Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
comp.protocols.dns.bind
+ new post
About this group
Subscribe to this group
This is a Usenet group - learn more
Message from discussion transparent DNS load-balancing with a Cisco ACE
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Chuck Swiger  
View profile  
 More options Oct 19 2012, 3:08 pm
Newsgroups: comp.protocols.dns.bind
From: Chuck Swiger <cswi...@mac.com>
Date: Fri, 19 Oct 2012 12:08:30 -0700
Local: Fri, Oct 19 2012 3:08 pm
Subject: Re: transparent DNS load-balancing with a Cisco ACE
Print | View thread | Show original | Report this message | Find messages by this author
Hi--

On Oct 19, 2012, at 11:25 AM, John Miller wrote:

> Hello everyone,

> Perhaps a Cisco list is a better destination for this, but I've seen a similar post here in the past couple of months, so posting here as well.

> I'm trying to get our Cisco ACE set up appropriately to handle DNS traffic.  So far, I've gotten it working using NAT (each rserver has a public and a private IP) and using transparent load-balancing (ACE talks directly to the public IP), aka direct server return.

IMO, the only boxes which should have IPs in both public and private netblocks should be your firewall/NAT routing boxes.

> Here's a question, however: how does one get probes working for a transparent LB setup?  If an rserver listens for connections on all interfaces, then probes work fine, but return traffic from the uses the machine's default IP (not the VIP that was originally queried) for the source address of the return traffic.

That's the default routing behavior for most platforms.  Some of them might support some form of policy-based routing via ipfw fwd / route-to or similar with other firewall mechanisms which would let the probes get returned from some other source address if you want them to do so.

> What have people done to get probes working with transparent LB?  Are any of you using NAT to handle your dns traffic?  Not tying up NAT tables seems like the way to go, but lack of probes is a deal-breaker on this end.

The locals around here have the luxury of a /8 netblock, so they can setup the reals behind a LB using publicly routable IPs and never need to NAT upon DNS traffic.  Folks with more limited # of routable IPs might well use LB to reals on an unrouteable private network range behind NAT, but in which case they wouldn't configure those boxes with public IPs.

Regards,
--
-Chuck


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google