[c-nsp] SLB Question

Paul Stewart paul at paulstewart.org
Wed Jul 11 11:49:55 EDT 2007


Thanks Robert and everyone... this seems like it's going to get complicated
as these are mail servers in particular....

So, what's a good hardware solution (bearing in mind that we can still do
this in software on the servers)??  Cisco used to make load balancing
hardware at one time but I don't think they are involved with that any
longer??  Open to hardware suggestions.. preferably something that works
transparently as a bridge and can work as a pair of hardware devices for
fault tolerance within the hardware?

Appreciate it,

Paul
 

-----Original Message-----
From: Robert Blayzor [mailto:rblayzor at inoc.net] 
Sent: Wednesday, July 11, 2007 11:38 AM
To: Paul Stewart
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] SLB Question

Paul Stewart wrote:
> My last question would then be if we ran NAT with SLB then the servers 
> having to cross layer3 comes out of the equation correct... because 
> with NAT, there would be a translation happening which would handle 
> the actual SLB portion?

I personally have not found NAT based SLB to be very useful, so I've steered
away from it.  I've always found it easier to use dispatch mode, but your
real servers must then know about the virtual server IP address.  (easy to
do with Unix with alias to the loopback adapter)  You can also do loopback
adapter on MS, but I find MS doesn't really like to deal with /32 subnet
masks, so things could be a little more difficult to setup.

Anything L2 adjacent can still talk to the servers, just not on the virtual
IP address.  They can talk to the real address.  But I guess that doesn't
help you.  I find the only time you want to use NAT is if the real servers
can't know or don't want to know anything about the virtual server IP
address.  This can be particularly confusing for things like mail servers
because you have to deal with mapping MX records to the right IP address for
both internal and external hosts, etc.  It just seems messy to to me.  Of
course I'm sure NAT has it's uses...

-Robert




More information about the cisco-nsp mailing list