Help! AD3 and win2k / IIS 5

Hello

I've a strange situation. i have an AD3 with win2k servers behind it. I also have win2003 servers. Here is the problem: with the win2k servers, the load balanced VIP does not respond! If I turn off the win2k servers and assign the real IPs to the win2003 servers, it works grandly. I've gone through all configurations, but can't figure it out! The servers respond when connecting to the RIP, and the load balancer http health check seems Ok as well.

Anyone have any ideas?! Here are some configs on groups/reals/virts. /c/slb/real 1 ena rip 128.241.232.26 /c/slb/real 2 ena rip 128.241.232.27 /c/slb/real 3 ena rip 10.0.1.24 backup 4 /c/slb/real 4 ena rip 10.0.2.24 /c/slb/real 5 ena rip 10.0.5.80 backup 6 /c/slb/real 6 ena rip 10.0.6.80 /c/slb/group 1 metric minmisses health http content "load_balancer.cfm" add 1 add 2 /c/slb/group 2 health http add 3 /c/slb/group 3 health icmp add 5 /c/slb/port 1 client ena server ena /c/slb/port 2 client ena server ena /c/slb/port 3 client ena server ena /c/slb/port 4 client ena server ena /c/slb/virt 1 ena vip 128.241.232.25 /c/slb/virt 1/service http group 1 /c/slb/virt 2 ena vip 128.241.232.24 /c/slb/virt 2/service http group 2 /c/slb/virt 3 ena vip 128.241.232.80 /c/slb/virt 3/service http group 3 /c/slb/virt 3/service https group 3 /c/slb/virt 3/service ftp group 3 /

thanks! This may be worth a beer :)

Y
Reply to
mickey
Loading thread data ...

For your configuraiton, you can change the health check to TCP for group 2 becasue the HTTP content is not sepcified. Except it, nobody can know why it doesn't work without topology and data flow fo two servers.

mickey wrote:

Reply to
Dophi

Reply to
mickey

Mickey

Maybe you can use command "/info/slb/dump" to verify the real server is operational or not when you use a 2k server. If Alteon shows it works ( 2k server responses the health check), you can think about the IIS configuraiton or something else on that 2k server. For Alteon, there is no difference between a 2k server and 2003 server. : )

mickey wrote:

Reply to
Dophi

Thanks, everyone. I ran some more tests, and finally got it working by enabling 'submac'. But I am a still a little confused about submac. I'm lead to believe, reading this group, that it is used for DSR and for devices which do not ARP for the return,and in situations where the load balancer is "single-legged", which is more similar to my configuration. I also read that enabling 'submac' replaces the source address of the packet with the Alteon's address.

If all these statements are correct, then why would you want to use want to replace the source address with the Alteon's address if you want the return packet to bypass the alteon? Well, I guess that's so you don't get MAC conflicts...but then how do you do DSR with devices that do not ARP?

On a single-leg load balancer, with the web servers' default route set to the LB, why would I need to enable submac? Is there a difference in the way the win2k IP stack handles return packets and the way 2003 does? The packet analyzer on the win2k machine shows the source MAC as the firewall for incoming packets, and the same destination MAC (The alteon) for outgoing packet--the same as when it was not working.

Lastly, to answer the question..

The LB showed both win2k servers as 'up'. I could also connect to both real IPs.

Thanks again!

mickey

Reply to
mickey

Mickey

Here is my opinion for your reference.

Topology client --- router --- layer 2 switch ---- server | Alteon

The default gateway of that server is set to router. There is only one subnet or vlan behind that router. This is a standard topology of DSR.

There are 2 commands and 1 setting should be applied for a standard DSR topology.

  1. submac: This command is used to solve MAC conflict issue on that layer 2 switch.
  2. nonat : This command is used to disable the function for transfer destination IP from VIP to RIP.
  3. loopback IP on a server : This is used to solve TCP/IP issue once we apply "nonat" command.

The real server always send any packets to the router becasue it's default gateway is set to router. Not because of the submac command.

mickey wrote:

Reply to
Dophi

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.