| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] AW: [FW-1] load sharing with Nokias
I would be curious to find out how setting the same weight for vrrp
interfaces will work. Even if it does work though, I believe it will result
in asymmetric routing as the VRRP could not possibly be aware of any state
info.
But...
What we have done in the past falls within two categories and by far. Since
most people I have worked with use the first method I will describe that.
Please note -- before I get jumped on -- that this is not strictly speaking
load balancing. You would be approximating a load balancing situation using
VRRP, not real load balancing software. Anyway....
Case I -- Routers on both sides of the Firewall Pairs
===================================
Routers on both sides must be capable of routing traffic based on some
algorithm. For our purposes we will use an algorithm which makes its
decision based upon information contained in the ip addresses. For example,
a router may be able to split traffic between multiple next hops based on
the last two bits of an ip address -- which would result in 4 possible
paths. In our case let's knock it down to 2. "Even" source ip addresses
will go one way and "odd" ones will go the other. The network would look
something like this.
Internet
|
|
|
RouterA
|
|
|
----------------------------------------
| |
| |
| |
vrrp_1_out vrrp_2_out
NOKIA1 (odd) <----(sync)----> NOKIA2 (even)
vrrp_1_In vrrp_2_In
| |
| |
| |
----------------------------------------
|
|
|
RouterB
|
|
|
Network
172.16.1.0/24
There are plenty of things which will complicate the matter, but let's work
with the simplest solution. No NAT and no redundancy beyond what you see in
the diagram above.
keep the following in mind:
--RouterB would be configured to forward traffic to vrrp_1_in for odd
**source** ip addresses
--RouterB would be configured to forward traffic to vrrp_2_in for even
**source** ip addresses
--NOKIA1 is the master for vrrp_1_in and vrrp_1_out
--NOKIA2 is the master for vrrp_2_in and vrrp_2_out
--RouterA would be configured to forward traffic to vrrp_1_out for odd
**destination** ip addresses
--RouterA would be configured to forward traffic to vrrp_2_out for even
**destination** ip addresses
Most routers these days are capable of performing "policy" based routing.
In my experience I have used mostly Enterasys Network and some Cisco routers
and have had good success.
Most customers I have worked with usually add extra routers for redundancy
reasons. It complicates things a little bit, but still worth effort if you
can afford to drop the bucks.
Regards
Bill
----- Original Message -----
From: "jim parker" <[email protected]>
To: <[email protected]>
Sent: Thursday, July 18, 2002 2:13 PM
Subject: Re: [FW-1] AW: [FW-1] load sharing with Nokias
> i believe that if you weight them the same then the one with the highest
ip
> address will become primary
>
>
>
>
> -----Original Message-----
> Subject: Re: [FW-1] AW: [FW-1] load sharing with Nokias
>
>
> Agreed it is not what it is meant to do but I think as a consequence of
> using the same weights it does do it. If you use the same weights using
HSRP
> on Ciscos they will load share.
> ----- Original Message -----
> Subject: [FW-1] AW: [FW-1] load sharing with Nokias
>
>
> I may be behind on Nokias, but that's not how VRRP is supposed to work.
VRRP
> cannot do load sharing at all. The same weight only means that neither one
> has a preference for being the master, but one is always the master, and
one
> is always the backup.
> -&
>
>
> > -----Ursprüngliche Nachricht-----
> > Betreff: [FW-1] load sharing with Nokias
> >
> > I have a new pair of IP330s and plan to try load sharing by
> > using the same
> > VRRP weights on both platforms and having 100Mb sync LAN
> > between them for
> > state synchronisation. Has anyone done this and how did they
> > get on, I am
> > concerned that there is a good chance I will get assymetric
> > routing and
> > that
> > the state table will not be synchronised quickly enough to
> > service the
> > connections. I sort of configured this by mistake once before
> > and thought
> > it
> > worked but didn't test it fully.
> >
> > thanks
> >
> > Mark >
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
|
|
