Cisco SLB: Duplicate Address

I have a Cisco 3640 (IOS 12.4.12) where I have configured SLB to load
balance two apache servers.

Here is a configuration extract (I have replaced real IPs with
letters):

ip slb serverfarm WEBFARM
real x.y.z.A
faildetect numconns 3 numclients 1
retry 180
inservice
real x.y.z.B
faildetect numconns 3 numclients 1
retry 180
inservice

ip slb vserver VIRT_TCP_00
virtual x.y.z.C tcp 0
serverfarm WEBFARM
idle 600
inservice
!
ip slb vserver VIRT_UDP_00
virtual x.y.z.C udp 0
serverfarm WEBFARM
idle 600
inservice
!

www.myweb.com will resolve to x.y.z.C

real hosts A and B have

ifconfig lo:1 x.y.z.C netmask 255.255.255.255

In theory the router shoud learn which mac addresses A and B have and
forwards packets for x.y.z.C to either A or B

However, it appears that sometimes it complains as follows:

Dec 18 00:20:00 router 316: 000322: Dec 18 00:20:00.082 GMT:
%IP-4-DUPADDR: Duplicate address x.y.z.C on BVI1, sourced by
0010.1010.1001


0010.1010.1001 is the mac address that belongs to x.y.z.B

the message varies reporting either A or B.

Has anyone else had a similar problem with SLB?
How do I resolve this issue?

HD

 

%IP-4-DUPADDR: Duplicate address [IP_address] on [chars], sourced by
[enet]

Another system is using your IP address.

Cisco Recommends:

Change the IP address of one of the two systems.

Hope this helps.

Brad Reese
http://www.BradReese.Com

 

Thank you for your reply Brad,

Of course, that is the way SLB works assigning the same IP to two
hosts' lo:1 interfaces with netmask 255.255.255.255. The router will
forward packets to the hosts' mac address (level 3).

I am not sure it does ..., please could you elaborate?

HD

 

According to Cisco TAC here are the IOS SLB supported platforms:

In 12.3 and 12.3T, 3640/3660, 3725/3745, 7200.

In 12.2S, 7200/7300/7400, native C6K.

Sincerely,

Brad Reese
Global Cisco TAC Contacts
http://www.bradreese.com/cisco-tac-contacts-worldwide.htm

 

I've seen this when a redundant slb config on another device became
operational at te same time.

BernieM

 

We sometimes have the same problem on a C6K with 12.2(18)SXF4
and no solution yet.

Regards

Lothar Hofmann

Lothar Hofmann Mail:
Universitaet Siegen
ZIMT Zentrum fuer Informations- und Medientechnologie
Hoelderlinstr. 3 Phone: +49 271 740 4760
D - 57068 Siegen Fax: +49 271 740 2523

 

Hi

stupid question - why would you need a loopback interface configured on
hosts? Do you balance ftp too?
AFAIK "dispatched mode" (that's what loopback is for) is only the
requirement for FTP.

get rid of loopbacks on the hosts.
and if its really a WEBFARM - get rid of "ip slb vserver VIRT_UDP_00"
too

just my 2c
Roman Nakhmanson

 

having a loopback adddress the same as the vip is required when client ip
addresses are not being natted and the server rersponds directly to the
client. This is for any protocol not just ftp.

BernieM

 

Bernie
you are right. "nat server" has be present in order to work without
loopback. FTP works only in dispatched mode. had to read about SLB
again, thanks

Roman Nakhmanson

 

I do not need FTP in particular, however, reading from Cisco's
documentation, in this way (no NAT) we shoud be getting a better
performance. Our 3640 do not do much: beyond SLB, it handles two high
speed ADSL links ~5 Mbit/s each, Firewall, IDS, yet when downloading
large files from one of the DSL lines the CPU goes up to 96% average
very quickly. Therefore we thought that NAT (which is handled instead
by another inside router for our intranet) would not be a good choice
for the web servers that in our case have real IPs.

We observed that without UDP (port 80) the response time on the client
side can be worse, though we do not know why. We suppose it can be down
to dropped TCP connections.