[nsp] Local Director

Christopher McCrory chrismcc at pricegrabber.com
Fri Dec 13 09:39:12 EST 2002 

Hello...


On Fri, 2002-12-13 at 07:10, odusseus wrote:
> > > I have two machines from the same VLAN and same subnet.
> > > 
> > 
> > You need two VLANs connected via the localdirector.  The localhirector
> > acts as a bridge between the two VLANs
> 
> You may answer by:"Well this is the way it is working..."
> 
> But I don't understand why I need them in different VLANs! Could detailed a bit?
> 


outside   <-> LD  <->  ServerFarm
             .10       .11 .12 .13


where  x.y.z.10 is your virtual  www.dom.ain 
and    x.y.z.11 , x.y.z.12, and x.y.z.13 are your real servers


ip packets addressed to x.y.z.10 hit the LD , the LD mangles the
packet's destination ip address (and MAC address) and sends it to one of
the real servers ( i.e. x.y.z.11) .  the real server's response goes
back through the LD , which un-mangles the packet.  

So, you must have two VLANs connected via the LD so that traffic must go
through the LD so it can mangle/un-mangle if needed.  

make sense?

NOTE:  you will not be able to "hit" x.y.z.10 from x.y.z.11 as it is on
"the wrong side" of the LD



> > > "Between" them it has a local director.
> > > 
> > > When from Host1 I telnet to Host2 on its real IP address, it works.
> > > 
> > > But when from Host1, I try to telnet to the virtual IP address of Host2, it failed.
> > > 
> > > In this second case, a tcpdump on Host2 shows:
> > > 
> > > Host1-- <SYN=X>--------------------> Host2
> > > Host1<--<SYN=Y><ACK=X+1>-----Host2
> > > Host1--<RST>-------------------------> Host2
> > > Host1--<SYN=A>----------------------> Host2
> > > Host1<--<SYN=B><ACK=A+1>------Host2
> > > Host1<--<SYN=B><ACK=A+1>------Host2
> > > Host1--<RST>-------------------------> Host2
> > > Host1--<SYN=C>----------------------> Host2
> > > ....
> > > 
> > > Since using the virtual IP address of Host2 oblige the traffic from Host1 to use somehow the Local Director, I guess that my trouble is on this machine, but I don't know how to show this.
> > > 
> > > Any suggestion any welcome.
> > > 
> > > Thanks
> > > 
> > > Christophe
> > > ------------------------------------------
> > > 
> > > Faites un voeu et puis Voila ! www.voila.fr
> > > 
> > > 
> > > _______________________________________________
> > > cisco-nsp mailing list  cisco-nsp@puck.nether.net
> > > http://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > -- 
> > Christopher McCrory <chrismcc@pricegrabber.com>
> > Pricegrabber
> > 
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp@puck.nether.net
> > http://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > 
> ------------------------------------------
> 
> Faites un voeu et puis Voila ! www.voila.fr
-- 
Christopher McCrory
 "The guy that keeps the servers running"

chrismcc@pricegrabber.com
 http://www.pricegrabber.com

Let's face it, there's no Hollow Earth, no robots, and 
no 'mute rays.' And even if there were, waxed paper is 
no defense.  I tried it.  Only tinfoil works.

More information about the cisco-nsp mailing list