Posts
Alteon Active-Active Redundancy Configuration
Posted On Nov 25, 2009 at at 1:32 PM by DophiFirst of all, the Alteon doesn’t support real Active-Active redundancy. The configuration example on official application guide actually makes some tricks to share traffic loading between clients and servers. The key points of this implementation is “sharing” and routing from upstream routers. “Sharing” is a proprietary VRRP extension of Alteon. When sharing is used, incoming packets are processed by the switch on which they enter the virtual router. The inbound switch is determined by routing or Spanning Tree configuration.
Topology: This is a simplified topology from the official application guide. The only one difference is the number of servers.
Active- Master Alteon:
1. Create VLAN 2 and assign port 8 as the member:
>> Main# /c/port 8/pvid 2
Current port VLAN ID: 1
New pending port VLAN ID: 2
>> Port 8# /c/l2/vlan 1/rem 8
Current ports for VLAN 1: 1-12
Pending new ports for VLAN 1: 1-7 9-12
>> VLAN 1# /c/l2/vlan 2/def 8
VLAN number 2 with name "VLAN 2" created.
Current ports for VLAN 2: empty
Pending new ports for VLAN 2: 8
Current ports for VLAN 2: empty
Pending new ports for VLAN 2: 8
>> VLAN 2# en
Current status: disabled
New status: enabled
2. Create Interface 1 bound to VLAN 1, Interface 2 and 3 bound to VLAN 2
>> Main# /c/l3/if 1/addr 192.168.10.230
Current IP address: 0.0.0.0
New pending IP address: 192.168.10.230
>> IP Interface 1# en
Current status: disabled
New status: enabled
>> IP Interface 1# /c/l3/if 2/addr 172.16.10.230
Current IP address: 0.0.0.0
New pending IP address: 172.16.10.230
Pending new subnet mask: 255.255.0.0
>> IP Interface 2# mask 255.255.255.0
Current subnet mask: 0.0.0.0
New pending subnet mask: 255.255.255.0
>> IP Interface 2# vlan 2
Current VLAN: 1
New pending VLAN: 2
>> IP Interface 2# en
Current status: disabled
New status: enabled
>> IP Interface 2# /c/l3/if 3/addr 172.16.20.230
Current IP address: 0.0.0.0
New pending IP address: 172.16.20.230
Pending new subnet mask: 255.255.0.0
>> IP Interface 3# mask 255.255.255.0
Current subnet mask: 0.0.0.0
New pending subnet mask: 255.255.255.0
>> IP Interface 3# vlan 2
Current VLAN: 1
New pending VLAN: 2
>> IP Interface 3# en
Current status: disabled
New status: enabled
3. Add the default gateway:
>> Main# /c/l3/gw 1/addr 192.168.10.228
Current IP address: 0.0.0.0
New pending IP address: 192.168.10.228
>> Default gateway 1# en
Current status: disabled
New status: enabled
4. Create real server 1 and 2. Assign each server into individual group: On this step, I assign HTTP server as Real Server 1 and add it to Group 1; FTP server as Real Server 2 and add it to Group 2.
>> Configuration# /c/slb/on
Current status: OFF
New status: ON
>> Layer 4# /c/slb/real 1/rip 172.16.10.240
Current real server IP address: 0.0.0.0
New pending real server IP address: 172.16.10.240
>> Real Server 1 # en
Current status: disabled
New status: enabled
>> Real Server 1 # /c/slb/real 2/rip 172.16.20.235
Current real server IP address: 0.0.0.0
New pending real server IP address: 172.16.20.235
>> Real Server 2 # en
Current status: disabled
New status: enabled
>> Real Server 2 # /c/slb/group 1/add 1
Real server 1 added to real server group 1.
>> Real Server Group 1# /c/slb/group 2/add 2
Real server 2 added to real server group 2.
5. Create Virtual Server 1 to provide HTTP service load balancing
>> Real Server Group 2# /c/slb/virt 1/serv http/group 1
Current real server group: 1
New pending real server group: 1
>> Virtual Server 1 http Service# /c/slb/virt 1/vip 192.168.10.233
Current virtual server IP address: 0.0.0.0
New pending virtual server IP address: 192.168.10.233
>> Virtual Server 1# en
Current status: disabled
New status: enabled
5. Create Virtual Server 2 to provide FTP service load balancing
>> Main# /c/slb/virt 2/serv ftp/group 2
Current real server group: 1
New pending real server group: 2
>> Virtual Server 2 ftp Service# /c/slb/virt 2/vip 192.168.10.234
Current virtual server IP address: 0.0.0.0
New pending virtual server IP address: 192.168.10.234
>> Virtual Server 2# en
Current status: disabled
New status: enabled
6. Enable client or server process on ports: Port 1 is client process enabled and 8 is server process enabled.
>> Virtual Server 2# /c/slb/port 1/cli en
Current client processing: disabled
New client processing: enabled
>> SLB Port 1# /c/slb/port 8/ser en
Current server processing: disabled
New server processing: enabled
7. VRRP Configuration: Configure virtual routers from 1 to 5.
- Virtual routers from 1 to 3 are virtual interface routers (VIR). Virtual Router 3 owns the default priority 100, but Virtual Router 1 and 2 are set to 101.
- Virtual Routers 4 and 5 are virtual server routers (VSR). The priority of Virtual Router 4 is set to 101 and keep the default value for Virtual Router 3.
>> Main# /c/l3/vrrp/on
Current status: OFF
New status: ON
>> Virtual Router Redundancy Protocol# vr 1/addr 192.168.10.232
Current IP address: 0.0.0.0
New pending IP address: 192.168.10.232
>> VRRP Virtual Router 1# prio 101
Current router priority: 100
New pending router priority: 101
>> VRRP Virtual Router 1# en
Current status: disabled
New status: enabled
>> VRRP Virtual Router 1# /c/l3/vrrp/vr 2/addr 172.16.10.232
Current IP address: 0.0.0.0
New pending IP address: 172.16.10.232
>> VRRP Virtual Router 2# prio 101
Current router priority: 100
New pending router priority: 101
>> VRRP Virtual Router 2# if 2
Current interface number: 1
New pending interface number: 2
>> VRRP Virtual Router 2# en
Current status: disabled
New status: enabled
>> VRRP Virtual Router 2# vrid 2
Current virtual router ID: 1
New pending virtual router ID: 2
>> VRRP Virtual Router 2# /c/l3/vrrp/vr 3/addr 172.16.20.232
Current IP address: 0.0.0.0
New pending IP address: 172.16.20.232
>> VRRP Virtual Router 3# if 3
Current interface number: 1
New pending interface number: 3
>> VRRP Virtual Router 3# en
Current status: disabled
New status: enabled
>> VRRP Virtual Router 3# vrid 3
Current virtual router ID: 1
New pending virtual router ID: 3
>> VRRP Virtual Router 3# /c/l3/vrrp/vr 4/addr 192.168.10.233
Current IP address: 0.0.0.0
New pending IP address: 192.168.10.233
>> VRRP Virtual Router 4# prio 101
Current router priority: 100
New pending router priority: 101
>> VRRP Virtual Router 4# en
Current status: disabled
New status: enabled
>> VRRP Virtual Router 4# vrid 4
Current virtual router ID: 1
New pending virtual router ID: 4
>> VRRP Virtual Router 4# /c/l3/vrrp/vr 5/addr 192.168.10.234
Current IP address: 0.0.0.0
New pending IP address: 192.168.10.234
>> VRRP Virtual Router 5# en
Current status: disabled
New status: enabled
>> VRRP Virtual Router 5# vrid 5
Current virtual router ID: 1
New pending virtual router ID: 5
8 Configure the peer setting and disable priority synchronization.
>> Main# /c/slb/sync/peer 1/addr 192.168.10.231
Current IP address: 0.0.0.0
New pending IP address: 192.168.10.231
>> Peer Switch 1# en
Current status: disabled
New status: enabled
>> Peer Switch 1# /c/slb/sync/prio dis
Current synching VRRP priorities: enabled
New synching VRRP priorities: disabled
9 This is the configuration dump from Active-Master Alteon:
/c/port 8
pvid 2
/c/l2/vlan 1
learn ena
def 1 2 3 4 5 6 7 9 10 11 12
/c/l2/vlan 2
ena
name "VLAN 2"
learn ena
def 8
/c/l2/stg 1/off
/c/l2/stg 1/clear
/c/l2/stg 1/add 1 2
/c/l3/if 1
ena
ipver v4
addr 192.168.10.230
/c/l3/if 2
ena
ipver v4
addr 172.16.10.230
mask 255.255.255.0
broad 172.16.10.255
vlan 2
/c/l3/if 3
ena
ipver v4
addr 172.16.20.230
mask 255.255.255.0
broad 172.16.20.255
vlan 2
/c/l3/gw 1
ena
ipver v4
addr 192.168.10.228
/c/l3/vrrp/on
/c/l3/vrrp/vr 1
ena
ipver v4
vrid 1
if 1
prio 101
addr 192.168.10.232
/c/l3/vrrp/vr 2
ena
ipver v4
vrid 2
if 2
prio 101
addr 172.16.10.232
/c/l3/vrrp/vr 3
ena
ipver v4
vrid 3
if 3
addr 172.16.20.232
/c/l3/vrrp/vr 4
ena
ipver v4
vrid 4
if 1
prio 101
addr 192.168.10.233
/c/l3/vrrp/vr 5
ena
ipver v4
vrid 5
if 1
addr 192.168.10.234
/c/slb
on
/c/slb/sync
prios d
/c/slb/sync/peer 1
ena
addr 192.168.10.231
/c/slb/real 1
ena
ipver v4
rip 172.16.10.240
/c/slb/real 2
ena
ipver v4
rip 172.16.20.235
/c/slb/group 1
ipver v4
add 1
/c/slb/group 2
ipver v4
add 2
/c/slb/port 1
client ena
/c/slb/port 3
client ena
server ena
/c/slb/port 8
server ena
/c/slb/virt 1
ena
ipver v4
vip 192.168.10.233
/c/slb/virt 1/service http
group 1
/c/slb/virt 2
ena
ipver v4
vip 192.168.10.234
/c/slb/virt 2/service ftp
group 2
10. Copy the configuration and invert the priority of virtual routers of Active-Master Alteon. After modify, paste the new configuration to Active-Standby Alteon.
11. VRRP status on Active-Master Alteon:
>> Main# /info/l3/vrrp
VRRP information:
1: vrid 1, 192.168.10.232, if 1, renter, prio 101, master
2: vrid 2, 172.16.10.232, if 2, renter, prio 101, master
3: vrid 3, 172.16.20.232, if 3, renter, prio 100, backup
4: vrid 4, 192.168.10.233, if 1, renter, prio 101, master, server
5: vrid 5, 192.168.10.234, if 1, renter, prio 100, backup, server
12. VRRP status on Active-Standby Alteon:
>> Main# /info/l3/vrrp
VRRP information:
1: vrid 1, 192.168.10.232, if 1, renter, prio 100, backup
2: vrid 2, 172.16.10.232, if 2, renter, prio 100, backup
3: vrid 3, 172.16.20.232, if 3, renter, prio 101, master
4: vrid 4, 192.168.10.233, if 1, renter, prio 100, backup, server
5: vrid 5, 192.168.10.234, if 1, renter, prio 101, master, server
Test: Setup a client 192.168.10.105 connected to the router 192.168.10.229 and send a HTTP request to VIP 192.168.10.233.
Session Table on Active-Standby Alteon:
>> Main# /info/slb/sess/dump
Printing Sessions for SP 1
Printing Sessions for SP 2
Printing Sessions for SP 3
Printing Sessions for SP 4
4,01: 192.168.10.105 1303, 192.168.10.233 http -> 172.16.10.240 http age 10 v:1 E
Session Table on Active-Active Alteon:
>> Main# /info/slb/sess/dump
Printing Sessions for SP 1
Printing Sessions for SP 2
Printing Sessions for SP 3
Printing Sessions for SP 4
Note:
- The traffic from client arrives on Active-Standby Alteon and it processes this request. On this step, Active-Standby NAT the destination IP address to real server IP.
The packet capture on port 8 of Active-Standby Alteon
- Because the Active-Master acts the default gateway of HTTP server, the responce from HTTP server is sent to Active-Master Alteon. When responce packets arrive Active-Master Alteon, they still keep original source (172.16.10.240) and destination IP address (192.168.10.105).
- Active-Master Alteon NAT the source IP address to virtual server IP.
The packet capture on port 3 of Active-Active Alteon
- Base on ARP table of Active-Master Alteon, responce packets cross port 3 to Active-Standby and go back to client finally.
ARP Table of Active-Master Alteon:
>> Address Resolution Protocol# dump
IP address Flags MAC address VLAN Port Referenced SPs
--------------- ----- ----------------- ---- ------ ----------------
172.16.10.230 P 00:1f:da:93:ad:00 2 1-4
172.16.10.232 P 00:00:5e:00:01:02 2 1-4
172.16.10.240 00:11:d8:f3:d0:8a 2 8 1-4
192.168.10.10 00:11:2f:16:31:cd 1 3 1-4
192.168.10.105 00:1f:3c:24:b2:54 1 3 1-4
192.168.10.228 00:17:d1:03:10:01 1 1 empty
192.168.10.230 P 00:1f:da:93:ad:00 1 1-4
192.168.10.232 P 00:00:5e:00:01:01 1 1-4
192.168.10.233 P 4 00:00:5e:00:01:04 1 1-4
192.168.10.235 00:0e:a6:8f:73:9c 1 3 1-4
- The virtual server can be only one to provide multiple services.
