10-17-2009 07:08 AM
I do have a sym-active configuration. The VIP is working fine and the traffic is getting evenly load balanced to all the real servers (4 of them). The problem is the traffic distribution to the ServerIrons - it looks like only one of the SIs is actually processing traffic and the other one is not doing anything. This is visible via the CPU utilization of the SIs and as well in the traces taken at the real servers: traffic is coming from SI#1 MAC address only.
Why that? What am I doing wrong? It is sym-active and I thought both ServerIrons will start to process traffic in a sym-active setup.
10-17-2009 07:57 AM
How do you send the traffic to the ServerIron from the upstream routers point of view? Sym-active is not going to "share" the load in between both ServerIrons automatically. It is still the networks job to send traffic to both ServerIron to ensure there is some load sharing. Sym-active is telling the ServerIrons that they are both able to process traffic at any time BUT it does not mean they are actually able to do this.
Do you have a networks diagram or something like this?
10-18-2009 08:15 AM
The network diagram is actually pretty simple:
Router A Router B
| | <--- 192.168.100.x/24 --- VIP 192.168.100.222 (sym-active)
ServerIron 1 ServerIron 2
---- Layer 2 ----
real server A & B (.201 and .202)
Looking at the CPU util of the SIs I do see that only one of them is really processing traffic. Traces taken at the real servers do shown as well that everything is coming from one of the SIs.
10-19-2009 03:07 AM
Sym-active does not distribute the traffic by itself as I have mentioned already. Sym-active is just there to tell the ServerIrons that they are both able to process traffic at any time. Your virtual server is part of the "upstream" subnet and the last step from the upstream routers to the ServerIrons is a Layer 2 step. It is still a single ServerIron being responsible to respond to ARP requests using sym-active. "show server virtual" is still showing the "owner" for a virtual server using sym-active. The owner is responsible to respond to ARP requests and I guess that is the one processing traffic in your environment. You might want to put the virtual servers is a subnet which is existing at the SIs only so that you are able to route the traffic from the upstream routers via the ServerIrons to the VIP subnet. This would allow it to use something like OSPF ECMP to distribute incoming traffic to both ServerIron.
Another option would be to using multiple VRRP(-E) instances pointing to the real server and to use different default gateways from the real servers point of view - some outgoing traffic would hit ServerIron #1 and some would hit ServerIron #2 which ensures outgoing traffic is getting processed at both ServerIrons.
I hope this is understandable. Have a look at the following document I have posted a while ago to get some more details: