Solved: Re: SLB with MPLS VPN, is ti possible ?

Massimiliano Tognon · ‎06-06-2007

Hi to all, is it possible to configure IOS SLB (on 7200 or 6500 platform) to be able to balance server inside a configured vrf ?

anyone already tested it ?

many thanks

max

oettls · ‎06-06-2007

Hi Max,

the IOS SLB code on the C6k platform is not VRF aware at the moment (can only speak of c6k - never tried c7200). It is 'interface-aware' - which means that you can run IOS SLB on a VRF-lite box where the client and real-server facing interfaces are both in the same VRF.

However IOS SLB currently does not support incoming packets with MPLS labels since the corresponding TCAM filter only matches on pure IP packets - so no support on PE boxes :-(

To make it work on a PE we did some nasty workaround:

Loop back a port on the c6k PE and configure the both ends with different VRFs. Route between them and you have a VRF-lite box 'behind' a PE in the same chassis. Not too straight forward though but works as an interim solution ;-)

hth

cheers,

Stefan

View solution in original post

oettls · ‎06-10-2007

Hi,

yes you cross-connect two ports on the same chassis in different vrfs. This is to ensure that traffic between the servers and clients hits the IOS slb.

In the attached sample ports gig9/10 + gig9/11 are xconnected. Note that you have to manually override the ports MACs, since they are all identical by default. There is an OSPF process configured for the front door and back door vrf to announce reachability of the vserver IP (redundant setup).

hth

cheers,

Stefan

View solution in original post

oettls · ‎06-06-2007

Hi Max,

the IOS SLB code on the C6k platform is not VRF aware at the moment (can only speak of c6k - never tried c7200). It is 'interface-aware' - which means that you can run IOS SLB on a VRF-lite box where the client and real-server facing interfaces are both in the same VRF.

However IOS SLB currently does not support incoming packets with MPLS labels since the corresponding TCAM filter only matches on pure IP packets - so no support on PE boxes :-(

To make it work on a PE we did some nasty workaround:

Loop back a port on the c6k PE and configure the both ends with different VRFs. Route between them and you have a VRF-lite box 'behind' a PE in the same chassis. Not too straight forward though but works as an interim solution ;-)

hth

cheers,

Stefan

Massimiliano Tognon · ‎06-06-2007

many thanks, very helpful,

can you give me a config example of this :

"Loop back a port on the c6k PE and configure the both ends with different VRFs. Route between them and you have a VRF-lite box"

Do you mean you connect the two vrf among two physical port with a cross cable, and then routed the server between this connection ?

oettls · ‎06-10-2007

Hi,

yes you cross-connect two ports on the same chassis in different vrfs. This is to ensure that traffic between the servers and clients hits the IOS slb.

In the attached sample ports gig9/10 + gig9/11 are xconnected. Note that you have to manually override the ports MACs, since they are all identical by default. There is an OSPF process configured for the front door and back door vrf to announce reachability of the vserver IP (redundant setup).

hth

cheers,

Stefan

Massimiliano Tognon · ‎06-11-2007

you're the man, many thanks for your help.

max