|
|
LocalDirector serves as a transparent learning bridge to forward data packets between its interfaces. Because of its bridge capability, LocalDirector must not be installed on the network parallel to another bridge. Only use LocalDirector to connect to servers with a single way in or out to the network through the LocalDirector, as shown in Figure 3-1.
If there is another path from the network to your servers, a bridge loop will be created and LocalDirector will not work properly. The LocalDirector automatically detects a bridge loop and tries to recover. SYSLOG messages will be generated to indicate that there is a bridge loop, and virtual and real servers will have intermittent failures.
If the real servers have two single-attached interfaces (for example, they are dual-homed), make sure that load-balanced traffic can not bypass the LocalDirector. The LocalDirector has to be between the real servers and the Internet cloud that contains the clients. It has to see all the packets coming from the clients to the virtual server and all the traffic that comes back in response to the client-to-virtual packets.
In addition, packets from the clients have to come in on one interface and go out to the real servers on a different interface. If this is does not happen, then the LocalDirector can not do load-balancing.
The LocalDirector uses Network Address Translation (NAT) to make it appear as if the client is communicating directly with the real servers. If the client and server are on the same network segment, the response from the server will bypass the LocalDirector and the traffic will not be load balanced. All traffic must pass through the LocalDirector and be directed to the real servers.
The following examples show LocalDirector Network implementations:
Figure 3-2 shows a basic LocalDirector network implementation using hubs or switches:
Figure 3-3 shows a LocalDirector network with multiple server farms on different LocalDirector interfaces.
Figure 3-4 and Figure 3-5 show LocalDirector implementations that include routers:
If you have two routers, one on each side of the LocalDirector, the LocalDirector's IP address can be in a different subnet from your real servers, or you can place the real servers in multiple subnets on the inside of the LocalDirector.
If you have only one router on the internet side of the LocalDirector, and no router on the inside, the LocalDirector will send all requests for the second subnet to its default gateway, the router. Because the LocalDirector does not understand having two subnets, (local, real servers, or real servers on multiple subnets) it will use its default gateway for the second subnet. This means you will see duplicate traffic on your router-to-LocalDirector Ethernet segment.
To solve this, have the local IP address of the LocalDirector in the same subnet as the real servers, and then have the virtual IP address in a different subnet. The router must have the second subnet listed on its Ethernet as a secondary address, and the address must be NIC registered. The router will then know to route packets back toward the LocalDirector, which acts as a bridge and just sends them through.
Figure 3-6 shows real servers on a different subnet from the LocalDirector:
A secure services example follows:
LocalDirector# show configuration
: Saved
: Local Director Version 2.1.1
syslog output 20.3
no syslog console
hostname LocalDirector
interface ethernet 0 auto
interface ethernet 1 auto
ip address 10.10.10.5 255.255.255.0
no rip passive
no failover
virtual 192.168.1.100:0:0 is
predictor 192.168.1.100:0:0 leastconns
real 10.10.10.1:0 is
real 10.10.10.2:0 is
bind 192.168.1.100:0:0 10.10.10.1:0
bind 192.168.1.100:0:0 10.10.10.2:0
no snmp-server contact
no snmp-server location
LocalDirector#
The following Cisco products support Fast EtherChannel:
The following Fast EtherChannel information is available online:
Step 1 Decide which ports you are going to use and define them as a VLAN:
Step 2 Disable "spantree" for that VLAN:
Step 3 Assign the ports you want to use as a Fast EtherChannel. Do not use the auto option because LocalDirector Fast EtherChannel does not implement Port Agregation Protocol (PAgP):
Step 4 Set the port speed to 100 and duplex to full. The LocalDirector 4-port will not autonegotiate, and the LocalDirector channel command will configure ports in the channel as 100full:
Step 1 Assign LocalDirector ports as part of a Fast EtherChannel with the channel command. Fast EtherChannel ports on the LocalDirector must be on the same interface card. Specify the starting port number and the number of ports you want in the channel:
Step 2 Make sure the port speed and duplex are set to 100 and full:
Figure 3-7 shows a LocalDirector Fast EtherChannel implementation:
Figure 3-8 shows a highly redundant, fault-tolerant configuration:
Figure 3-9 shows a LocalDirector network with a bridge loop that will not work:
|
|