Load balancing between servers in the same segment

slizarraga · ‎11-06-2013

I want to configure this type of balance:

Web servers that need to access the application server:

Web1 10.231.1.9/26

Web2 10.231.1.19/26

Application servers (real servers):

App1 10.231.1.8/26

App2 10.231.1.18/26

As you can see, they are on the same network segment.

I think there might be 2 ways:

1) Use a virtual IP from this 10.231.1.64/26 segment

2) Use a virtual IP from another segment directly connected to the ACE.

I have tried the way number 2 and it is not working. I think the problem in the second case is that when the app servers receive the packets and want to return them, because the destination is a network there they are directly connected, the returning packet wont pass through the ACE.

Is there a way to make a "nat" or you recommend me to try the first method?

Thanks for your help!

Kanwaljeet Singh · ‎11-06-2013

Hi,

You can source NAT the traffic being forwarded from ACE(ACE will replace the web server IP to a NAT POOL IP owned by ACE) to APP servers and that way APP servers won't return the traffic directly to web servers.

Pasting a config example for your reference:

     ==========================================================================
     One-Armed Load Balancing with VIP, Servers, & NAT Pool on the Same Subnet
     ==========================================================================


login timeout 0

access-list ANYONE line 10 extended permit ip any any

rserver host SERVER_01
  ip address 192.168.1.11
  inservice
rserver host SERVER_02
  ip address 192.168.1.12
  inservice
rserver host SERVER_03
  ip address 192.168.1.13
  inservice

serverfarm host REAL_SERVERS
  rserver SERVER_01
    inservice
  rserver SERVER_02
    inservice
  rserver SERVER_03
    inservice

class-map match-all VIP-30
  2 match virtual-address 192.168.1.30 tcp eq www

class-map type management match-any REMOTE_ACCESS
  description remote-access-traffic-match
  2 match protocol telnet any
  3 match protocol ssh any
  4 match protocol icmp any

policy-map type management first-match REMOTE_MGT
  class REMOTE_ACCESS
    permit

policy-map type loadbalance first-match SLB_LOGIC
  class class-default
    serverfarm REAL_SERVERS

policy-map multi-match CLIENT_VIPS
  class VIP-30
    loadbalance vip inservice
    loadbalance policy SLB_LOGIC
    loadbalance vip icmp-reply active
    nat dynamic 1 vlan 451

interface vlan 451
  description Servers vlan
  ip address 192.168.1.2 255.255.255.0
  access-group input ANYONE
  service-policy input CLIENT_VIPS
  nat-pool 1 192.168.1.10 192.168.1.10 netmask 255.255.255.0 pat
  no shutdown

ip route 0.0.0.0 0.0.0.0 192.168.1.1

 
 Let me know if you have any questions.
 
 Regards,
 Kanwal