Telecom VPDN load Balancing dual-machine solution

XX Telecom used a single load balancing, 2 VPDN routers to do load balancing, its topology is as follows:

Load balancing equipment divided into 2 network segments, deployed in a serial connection, the top 2 7610 routers, the next two LNS VPDN routers. Among them, the upper 2 7610 running VRRP protocol, load balancing will be the outward default route to its VRRP floating ip,2 7610 also will need the route to point to load balanced device network interface IP. The default route of 2 LNS routers in the next networking section points to the interface IP of the network segment of the load balancing device.

In the present environment, requests from the public network, after 2 sets of 7610, access to the load balancing device on the network on the configuration of the virtual server's fictitious IP address, load balancing device to hit the virtual IP request, the target address from virtual IP to 2 vpdn router interface IP, It is then distributed to the 2 VPDN server interface IP on the allied.

Now Telecom added a load balancing equipment, planning and the original form of a dual-machine deployment, topology map as follows:

But now the problem has come out, the second line of two VPDN routers need to connect 2 load balancing devices, the 2 VPDN devices themselves do not support VLANs, so each VPDN router must be in the original one on the top of the 3-layer interface, add a top 3 layer interface, 2 different network segments are used to connect different load balancing devices respectively. According to the topology demand, 2 load balancing devices of the next network segment for the different 2 network segments, the original load balancing equipment, the lower connection network segment unchanged, the new load equipment equipment under the network segment for the new 3-layer network segment.

This structure has the following 2 questions:

1, 2 load balancing devices under the network segment is not a network segment, and pool member configuration is not the same (2 segments of the VPDN router interface IP), this structure to do the traditional ha is problematic. (The traditional HA requires 2 device network segments to be the same, all server,pool,virtaulserver configuration must be identical)

2, 2 VPDN routers must work independently at the same time. As 2 load balancing devices under the network segment is not the same segment, so can not use the dual-machine floating IP mode of operation, so that the 2 VPDN router's default route designation is a problem, only 2 equivalent routes to point to 2 load-balanced device of the lower interface IP. The consequence of this setting is that a request that is likely to be sent from a load-balancing (host) The VPDN router will send the answer back to another load-balancing device (standby), and the source IP address of the answer packet will also change (from the VPDN router to which interface). The source IP will be the address of which interface, so the application will be problematic.

This problem is actually a purely network problem, and how to deploy in various environments is one of the problems that ADN often face.

After detailed consideration, the problem is resolved through 2 steps:

1, in 2 load balancing devices to add another device of the next IP network segment, and 2 devices interconnected link to enable the 802.1Q package, the 2 network segment through, this solves the dual-machine Environment 2 Equipment network segment is not the same problem, at the same time because it is connected with 2 of the next network segments (in addition to its own direct network segment, but also through the 802.1q through the interconnection of 2 devices link to another segment), so each device can be configured The same member. In this way, it completely solves the next networking segment is not the same, member is not the same problem, so you can directly to the traditional dual-machine model deployment.

2, considering that the VPDN router answer packet from the 2 equivalent default route randomly returned to cause the answer packet source IP may change the problem, the user on 2 VPDN routers enable the loopback address, the loopback need to be configured and load balancing devices applied on the same virtual IP, At the same time in the load balancing device needs to enable the DSR feature (disable target IP address translation), so that the VPDN router back to the packet, the loopback address for the source IP response, so there is no return route caused by the change of source IP address caused by the session problem.

This article is from the "ADC Technology blog" blog, please be sure to keep this source http://virtualadc.blog.51cto.com/3027116/1211452