On Thu, 4 Oct 2007, Brian Dickson wrote: > bill fumerola wrote: > > not all load balancers work the same. > > direct server return aka one-arm load balancing does no translation or > > rewrite of any headers (l3 or l4). all it does is make a switching > > decision based on health check and other weighting criteria. > > > Just to clarify, for those who aren't familiar with the basic idea:
Perhaps you should leave the clarification until _you_ are more familiar with the basic idea. > By leaving the IP headers unmodified, the individual servers all expect > to receive packets > that look like they came directly from the internet (and in fact, did) > unmodified. > > The return packets are thus suitable for being sent straight out > without needing any rewritee, and thus without touching the LB. > > The F5 BigIP LTM models I've looked at that do that are the 6400 and > 6800 series, running 9.* level code. There's nothing secret about it - > it's a generic, vanilla function they ship with. The documentation is > on-line. Google for "l4 fast bigip". (I have no connection with F5 > other than being employed by a satisfied customer.) http://www.f5.com/products/big-ip/product-modules/local-traffic-manager.html > It means that the servers are configured identically, are reachable > without NAT, and are, in effect, anycast. The Load Balancer is making > a stateful decision about which individual server to send each stream > to, in the case of TCP, and stateless in the case of UDP. Neither of these models use Anycast in their implementation. Anycast isn't a stateful technique. See RFC 1546. A load balancer that keeps TCP state will work correctly with TCP. But Anycast doesn't keep TCP state, nor state for UDP fragmentation. This is why it doesn't work for stateful protocols (TCP and UDP) > It operates in exactly the same way, as if there were two equal cost > routes to two or more routers, each advertising the existence of one > of these servers, on the other side of a PPLB router - except that it > has the ability to handle the state issue for TCP. The F5 LTM box doesn't operate the way you describe. The LTM doesn't advertise two routes to routers. There is a nifty flash demo on the F5 website, for those who are still interested. The LTM isn't anycast. It isn't 'effectively anycast'. You clearly don't know what anycast is. 'operates the same way' doesn't mean that it is implemented the same way. You suffer from an unfortunately common affliction of junior operators and administrators: the inability to distinguish a high level operational effect from actual implementation. This defect is only a serious problem when the operator assumes (incorrectly) that because some things have similar high level objectives and uses, that they are the actually the same. > Anyone who operates a network with PPLB towards *external* routes, via > BGP multipath, would have to be an idiot or a fool, and would > certainly have trouble retaining customers with clue. Really? What do you suppose BGP multipath is meant to do? Let me give you a hint: It installs equal cost routes into the router for loadbalancing across peers. http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t11/ft11bmpl.htm "The BGP Multipath Load Sharing for eBGP and iBGP feature allows you to configure multipath load balancing with both external BGP (eBGP) and internal BGP (iBGP) paths in Border Gateway Protocol (BGP) networks that are configured to use Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs). This feature provides improved load balancing deployment and service offering capabilities and is useful for multi-homed autonomous systems and Provider Edge (PE) routers that import both eBGP and iBGP paths from multihomed and stub networks." Once again, you seem to be uniquely mistaken in your definition of what would constitute an idiot or a fool. Often, that is the sign of an idiot or a fool. > Brian > > P.S. I do not respond to trolls. > P.P.S. I will not respond the troll. I will try not to respond to junior system administrators who are without a clue about the differences between certain network equipment and certain networking techniques, but are still adamant about their views despite evidence to the contrary and despite their lack of experience. -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 _______________________________________________ DNSOP mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dnsop
