not the same question. 
You wont be able to use NAT, as you can have a many-to-one NAT statement on
your router.  IE Qwest IP and Sprint IP, both NAT to the same server.

The only way I can see you getting this working is if you get a /30 or use
ip unumbered between yourself and the providers, and then have both public
IP ranges on your insider ethernet segment. (Thus your server will have two
public IP addresses configured on them).





Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64914&t=64904
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Load Balancing and NAT [7:64904]

[Amar KHELIFI]

could u give us more info pls, as far as the IP's that you will be using.
wasn't it u that wanted to assign 2 ip's for each server you have?
if that is so,u can do the following:
creat 2 VLAN's on ur switch.
creat 2 subinterfaces on the router(must have fast ether) for the vlans.
PBR every thing from ISP A to VLAN A, both ways.
PBR every thing from ISP B to VLAN B, both ways.
make sure the servers don't symetrically route the packets.
with the above, u will have control over traffic that crosses ur router, but
then which IP will the clients use, depends on the DNS config, wether it
will load balance on DNS queries is also another issue, so more or less u
will have no control over traffic coming to ur network.

if you had ur own net block, it would be easy to load balance, u'd have to
call ur ISP's they will give u a community that u will joing from which they
will load balance, but you will need BGP, of courrse.

but please give more information to further think it out.


""Terry Oldham""  a icrit dans le message de news:
[EMAIL PROTECTED]
> The T1's are from different providers, Qwest and Sprint.  And no we will
not
> be running BGP...
>
>
> ""Troy Leliard""  wrote in message
> news:[EMAIL PROTECTED]
> > First big question, are your T1's from the same provider, or from a
> > different provider, and thus different "public" ip address space?  If it
> is
> > from a different provider, you may well run into some problems with NAT.
> >
> > Say for example, client A connects to your webserver (via ISP A's public
> IP
> > address that is assigned to you, say x.x.x.x) which is then Nat'd to
your
> > internal RFC1918 address  That will work all fine and dandy, but what
> about
> > if your default gateway is ISP B's T1.  Outbound packets, returning to
> > Client A, will be NAT'd to ISB B's outside address, say y.y.y.y.  If
> Client
> > A is behind a stateful firewall, return packets will be dropped, as it
> will
> > have ISP B's SRC address, and it will be expecting ISP A's.
> >
> > There are a number of ways around this, but I will wait for more detauls
> > before going on.  Presumably you are not / will not be running BGP, and
> have
> > your own AS?
> >
> > Terry Oldham wrote:
> > >
> > > Hello all,
> > >
> > >  I am attempting to setup a Cisco 1721 Router with load
> > > balancing and
> > > NAT so that we can provide a dual T1 connection to the network.
> > > This is the
> > > first time I have done anything like this and I was wanting to
> > > know if
> > > anyone had any good pointers they could give me or any commands
> > > that I
> > > should beware of or add.
> > >
> > > Thanks,
> > >
> > > Terry O




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64912&t=64904
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Load Balancing and NAT [7:64904]

[Terry Oldham]

The T1's are from different providers, Qwest and Sprint.  And no we will not
be running BGP...


""Troy Leliard""  wrote in message
news:[EMAIL PROTECTED]
> First big question, are your T1's from the same provider, or from a
> different provider, and thus different "public" ip address space?  If it
is
> from a different provider, you may well run into some problems with NAT.
>
> Say for example, client A connects to your webserver (via ISP A's public
IP
> address that is assigned to you, say x.x.x.x) which is then Nat'd to your
> internal RFC1918 address  That will work all fine and dandy, but what
about
> if your default gateway is ISP B's T1.  Outbound packets, returning to
> Client A, will be NAT'd to ISB B's outside address, say y.y.y.y.  If
Client
> A is behind a stateful firewall, return packets will be dropped, as it
will
> have ISP B's SRC address, and it will be expecting ISP A's.
>
> There are a number of ways around this, but I will wait for more detauls
> before going on.  Presumably you are not / will not be running BGP, and
have
> your own AS?
>
> Terry Oldham wrote:
> >
> > Hello all,
> >
> >  I am attempting to setup a Cisco 1721 Router with load
> > balancing and
> > NAT so that we can provide a dual T1 connection to the network.
> > This is the
> > first time I have done anything like this and I was wanting to
> > know if
> > anyone had any good pointers they could give me or any commands
> > that I
> > should beware of or add.
> >
> > Thanks,
> >
> > Terry O




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64910&t=64904
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Load Balancing and NAT [7:64904]

[Troy Leliard]

First big question, are your T1's from the same provider, or from a
different provider, and thus different "public" ip address space?  If it is
from a different provider, you may well run into some problems with NAT.

Say for example, client A connects to your webserver (via ISP A's public IP
address that is assigned to you, say x.x.x.x) which is then Nat'd to your
internal RFC1918 address  That will work all fine and dandy, but what about
if your default gateway is ISP B's T1.  Outbound packets, returning to
Client A, will be NAT'd to ISB B's outside address, say y.y.y.y.  If Client
A is behind a stateful firewall, return packets will be dropped, as it will
have ISP B's SRC address, and it will be expecting ISP A's.

There are a number of ways around this, but I will wait for more detauls
before going on.  Presumably you are not / will not be running BGP, and have
your own AS?

Terry Oldham wrote:
> 
> Hello all,
> 
>  I am attempting to setup a Cisco 1721 Router with load
> balancing and
> NAT so that we can provide a dual T1 connection to the network.
> This is the
> first time I have done anything like this and I was wanting to
> know if
> anyone had any good pointers they could give me or any commands
> that I
> should beware of or add.
> 
> Thanks,
> 
> Terry O
> 
> 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64906&t=64904
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Load Balancing and NAT [7:64904]

[Terry Oldham]

Hello all,

 I am attempting to setup a Cisco 1721 Router with load balancing and
NAT so that we can provide a dual T1 connection to the network. This is the
first time I have done anything like this and I was wanting to know if
anyone had any good pointers they could give me or any commands that I
should beware of or add.

Thanks,

Terry O




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64904&t=64904
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: EIGRP & load balancing between ISDN & leased line [7:24630]

[Geoff Kuchera]

Sounds like you need to look into the varience command.  Variance is how 
you tell eigrp to load ballance across unequal bandwidth links.  Keep in 
mind that when both ISDN ports fire up you are talking about a link that 
is twice as fast as the 64 Kbps Leased Line.

Here is a link to the cisco documentation on variance and traffic sharing.
http://www.cisco.com/en/US/tech/tk648/tk365/technologies_tech_note09186a008009437d.shtm

Hope this helps..
Geoff Kuchera





ashish verma wrote:
> A branch is connected to two hub locations, one with 64 Kbps Leased line
> other with ISDN. Server is at hub location connected by 64Kbps LL. Two hub
> locations are connected using multiple 2 Mbps links. EIGRP is implemented.
> If ISDN is fired to 2nd location the load balancing does not happen on both
> link (64Kbps & ISDN link). If both the channels of ISDN is fired, traffic
> goes through ISDN, not through 64Kbps LL.
> Load balancing happens if the 64Kbps Leased line & ISDN is connecting to
> same hub location.
> 
> We need to share the load when it crosses above 64 Kbps on LL..Any
solution ?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63656&t=24630
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Load balancing / Backup Links with OSPF [7:63342]

[Lupi, Guy]

Like you said, if both circuits are the same bandwidth then load balancing
will work.  If they are not the same bandwidth, you can still load balance
by manipulating the cost so that it is the same for both circuits, but once
you reach the maximum bandwidth on the lower bandwidth circuit, the router
is still going to try to load balance accross them even though one of the
circuits is at maximum utilization.
If the circuits are not the same bandwidth, then the primary/backup, with
the primary being the higher bandwidth circuit, is your best bet.


-Original Message-
From: Kerry Ogedegbe [ MTN - Portharcourt ]
[mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 19, 2003 7:53 AM
To: [EMAIL PROTECTED]
Subject: Load balancing / Backup Links with OSPF [7:63342]


Hello People,
  We are deploying additional links as backups, and Load Balancing in my
organization.
  One of the links is on our SDH backbone, and the second link is via
Frame-Relay through a service provider
  We are running OSPF routing protocol.  We are looking at 2 scenarios: 
1 ) SDH Link as primary link, and the frame-relay link as a backup
2) Use both links for load balancing
>From my investigations, in other to achieve Load balancing, with OSPF
running, the bandwidth on both links
has to be the same.
 
And for Backup links, the OSPF cost has to be lower on the primary link, in
order to force traffic over the
primary link
 
Any suggestions on how to solve this
Cheers

___

Kerry Ogedegbe 

(Network Group)

MTN-Nigeria

Mobile: 0803 200 2399

Email: [EMAIL PROTECTED]

[GroupStudy removed an attachment of type image/jpeg which had a name of
Clear Day Bkgrd.JPG]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63363&t=63342
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Load balancing / Backup Links with OSPF [7:63342]

[Troy Leliard]

Hi Kerry, 

You are right, OSPF only supports 4 equal cost paths, and doesn't support
unequal load balancing.  The easiest way for you to address either of your
options is to manually alter the ospf interface cost.
Under the interface, add
ip ospf cost xxx

Mkae this the same as the other interface if you want load balancing, or
different (more on the FR interface) if you wanted active / backup
configuration



Kerry Ogedegbe [ MTN - Portharcourt ] wrote:
> 
> Hello People,
>   We are deploying additional links as backups, and Load
> Balancing in my
> organization.
>   One of the links is on our SDH backbone, and the second link
> is via
> Frame-Relay through a service provider
>   We are running OSPF routing protocol.  We are looking at 2
> scenarios:
> 1 ) SDH Link as primary link, and the frame-relay link as a
> backup
> 2) Use both links for load balancing
> From my investigations, in other to achieve Load balancing,
> with OSPF
> running, the bandwidth on both links
> has to be the same.
>  
> And for Backup links, the OSPF cost has to be lower on the
> primary link, in
> order to force traffic over the
> primary link
>  
> Any suggestions on how to solve this
> Cheers
> 
> ___
> 
> Kerry Ogedegbe  "urn:schemas-microsoft-com:office:office" />
> 
> (Network Group)
> 
> MTN-Nigeria
> 
> Mobile: 0803 200 2399
> 
> Email: [EMAIL PROTECTED]
> 
> [GroupStudy removed an attachment of type image/jpeg which had
> a name of Clear Day Bkgrd.JPG]
> 
> 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63346&t=63342
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Load balancing / Backup Links with OSPF [7:63342]

[Kerry Ogedegbe [ MTN - Portharcourt ]]

Hello People,
  We are deploying additional links as backups, and Load Balancing in my
organization.
  One of the links is on our SDH backbone, and the second link is via
Frame-Relay through a service provider
  We are running OSPF routing protocol.  We are looking at 2 scenarios: 
1 ) SDH Link as primary link, and the frame-relay link as a backup
2) Use both links for load balancing
>From my investigations, in other to achieve Load balancing, with OSPF
running, the bandwidth on both links
has to be the same.
 
And for Backup links, the OSPF cost has to be lower on the primary link, in
order to force traffic over the
primary link
 
Any suggestions on how to solve this
Cheers

___

Kerry Ogedegbe 

(Network Group)

MTN-Nigeria

Mobile: 0803 200 2399

Email: [EMAIL PROTECTED]

[GroupStudy removed an attachment of type image/jpeg which had a name of
Clear Day Bkgrd.JPG]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63342&t=63342
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Content Switch Module and Server Load Balancing [7:62443]

[[EMAIL PROTECTED]]

It is concerning if SLB can do the job, and when it is necessary the CSM
module.







Andrew Larkins  em 05/02/2003 11:12:58

Para:  [EMAIL PROTECTED], [EMAIL PROTECTED]
cc:

Assunto:RE: Content Switch Module and Server Load Balancing [7:62443]


yes -we have done it on the 6509 and all is great. What exactly are you
after??


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: 05 February 2003 15:18
To: [EMAIL PROTECTED]
Subject: Content Switch Module and Server Load Balancing [7:62443]


Any Thoughts?





"[EMAIL PROTECTED]" @groupstudy.com em
04/02/2003 13:44:09

Favor responder a "[EMAIL PROTECTED]"

Enviado Por:  [EMAIL PROTECTED]


Para:  [EMAIL PROTECTED]
cc:

Assunto:Content Switch Module and Server Load Balancing [7:62443]


Does anybody could share any real example of using Server Load Balancing in
6000 switches?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62574&t=62443
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Content Switch Module and Server Load Balancing [7:62443]

[[EMAIL PROTECTED] (Kaj J. Niemi)]

In mail.net.groupstudy.pro, you wrote:

> Any Thoughts? Does anybody could share any real example of using Server
> Load Balancing in 6000 switches?

Never had the opportunity to play around with the CSM. Is there a specific
need to use the CSM? IOS SLB works well on 7200/6000/6500s with MSFCs.
Basic config to load-balance all traffic destined to 80/tcp on 10.0.0.1
on two servers (192.168.0.1, 192.168.0.2) could be as follows:

ip slb serverfarm myfarm1
  real 192.168.0.1
inservice
  real 192.168.0.2
inservice

ip slb vserver mypr0n
  virtual 10.0.0.1 tcp www
  serverfarm myfarm1
  inservice

The default balancing method is weighted round robin. Use sticky in vserver
if you want the clients to always return (within a timeframe) to the same
server. It's a good way of ensuring application state would be kept on one
server instead of 10 or so (this really depends on what your application
needs are.)

Do "sh ip slb vs" to check the state of your virtual server(s),
"sh ip slb se de" to check the state of your farm(s) and "sh ip slb st"
would show generic SLB stats.
  


// kaj




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62505&t=62443
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Content Switch Module and Server Load Balancing [7:62443]

[Andrew Larkins]

yes -we have done it on the 6509 and all is great. What exactly are you
after??


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: 05 February 2003 15:18
To: [EMAIL PROTECTED]
Subject: Content Switch Module and Server Load Balancing [7:62443]


Any Thoughts?





"[EMAIL PROTECTED]" @groupstudy.com em
04/02/2003 13:44:09

Favor responder a "[EMAIL PROTECTED]" 

Enviado Por:  [EMAIL PROTECTED]


Para:  [EMAIL PROTECTED]
cc:

Assunto:Content Switch Module and Server Load Balancing [7:62443]


Does anybody could share any real example of using Server Load Balancing in
6000 switches?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62503&t=62443
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Content Switch Module and Server Load Balancing [7:62443]

[[EMAIL PROTECTED]]

Any Thoughts?





"[EMAIL PROTECTED]" @groupstudy.com em
04/02/2003 13:44:09

Favor responder a "[EMAIL PROTECTED]" 

Enviado Por:  [EMAIL PROTECTED]


Para:  [EMAIL PROTECTED]
cc:

Assunto:Content Switch Module and Server Load Balancing [7:62443]


Does anybody could share any real example of using Server Load Balancing in
6000 switches?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62498&t=62443
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Content Switch Module and Server Load Balancing [7:62443]

[[EMAIL PROTECTED]]

Does anybody could share any real example of using Server Load Balancing in
6000 switches?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62443&t=62443
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: BGP load balancing questions [7:61095]

[Robert Fowler]

Well I have a solution, thanks to the many responses here. I sent a trouble
ticket in to ISP1 and they called me back, and said I needed to join a
specific community. I did that and they updated their end also. Then I
checked the looking glass, and there was also a route through ISP 1's AS
number(which wasn't there previously). And sure enough incoming traffic
started leveling out between the two ISPs. Thanks for all the responses!

Robert

-Original Message-
From: Captain Lance [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, January 15, 2003 2:59 PM
To: [EMAIL PROTECTED]
Subject: Re: BGP load balancing questions [7:61095]


I am very interested in how Radware and FatPipe solve this issue, can anyone
explain?

Lance

""John Neiberger""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Oh, that's right.  I always forget about that solution.  :-)  Radware 
> and FatPipe have nice solutions to this, as well.  We almost bought a 
> box from FatPipe at one point but we decided we had better ways of 
> accomplishing our goals without their hardware.
>
> On a side note, they also have one of the most outrageous vendor gift 
> items I've ever seen:  boxer shorts that say "FatPipe Inside".  Good 
> grief  If I worked for them I'd never mention that item to a 
> client, especially in mixed company!
>
> John
>
> >>> "Greg Owens"  1/15/03 9:06:28 AM >>>
> can buy and hardware loadbalancer from f5.
> >
> > From: "Robert  Fowler"
> > Date: 2003/01/15 Wed AM 09:31:49 EST
> > To: [EMAIL PROTECTED]
> > Subject: BGP load balancing questions [7:61095]
> >
> > Hello groupstudy,
> >
> > I've been banging my head against the wall and figured I would defer
> this
> > question to those of you more learned and experienced. Here is the
> the
> > scenario:
> >
> > 2 routers running BGP
> > Router 1 has a connection to ISP 1 and router 2 has a connection to
> ISP 2
> > Each receives full routes.
> > Each provider has given us a class C address
> > Only the class C from provider 1 is actively used, because provider 
> > 2
> will
> > probably be dropped eventually(ssshhh don't tell ARIN)
> >
> >
> > The class C is advertised to both ISPs, however ISP 1 aggregates
> this
> > address space so instead of being 1.1.1.x /24 it's 1.1.x.x /16 This 
> > was checked using various looking glasses.
> >
> > What that means is that traffic to my Class C will arrive primarily
> via ISP
> > 2 because it will see the /24 I advertise though it. That is bad,
> for
> > various reasons. Mainly because we are charged by usage from ISP2,
> but also
> > because we are going to upgrade ISP1 to a fractional t3 and use ISP
> 2
> > primarily as a backup eventually. Also the traffic coming in is 90%
> via ISP
> > 2 and 10% via ISP 1.
> >
> > If I remember from my studying so long ago, even prepending my AS
> number to
> > ISP 2 will not work, becuase it doesn't even make it to that
> criteria, but
> > rather see the /24 and chooses that route.
> >
> > I searched some newsgroups, but amazingly enough nobody seemed to
> have this
> > issue. I saw someone who had a larger block than /24 and some
> suggestions
> > there but that would not work in this case.
> >
> >
> > Options not available:
> > Using the Class C from Carrier 2 to load balance using IP space and
> traffic
> > types
> > Getting a class C independant of a provider from ARIN. (That costs
> money
> :))
> >
> >
> > Robert
> Greg Owens
> 202-398-2552




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=61141&t=61095
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP load balancing questions [7:61095]

[Captain Lance]

Is this "your" address space or is it sprint/global crossings address space?


""John Neiberger""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I'm currently advertising a /24 to Sprint and Global Crossing and
> neither provider aggregates or filters it.  Unless, that is, they've
> been sneaking around changing things behind my back.
>
> >>> "Clay Auch"  1/15/03 9:49:30 AM >>>
> Alex,
>
> Not at all true ... Sprint (unless this has changed) will filter at the
> /22
> and will make no exceptions. Other providers such as UUNET/WCOM filter
> at
> the /24 ... so traffic will prefer UUNET if in the scenario ISP 1 =
> Sprint
> and ISP 2 = UUNET. I have first hand experience with this ...
>
> clay
>
> - Original Message -
> From: "Alex Muhin"
> To:
> Sent: Wednesday, January 15, 2003 10:07 AM
> Subject: RE: BGP load balancing questions [7:61095]
>
>
> > ISP1 should advertise 1.1.1.x/16 AND 1.1.1.x/24 ?
> >
> > alex




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=61133&t=61095
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP load balancing questions [7:61095]

[Captain Lance]

I am very interested in how Radware and FatPipe solve this issue, can anyone
explain?

Lance

""John Neiberger""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Oh, that's right.  I always forget about that solution.  :-)  Radware
> and FatPipe have nice solutions to this, as well.  We almost bought a
> box from FatPipe at one point but we decided we had better ways of
> accomplishing our goals without their hardware.
>
> On a side note, they also have one of the most outrageous vendor gift
> items I've ever seen:  boxer shorts that say "FatPipe Inside".  Good
> grief  If I worked for them I'd never mention that item to a client,
> especially in mixed company!
>
> John
>
> >>> "Greg Owens"  1/15/03 9:06:28 AM >>>
> can buy and hardware loadbalancer from f5.
> >
> > From: "Robert  Fowler"
> > Date: 2003/01/15 Wed AM 09:31:49 EST
> > To: [EMAIL PROTECTED]
> > Subject: BGP load balancing questions [7:61095]
> >
> > Hello groupstudy,
> >
> > I've been banging my head against the wall and figured I would defer
> this
> > question to those of you more learned and experienced. Here is the
> the
> > scenario:
> >
> > 2 routers running BGP
> > Router 1 has a connection to ISP 1 and router 2 has a connection to
> ISP 2
> > Each receives full routes.
> > Each provider has given us a class C address
> > Only the class C from provider 1 is actively used, because provider 2
> will
> > probably be dropped eventually(ssshhh don't tell ARIN)
> >
> >
> > The class C is advertised to both ISPs, however ISP 1 aggregates
> this
> > address space so instead of being 1.1.1.x /24 it's 1.1.x.x /16
> > This was checked using various looking glasses.
> >
> > What that means is that traffic to my Class C will arrive primarily
> via ISP
> > 2 because it will see the /24 I advertise though it. That is bad,
> for
> > various reasons. Mainly because we are charged by usage from ISP2,
> but also
> > because we are going to upgrade ISP1 to a fractional t3 and use ISP
> 2
> > primarily as a backup eventually. Also the traffic coming in is 90%
> via ISP
> > 2 and 10% via ISP 1.
> >
> > If I remember from my studying so long ago, even prepending my AS
> number to
> > ISP 2 will not work, becuase it doesn't even make it to that
> criteria, but
> > rather see the /24 and chooses that route.
> >
> > I searched some newsgroups, but amazingly enough nobody seemed to
> have this
> > issue. I saw someone who had a larger block than /24 and some
> suggestions
> > there but that would not work in this case.
> >
> >
> > Options not available:
> > Using the Class C from Carrier 2 to load balance using IP space and
> traffic
> > types
> > Getting a class C independant of a provider from ARIN. (That costs
> money
> :))
> >
> >
> > Robert
> Greg Owens
> 202-398-2552




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=61135&t=61095
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP load balancing questions [7:61095]

[John Neiberger]

I'm currently advertising a /24 to Sprint and Global Crossing and
neither provider aggregates or filters it.  Unless, that is, they've
been sneaking around changing things behind my back.

>>> "Clay Auch"  1/15/03 9:49:30 AM >>>
Alex,

Not at all true ... Sprint (unless this has changed) will filter at the
/22
and will make no exceptions. Other providers such as UUNET/WCOM filter
at
the /24 ... so traffic will prefer UUNET if in the scenario ISP 1 =
Sprint
and ISP 2 = UUNET. I have first hand experience with this ...

clay

- Original Message -
From: "Alex Muhin" 
To: 
Sent: Wednesday, January 15, 2003 10:07 AM
Subject: RE: BGP load balancing questions [7:61095]


> ISP1 should advertise 1.1.1.x/16 AND 1.1.1.x/24 ?
>
> alex




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=61119&t=61095
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP load balancing questions [7:61095]

[John Neiberger]

Oh, that's right.  I always forget about that solution.  :-)  Radware
and FatPipe have nice solutions to this, as well.  We almost bought a
box from FatPipe at one point but we decided we had better ways of
accomplishing our goals without their hardware.

On a side note, they also have one of the most outrageous vendor gift
items I've ever seen:  boxer shorts that say "FatPipe Inside".  Good
grief  If I worked for them I'd never mention that item to a client,
especially in mixed company!

John

>>> "Greg Owens"  1/15/03 9:06:28 AM >>>
can buy and hardware loadbalancer from f5.
> 
> From: "Robert  Fowler" 
> Date: 2003/01/15 Wed AM 09:31:49 EST
> To: [EMAIL PROTECTED] 
> Subject: BGP load balancing questions [7:61095]
> 
> Hello groupstudy,
>  
> I've been banging my head against the wall and figured I would defer
this
> question to those of you more learned and experienced. Here is the
the
> scenario:
>  
> 2 routers running BGP
> Router 1 has a connection to ISP 1 and router 2 has a connection to
ISP 2 
> Each receives full routes.
> Each provider has given us a class C address
> Only the class C from provider 1 is actively used, because provider 2
will
> probably be dropped eventually(ssshhh don't tell ARIN)
>  
>  
> The class C is advertised to both ISPs, however ISP 1 aggregates
this
> address space so instead of being 1.1.1.x /24 it's 1.1.x.x /16 
> This was checked using various looking glasses.
>  
> What that means is that traffic to my Class C will arrive primarily
via ISP
> 2 because it will see the /24 I advertise though it. That is bad,
for
> various reasons. Mainly because we are charged by usage from ISP2,
but also
> because we are going to upgrade ISP1 to a fractional t3 and use ISP
2
> primarily as a backup eventually. Also the traffic coming in is 90%
via ISP
> 2 and 10% via ISP 1. 
>  
> If I remember from my studying so long ago, even prepending my AS
number to
> ISP 2 will not work, becuase it doesn't even make it to that
criteria, but
> rather see the /24 and chooses that route.
> 
> I searched some newsgroups, but amazingly enough nobody seemed to
have this
> issue. I saw someone who had a larger block than /24 and some
suggestions
> there but that would not work in this case.
>  
> 
> Options not available:
> Using the Class C from Carrier 2 to load balance using IP space and
traffic
> types
> Getting a class C independant of a provider from ARIN. (That costs
money
:))
>  
>  
> Robert
Greg Owens
202-398-2552




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=61117&t=61095
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: BGP load balancing questions [7:61095]

[John Neiberger]

>ISP1 should advertise 1.1.1.x/16 AND 1.1.1.x/24 ?
>
>alex
>

Yes, that's correct.  If they don't advertise the more-specific prefix
along with their aggregate you'll have problems in a multihomed
situation such as that described earlier.

John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=61116&t=61095
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP load balancing questions [7:61095]

[Clay Auch]

Alex,

Not at all true ... Sprint (unless this has changed) will filter at the /22
and will make no exceptions. Other providers such as UUNET/WCOM filter at
the /24 ... so traffic will prefer UUNET if in the scenario ISP 1 = Sprint
and ISP 2 = UUNET. I have first hand experience with this ...

clay

- Original Message -
From: "Alex Muhin" 
To: 
Sent: Wednesday, January 15, 2003 10:07 AM
Subject: RE: BGP load balancing questions [7:61095]


> ISP1 should advertise 1.1.1.x/16 AND 1.1.1.x/24 ?
>
> alex




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=6&t=61095
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP load balancing questions [7:61095]

[Clay Auch]

Robert,

I believe that you are kind of stuck with having ISP1 who filters everything
of a /22 and below and ISP 2 filters at the /24. The first criteria is
reachability (over all other algorithm criteria ... which are all just tie
breakers as far as BGP is concerned). The reachability to your network
behind both links is naturally always going to want to traverse ISP 2's link
due to the uneven prefix filtering. What we would suggest to customers who
had a similar problem is ask ISP 1 to get you a block (justified through
ARIN of course) of a /22 (or whatever they will pass through) so that you
can load balance traffic over both pipes using that one block. Then, in your
justification to ARIN, make sure you detail the fact that you are handing
back a /24 from ISP 2 due to the technical pitfall you have encountered and
due to the nature of your traffic and business plan. Emphasize that you want
to "load share" (not load balance)traffic over both links. Don't mention
anything about ISP 2 going away ... need to know basis ... they don't need
to know.
Now ... if you get that /22 (or whatever size block) from ISP 1, you can
announce the block in halves to both ISPs (eg. /23 to ISP 1 and /23 to ISP
2). Make sure that you know which traffic is most important and have that
traverse your most reliable pipe ... then have the rest of the traffic
traverse the to be backup pipe (aka ISP 2).

Hope any of this helps at all ...

Please feel free to e-mail me if you have any other questions.

Clay

- Original Message -
From: "Robert Fowler" 
To: 
Sent: Wednesday, January 15, 2003 9:31 AM
Subject: BGP load balancing questions [7:61095]


> Hello groupstudy,
>
> I've been banging my head against the wall and figured I would defer this
> question to those of you more learned and experienced. Here is the the
> scenario:
>
> 2 routers running BGP
> Router 1 has a connection to ISP 1 and router 2 has a connection to ISP 2
> Each receives full routes.
> Each provider has given us a class C address
> Only the class C from provider 1 is actively used, because provider 2 will
> probably be dropped eventually(ssshhh don't tell ARIN)
>
>
> The class C is advertised to both ISPs, however ISP 1 aggregates this
> address space so instead of being 1.1.1.x /24 it's 1.1.x.x /16
> This was checked using various looking glasses.
>
> What that means is that traffic to my Class C will arrive primarily via
ISP
> 2 because it will see the /24 I advertise though it. That is bad, for
> various reasons. Mainly because we are charged by usage from ISP2, but
also
> because we are going to upgrade ISP1 to a fractional t3 and use ISP 2
> primarily as a backup eventually. Also the traffic coming in is 90% via
ISP
> 2 and 10% via ISP 1.
>
> If I remember from my studying so long ago, even prepending my AS number
to
> ISP 2 will not work, becuase it doesn't even make it to that criteria, but
> rather see the /24 and chooses that route.
>
> I searched some newsgroups, but amazingly enough nobody seemed to have
this
> issue. I saw someone who had a larger block than /24 and some suggestions
> there but that would not work in this case.
>
>
> Options not available:
> Using the Class C from Carrier 2 to load balance using IP space and
traffic
> types
> Getting a class C independant of a provider from ARIN. (That costs money
:))
>
>
> Robert




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=61107&t=61095
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP load balancing questions [7:61095]

[Greg Owens]

can buy and hardware loadbalancer from f5.
> 
> From: "Robert  Fowler" 
> Date: 2003/01/15 Wed AM 09:31:49 EST
> To: [EMAIL PROTECTED]
> Subject: BGP load balancing questions [7:61095]
> 
> Hello groupstudy,
>  
> I've been banging my head against the wall and figured I would defer this
> question to those of you more learned and experienced. Here is the the
> scenario:
>  
> 2 routers running BGP
> Router 1 has a connection to ISP 1 and router 2 has a connection to ISP 2 
> Each receives full routes.
> Each provider has given us a class C address
> Only the class C from provider 1 is actively used, because provider 2 will
> probably be dropped eventually(ssshhh don't tell ARIN)
>  
>  
> The class C is advertised to both ISPs, however ISP 1 aggregates this
> address space so instead of being 1.1.1.x /24 it's 1.1.x.x /16 
> This was checked using various looking glasses.
>  
> What that means is that traffic to my Class C will arrive primarily via ISP
> 2 because it will see the /24 I advertise though it. That is bad, for
> various reasons. Mainly because we are charged by usage from ISP2, but also
> because we are going to upgrade ISP1 to a fractional t3 and use ISP 2
> primarily as a backup eventually. Also the traffic coming in is 90% via ISP
> 2 and 10% via ISP 1. 
>  
> If I remember from my studying so long ago, even prepending my AS number to
> ISP 2 will not work, becuase it doesn't even make it to that criteria, but
> rather see the /24 and chooses that route.
> 
> I searched some newsgroups, but amazingly enough nobody seemed to have this
> issue. I saw someone who had a larger block than /24 and some suggestions
> there but that would not work in this case.
>  
> 
> Options not available:
> Using the Class C from Carrier 2 to load balance using IP space and traffic
> types
> Getting a class C independant of a provider from ARIN. (That costs money
:))
>  
>  
> Robert
Greg Owens
202-398-2552




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=61106&t=61095
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP load balancing questions [7:61095]

[John Neiberger]

>Hello groupstudy,
> 
>I've been banging my head against the wall and figured I would defer
this
>question to those of you more learned and experienced. Here is the
the
>scenario:
> 
>2 routers running BGP
>Router 1 has a connection to ISP 1 and router 2 has a connection to
ISP 2 
>Each receives full routes.
>Each provider has given us a class C address
>Only the class C from provider 1 is actively used, because provider 2
will
>probably be dropped eventually(ssshhh don't tell ARIN)
> 
> 
>The class C is advertised to both ISPs, however ISP 1 aggregates this
>address space so instead of being 1.1.1.x /24 it's 1.1.x.x /16 
>This was checked using various looking glasses.
> 
>What that means is that traffic to my Class C will arrive primarily
via ISP
>2 because it will see the /24 I advertise though it. That is bad, for
>various reasons. Mainly because we are charged by usage from ISP2, but
also
>because we are going to upgrade ISP1 to a fractional t3 and use ISP 2
>primarily as a backup eventually. Also the traffic coming in is 90%
via ISP
>2 and 10% via ISP 1. 
> 
>If I remember from my studying so long ago, even prepending my AS
number to
>ISP 2 will not work, becuase it doesn't even make it to that criteria,
but
>rather see the /24 and chooses that route.
>
>I searched some newsgroups, but amazingly enough nobody seemed to have
this
>issue. I saw someone who had a larger block than /24 and some
suggestions
>there but that would not work in this case.
> 
>
>Options not available:
>Using the Class C from Carrier 2 to load balance using IP space and
traffic
>types
>Getting a class C independant of a provider from ARIN. (That costs
money :))
> 
> 
>Robert

This is actually a very common issue that people don't think about
until it happens to them.  :-)  The first thing I'd do would be to
contact ISP 1 and see if they can provide any options.  They should have
the ability to advertise your more-specific route along with their
aggregate.

The next thing I'd do ishmmm...umm... not sure.  If ISP 1 refuses
to advertise your /24 I'm not sure I see a great solution to your
problem.  Perhaps the real-world BGP gurus might have a suggestion.

It's too late for you but I have one other suggestion.  This is the
sort of policy that needs to be researched before you even order a
circuit with a provider.  They usually state their aggregation policy in
their BGP documentation and you should take a look at that before
deciding on an ISP.  As you can see, their aggregation can cause issues
and you need to know up front how flexible they can be.

Regards,
John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=61103&t=61095
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: BGP load balancing questions [7:61095]

[Lupi, Guy]

If Provider 1 is large enough, they should be able to assign you a class C
that they do not aggregate when they make their announcements to other
providers.  I would suggest asking them for one of these, if they want to
keep your business they will get it to you one way or the other.
Another option would be to ask Provider 2 for a class C out of address space
that they DO announce as an aggregate, and announce this class C to Provider
1.  In this situation your announcement to Provider 1 would always be more
specific and most of your traffic would come through them.

~-Original Message-
~From: Robert Fowler [mailto:[EMAIL PROTECTED]]
~Sent: Wednesday, January 15, 2003 9:32 AM
~To: [EMAIL PROTECTED]
~Subject: BGP load balancing questions [7:61095]
~
~
~Hello groupstudy,
~ 
~I've been banging my head against the wall and figured I would 
~defer this
~question to those of you more learned and experienced. Here is the the
~scenario:
~ 
~2 routers running BGP
~Router 1 has a connection to ISP 1 and router 2 has a 
~connection to ISP 2 
~Each receives full routes.
~Each provider has given us a class C address
~Only the class C from provider 1 is actively used, because 
~provider 2 will
~probably be dropped eventually(ssshhh don't tell ARIN)
~ 
~ 
~The class C is advertised to both ISPs, however ISP 1 aggregates this
~address space so instead of being 1.1.1.x /24 it's 1.1.x.x /16 
~This was checked using various looking glasses.
~ 
~What that means is that traffic to my Class C will arrive 
~primarily via ISP
~2 because it will see the /24 I advertise though it. That is bad, for
~various reasons. Mainly because we are charged by usage from 
~ISP2, but also
~because we are going to upgrade ISP1 to a fractional t3 and use ISP 2
~primarily as a backup eventually. Also the traffic coming in 
~is 90% via ISP
~2 and 10% via ISP 1. 
~ 
~If I remember from my studying so long ago, even prepending my 
~AS number to
~ISP 2 will not work, becuase it doesn't even make it to that 
~criteria, but
~rather see the /24 and chooses that route.
~
~I searched some newsgroups, but amazingly enough nobody seemed 
~to have this
~issue. I saw someone who had a larger block than /24 and some 
~suggestions
~there but that would not work in this case.
~ 
~
~Options not available:
~Using the Class C from Carrier 2 to load balance using IP 
~space and traffic
~types
~Getting a class C independant of a provider from ARIN. (That 
~costs money :))
~ 
~ 
~Robert
~
~
~
~




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=61099&t=61095
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: BGP load balancing questions [7:61095]

[Alex Muhin]

ISP1 should advertise 1.1.1.x/16 AND 1.1.1.x/24 ?

alex


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=61096&t=61095
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

BGP load balancing questions [7:61095]

[Robert Fowler]

Hello groupstudy,
 
I've been banging my head against the wall and figured I would defer this
question to those of you more learned and experienced. Here is the the
scenario:
 
2 routers running BGP
Router 1 has a connection to ISP 1 and router 2 has a connection to ISP 2 
Each receives full routes.
Each provider has given us a class C address
Only the class C from provider 1 is actively used, because provider 2 will
probably be dropped eventually(ssshhh don't tell ARIN)
 
 
The class C is advertised to both ISPs, however ISP 1 aggregates this
address space so instead of being 1.1.1.x /24 it's 1.1.x.x /16 
This was checked using various looking glasses.
 
What that means is that traffic to my Class C will arrive primarily via ISP
2 because it will see the /24 I advertise though it. That is bad, for
various reasons. Mainly because we are charged by usage from ISP2, but also
because we are going to upgrade ISP1 to a fractional t3 and use ISP 2
primarily as a backup eventually. Also the traffic coming in is 90% via ISP
2 and 10% via ISP 1. 
 
If I remember from my studying so long ago, even prepending my AS number to
ISP 2 will not work, becuase it doesn't even make it to that criteria, but
rather see the /24 and chooses that route.

I searched some newsgroups, but amazingly enough nobody seemed to have this
issue. I saw someone who had a larger block than /24 and some suggestions
there but that would not work in this case.
 

Options not available:
Using the Class C from Carrier 2 to load balance using IP space and traffic
types
Getting a class C independant of a provider from ARIN. (That costs money :))
 
 
Robert




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=61095&t=61095
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Load balancing & NAT [7:60663]

[Howard C. Berkowitz]

At 11:36 PM + 1/12/03, Emilia Lambros wrote:
>Basically any changes to the sticky/persistent part are not options :( the
>hardware that's in and performing the load balancing won't be changed
>because it works - the NAT portion just needs some ... horrible kludges? :)

But isn't NAT itself, independent of vendor and implementation, a 
kludge?  Sometimes it's a good kludge, considering the circumstances.

I have long proclaimed that Australians should be the best at 
networking.  Anyone who grows up thinking a platypus, that ultimate 
biological kludge of multispecies spare parts moving in close 
coordination, shouldn't be fazed by any of this. :-)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=60928&t=60663
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Load balancing & NAT [7:60663]

[Emilia Lambros]

Basically any changes to the sticky/persistent part are not options :( the
hardware that's in and performing the load balancing won't be changed
because it works - the NAT portion just needs some ... horrible kludges? :)



-Original Message-
From: Clayton Price [mailto:[EMAIL PROTECTED]]
Sent: Sunday, 12 January 2003 10:35 AM
To: [EMAIL PROTECTED]
Subject: Re: Load balancing & NAT [7:60663]


Could you change the persistence to use cookies instead of source IP address
(assuming it is a browser based connection)?  That would allow you to still
load balance across the multiple app servers.

Clayton


""Emilia Lambros""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I'm looking more for a way to play with how the nat pool I have behaves
with
> IP address use.  The NAT config and translations are all working, however
I
> can't find a situation online that shows me how I can force translations
to
> not overload quite so much, or how I can make more IP addresses be used so
> my load balancing works with sticky sessions set.
>
> For as long as only 1 IP is being used, all connections to the application
> servers go to one application server.  Even with 2 IPs being used, I would
> have more of a chance of connections going to the 2nd application server
to
> create some load balancing but as I said, I'm sitting on 8500 connections
> and 1 IP being used.  I know in theory I can go up to 65K+ connections on
> that 1 IP, but I would prefer more like a couple of hundred per IP.
>
> The majority of articles I've read show how to configure, say rotary pools
> or tcp load distribution but not examples of how you can use it another
way
> that I could perhaps, adapt.  As I said though, I can't play with the
config
> because its a live environment so its a little harder to play and test
with,
> without a guarantee that it will work :)
>
>
>
> -Original Message-
> From: The Long and Winding Road
> [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, 9 January 2003 11:24 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Load balancing & NAT [7:60663]
>
>
> if you have a CCO customer account, there are a lot of articles in the TAC
> database
>
> this one is a good start, I believe.
>
>
http://www.cisco.com/en/US/customer/tech/tk648/tk361/technologies_tech_note0
> 9186a0080093fca.shtml
> watch the wrap.
>
> HTH
>
> --
> TANSTAAFL
> "there ain't no such thing as a free lunch"
>
>
>
>
> ""Emilia Lambros""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hi all,
> >
> > I have an application being load balanced at one site (sticky sessions
set
> > such that each connection from 1 IP will continue its transactions to
the
> > same server it started on) and at another site, the users accessing the
> load
> > balanced application.
> >
> > The users come in from different office locations across private WAN
> links,
> > nat inside is on each of their interfaces and on each interface out of
the
> > router those WAN links connect to, is nat outside.
> >
> > I have changed their initial configuration based on NAT overload to an
> > interface IP address to be a pool of addresses overloaded.  I was hoping
> > that the connections would spill over to the second IP in the pool at
some
> > stage sooner than the 8500 NAT connections I have currently, but no go.
I
> > may as well have NAT'd to 1 IP again :)
> >
> > Is there a way to overload NAT, but have it using more than 1 IP in the
> > pool?  e.g. a pool of 30 IPs, its currently using 1.. I'd love the
router
> to
> > even round robin the use of IPs out of the pool but I can't play with
the
> > config to try it (live environment) and can't find any documentation
> online
> > explaining exactly what I need NAT to do/not do :(
> >
> > Thanks,
> >
> > Em :)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=60922&t=60663
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Load balancing & NAT [7:60663]

[Clayton Price]

Could you change the persistence to use cookies instead of source IP address
(assuming it is a browser based connection)?  That would allow you to still
load balance across the multiple app servers.

Clayton


""Emilia Lambros""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I'm looking more for a way to play with how the nat pool I have behaves
with
> IP address use.  The NAT config and translations are all working, however
I
> can't find a situation online that shows me how I can force translations
to
> not overload quite so much, or how I can make more IP addresses be used so
> my load balancing works with sticky sessions set.
>
> For as long as only 1 IP is being used, all connections to the application
> servers go to one application server.  Even with 2 IPs being used, I would
> have more of a chance of connections going to the 2nd application server
to
> create some load balancing but as I said, I'm sitting on 8500 connections
> and 1 IP being used.  I know in theory I can go up to 65K+ connections on
> that 1 IP, but I would prefer more like a couple of hundred per IP.
>
> The majority of articles I've read show how to configure, say rotary pools
> or tcp load distribution but not examples of how you can use it another
way
> that I could perhaps, adapt.  As I said though, I can't play with the
config
> because its a live environment so its a little harder to play and test
with,
> without a guarantee that it will work :)
>
>
>
> -Original Message-
> From: The Long and Winding Road
> [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, 9 January 2003 11:24 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Load balancing & NAT [7:60663]
>
>
> if you have a CCO customer account, there are a lot of articles in the TAC
> database
>
> this one is a good start, I believe.
>
>
http://www.cisco.com/en/US/customer/tech/tk648/tk361/technologies_tech_note0
> 9186a0080093fca.shtml
> watch the wrap.
>
> HTH
>
> --
> TANSTAAFL
> "there ain't no such thing as a free lunch"
>
>
>
>
> ""Emilia Lambros""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hi all,
> >
> > I have an application being load balanced at one site (sticky sessions
set
> > such that each connection from 1 IP will continue its transactions to
the
> > same server it started on) and at another site, the users accessing the
> load
> > balanced application.
> >
> > The users come in from different office locations across private WAN
> links,
> > nat inside is on each of their interfaces and on each interface out of
the
> > router those WAN links connect to, is nat outside.
> >
> > I have changed their initial configuration based on NAT overload to an
> > interface IP address to be a pool of addresses overloaded.  I was hoping
> > that the connections would spill over to the second IP in the pool at
some
> > stage sooner than the 8500 NAT connections I have currently, but no go.
I
> > may as well have NAT'd to 1 IP again :)
> >
> > Is there a way to overload NAT, but have it using more than 1 IP in the
> > pool?  e.g. a pool of 30 IPs, its currently using 1.. I'd love the
router
> to
> > even round robin the use of IPs out of the pool but I can't play with
the
> > config to try it (live environment) and can't find any documentation
> online
> > explaining exactly what I need NAT to do/not do :(
> >
> > Thanks,
> >
> > Em :)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=60887&t=60663
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Load balancing & NAT [7:60663]

[Marc Thach Xuan Ky]

Doug,
I used the term "horrible kludge" several hours before I saw your post. 
The multiple NAT pool kludge is horrible because it is neither scalable
nor maintenance-free, nor does it include any dynamic distribution of
load across the resultant multiple (outside local) addresses in use.  It
almost removes the requirement for the load-balancing part of the
load-balancers, leaving them with server failover tasks only.  As I
stated in my post, I'd be looking for a different form of sticky (or a
different NAT device).
rgds
Marc

Doug S wrote:
> 
> I liked the comment and definitely agree that some of the authors of Cisco
> training material should be named and publicly humiliated, although the
> sheer volume of mistakes could make this a somewhat overwhelming task for
> the public doing the humiliating. Still, I want to add my opinion that
Cisco
> documentation and training material is of a lot higher quality a lot of
> what's out there, not to name names like MS Press or anything.
> 
> The reason I blindly accepted and posted that particular quote is because
it
> DOES match my personal experience, which, I admit is considerably less than
> the other posters in this thread.  The only experience I have is in a lab
on
> 2500's and 2600's running something around IOS 12.1(T).
> 
> I also want to point of that this behavior of only overloading the first
> address in the pool sounds like exactly what the original poster is
> experiencing.  The fact that Emilia's and my experience contradicts Peter's
> and TLaWR makes me think that there are differences in how this works on
> different platforms, as TJ suggests.
> 
> I'd also like to hear people's opinions on why my solution is a "horrible"
> kludge, as opposed to just a plain old vanilla kludge.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=60858&t=60663
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Load balancing & NAT [7:60663]

[Howard C. Berkowitz]

At 10:12 PM + 1/10/03, Doug S wrote:
>I liked the comment and definitely agree that some of the authors of Cisco
>training material should be named and publicly humiliated, although the
>sheer volume of mistakes could make this a somewhat overwhelming task for
>the public doing the humiliating. Still, I want to add my opinion that Cisco
>documentation and training material is of a lot higher quality a lot of
>what's out there, not to name names like MS Press or anything.

I'm the last person to be an apologist for some of the documentation, 
but fairness says there are a couple of things to consider.

1.  Most Cisco documentation is what might be called "performance skills"
based rather than "cognitive" or "design".  There's very little
information about alternative solutions, or other things that I
think of as network architecture.  Historically, CID (which
originally
was an internal course) was the only course that went into tradeoffs,
although there are a good many more Cisco-only courses that do.

2.  Since the market crash, there's been much less marketability for
books
that deal with design rather than cookbook or certification-cram
content. It's unfortunate -- corporate "economies" are equating
configuration skills with design skills.

3.  It's almost impossible to keep any kind of general documentation
updated on all the permutations of platforms, releases, and bugs.
Conceptually, I suppose, Cisco could develop a context-sensitive
living hyperdocument that links basic documentation, release notes
and bug reports, etc., and have a much better support product, but
that would still be support rather than tradeoff oriented.

>
>The reason I blindly accepted and posted that particular quote is because it
>DOES match my personal experience, which, I admit is considerably less than
>the other posters in this thread.  The only experience I have is in a lab on
>2500's and 2600's running something around IOS 12.1(T).

I'm sort of laughing and crying, thinking of my most dramatic 
classroom bug.  I was teaching a private ACRC class for MCI, with a 
mixture of 2500, 4000, and 4500 routers, on, IIRC, IOS 11.0 or so. I 
had just finished showing GRE for IP, and someone asked a question 
about running IPX over the same tunnel as the IP.  I _know_ this 
works.

So, I said, "no problem".  I switched a router console to the 
projector, added an IPX network to one end of the tunnel, and it went 
in just fine.  Next, I switched to the other router. No sooner had I 
finished typing IPX network , did both routers go into the most 
incredible crash mode I have ever seen. They dropped into ROMMON, and 
then kept cycling back to the start of boot, never giving me keyboard 
control.  Powering them on and off brought back sanity, but I soon 
found that this crash was reproducible on 4000's and 4500's, but not 
2500's. The TRULY weird thing is that when I left a router running 
overnight in its boot loop, it eventually stabilized and gave console 
control -- but still would crash if I configured IPX tunneling over 
GRE.

>
>I also want to point of that this behavior of only overloading the first
>address in the pool sounds like exactly what the original poster is
>experiencing.  The fact that Emilia's and my experience contradicts Peter's
>and TLaWR makes me think that there are differences in how this works on
>different platforms, as TJ suggests.

There _might_ be theoretical problems of load distribution here, 
depending on how the address cached in other machines. 
Source-destination hash is very good in most cases, but if you had 
this configuration on both ends, everything would go over the same 
link no matter how many interfaces you had. If the load balancing 
were destination-based, it could get awful.

>
>I'd also like to hear people's opinions on why my solution is a "horrible"
>kludge, as opposed to just a plain old vanilla kludge.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=60857&t=60663
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Load balancing & NAT [7:60663]

[Evans, TJ (BearingPoint)]

And more importantly, from a semantics perspective - is a "horrible kludge"
a bad thing or a good thing?  Or a case of two wrongs not making a right.



... double negatives are fun.
Thanks!
TJ
[EMAIL PROTECTED]



-Original Message-
From: Doug S [mailto:[EMAIL PROTECTED]] 
Sent: Friday, January 10, 2003 5:13 PM
To: [EMAIL PROTECTED]
Subject: Re: Load balancing & NAT [7:60663]

I liked the comment and definitely agree that some of the authors of Cisco
training material should be named and publicly humiliated, although the
sheer volume of mistakes could make this a somewhat overwhelming task for
the public doing the humiliating. Still, I want to add my opinion that Cisco
documentation and training material is of a lot higher quality a lot of
what's out there, not to name names like MS Press or anything.

The reason I blindly accepted and posted that particular quote is because it
DOES match my personal experience, which, I admit is considerably less than
the other posters in this thread.  The only experience I have is in a lab on
2500's and 2600's running something around IOS 12.1(T).

I also want to point of that this behavior of only overloading the first
address in the pool sounds like exactly what the original poster is
experiencing.  The fact that Emilia's and my experience contradicts Peter's
and TLaWR makes me think that there are differences in how this works on
different platforms, as TJ suggests.

I'd also like to hear people's opinions on why my solution is a "horrible"
kludge, as opposed to just a plain old vanilla kludge.
**
The information in this email is confidential and may be legally 
privileged.  Access to this email by anyone other than the 
intended addressee is unauthorized.  If you are not the intended 
recipient of this message, any review, disclosure, copying, 
distribution, retention, or any action taken or omitted to be taken 
in reliance on it is prohibited and may be unlawful.  If you are not 
the intended recipient, please reply to or forward a copy of this 
message to the sender and delete the message, any attachments, 
and any copies thereof from your system.
**




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=60855&t=60663
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Load balancing & NAT [7:60663]

[Doug S]

I liked the comment and definitely agree that some of the authors of Cisco
training material should be named and publicly humiliated, although the
sheer volume of mistakes could make this a somewhat overwhelming task for
the public doing the humiliating. Still, I want to add my opinion that Cisco
documentation and training material is of a lot higher quality a lot of
what's out there, not to name names like MS Press or anything.

The reason I blindly accepted and posted that particular quote is because it
DOES match my personal experience, which, I admit is considerably less than
the other posters in this thread.  The only experience I have is in a lab on
2500's and 2600's running something around IOS 12.1(T).

I also want to point of that this behavior of only overloading the first
address in the pool sounds like exactly what the original poster is
experiencing.  The fact that Emilia's and my experience contradicts Peter's
and TLaWR makes me think that there are differences in how this works on
different platforms, as TJ suggests.

I'd also like to hear people's opinions on why my solution is a "horrible"
kludge, as opposed to just a plain old vanilla kludge.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=60853&t=60663
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Load balancing & NAT [7:60663]

[Evans, TJ (BearingPoint)]

I wonder - is this a situation where specific code level, or the family of
products in question, etc., is causing a discrepancy?

I know the PIX (currently), for example, works as TLaWR states below ... 

However, perhaps in IOS when you specify
ip nat pool overload (start) (finish) netmask (mask)
it treats it differently since you are explicitly saying to 'overload' ?


... just curious ... 
Thanks!
TJ
[EMAIL PROTECTED]



-Original Message-
From: The Long and Winding Road [mailto:[EMAIL PROTECTED]] 
Sent: Friday, January 10, 2003 11:12 AM
To: [EMAIL PROTECTED]
Subject: Re: Load balancing & NAT [7:60663]

""Doug S""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> The way PAT works when overloading multiple addresses is to overload the
> first address in the pool until ALL port numbers are used up.  I can't
point
> you to any publicly available documentation on this, but cut and pasted
from
> Network Academy curriculum:
>
> "However, on a Cisco IOS router, NAT will
>  overload the first address in the pool until
>  it's maxed out, and then move on to the
>  second address, and so on."


I don't think so. I think whoever put this into Cisco training materials
ought to be named and publicly humiliated.

I know from cold hard experience that if you have a pool with several
addresses and overload configured, each addres in the pool is translated one
to one, and then the last number is shared among all comers after that.

isn't there any real technical review of the training materials?


>
> I've seen people wanting to get around this behavior for a variety of
> reasons and I haven't seen anyone post a good reply.  I've come up with a
a
> workaround that I beleive should work for you, although you'll have to
take
> a good look at your inside local addresses and figure out how to best
define
> those in to two equal groups.  Each group could then be separately
> translated to a different address.
>
> For instance, if you are now transating 8000 inside addresses all in the
> range of 10.0.32.0/19 to one overloaded pool, you could configure it to
> translate 10.0.32.0/20 to one overloaded pool and 10.0.48.0/20 to a
separate
> overloaded pool something like
>
> #access-list 1 permit 10.0.32.0 0.0.15.255
> #access-list 2 permit 10.0.48.0 0.0.15.255
> #ip nat pool LOWER_ADDRESSES_TRANSLATE_TO 209.211.100.1 209.211.100.5 pre
24
> #ip nat pool HIGHER_ADDRESSES_TRANSLATE_TO 209.211.100.6 209.211.100.10
pre
> 24
> #ip nat inside source list 1 pool LOWER_ADDRESSES_TRANSLATE_TO overload
> #ip nat inside source list 2 pool HIGHER_ADDRESSES_TRANSLATE_TO overload
>
> Forgive me if I've screwed up the syntax somewhere, but the idea is there.
> As I said, you'll have to put some thought into what best works in your
> addressing scheme to best separate translated addresses in to two roughly
> equal groups.  You might even find it helpful to partition them in to more
> than two groups.
>
> Hope it helps.
**
The information in this email is confidential and may be legally
privileged.  Access to this email by anyone other than the
intended addressee is unauthorized.  If you are not the intended
recipient of this message, any review, disclosure, copying,
distribution, retention, or any action taken or omitted to be taken
in reliance on it is prohibited and may be unlawful.  If you are not
the intended recipient, please reply to or forward a copy of this
message to the sender and delete the message, any attachments,
and any copies thereof from your system.
**




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=60825&t=60663
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Load balancing & NAT [7:60663]

[The Long and Winding Road]

""Peter Walker""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> This does NOT match my previous experience.  My experience has been that
> IOS seems to use NAT (not overloaded) until all pool addresses are used
> then start overloading the last one.  I dont know what happens once all
> when this address gets maxed out.


when doing PAT ( NAT overload ) there is a theoretical possibility of 65000
connections ( i.e. the number of TCP ports ) obviously, this would not be
practical because of the numbers of well known ports in use.

The NAT engine would add the dimension of TCP source port to the state
table.

So if I am at address 111.111.111.111 and my source port is , the NAT
engine might translate  this to public IP 222.222.222.222 with a source port
of 

The next guy out, source address 111.111.111.112 with a source port of 
( same app ) might be translated ast public IP 222.222.222.222 with a source
port of 8881

Etc.

The destination application doesn't care what the source port is ( in
theory ) although in this particular case, I wonder if the destination host
might have a problem. I suppose a well behaved application would not, but
you never can tell.


>
> The only reason we noticed this was due to the fact that we were running
> port sentry on a number of unix hosts and noticed that periodically random
> machines were being port scanned from outside our net (something that
> should not be able to occur if PAT is being used). We finally tracked it
> down to NAT (single outside IP to single inside IP) entries appearing in
> our NAT translations tables on the router.
>
> The only solution that we (or TAC) could come up with was to reduce the
NAT
> pool to a single IP.








>
> Peter Walker
> CISSP, CCN[NID]P, CSS1, CIPPTS, etc
>
>
> --On 09 January 2003 20:15 + Doug S  wrote:
>
> > The way PAT works when overloading multiple addresses is to overload the
> > first address in the pool until ALL port numbers are used up.  I can't
> > point you to any publicly available documentation on this, but cut and
> > pasted from Network Academy curriculum:
> >
> > "However, on a Cisco IOS router, NAT will
> >  overload the first address in the pool until
> >  it's maxed out, and then move on to the
> >  second address, and so on."




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=60820&t=60663
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Load balancing & NAT [7:60663]

[The Long and Winding Road]

""Doug S""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> The way PAT works when overloading multiple addresses is to overload the
> first address in the pool until ALL port numbers are used up.  I can't
point
> you to any publicly available documentation on this, but cut and pasted
from
> Network Academy curriculum:
>
> "However, on a Cisco IOS router, NAT will
>  overload the first address in the pool until
>  it's maxed out, and then move on to the
>  second address, and so on."


I don't think so. I think whoever put this into Cisco training materials
ought to be named and publicly humiliated.

I know from cold hard experience that if you have a pool with several
addresses and overload configured, each addres in the pool is translated one
to one, and then the last number is shared among all comers after that.

isn't there any real technical review of the training materials?


>
> I've seen people wanting to get around this behavior for a variety of
> reasons and I haven't seen anyone post a good reply.  I've come up with a
a
> workaround that I beleive should work for you, although you'll have to
take
> a good look at your inside local addresses and figure out how to best
define
> those in to two equal groups.  Each group could then be separately
> translated to a different address.
>
> For instance, if you are now transating 8000 inside addresses all in the
> range of 10.0.32.0/19 to one overloaded pool, you could configure it to
> translate 10.0.32.0/20 to one overloaded pool and 10.0.48.0/20 to a
separate
> overloaded pool something like
>
> #access-list 1 permit 10.0.32.0 0.0.15.255
> #access-list 2 permit 10.0.48.0 0.0.15.255
> #ip nat pool LOWER_ADDRESSES_TRANSLATE_TO 209.211.100.1 209.211.100.5 pre
24
> #ip nat pool HIGHER_ADDRESSES_TRANSLATE_TO 209.211.100.6 209.211.100.10
pre
> 24
> #ip nat inside source list 1 pool LOWER_ADDRESSES_TRANSLATE_TO overload
> #ip nat inside source list 2 pool HIGHER_ADDRESSES_TRANSLATE_TO overload
>
> Forgive me if I've screwed up the syntax somewhere, but the idea is there.
> As I said, you'll have to put some thought into what best works in your
> addressing scheme to best separate translated addresses in to two roughly
> equal groups.  You might even find it helpful to partition them in to more
> than two groups.
>
> Hope it helps.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=60819&t=60663
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Load balancing & NAT [7:60663]

[Peter Walker]

This does NOT match my previous experience.  My experience has been that 
IOS seems to use NAT (not overloaded) until all pool addresses are used 
then start overloading the last one.  I dont know what happens once all 
when this address gets maxed out.

The only reason we noticed this was due to the fact that we were running 
port sentry on a number of unix hosts and noticed that periodically random 
machines were being port scanned from outside our net (something that 
should not be able to occur if PAT is being used). We finally tracked it 
down to NAT (single outside IP to single inside IP) entries appearing in 
our NAT translations tables on the router.

The only solution that we (or TAC) could come up with was to reduce the NAT 
pool to a single IP.

Peter Walker
CISSP, CCN[NID]P, CSS1, CIPPTS, etc


--On 09 January 2003 20:15 + Doug S  wrote:

> The way PAT works when overloading multiple addresses is to overload the
> first address in the pool until ALL port numbers are used up.  I can't
> point you to any publicly available documentation on this, but cut and
> pasted from Network Academy curriculum:
>
> "However, on a Cisco IOS router, NAT will
>  overload the first address in the pool until
>  it's maxed out, and then move on to the
>  second address, and so on."




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=60800&t=60663
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Load balancing & NAT [7:60663]

[Emilia Lambros]

It all makes sense now :)

As much of a kludge as it is, the individual NAT pools will be perfect. 
There's several offices, which means several IP addresses will be used if I
make individual pools.



-Original Message-
From: Doug S [mailto:[EMAIL PROTECTED]]
Sent: Friday, 10 January 2003 6:45 AM
To: [EMAIL PROTECTED]
Subject: RE: Load balancing & NAT [7:60663]


The way PAT works when overloading multiple addresses is to overload the
first address in the pool until ALL port numbers are used up.  I can't point
you to any publicly available documentation on this, but cut and pasted from
Network Academy curriculum:

"However, on a Cisco IOS router, NAT will
 overload the first address in the pool until
 it's maxed out, and then move on to the
 second address, and so on."

I've seen people wanting to get around this behavior for a variety of
reasons and I haven't seen anyone post a good reply.  I've come up with a  a
workaround that I beleive should work for you, although you'll have to take
a good look at your inside local addresses and figure out how to best define
those in to two equal groups.  Each group could then be separately
translated to a different address.

For instance, if you are now transating 8000 inside addresses all in the
range of 10.0.32.0/19 to one overloaded pool, you could configure it to
translate 10.0.32.0/20 to one overloaded pool and 10.0.48.0/20 to a separate
overloaded pool something like

#access-list 1 permit 10.0.32.0 0.0.15.255
#access-list 2 permit 10.0.48.0 0.0.15.255
#ip nat pool LOWER_ADDRESSES_TRANSLATE_TO 209.211.100.1 209.211.100.5 pre 24 
#ip nat pool HIGHER_ADDRESSES_TRANSLATE_TO 209.211.100.6 209.211.100.10 pre
24
#ip nat inside source list 1 pool LOWER_ADDRESSES_TRANSLATE_TO overload
#ip nat inside source list 2 pool HIGHER_ADDRESSES_TRANSLATE_TO overload

Forgive me if I've screwed up the syntax somewhere, but the idea is there. 
As I said, you'll have to put some thought into what best works in your
addressing scheme to best separate translated addresses in to two roughly
equal groups.  You might even find it helpful to partition them in to more
than two groups.

Hope it helps.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=60766&t=60663
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Load balancing & NAT [7:60663]

[Doug S]

The way PAT works when overloading multiple addresses is to overload the
first address in the pool until ALL port numbers are used up.  I can't point
you to any publicly available documentation on this, but cut and pasted from
Network Academy curriculum:

"However, on a Cisco IOS router, NAT will
 overload the first address in the pool until
 it's maxed out, and then move on to the
 second address, and so on."

I've seen people wanting to get around this behavior for a variety of
reasons and I haven't seen anyone post a good reply.  I've come up with a  a
workaround that I beleive should work for you, although you'll have to take
a good look at your inside local addresses and figure out how to best define
those in to two equal groups.  Each group could then be separately
translated to a different address.

For instance, if you are now transating 8000 inside addresses all in the
range of 10.0.32.0/19 to one overloaded pool, you could configure it to
translate 10.0.32.0/20 to one overloaded pool and 10.0.48.0/20 to a separate
overloaded pool something like

#access-list 1 permit 10.0.32.0 0.0.15.255
#access-list 2 permit 10.0.48.0 0.0.15.255
#ip nat pool LOWER_ADDRESSES_TRANSLATE_TO 209.211.100.1 209.211.100.5 pre 24 
#ip nat pool HIGHER_ADDRESSES_TRANSLATE_TO 209.211.100.6 209.211.100.10 pre
24
#ip nat inside source list 1 pool LOWER_ADDRESSES_TRANSLATE_TO overload
#ip nat inside source list 2 pool HIGHER_ADDRESSES_TRANSLATE_TO overload

Forgive me if I've screwed up the syntax somewhere, but the idea is there. 
As I said, you'll have to put some thought into what best works in your
addressing scheme to best separate translated addresses in to two roughly
equal groups.  You might even find it helpful to partition them in to more
than two groups.

Hope it helps.
  


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=60739&t=60663
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Load balancing & NAT [7:60663]

[Marc Thach Xuan Ky]

IIRC when I last looked at this, it worked as you require, but that
might have been v2 NAT rather than v3 which is current.  Have you
restarted the router, superstition dictates that you should.  Failing
this, how many app servers are there?  You *could* use multiple NAT
pools, which  would admittedly be a horrible kludge, depends on how
desperately you want this.  Is there not a better way of using sticky on
the load-balancers?  Are you in a position to change the app to use
cookies for example? or maybe persistent connections so the LBs aren't
responsible for sticky?
rgds
Marc

Emilia Lambros wrote:
> 
> I'm looking more for a way to play with how the nat pool I have behaves
with
> IP address use.  The NAT config and translations are all working, however I
> can't find a situation online that shows me how I can force translations to
> not overload quite so much, or how I can make more IP addresses be used so
> my load balancing works with sticky sessions set.
> 
> For as long as only 1 IP is being used, all connections to the application
> servers go to one application server.  Even with 2 IPs being used, I would
> have more of a chance of connections going to the 2nd application server to
> create some load balancing but as I said, I'm sitting on 8500 connections
> and 1 IP being used.  I know in theory I can go up to 65K+ connections on
> that 1 IP, but I would prefer more like a couple of hundred per IP.
> 
> The majority of articles I've read show how to configure, say rotary pools
> or tcp load distribution but not examples of how you can use it another way
> that I could perhaps, adapt.  As I said though, I can't play with the
config
> because its a live environment so its a little harder to play and test
with,
> without a guarantee that it will work :)
> 
> -Original Message-
> From: The Long and Winding Road
> [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, 9 January 2003 11:24 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Load balancing & NAT [7:60663]
> 
> if you have a CCO customer account, there are a lot of articles in the TAC
> database
> 
> this one is a good start, I believe.
> 
>
http://www.cisco.com/en/US/customer/tech/tk648/tk361/technologies_tech_note0
> 9186a0080093fca.shtml
> watch the wrap.
> 
> HTH
> 
> --
> TANSTAAFL
> "there ain't no such thing as a free lunch"
> 
> ""Emilia Lambros""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hi all,
> >
> > I have an application being load balanced at one site (sticky sessions
set
> > such that each connection from 1 IP will continue its transactions to the
> > same server it started on) and at another site, the users accessing the
> load
> > balanced application.
> >
> > The users come in from different office locations across private WAN
> links,
> > nat inside is on each of their interfaces and on each interface out of
the
> > router those WAN links connect to, is nat outside.
> >
> > I have changed their initial configuration based on NAT overload to an
> > interface IP address to be a pool of addresses overloaded.  I was hoping
> > that the connections would spill over to the second IP in the pool at
some
> > stage sooner than the 8500 NAT connections I have currently, but no go. 
I
> > may as well have NAT'd to 1 IP again :)
> >
> > Is there a way to overload NAT, but have it using more than 1 IP in the
> > pool?  e.g. a pool of 30 IPs, its currently using 1.. I'd love the router
> to
> > even round robin the use of IPs out of the pool but I can't play with the
> > config to try it (live environment) and can't find any documentation
> online
> > explaining exactly what I need NAT to do/not do :(
> >
> > Thanks,
> >
> > Em :)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=60693&t=60663
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Load balancing & NAT [7:60663]

[Emilia Lambros]

I'm looking more for a way to play with how the nat pool I have behaves with
IP address use.  The NAT config and translations are all working, however I
can't find a situation online that shows me how I can force translations to
not overload quite so much, or how I can make more IP addresses be used so
my load balancing works with sticky sessions set.

For as long as only 1 IP is being used, all connections to the application
servers go to one application server.  Even with 2 IPs being used, I would
have more of a chance of connections going to the 2nd application server to
create some load balancing but as I said, I'm sitting on 8500 connections
and 1 IP being used.  I know in theory I can go up to 65K+ connections on
that 1 IP, but I would prefer more like a couple of hundred per IP.

The majority of articles I've read show how to configure, say rotary pools
or tcp load distribution but not examples of how you can use it another way
that I could perhaps, adapt.  As I said though, I can't play with the config
because its a live environment so its a little harder to play and test with,
without a guarantee that it will work :)



-Original Message-
From: The Long and Winding Road
[mailto:[EMAIL PROTECTED]]
Sent: Thursday, 9 January 2003 11:24 AM
To: [EMAIL PROTECTED]
Subject: Re: Load balancing & NAT [7:60663]


if you have a CCO customer account, there are a lot of articles in the TAC
database

this one is a good start, I believe.

http://www.cisco.com/en/US/customer/tech/tk648/tk361/technologies_tech_note0
9186a0080093fca.shtml
watch the wrap.

HTH

--
TANSTAAFL
"there ain't no such thing as a free lunch"




""Emilia Lambros""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi all,
>
> I have an application being load balanced at one site (sticky sessions set
> such that each connection from 1 IP will continue its transactions to the
> same server it started on) and at another site, the users accessing the
load
> balanced application.
>
> The users come in from different office locations across private WAN
links,
> nat inside is on each of their interfaces and on each interface out of the
> router those WAN links connect to, is nat outside.
>
> I have changed their initial configuration based on NAT overload to an
> interface IP address to be a pool of addresses overloaded.  I was hoping
> that the connections would spill over to the second IP in the pool at some
> stage sooner than the 8500 NAT connections I have currently, but no go.  I
> may as well have NAT'd to 1 IP again :)
>
> Is there a way to overload NAT, but have it using more than 1 IP in the
> pool?  e.g. a pool of 30 IPs, its currently using 1.. I'd love the router
to
> even round robin the use of IPs out of the pool but I can't play with the
> config to try it (live environment) and can't find any documentation
online
> explaining exactly what I need NAT to do/not do :(
>
> Thanks,
>
> Em :)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=60670&t=60663
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Load balancing & NAT [7:60663]

[The Long and Winding Road]

oops - forgot where I was going

here is a jump page

http://www.cisco.com/cgi-bin/Support/browse/psp_view.pl?p=Internetworking:NA
T
requires CCO customer login.

and this one for more detail in design and operation

http://www.cisco.com/cgi-bin/Support/browse/psp_view.pl?p=Internetworking:NA
T&s=Implementation_and_Configuration

watch the wrap on this one - who knows how the groupstudy server will mangle
this one.

--
TANSTAAFL
"there ain't no such thing as a free lunch"




""Emilia Lambros""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi all,
>
> I have an application being load balanced at one site (sticky sessions set
> such that each connection from 1 IP will continue its transactions to the
> same server it started on) and at another site, the users accessing the
load
> balanced application.
>
> The users come in from different office locations across private WAN
links,
> nat inside is on each of their interfaces and on each interface out of the
> router those WAN links connect to, is nat outside.
>
> I have changed their initial configuration based on NAT overload to an
> interface IP address to be a pool of addresses overloaded.  I was hoping
> that the connections would spill over to the second IP in the pool at some
> stage sooner than the 8500 NAT connections I have currently, but no go.  I
> may as well have NAT'd to 1 IP again :)
>
> Is there a way to overload NAT, but have it using more than 1 IP in the
> pool?  e.g. a pool of 30 IPs, its currently using 1.. I'd love the router
to
> even round robin the use of IPs out of the pool but I can't play with the
> config to try it (live environment) and can't find any documentation
online
> explaining exactly what I need NAT to do/not do :(
>
> Thanks,
>
> Em :)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=60665&t=60663
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Load balancing & NAT [7:60663]

[The Long and Winding Road]

if you have a CCO customer account, there are a lot of articles in the TAC
database

this one is a good start, I believe.

http://www.cisco.com/en/US/customer/tech/tk648/tk361/technologies_tech_note0
9186a0080093fca.shtml
watch the wrap.

HTH

--
TANSTAAFL
"there ain't no such thing as a free lunch"




""Emilia Lambros""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi all,
>
> I have an application being load balanced at one site (sticky sessions set
> such that each connection from 1 IP will continue its transactions to the
> same server it started on) and at another site, the users accessing the
load
> balanced application.
>
> The users come in from different office locations across private WAN
links,
> nat inside is on each of their interfaces and on each interface out of the
> router those WAN links connect to, is nat outside.
>
> I have changed their initial configuration based on NAT overload to an
> interface IP address to be a pool of addresses overloaded.  I was hoping
> that the connections would spill over to the second IP in the pool at some
> stage sooner than the 8500 NAT connections I have currently, but no go.  I
> may as well have NAT'd to 1 IP again :)
>
> Is there a way to overload NAT, but have it using more than 1 IP in the
> pool?  e.g. a pool of 30 IPs, its currently using 1.. I'd love the router
to
> even round robin the use of IPs out of the pool but I can't play with the
> config to try it (live environment) and can't find any documentation
online
> explaining exactly what I need NAT to do/not do :(
>
> Thanks,
>
> Em :)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=60664&t=60663
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Load balancing & NAT [7:60663]

[Emilia Lambros]

Hi all,

I have an application being load balanced at one site (sticky sessions set
such that each connection from 1 IP will continue its transactions to the
same server it started on) and at another site, the users accessing the load
balanced application.

The users come in from different office locations across private WAN links,
nat inside is on each of their interfaces and on each interface out of the
router those WAN links connect to, is nat outside.

I have changed their initial configuration based on NAT overload to an
interface IP address to be a pool of addresses overloaded.  I was hoping
that the connections would spill over to the second IP in the pool at some
stage sooner than the 8500 NAT connections I have currently, but no go.  I
may as well have NAT'd to 1 IP again :)

Is there a way to overload NAT, but have it using more than 1 IP in the
pool?  e.g. a pool of 30 IPs, its currently using 1.. I'd love the router to
even round robin the use of IPs out of the pool but I can't play with the
config to try it (live environment) and can't find any documentation online
explaining exactly what I need NAT to do/not do :(

Thanks,

Em :)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=60663&t=60663
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Load Balancing Firewalls [7:59183]

[Sam Sneed]

On the 3600's, for ethernets connecting the PIX and the routers use HSRP.
Give the Pix's the default gateway of the HSRP adress. Then use BGP on the
serial interfaces of 3600's to peer with your provider.


""Brian Zeitz""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> OK I figured this one out with some help :) I just need to get the 4
> Port DMZ card and designate two of the interfaces as IN using security
> levels. The failover has a DMZ card too, so I can failover all 4
> interfaces in an emergency. Plus 1 Port for the failover.
>
> Thanks to the people helping me offline, these scenarios are getting
> really complex. My next task is figuring how to take two T1s and make
> them act as a single unit while providing redundancy.
>
> Thanks :)
>
> -Original Message-
> From: Brian Zeitz
> Sent: Friday, December 13, 2002 2:02 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Load Balancing Firewalls [7:59183]
>
> Actually, management change the diagram on me :(
>
> T1--->3640--->515UR with failover
> T1--->3640--->^
>
> Both T1s going into a single 515UR with a standby unit.
>
> I figured out the first scenario, I just thought of it as it as being in
> different locations and use global load balancing on the LBs.
>
> This second scenario I don't know if it is possible, I would have 2 IPs
> coming from the e0/0 on the router, into only 1 Pix interface which I
> don't know if it is possible
>
>
> -Original Message-
> From: Brian Zeitz
> Sent: Friday, December 13, 2002 12:03 PM
> To: [EMAIL PROTECTED]
> Subject: Load Balancing Firewalls [7:59183]
>
> I have just been given the task of setting up a website with load
> balancing.
>
>
>
>
>
> T1 ---> 3640>Pix 515  UR+4E-->Load balancer
>
> T1 ---> 3640--->Pix 515 UR+4E>Load balancer
>
>
>
> The Pix 515 are separate full units, I got another on because I know you
> cannot use the failover as an active unit.
>
>
>
> My load balancers are not active/active. But if I use them separately,
> they can run independently.
>
>
>
> I need to run just one website like www.mydomain.com
>
>
>
>
> My managers would like both T1s to be used, but can also act as a
> failover.
>
>
>
> Can anyone give me any pointers or tell me of any pitfalls before I dive
> into this task?
>
>
>
> I thought about HSRP, would this work if I had redundant firewalls? Can
> you cluster pix firwalls? I don't think you can, I wish I could.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59474&t=59183
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Load Balancing Firewalls [7:59183]

[Brian Zeitz]

OK I figured this one out with some help :) I just need to get the 4
Port DMZ card and designate two of the interfaces as IN using security
levels. The failover has a DMZ card too, so I can failover all 4
interfaces in an emergency. Plus 1 Port for the failover.

Thanks to the people helping me offline, these scenarios are getting
really complex. My next task is figuring how to take two T1s and make
them act as a single unit while providing redundancy. 

Thanks :)

-Original Message-
From: Brian Zeitz 
Sent: Friday, December 13, 2002 2:02 PM
To: [EMAIL PROTECTED]
Subject: RE: Load Balancing Firewalls [7:59183]

Actually, management change the diagram on me :(

T1--->3640--->515UR with failover
T1--->3640--->^

Both T1s going into a single 515UR with a standby unit.

I figured out the first scenario, I just thought of it as it as being in
different locations and use global load balancing on the LBs.

This second scenario I don't know if it is possible, I would have 2 IPs
coming from the e0/0 on the router, into only 1 Pix interface which I
don't know if it is possible


-Original Message-
From: Brian Zeitz 
Sent: Friday, December 13, 2002 12:03 PM
To: [EMAIL PROTECTED]
Subject: Load Balancing Firewalls [7:59183]

I have just been given the task of setting up a website with load
balancing.





T1 ---> 3640>Pix 515  UR+4E-->Load balancer

T1 ---> 3640--->Pix 515 UR+4E>Load balancer



The Pix 515 are separate full units, I got another on because I know you
cannot use the failover as an active unit.



My load balancers are not active/active. But if I use them separately,
they can run independently.



I need to run just one website like www.mydomain.com




My managers would like both T1s to be used, but can also act as a
failover.



Can anyone give me any pointers or tell me of any pitfalls before I dive
into this task?



I thought about HSRP, would this work if I had redundant firewalls? Can
you cluster pix firwalls? I don't think you can, I wish I could.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59297&t=59183
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Load Balancing Firewalls [7:59183]

[Brian Zeitz]

Actually, management change the diagram on me :(

T1--->3640--->515UR with failover
T1--->3640--->^

Both T1s going into a single 515UR with a standby unit.

I figured out the first scenario, I just thought of it as it as being in
different locations and use global load balancing on the LBs.

This second scenario I don't know if it is possible, I would have 2 IPs
coming from the e0/0 on the router, into only 1 Pix interface which I
don't know if it is possible


-Original Message-
From: Brian Zeitz 
Sent: Friday, December 13, 2002 12:03 PM
To: [EMAIL PROTECTED]
Subject: Load Balancing Firewalls [7:59183]

I have just been given the task of setting up a website with load
balancing.





T1 ---> 3640>Pix 515  UR+4E-->Load balancer

T1 ---> 3640--->Pix 515 UR+4E>Load balancer



The Pix 515 are separate full units, I got another on because I know you
cannot use the failover as an active unit.



My load balancers are not active/active. But if I use them separately,
they can run independently.



I need to run just one website like www.mydomain.com




My managers would like both T1s to be used, but can also act as a
failover.



Can anyone give me any pointers or tell me of any pitfalls before I dive
into this task?



I thought about HSRP, would this work if I had redundant firewalls? Can
you cluster pix firwalls? I don't think you can, I wish I could.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59187&t=59183
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Load Balancing Firewalls [7:59183]

[Brian Zeitz]

I have just been given the task of setting up a website with load
balancing.





T1 ---> 3640>Pix 515  UR+4E-->Load balancer

T1 ---> 3640--->Pix 515 UR+4E>Load balancer



The Pix 515 are separate full units, I got another on because I know you
cannot use the failover as an active unit.



My load balancers are not active/active. But if I use them separately,
they can run independently.



I need to run just one website like www.mydomain.com




My managers would like both T1s to be used, but can also act as a
failover.



Can anyone give me any pointers or tell me of any pitfalls before I dive
into this task?



I thought about HSRP, would this work if I had redundant firewalls? Can
you cluster pix firwalls? I don't think you can, I wish I could.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59183&t=59183
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Load balancing and time out setting [7:59059]

[Hitesh Pathak R]

Dear Group ,=20

Is it possible to achieve the timeout of any link outage connected =
between two routers across the 2 WAN locations not to exceed more then =
200ms. (application requirement).

One of my customer has a setup of 2 sites connected with 4 E1 links (2 x =
routers =3D 3700 and 2 MBPS x 2 nos. terminated on Each one of them). =
Can we implement some sort of load balancing which can take care of this =
??

Many thanks in advance

Thanks n regds

Hitesh

[GroupStudy.com removed an attachment of type image/jpeg which had a name of
Glacier Bkgrd.jpg]
DISCLAIMER:
Information contained and transmitted by this E-MAIL is proprietary to Wipro
Limited and is intended for use only by the individual or entity to which it
is addressed, and may contain information that is privileged, confidential
or exempt from disclosure under applicable law. If this is a forwarded
message, the content of this E-MAIL may not have been sent with the
authority of the Company. If you are not the intended recipient, an agent of
the intended recipient or a  person responsible for delivering the
information to the named recipient,  you are notified that any use,
distribution, transmission, printing, copying or dissemination of this
information in any way or in any manner is strictly prohibited. If you have
received this communication in error, please delete this mail & notify us
immediately at [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59059&t=59059
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: HSRP VLAN Load Balancing [7:56689]

[Wes]

Dale Kling wrote:
> Is there another way to do this?

Don't know about easier, (haven't had a chance to play with this in the lab
yet) but Cisco has recently announced Gateway Load Balancing Protocol,
(GLBP) for balancing first-hop gateways.

I found a quick white-paper on the topic.  Hope it helps give you a quick
idea about whether it will fill you needs.

http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/glbpd_ds.htm

--Wes


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=56808&t=56689
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: HSRP VLAN Load Balancing [7:56689]

[Internetwork Geek]

Do not add the preempt command to the standby device that you want to loose
the election because they will force an election that they will eventually
loose.

Second add a preempt delay to the device that you want to win the election
after a reload.  This will allow them an opportunity to build there routing
tables and initialize any other services before they take over the active
role.

I also set the device I want to be in standby to a priority of 150 and the
device I want to be active to 200. This give me more room to make changes
the the roles at a later date with more range to work in.  I also chose
numbers above the default priority of 100 on purpose.

Cat1: 

Interface Vlan 5 
ip address 150.50.5.5 255.255.255.0 
standby 1 ip 150.50.5.100 
standby 1 priority 150 
standby 2 ip 150.50.5.200 
standby 2 priority 200 preempt delay 90

Cat2: 

Interface Vlan 5 
ip addres 150.50.5.10 255.255.255.0 
standby 1 ip 150.50.5.100 
standby 1 priority 200 preempt delay 90
standby 2 ip 150.50.5.200 
standby 2 priority 150 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=56704&t=56689
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: HSRP VLAN Load Balancing [7:56689]

[John McCartney]

That is the way I used to do it at the ISP I used to work at...before the
layoffs...We had two 6509's linked together in a full-mesh and used a cfg
similar to what you have. If there is another way. I'd be interested in
finding out about it.

HTH's


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=56691&t=56689
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

HSRP VLAN Load Balancing [7:56689]

[Dale Kling]

Here's a scenario I've been faced with recently and have a solution, but
wanted to get any other ideas somebody might have.  The question calls for
this:

- Configure cat1 and cat2 for layer 3 redundancy with HSRP for Vlan 5
- Configure HSRP such that when both cat switches are available, traffic is
load balanced across both cat switches and when one is unavailable, the other
cat should take over all traffic from Vlan 5.

Here's my configuration idea:

Cat1:

Interface Vlan 5
ip address 150.50.5.5 255.255.255.0
standby 1 ip 150.50.5.100
standby 1 priority 150 preempt
standby 2 ip 150.50.5.200
standby 2 priority 155 preempt

Cat2:

Interface Vlan 5
ip addres 150.50.5.10 255.255.255.0
standby 1 ip 150.50.5.100
standby 1 priority 155 preempt
standby 2 ip 150.50.5.200
standby 2 priority 150 preempt

Cat1 will assume the role of the virtual IP 150.50.5.100 and Cat2 will assume
the role of virtual IP 150.50.5.200.  One would then configure the default
gateways on the hosts.  Half the hosts have 150.50.5.100 listed first as the
D.G. and the other half would have 150.50.5.200 listed first as the D.G.

Is there another way to do this?

Thanks,

Dale




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=56689&t=56689
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Windows Load balancing [7:56244]

[Priscilla Oppenheimer]

Duncan Wallace wrote:
> 
> Has anyone had any experience in implementing Windows load
> balancing a
> server cluster ? I have always used hardware based load
> balancers so I
> am somewhat new to the MS flavor. I have a 2621 router and I am
> wondering if it is capable of the following. 

The text that you copied and pasted says what you'll have to do, which is
create a static ARP that points to a multicast address. Cisco does support
this, by the way. See here:

charlotte(config)#arp ?
  A.B.C.D  IP address of ARP entry

charlotte(config)#arp 10.10.0.3 ?
  H.H.H  48-bit hardware address of ARP entry

charlotte(config)#arp 10.10.0.3 0101.0101.0101 ?
  arpa  ARP type ARPA
  sap   ARP type SAP (HP's ARP type)
  smds  ARP type SMDS
  snap  ARP type SNAP (FDDI and TokenRing)

charlotte(config)#arp 10.10.0.3 0101.0101.0101 arpa
charlotte(config)#end
charlotte#
%SYS-5-CONFIG_I: Configured from console by console
charlotte#show run
Building configuration...

Current configuration:
!
version 11.0
service udp-small-servers
service tcp-small-servers
!
hostname charlotte
!
interface Ethernet0
 ip address 10.10.0.2 255.255.255.0
!

interface Serial0
 ip address 192.168.40.2 255.255.255.0
 encapsulation frame-relay
!
arp 10.10.0.3 0101.0101.0101 ARPA
!
line con 0
line aux 0
 transport input all
line vty 0 4
 password cisco
 login
!
end
 
It does seem like a strange solution though, and strange solutions often
mean you'll encounter bugs or other problems, so do keep us posted on how it
goes. Thanks.

___

Priscilla Oppenheimer
www.troubleshootingnetworks.com
www.priscilla.com


> This is just some
> preliminary information gathering, so I thought I would throw
> it out to
> the group while I do my own research.
> What Windows 2000 Advanced Server says:
> If Network Load Balancing clients are accessing a cluster
> through a
> router when the cluster has been configured to operate in
> multicast
> mode, be sure that the router meets the following requirements:
> * Accepts an ARP
>  P>  reply that has one MAC address
>  C_address>  in the payload of the ARP structure but appears to
> arrive
> from a station with another MAC address, as judged by the
> Ethernet
> header 
> * In multicast mode, accepts an ARP reply that has a multicast
> MAC
> address in the payload of the ARP structure 
> This allows the router to map the cluster's
>  r's_primary_IP_address>  primary IP address and other
>  ltihomed_computer> multihomed addresses to the corresponding MAC
> address. If your router does not meet these requirements, you
> can also
> create a static ARP entry in the router. Cisco routers require
> a static
> ARP entry because they do not support the resolution of unicast
> IP
> addresses to multicast MAC addresses
>  lticast_MAC_address> .
>  
>  
> Thanks in advance,
>  
> Duncan Wallace
> [EMAIL PROTECTED]
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=56328&t=56244
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Windows Load balancing [7:56244]

[Duncan Wallace]

I have been playing with them all for awhile now (F5, Alteon, Local
Director, Etc.).  I finally settled on Alteons products (I like the
hardware based products). Unfortunately, I have a side contract, and
they are concrete on using Windows Load balancing...Wait 'til they see
the licensing on multiple Adv. Servers.  I'll let you know how it turns
out. As for the Alteon, Easy to setup and use and monitor.  Good tech
support too.

Thanks,
 
Duncan Wallace
12835 SW Thunderhead Way
Beaverton, Or. 97008
503-646-5707
[EMAIL PROTECTED]
 
 

-Original Message-
From: John Chang [mailto:johnec@;umich.edu] 
Sent: Thursday, October 24, 2002 3:50 PM
To: Duncan Wallace
Subject: Re: Windows Load balancing [7:56244]

I read through MS's info on it and I thought it was chatty and wouldn't 
want to put it on a separate network.  Use 2 nics, 1 for load balancing 
chatter.

What hardware load balancing device have you used and how well did it
work 
and how much approximately?  Any I should stay away from?  Thanks!

At 08:48 PM 10/24/2002 +, Duncan Wallace wrote:
>Has anyone had any experience in implementing Windows load balancing a
>server cluster ? I have always used hardware based load balancers so I
>am somewhat new to the MS flavor. I have a 2621 router and I am
>wondering if it is capable of the following.  This is just some
>preliminary information gathering, so I thought I would throw it out to
>the group while I do my own research.
>What Windows 2000 Advanced Server says:
>If Network Load Balancing clients are accessing a cluster through a
>router when the cluster has been configured to operate in multicast
>mode, be sure that the router meets the following requirements:
>*   Accepts an ARP
>   reply that has one MAC address
>   in the payload of the ARP structure but appears to arrive
>from a station with another MAC address, as judged by the Ethernet
>header
>*   In multicast mode, accepts an ARP reply that has a multicast
MAC
>address in the payload of the ARP structure
>This allows the router to map the cluster's
>   primary IP address and other
>  multihomed addresses to the corresponding MAC
>address. If your router does not meet these requirements, you can also
>create a static ARP entry in the router. Cisco routers require a static
>ARP entry because they do not support the resolution of unicast IP
>addresses to multicast MAC addresses
>  .
>
>
>Thanks in advance,
>
>Duncan Wallace
>[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=56253&t=56244
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Windows Load balancing [7:56244]

[Duncan Wallace]

Has anyone had any experience in implementing Windows load balancing a
server cluster ? I have always used hardware based load balancers so I
am somewhat new to the MS flavor. I have a 2621 router and I am
wondering if it is capable of the following.  This is just some
preliminary information gathering, so I thought I would throw it out to
the group while I do my own research.
What Windows 2000 Advanced Server says:
If Network Load Balancing clients are accessing a cluster through a
router when the cluster has been configured to operate in multicast
mode, be sure that the router meets the following requirements:
*   Accepts an ARP
  reply that has one MAC address
  in the payload of the ARP structure but appears to arrive
from a station with another MAC address, as judged by the Ethernet
header 
*   In multicast mode, accepts an ARP reply that has a multicast MAC
address in the payload of the ARP structure 
This allows the router to map the cluster's
  primary IP address and other
 multihomed addresses to the corresponding MAC
address. If your router does not meet these requirements, you can also
create a static ARP entry in the router. Cisco routers require a static
ARP entry because they do not support the resolution of unicast IP
addresses to multicast MAC addresses
 .
 
 
Thanks in advance,
 
Duncan Wallace
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=56244&t=56244
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Right apporach for HSRP with spantree load balancing [7:55579]

[Azhar Teza]

Is it the right approach to do spantree-load balancing with HSRP redundancy
I have 4  users Vlans tied to subnets, vlan 10 
172.16.10.0 vlan 11  172.16.11.0vlan 20 
172.16.20.0 vlan 21  172.16.21.0 Server Farm Vlans vlan
101  172.16.101.0vlan 102  172.16.102.0  users vlans are connected back to
(2) 6509 switches as well as server farms vlans.  All of the ports  between
the switches will be trunk ports USER'S VLANS (1)
6509
(2) 6509set spantree root 10 20
  set spantree root 11 21 set spantree root 11 21 secondary
  set spantree root 10 20 secondary int vlan 10
  int vlan 10ip address 172.16.10.2 
255.255.255.0  ip address 172.16.10.3 
255.255.255.0   standby 1 ip 172.16.10.1 preempt   
 standby 1 ip 172.16.10.1standby 1 priority 110
 standby 1 priority 100
int vlan 20
  int vlan 20ip address 172.16.20.2 255.255.255.0  
ip address 172.16.20.3 255.255.255.0stand!
by 2 ip 172.16.20.1 preemptstandby 2 ip 
172.16.20.1standby 2 priority 110  
   standby 2 priority 100  int vlan 11 
 int vlan 11ip address 172.16.11.2 255.255.255.0   
   ip address 172.16.11.3 255.255.255.0standby 3 ip 
172.16.11.1standby 3 ip 
172.16.11.1 preempt  standby 3 priority 100
 standby 3 priorty 110 int vlan 21 
int vlan 21ip address 172.16.21.2 
255.255.255.0 ip address 172.16.21.3 
255.255.255.0standby 4 ip 172.16.21.1  
  standby 4 ip 172.16.21.1 preempt standby 4 priority 100 !
   standby 4 priority 110 For the server farm 
vlans: (1) 6509
(2) 6509set spantree root 101  
   set spantree root 102set spantree root 102 secondary
 set spantree root 101 secondary int vlan 101  
  int vlan 101 ip address 
172.16.101.2 255.255.255.0ip address 172.16.101.3 
255.255.255.0standby 5 ip 172.16.101.1 preempt 
 standby 5 ip 172.16.101.1standby 5 priority 110   
  standby 5 priority 100 int vlan 102  
  int vlan 102 ip address 172.16.102.1 
255.255.255.0!
ip address 172.16.102.3 255.255.255.0standby 6 ip 172.16.102.1 
  standby ip address 172.16.102.1 preemptstandby 6 
priority 100 standby 6 
priority 110 I will also connect 6509 switches together as trunk ports. Any thoughts? 
Teza


Join Excite! - http://www.excite.com
The most personalized portal on the Web!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=55579&t=55579
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

HSRP with Spanning Tree Load Balancing [7:55428]

[Azhar Teza]

Is it possible to do HSRP, not MHSRP with VLAN-Spanning Tree Load balancing.
I have multiple VLANS, each Vlan/Subnet assigned to the IDF.  IDF switches
then connect to (2) 6500 backbone switches that is also performing
routing/layer 3.  I know I can do vlan load balancing by making odd vlans to
take (1) 6509 route and even vlans to take (2) 6509 path to reach the server
farms.  On top of it, I also want to implement HSRP just for the redundancy
purpose.  If one of the back bone switches goes down, layer 2 will not be
affected, but users default gateway will have to be changed to point to the
other backbone switch.  HSRP is the only option to avoid that.   Someone
said HSRP can't run in parallel with  vlan-spanning tree load balancing.  
Thanks Az


Join Excite! - http://www.excite.com
The most personalized portal on the Web!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=55428&t=55428
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VLAN Load Balancing [7:55411]

[Larry Letterman]

issue the command ..set spantree root vlan x,x,x
set spantree root sec vlan x,x,x

you dont need to adjust the priorities..

I had that in my data center until recently when I went
to layer 3 design only...I got tired of spantree issues taking
down servers...

Good luck with it..


Larry Letterman
Network Engineer
Cisco Systems Inc.



-Original Message-
From: [EMAIL PROTECTED] [mailto:nobody@;groupstudy.com]On Behalf Of
Azhar Teza
Sent: Friday, October 11, 2002 12:53 PM
To: [EMAIL PROTECTED]
Subject: VLAN Load Balancing [7:55411]


If I have multiple VLANS for example 10,20,30 on 1st, 2nd, and 3rd floors
respectivley and VLANS 11,21,31 on 4th, 5th, 6th floors.  All of the floor
switches are connected to (2) 6509 switches.  The server farms have vlans 40
and 50 and hanging off on two seperate switches 3548.  Each has its own
VLANS.  They are also connected to (2) 6509 swithes.  6509s are doing all
the routing.  Each Vlan is tied to a unique subnet. In order for me to do
VLAN Load balancing: I could make (1) 6509 as root bridge for vlans 10, 20,
and 30 and secondary root bridge for VLANS 11,21,31 and vice versa for(2)
6509 as a root bridge for vlans 11,21,31 and secondary root bridge for vlans
10,20, and 30. When I do the set commands, for example on (1) 6509, I would
do "SET SPANTREE PRIORITY 100 10 20 30""SET SPANTREE PRIORITY 200 11,21, 31"
On (2) 6509, "SET SPANTREE PRIORITY 100 11,21, 31""SET SPANTREE PRIORITY 200
10,20,30" The question was do I also need to include VLANS 40 and 50 (The
server farm VLANS) in those above commands. Regards, Teza


Join Excite! - http://www.excite.com
The most personalized portal on the Web!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=55415&t=55411
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

VLAN Load Balancing [7:55411]

[Azhar Teza]

If I have multiple VLANS for example 10,20,30 on 1st, 2nd, and 3rd floors
respectivley and VLANS 11,21,31 on 4th, 5th, 6th floors.  All of the floor
switches are connected to (2) 6509 switches.  The server farms have vlans 40
and 50 and hanging off on two seperate switches 3548.  Each has its own
VLANS.  They are also connected to (2) 6509 swithes.  6509s are doing all
the routing.  Each Vlan is tied to a unique subnet. In order for me to do
VLAN Load balancing: I could make (1) 6509 as root bridge for vlans 10, 20,
and 30 and secondary root bridge for VLANS 11,21,31 and vice versa for(2)
6509 as a root bridge for vlans 11,21,31 and secondary root bridge for vlans
10,20, and 30. When I do the set commands, for example on (1) 6509, I would
do "SET SPANTREE PRIORITY 100 10 20 30""SET SPANTREE PRIORITY 200 11,21, 31"
On (2) 6509, "SET SPANTREE PRIORITY 100 11,21, 31""SET SPANTREE PRIORITY 200
10,20,30" The question was do I also need to include VLANS 40 and 50 (The
server farm VLANS) in those above commands. Regards, Teza


Join Excite! - http://www.excite.com
The most personalized portal on the Web!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=55411&t=55411
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP and Load Balancing [7:54297]

[YASSER ALY]

Yes, BGP selects only one best bath.

The default for BGP is one path, the default for other routing protocols
is four paths.

However, in some cases you would like to change this for BGP and this can
be acheived using " maximum-paths" command.

The BGP selection process is a series of qualifing steps and if still two
routes were equal then as I recall in step 9( Not sure of the step
number) if you are enabling the maximum-paths command both routes will be
accepted in the routing table.

BTW: This is very unlikely used and most of those using BGP prefer using
other methods to acheive load-balancing rather than using the
"maximum-paths" command.

Regarding static routes, they don't have the wealth of attributes that
BGP has, so if more than one static route is configured to reach a
destination (for example two default routes to different interfaces )they
will be used on a round-robin basis if process switching is enabled.

If fast-switching is used (default) then load-balancing over these equal
static routes will be per destination not per packet like process
switching. Keep in mind that this load-balancing done using via
static-routes only concerns upstream traffic and has nothing to do with
downstream traffic.

HTH,

Yasser

>From: "Abu Mwalie" > >Hi All, > >It is not very clear to me still
regarding BGP, Static Routes and Load >Balancing!! > >Can any one out
there shed some light!! BGP selects only one path, is it >not? But that
load-balancing can be achieved through static routes?? > >Thanks!! > >
misconduct and Nondisclosure violations to [EMAIL PROTECTED]



Join the worlds largest e-mail service with MSN Hotmail. Click Here




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54304&t=54297
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP and Load Balancing [7:54297]

[Cisco Study]

BGP has the option max-paths which allows to have multiple paths. If it is
ebgp we can also achieve this with ebgp multi-hop.wheather it is max-paths
or multi-hop or static routes most of the time CEF is the ultimate that
influence the interface switching. CEF FIB table will be calculated based on
the routing table.CEF has limitation of 8 paths so one can have only maximum
8 paths at any given time.
BGP is preferred when there is a need for dynamic routing updates and policy
changes. If the situation is in small environment and static, there are the
cases where static routes are preferred considering the systems rources and
router configuration complexties.
HTH
J.
 Abu Mwalie wrote:Hi All,

It is not very clear to me still regarding BGP, Static Routes and Load
Balancing!!

Can any one out there shed some light!! BGP selects only one path, is it
not? But that load-balancing can be achieved through static routes??

Thanks!!
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54303&t=54297
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]