Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
788
Views
5
Helpful
4
Replies

Local Director issue

s.vidanovic
Level 1
Level 1

‎06-28-2001 03:04 AM

I have LD in front of two Web servers, and LD is configured to perform SSL load balancing. I'm using directed mode and ssl sticky option.

Now, my question: When LD gets client request, it passes this request to one of the Web servers. Web server then passes responce back again to Local Director, and LD forward responce to the client, or Web server directly passes responce to the client?

Thanks in advance,

Sasa

Labels:
0 Helpful
4 Replies 4

mmellet
Level 3
Level 3

‎07-03-2001 12:00 PM

The server responds directly to the client.

0 Helpful

agit
Level 1
Level 1

‎03-06-2002 10:49 PM

Web server will pass the response back to the client

IP address and send to the local director mac address.

0 Helpful

perherna
Level 1
Level 1

‎03-08-2002 10:16 AM

Yes, the server will need to go through the LD to 'un-NAT' the request. Otherwise the requesting client will see a responce from an unfamiliar IP address (TCP handshake was to the VIP and not the back-end server) and drop the packet. This is why it is required that the LD be the gateway for all servers behind it.

When you do a 'show real' on the local director, you will see a series of counters. The 'data in conns' counter goes up 1 when it sees a request go through the LD to the servers on the back-end. When a server replies to that request back through the LD, this value is decremented 1. When this number reaches a value (8 by default) it will take the cooresponding service down. This is the function that will allow the LD to remove servers who are not using the LD as the gateway or who are otherwise not responding to requests through the LD.

Hope this helps.

Cheers,

Perry.

jbaigorr
Level 1
Level 1
In response to perherna

‎03-14-2002 02:13 PM

Perry,

Keep in mind the LDIR is a L2 device, but it uses NAT for load balancing. When connections go to a vip, the LDIR NAT only changes the destination address (to that of a real) after it makes a load balancing decision. On the reply the LDIR changes the source ip to that of the vip.

Also, you state, "This is why it is required that the LD be the gateway for all servers behind it". The LDIR should never be the gateway for the servers behind it. It will not know how to route the packets. The gateway should always be the router in front of the LDIR. The LDIR is unlike the CSS in this aspect. The LDIR cannot perform true L3 functions.

I hope this helps.

Gonzalo

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card