Dear Carsten, zen just follows the standard to announce the network the ARP
changes, so in your case I would inform my juniper provider my requiremts,
I'm sure Juniper developers kept in mind this requeriment.
In a future if you need to install any kind of cluster service you will
experience the same problem.
Regards!
2016-04-27 15:17 GMT+02:00 Scharfenberg, Carsten <
c.scharfenb...@francotyp.com>:
> Hi Emilio,
>
>
>
> I’ve found the answer:
>
> My server side hardware switch is connected to a Juniper firewall that is
> run by our IT department.
>
> When a passive ZLB node becomes active it sends out a gratuitous ARP
> package to announce itself to the network. This package triggers an ARP
> table update of all connected network devices to map the service IP to the
> new MAC address.
>
> But the Juniper firewall rejects this package. This is due to its default
> security configuration that disregards gratuitous ARP packages to prevent
> from MAC spoofing attacks.
>
> Now as all traffic from external networks is channeled through the
> firewall which still maps the service IP to the old ZLB node so the service
> is not reachable.
>
> Reconfiguring the Juniper firewall to accept gratuitous ARP packages
> solves this issue.
>
> This is somewhat unfortunate because it means that I have to rely on my
> network provider if I would like to introduce the Zen load balancer.
>
> I suppose there is no other solution without relying on the network
> provider?
>
> Except maybe replacing my switch by a router that accepts gratuitous ARP
> packages and introducing NAT?
>
>
>
> Best Regards,
>
> C. Scharfenberg
>
>
>
> *Von:* Emilio Campos [mailto:emilio.campos.mar...@gmail.com]
> *Gesendet:* Montag, 25. April 2016 18:47
> *An:* zenloadbalancer-support@lists.sourceforge.net
> *Betreff:* Re: [Zenloadbalancer-support] What is a reasonable
> Mean-Time-To-Take-Over?
>
>
>
> Are your clients outside the network where zen lb is? then maybe the
> following is the reason:
>
>
>
> When a cluster service switches (you can check if service switches it in
> /var/log/messages & /var/log/syslog) the VIRTUAL IPS and farms are started
> in the secondary node, and gratuitous arp packets are sent to the network
> in order to indicate to switches and firewalls that the MAC of given IP[s]
> have been modified. Some vendors additionaly to ARP gratuitous packets,
> require to receive also many numbers of icmp packets.
>
>
>
> Also happen with clients inside zen network?
>
>
>
> This behaviour (to change the MAC for IPs) could be marked as switches
> (physical and virtual) as MAC Spoofing, so ensure this is disabled for the
> vlan where zen configures VIrtual IPs
>
>
>
> For example in vmware vswitches "Forded transmission" should be configured
> as Accept:
>
>
>
>
> https://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-7DC6486F-5400-44DF-8A62-6273798A2F80.html
>
>
>
>
>
>
>
> 2016-04-25 14:57 GMT+02:00 Scharfenberg, Carsten <
> c.scharfenb...@francotyp.com>:
>
> Hello,
>
>
>
> I managed to get my load balancer farms up and running.
>
> Now I’m performing some tests:
>
> · A failure of a single farm node is not perceivable by the
> client – great J
>
> · A failure of the primary ZLB cluster node leads to a downtime
> of 10 to 20 minutes until the secondary node takes over L
>
>
>
> So my question is: is this a normal recovery time or can it be optimized?
>
>
>
> Note: when I access my services from within the server network there is no
> perceivable downtime. But from my client network point of view there is
> this downtime.
>
> Obviously the overall network setup is important. So I include – once
> again – an image of this layout in my email.
>
>
>
> Thanks a lot in advance,
>
> C. Scharfenberg
>
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> Find and fix application performance issues faster with Applications
> Manager
> Applications Manager provides deep performance insights into multiple
> tiers of
> your business applications. It resolves application problems quickly and
> reduces your MTTR. Get your free trial!
> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
> _______________________________________________
> Zenloadbalancer-support mailing list
> Zenloadbalancer-support@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
>
>
>
>
>
> --
>
> Load balancer distribution - Open Source Project
> http://www.zenloadbalancer.com
> Distribution list (subscribe):
> zenloadbalancer-support@lists.sourceforge.net
>
>
> ------------------------------------------------------------------------------
> Find and fix application performance issues faster with Applications
> Manager
> Applications Manager provides deep performance insights into multiple
> tiers of
> your business applications. It resolves application problems quickly and
> reduces your MTTR. Get your free trial!
> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
> _______________________________________________
> Zenloadbalancer-support mailing list
> Zenloadbalancer-support@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
>
>
--
Load balancer distribution - Open Source Project
http://www.zenloadbalancer.com
Distribution list (subscribe): zenloadbalancer-support@lists.sourceforge.net
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Zenloadbalancer-support mailing list
Zenloadbalancer-support@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
