Cisco SLB: Duplicate Address

Discussion in 'Cisco' started by haydude, Dec 18, 2006.

  1. haydude

    haydude Guest

    I have a Cisco 3640 (IOS 12.4.12) where I have configured SLB to load
    balance two apache servers.

    Here is a configuration extract (I have replaced real IPs with
    letters):

    ip slb serverfarm WEBFARM
    real x.y.z.A
    faildetect numconns 3 numclients 1
    retry 180
    inservice
    real x.y.z.B
    faildetect numconns 3 numclients 1
    retry 180
    inservice

    ip slb vserver VIRT_TCP_00
    virtual x.y.z.C tcp 0
    serverfarm WEBFARM
    idle 600
    inservice
    !
    ip slb vserver VIRT_UDP_00
    virtual x.y.z.C udp 0
    serverfarm WEBFARM
    idle 600
    inservice
    !

    www.myweb.com will resolve to x.y.z.C

    real hosts A and B have

    ifconfig lo:1 x.y.z.C netmask 255.255.255.255

    In theory the router shoud learn which mac addresses A and B have and
    forwards packets for x.y.z.C to either A or B

    However, it appears that sometimes it complains as follows:

    Dec 18 00:20:00 router 316: 000322: Dec 18 00:20:00.082 GMT:
    %IP-4-DUPADDR: Duplicate address x.y.z.C on BVI1, sourced by
    0010.1010.1001


    0010.1010.1001 is the mac address that belongs to x.y.z.B

    the message varies reporting either A or B.

    Has anyone else had a similar problem with SLB?
    How do I resolve this issue?

    HD
     
    haydude, Dec 18, 2006
    #1
    1. Advertisements

  2. %IP-4-DUPADDR: Duplicate address [IP_address] on [chars], sourced by
    [enet]

    Another system is using your IP address.

    Cisco Recommends:

    Change the IP address of one of the two systems.

    Hope this helps.

    Brad Reese
    http://www.BradReese.Com
     
    www.BradReese.Com, Dec 18, 2006
    #2
    1. Advertisements

  3. haydude

    haydude Guest

    Thank you for your reply Brad,

    Of course, that is the way SLB works assigning the same IP to two
    hosts' lo:1 interfaces with netmask 255.255.255.255. The router will
    forward packets to the hosts' mac address (level 3).
    I am not sure it does ..., please could you elaborate?

    HD
     
    haydude, Dec 18, 2006
    #3
  4. www.BradReese.Com, Dec 18, 2006
    #4
  5. haydude

    BernieM Guest

    I've seen this when a redundant slb config on another device became
    operational at te same time.

    BernieM
     
    BernieM, Dec 18, 2006
    #5
  6. We sometimes have the same problem on a C6K with 12.2(18)SXF4
    and no solution yet.

    Regards

    Lothar Hofmann

    Lothar Hofmann Mail:
    Universitaet Siegen
    ZIMT Zentrum fuer Informations- und Medientechnologie
    Hoelderlinstr. 3 Phone: +49 271 740 4760
    D - 57068 Siegen Fax: +49 271 740 2523
     
    Lothar Hofmann, Dec 18, 2006
    #6
  7. haydude

    nakhmanson Guest

    Hi

    stupid question - why would you need a loopback interface configured on
    hosts? Do you balance ftp too?
    AFAIK "dispatched mode" (that's what loopback is for) is only the
    requirement for FTP.

    get rid of loopbacks on the hosts.
    and if its really a WEBFARM - get rid of "ip slb vserver VIRT_UDP_00"
    too

    just my 2c
    Roman Nakhmanson
     
    nakhmanson, Dec 18, 2006
    #7
  8. haydude

    BernieM Guest

    having a loopback adddress the same as the vip is required when client ip
    addresses are not being natted and the server rersponds directly to the
    client. This is for any protocol not just ftp.

    BernieM
     
    BernieM, Dec 18, 2006
    #8
  9. haydude

    nakhmanson Guest

    Bernie
    you are right. "nat server" has be present in order to work without
    loopback. FTP works only in dispatched mode. had to read about SLB
    again, thanks

    Roman Nakhmanson
     
    nakhmanson, Dec 18, 2006
    #9
  10. haydude

    haydude Guest

    I do not need FTP in particular, however, reading from Cisco's
    documentation, in this way (no NAT) we shoud be getting a better
    performance. Our 3640 do not do much: beyond SLB, it handles two high
    speed ADSL links ~5 Mbit/s each, Firewall, IDS, yet when downloading
    large files from one of the DSL lines the CPU goes up to 96% average
    very quickly. Therefore we thought that NAT (which is handled instead
    by another inside router for our intranet) would not be a good choice
    for the web servers that in our case have real IPs.
    We observed that without UDP (port 80) the response time on the client
    side can be worse, though we do not know why. We suppose it can be down
    to dropped TCP connections.
     
    haydude, Dec 19, 2006
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.