cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
854
Views
0
Helpful
4
Replies

SLB with MPLS VPN, is ti possible ?

Hi to all, is it possible to configure IOS SLB (on 7200 or 6500 platform) to be able to balance server inside a configured vrf ?

anyone already tested it ?

many thanks

max

2 Accepted Solutions

Accepted Solutions

oettls
Level 1
Level 1

Hi Max,

the IOS SLB code on the C6k platform is not VRF aware at the moment (can only speak of c6k - never tried c7200). It is 'interface-aware' - which means that you can run IOS SLB on a VRF-lite box where the client and real-server facing interfaces are both in the same VRF.

However IOS SLB currently does not support incoming packets with MPLS labels since the corresponding TCAM filter only matches on pure IP packets - so no support on PE boxes :-(

To make it work on a PE we did some nasty workaround:

Loop back a port on the c6k PE and configure the both ends with different VRFs. Route between them and you have a VRF-lite box 'behind' a PE in the same chassis. Not too straight forward though but works as an interim solution ;-)

hth

cheers,

Stefan

View solution in original post

Hi,

yes you cross-connect two ports on the same chassis in different vrfs. This is to ensure that traffic between the servers and clients hits the IOS slb.

In the attached sample ports gig9/10 + gig9/11 are xconnected. Note that you have to manually override the ports MACs, since they are all identical by default. There is an OSPF process configured for the front door and back door vrf to announce reachability of the vserver IP (redundant setup).

hth

cheers,

Stefan

View solution in original post

4 Replies 4

oettls
Level 1
Level 1

Hi Max,

the IOS SLB code on the C6k platform is not VRF aware at the moment (can only speak of c6k - never tried c7200). It is 'interface-aware' - which means that you can run IOS SLB on a VRF-lite box where the client and real-server facing interfaces are both in the same VRF.

However IOS SLB currently does not support incoming packets with MPLS labels since the corresponding TCAM filter only matches on pure IP packets - so no support on PE boxes :-(

To make it work on a PE we did some nasty workaround:

Loop back a port on the c6k PE and configure the both ends with different VRFs. Route between them and you have a VRF-lite box 'behind' a PE in the same chassis. Not too straight forward though but works as an interim solution ;-)

hth

cheers,

Stefan

many thanks, very helpful,

can you give me a config example of this :

"Loop back a port on the c6k PE and configure the both ends with different VRFs. Route between them and you have a VRF-lite box"

Do you mean you connect the two vrf among two physical port with a cross cable, and then routed the server between this connection ?

Hi,

yes you cross-connect two ports on the same chassis in different vrfs. This is to ensure that traffic between the servers and clients hits the IOS slb.

In the attached sample ports gig9/10 + gig9/11 are xconnected. Note that you have to manually override the ports MACs, since they are all identical by default. There is an OSPF process configured for the front door and back door vrf to announce reachability of the vserver IP (redundant setup).

hth

cheers,

Stefan

you're the man, many thanks for your help.

max