[c-nsp] SLB Question

Brant I. Stevens branto at branto.com
Wed Jul 11 12:07:18 EDT 2007


Cisco is still very involved with making that hardware, be it with the CSS
or their CSM and AON modules for the 6500.

That being said, I've had less than favorable experiences with them (the
CSS; can't speak about the other modules), and prefer to use the Big-IP
appliances from F5.


On 7/11/07 11:49 AM, "Paul Stewart" <paul at paulstewart.org> wrote:

> Thanks Robert and everyone... this seems like it's going to get complicated
> as these are mail servers in particular....
> 
> So, what's a good hardware solution (bearing in mind that we can still do
> this in software on the servers)??  Cisco used to make load balancing
> hardware at one time but I don't think they are involved with that any
> longer??  Open to hardware suggestions.. preferably something that works
> transparently as a bridge and can work as a pair of hardware devices for
> fault tolerance within the hardware?
> 
> Appreciate it,
> 
> Paul
>  
> 
> -----Original Message-----
> From: Robert Blayzor [mailto:rblayzor at inoc.net]
> Sent: Wednesday, July 11, 2007 11:38 AM
> To: Paul Stewart
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] SLB Question
> 
> Paul Stewart wrote:
>> My last question would then be if we ran NAT with SLB then the servers
>> having to cross layer3 comes out of the equation correct... because
>> with NAT, there would be a translation happening which would handle
>> the actual SLB portion?
> 
> I personally have not found NAT based SLB to be very useful, so I've steered
> away from it.  I've always found it easier to use dispatch mode, but your
> real servers must then know about the virtual server IP address.  (easy to
> do with Unix with alias to the loopback adapter)  You can also do loopback
> adapter on MS, but I find MS doesn't really like to deal with /32 subnet
> masks, so things could be a little more difficult to setup.
> 
> Anything L2 adjacent can still talk to the servers, just not on the virtual
> IP address.  They can talk to the real address.  But I guess that doesn't
> help you.  I find the only time you want to use NAT is if the real servers
> can't know or don't want to know anything about the virtual server IP
> address.  This can be particularly confusing for things like mail servers
> because you have to deal with mapping MX records to the right IP address for
> both internal and external hosts, etc.  It just seems messy to to me.  Of
> course I'm sure NAT has it's uses...
> 
> -Robert
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/




More information about the cisco-nsp mailing list