[ Date Index ][
Thread Index ]
[ <= Previous by date /
thread ]
[ Next by date /
thread => ]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 31 May 2002 5:53 pm, Simon Waters wrote:
This is driving me *mad*. I think i'm missing something really simple but i've been staring at it too long.Can you sleep on it?
3 days now ;)
The CS150's default gateway is 172.16.0.3Okay, although the switches config seems a bit mysterious to me.
It's not really just a switch, it's a hybred switch, router, PIX, and load balancer - what used to be a very good product from arrowpoint communications, and was bought out by Cisco, who procedded to make a mess of it in version 5 of the Software ;p
anglerfish:~# ip route show 172.16.0.100 dev eth1 scope link 172.16.0.0/24 dev eth1 proto kernel scope link src 172.16.0.4 172.16.0.0/24 dev eth0 proto kernel scope link src 172.16.0.3 unreachable 123.123.123.0/24 scope host 123.123.123.0/24 dev eth0 proto kernel scope link src 123.123.123.1 10.2.0.0/16 dev eth2 proto kernel scope link src 10.2.0.1 10.1.0.0/16 dev eth3 proto kernel scope link src 10.1.0.1 default via 172.16.0.1 dev eth1What does ifconfig look like?
anglerfish:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:03:47:AB:DF:D6
inet addr:172.16.0.3 Bcast:172.16.255.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:19804013 errors:0 dropped:0 overruns:0 frame:0
TX packets:95 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:187332058 (178.6 MiB) TX bytes:4878 (4.7 KiB)
Interrupt:7
eth0:1 Link encap:Ethernet HWaddr 00:03:47:AB:DF:D6
inet addr:123.123.123.1 Bcast:80.255.255.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:7
eth1 Link encap:Ethernet HWaddr 00:03:47:AB:DF:D7
inet addr:172.16.0.4 Bcast:172.16.255.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:605944 errors:0 dropped:0 overruns:0 frame:0
TX packets:33329771 errors:0 dropped:0 overruns:1 carrier:0
collisions:0 txqueuelen:100
RX bytes:83651791 (79.7 MiB) TX bytes:3858652266 (3.5 GiB)
Interrupt:5 Base address:0x2000
eth2 Link encap:Ethernet HWaddr 00:02:B3:35:E7:C8
inet addr:10.2.0.1 Bcast:10.255.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:28383865 errors:0 dropped:0 overruns:0 frame:0
TX packets:13286977 errors:0 dropped:0 overruns:1521 carrier:0
collisions:0 txqueuelen:100
RX bytes:3467432433 (3.2 GiB) TX bytes:3064601550 (2.8 GiB)
Interrupt:5 Base address:0x4000
eth3 Link encap:Ethernet HWaddr 00:02:B3:35:E7:C9
inet addr:10.1.0.1 Bcast:10.255.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:19633323 errors:0 dropped:0 overruns:0 frame:22
TX packets:7107726 errors:0 dropped:0 overruns:82 carrier:0
collisions:0 txqueuelen:100
RX bytes:1399165083 (1.3 GiB) TX bytes:1459282816 (1.3 GiB)
Interrupt:5 Base address:0x6000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:492 errors:0 dropped:0 overruns:0 frame:0
TX packets:492 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:53246 (51.9 KiB) TX bytes:53246 (51.9 KiB)
Am I misreading it but you said incoming connections to 123.123.123.246 but it looks like the box is 123.123.123.1 from the configuration, or possibly it has all gone right over my head. Which boxes are 123.123.123.246 and which 123.123.123.1 and can they ping each other?
123.123.123.246 doesn't exist anywhere except being hit on netfilters PREROUTING nat table and DNAT'ting to the CS150's VIP, which multiprlexes/load bvlances to internal services, using S/DNAT: CS150(config)# sh running-config !Generated MAY 31 11:42:30 configure !*************************** GLOBAL *************************** ip record-route restrict telnet restrict ftp arp 172.16.0.3 00-03-47-ab-df-d6 ethernet-2 arp 172.16.0.4 00-03-47-ab-df-d7 ethernet-3 sshd server-keybits 1024 ip route 0.0.0.0 0.0.0.0 172.16.0.3 1 !************************** CIRCUIT ************************** circuit VLAN1 ip address 172.16.0.2 255.255.255.0 !************************** SERVICE ************************** service WWW-Panther ip address 10.2.1.7 protocol tcp keepalive type http port 80 keepalive frequency 255 active service WWW-Wolf ip address 10.2.1.6 protocol tcp port 80 keepalive type http active !*************************** OWNER *************************** owner AnlX email-address support@xxxxxxxx content WEBUSERS-HTTP protocol tcp balance aca add service WWW-Panther add service WWW-Wolf port 80 vip address 172.16.0.100 active
ok, so now thats all out the way, and i've lost my brain somewhere, does that *sound* like it should work???Sounds rather complex, and as if traffic will go over eth0 three times more than it needs to, or did I miss something?
it needs to for one main reason, most of which are the arrowpoints fault: - for load balancing to work, the arrowpoint needs to have flows goign in one port and out of another so it can actually map the flows. - we can't put the arrowpoint in front of the servers as arrowpoint then proceeds to block arps, and nothing seems to make it let them through. althoguh this is a bug, and i've reported it to cisco, they have not got a release date for WebNS 5p2, which may well be a long time as WebNS5 has only just been released, ARGH. - the traffic needs to be filtered before it hits the cs150. I've been over and over in my head with this, and it seems the only logical sane way to make it work with the damnned CS150, which *needs* to be used sadly, because of the customers requirments. The load isn't really a problem, as they are all eepro100 NIC's, on a beefy dual 1.4GhZ PCI64 mobo with 1gb ram, and it's handling relativly little traffic (only around 8mbit/sec *max*) ~ Theo, who has lost his packets! - -- Theo Zourzouvillys http://zozo.org.uk/ Your society will be sought by people of taste and refinement. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE896/F448CrwpTn6YRAouzAKCIpDOUxNVyYzlSU5jzb8k6f03C7gCdFB8X AOb+7tDaAQT7LOK1wXjAZ5o= =Vd1j -----END PGP SIGNATURE----- -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.