Sym-Active SLB is true active-active. Both ServerIrons handle traffic (active-active), and both ServerIrons are active for the same VIP on both ServerIrons.
The difference is minimal. For Sym-active, the difference being sym-active configured on the VIP to enable the standby box to process traffic. The load and CPU processing per VIP is equally shared between both ServerIrons, as shown in the following comparison:
When sym-active is enabled on both ServerIrons, both boxes handle traffic equally for each VIP. A box with sym-active configured is enabled to process and forward traffic to/from the client, regardless of an assigned lower VIP priority.
To enable the sym-active on each VIP, enter commands such as the following:
ServerIronA(config)# server virtual-name-or-ip VIP1 1.1.1.1
ServerIronA(config-vs-VIP1)# port 80
ServerIronA(config-vs-VIP1)# sym-priority 69
ServerIronA(config-vs-VIP1)# sym-active
This example configures VIP1 by adding port 80, enabling Symmetric SLB, then enabling Sym-Active. With Sym-Active, you still need to configure the
sym-priority command. Whichever ServerIron has the higher priority will own the VIP address, MAC, and ARP responses. If someone pings the VIP for example, only the active VIP will reply.
Layer 3 support for ServerIron Chassis devices is provided. The following is an example configuration of symmetric SLB with one subnet and one virtual routing interface.
ServerIron(config)# interface ve 1ServerIron(config-ve-1)# ip address 10.2.24.1 255.255.255.0
ServerIron(config-ve-1)# ip address 172.1.1.3 255.255.255.0
ServerIron(config-ve-1)# ip ospf area 0
ServerIron(config-ve-1)# ip vrrp-extended vrid 3
ServerIron(config-ve-1-vrid-3)# backup
ServerIron(config-ve-1-vrid-3)# ip-address 172.1.1.1
ServerIron(config-ve-1-vrid-3)# track-port e 1
ServerIron(config-ve-1-vrid-3)# track-port e 2
ServerIron(config-ve-1-vrid-3)# enable
ServerIron(config-ve-1)# ip vrrp-extended vrid 4
ServerIron(config-ve-1-vrid-4)# backup
ServerIron(config-ve-1-vrid-4)# ip-address 172.1.1.2
ServerIron(config-ve-1-vrid-4)# track-port e 1
ServerIron(config-ve-1-vrid-4)# track-port e 2
ServerIron(config-ve-1-vrid-4)# enable
ServerIron(config-ve-1)# exit
ServerIron(config)# router ospfServerIron(config-ospf-router)# area 0
ServerIron(config-ospf-router)# redistribution connected
ServerIron(config-ospf-router)# redistribution static
ServerIron(config-ospf-router)# exit
ServerIron(config)# vlan 1 name DEFAULT-VLAN by port
ServerIron(config-vlan-1)# router-interface ve 1
ServerIron(config-vlan-1)# exit
ServerIron(config)# interface ve 1
ServerIron(config-ve-1)# ip address 10.2.24.252 255.255.255.0
ServerIron(config-ve-1)# ip address 100.1.1.252 255.255.255.0
ServerIron(config-ve-1)# ip ospf area 0
ServerIron(config-ve-1)# ip vrrp-extended vrid 5
ServerIron(config-ve-1-vrid-5)# backup
ServerIron(config-ve-1-vrid-5)# ip-address 100.1.1.254
ServerIron(config-ve-1-vrid-5)# track-port e 3/1
ServerIron(config-ve-1-vrid-5)# track-port e 3/2
ServerIron(config-ve-1-vrid-5)# enable
ServerIron(config-ve-1)# ip vrrp-extended vrid 6
ServerIron(config-ve-1-vrid-6)# backup
ServerIron(config-ve-1-vrid-6)# ip-address 100.1.1.253
ServerIron(config-ve-1-vrid-6)# track-port e 3/1
ServerIron(config-ve-1-vrid-6)# track-port e 3/2
ServerIron(config-ve-1-vrid-6)# enable
ServerIron(config-ve-1-vrid-6)# exit
ServerIron(config)# ip l4-policy 1 cache tcp 0 global
ServerIron(config)# ip route 0.0.0.0 0.0.0.0 10.2.24.1
ServerIron(config)# ip route 0.0.0.0 0.0.0.0 10.2.24.2
ServerIron(config)# router ospf
ServerIron(config-ospf-router)# area 0
ServerIron(config-ospf-router)# redistribution connected
ServerIron(config-ospf-router)# redistribution static
ServerIron(config-ospf-router)# exit
ServerIron(config)# router vrrp-extended
ServerIron(config)# server predictor least-conn
The following commands enable session synchronization on the ports where the active-active SLB feature is used. This is required both to ensure continued service following a failover and to enable each ServerIron to send server replies back to the clients, regardless of which ServerIron load balanced the request.
ServerIron(config)# server port 80
ServerIron(config-port-80)# session-sync
ServerIron(config-port-80)# tcp
ServerIron(config-port-80)# exit
ServerIron(config)# server port 21
ServerIron(config-port-21)# session-sync
ServerIron(config-port-21)# exit
ServerIron(config)# server port 1755
ServerIron(config-port-1755)# session-sync
ServerIron(config-port-1755)# tcp
ServerIron(config-port-1755)# udp
ServerIron(config-port-1755)# exit
ServerIron(config)# server port 53
ServerIron(config-port-53)# session-sync
ServerIron(config-port-53)# exit
ServerIron(config)# server port 443
ServerIron(config-port-443)# session-sync
ServerIron(config-port-443)# tcp
ServerIron(config-port-443)# exit
ServerIron(config)# server router-ports ethernet 3/1
ServerIron(config)# server real rs29 100.1.1.29
ServerIron(config-rs-rs29)# port ssl
ServerIron(config-rs-rs29)# port mms
ServerIron(config-rs-rs29)# port http
ServerIron(config-rs-rs29)# port http url "HEAD /"
ServerIron(config-rs-rs29)# port ftp
ServerIron(config-rs-rs29)# port dns
ServerIron(config-rs-rs29)# exit
ServerIron(config)# server real rs30 100.1.1.30
ServerIron(config-rs-rs30)# port ssl
ServerIron(config-rs-rs30)# port mms
ServerIron(config-rs-rs30)# port http
ServerIron(config-rs-rs30)# port http url "HEAD /"
ServerIron(config-rs-rs30)# port ftp
ServerIron(config-rs-rs30)# port dns
ServerIron(config-rs-rs30)# exit
ServerIron(config)# server real rs31 100.1.1.31
ServerIron(config-rs-rs31)# port ssl
ServerIron(config-rs-rs31)# port mms
ServerIron(config-rs-rs31)# port http
ServerIron(config-rs-rs31)# port http url "HEAD /"
ServerIron(config-rs-rs31)# port ftp
ServerIron(config-rs-rs31)# port dns
ServerIron(config-rs-rs31)# exit
ServerIron(config)# server real rs29.1 100.1.1.129
ServerIron(config-rs-rs29.1)# port dns
ServerIron(config-rs-rs29.1)# port ftp
ServerIron(config-rs-rs29.1)# port http
ServerIron(config-rs-rs29.1)# port http url "HEAD /"
ServerIron(config-rs-rs29.1)# port mms
ServerIron(config-rs-rs29.1)# port ssl
ServerIron(config-rs-rs29.1)# exit
ServerIron(config)# server real rs30.1 100.1.1.130
ServerIron(config-rs-rs30.1)# port dns
ServerIron(config-rs-rs30.1)# port ftp
ServerIron(config-rs-rs30.1)# port http
ServerIron(config-rs-rs30.1)# port http url "HEAD /"
ServerIron(config-rs-rs30.1)# port mms
ServerIron(config-rs-rs30.1)# port ssl
ServerIron(config-rs-rs30.1)# exit
ServerIron(config)# server real rs31.1 100.1.1.131
ServerIron(config-rs-rs31.1)# port dns
ServerIron(config-rs-rs31.1)# port ftp
ServerIron(config-rs-rs31.1)# port http
ServerIron(config-rs-rs31.1)# port http url "HEAD /"
ServerIron(config-rs-rs31.1)# port mms
ServerIron(config-rs-rs31.1)# port ssl
ServerIron(config-rs-rs31.1)# exit
ServerIron(config)# server virtual-name-or-ip www 10.2.24.100
ServerIron(config-vs-www)# sym-priority 254
ServerIron(config-vs-www)# sym-active
ServerIron(config-vs-www)# predictor round-robin
ServerIron(config-vs-www)# port http
ServerIron(config-vs-www)# bind http rs31.1 http rs30.1 http rs29.1 http rs30 http
ServerIron(config-vs-www)# bind http rs31 http rs29 http
ServerIron(config-vs-www)# exit
ServerIron(config)# server virtual-name-or-ip ftp 10.2.24.102
ServerIron(config-vs-ftp)# sym-priority 254
ServerIron(config-vs-ftp)# sym-active
ServerIron(config-vs-ftp)# port ftp
ServerIron(config-vs-ftp)# bind ftp rs31.1 ftp rs30.1 ftp rs29.1 ftp rs29 ftp
ServerIron(config-vs-ftp)# bind ftp rs30 ftp rs31 ftp
ServerIron(config-vs-ftp)# exit
ServerIron(config)# server virtual-name-or-ip mms 10.2.24.103
ServerIron(config-vs-mms)# sym-priority 254
ServerIron(config-vs-mms)# sym-active
ServerIron(config-vs-mms)# port mms
ServerIron(config-vs-mms)# bind mms rs31.1 mms rs30.1 mms rs29.1 mms rs29 mms
ServerIron(config-vs-mms)# bind mms rs30 mms rs31 mms
ServerIron(config-vs-mms)# exit
ServerIron(config)# server virtual-name-or-ip dns 10.2.24.105
ServerIron(config-vs-dns)# sym-priority 254
ServerIron(config-vs-dns)# sym-active
ServerIron(config-vs-dns)# port dns
ServerIron(config-vs-dns)# bind dns rs31.1 dns rs30.1 dns rs29.1 dns rs29 dns
ServerIron(config-vs-dns)# bind dns rs30 dns rs31 dns
ServerIron(config-vs-dns)# exit
ServerIron(config)# server virtual-name-or-ip ssl 10.2.24.101
ServerIron(config-vs-ssl)# sym-priority 254
ServerIron(config-vs-ssl)# sym-active
ServerIron(config-vs-ssl)# port ssl sticky
ServerIron(config-vs-ssl)# bind ssl rs31.1 ssl rs30.1 ssl rs29.1 ssl rs31 ssl
ServerIron(config-vs-ssl)# bind ssl rs30 ssl rs29 ssl
ServerIron(config-vs-ssl)# exit
ServerIron(config)# interface ve 1ServerIron(config-ve-1)# ip address 10.2.24.2 255.255.255.0
ServerIron(config-ve-1)# ip address 172.1.1.4 255.255.255.0
ServerIron(config-ve-1)# ip ospf area 0
ServerIron(config-ve-1)# ip vrrp-extended vrid 3
ServerIron(config-ve-1-vrid-3)# backup
ServerIron(config-ve-1-vrid-3)# ip-address 172.1.1.1
ServerIron(config-ve-1-vrid-3)# track-port e 1
ServerIron(config-ve-1-vrid-3)# track-port e 2
ServerIron(config-ve-1-vrid-3)# enable
ServerIron(config-ve-1)# ip vrrp-extended vrid 4
ServerIron(config-ve-1-vrid-4)# backup
ServerIron(config-ve-1-vrid-4)# ip-address 172.1.1.2
ServerIron(config-ve-1-vrid-4)# track-port e 1
ServerIron(config-ve-1-vrid-4)# track-port e 2
ServerIron(config-ve-1-vrid-4)# enable
ServerIron(config-ve-1)# exit
ServerIron(config)# router ospfServerIron(config-ospf-router)# area 0
ServerIron(config-ospf-router)# redistribution connected
ServerIron(config-ospf-router)# redistribution static
ServerIron(config-ospf-router)# exit
ServerIron(config)# vlan 1 name DEFAULT-VLAN by port
ServerIron(config-vlan-1)# router-interface ve 1
ServerIron(config-vlan-1)# exit
ServerIron(config)# interface ve 1
ServerIron(config-ve-1)# ip address 10.2.24.251 255.255.255.0
ServerIron(config-ve-1)# ip address 100.1.1.251 255.255.255.0
ServerIron(config-ve-1)# ip ospf area 0
ServerIron(config-ve-1)# ip vrrp-extended vrid 5
ServerIron(config-ve-1-vrid-5)# backup
ServerIron(config-ve-1-vrid-5)# ip-address 100.1.1.254
ServerIron(config-ve-1-vrid-5)# track-port e 3/1
ServerIron(config-ve-1-vrid-5)# track-port e 3/2
ServerIron(config-ve-1-vrid-5)# enable
ServerIron(config-ve-1)# ip vrrp-extended vrid 6
ServerIron(config-ve-1-vrid-6)# backup
ServerIron(config-ve-1-vrid-6)# ip-address 100.1.1.253
ServerIron(config-ve-1-vrid-6)# track-port e 3/1
ServerIron(config-ve-1-vrid-6)# track-port e 3/2
ServerIron(config-ve-1-vrid-6)# enable
ServerIron(config-ve-1-vrid-6)# exit
ServerIron(config)# ip l4-policy 1 cache tcp 0 global
ServerIron(config)# ip route 0.0.0.0 0.0.0.0 10.2.24.1
ServerIron(config)# ip route 0.0.0.0 0.0.0.0 10.2.24.2
ServerIron(config)# router ospf
ServerIron(config-ospf-router)# area 0
ServerIron(config-ospf-router)# redistribution connected
ServerIron(config-ospf-router)# redistribution static
ServerIron(config-ospf-router)# exit
ServerIron(config)# router vrrp-extended
ServerIron(config)# server predictor least-conn
The following commands enable session synchronization on the ports where the active-active SLB feature is used. This is required both to ensure continued service following a failover and to enable each ServerIron to send server replies back to the clients, regardless of which ServerIron load balanced the request.
ServerIron(config)# server port 80
ServerIron(config-port-80)# session-sync
ServerIron(config-port-80)# tcp
ServerIron(config-port-80)# exit
ServerIron(config)# server port 21
ServerIron(config-port-21)# session-sync
ServerIron(config-port-21)# exit
ServerIron(config)# server port 1755
ServerIron(config-port-1755)# session-sync
ServerIron(config-port-1755)# tcp
ServerIron(config-port-1755)# udp
ServerIron(config-port-1755)# exit
ServerIron(config)# server port 53
ServerIron(config-port-53)# session-sync
ServerIron(config-port-53)# exit
ServerIron(config)# server port 443
ServerIron(config-port-443)# session-sync
ServerIron(config-port-443)# tcp
ServerIron(config-port-443)# exit
ServerIron(config)# server router-ports ethernet 3/1
ServerIron(config)# server real rs29 100.1.1.29
ServerIron(config-rs-rs29)# port ssl
ServerIron(config-rs-rs29)# port mms
ServerIron(config-rs-rs29)# port http
ServerIron(config-rs-rs29)# port http url "HEAD /"
ServerIron(config-rs-rs29)# port ftp
ServerIron(config-rs-rs29)# port dns
ServerIron(config-rs-rs29)# exit
ServerIron(config)# server real rs30 100.1.1.30
ServerIron(config-rs-rs30)# port ssl
ServerIron(config-rs-rs30)# port mms
ServerIron(config-rs-rs30)# port http
ServerIron(config-rs-rs30)# port http url "HEAD /"
ServerIron(config-rs-rs30)# port ftp
ServerIron(config-rs-rs30)# port dns
ServerIron(config-rs-rs30)# exit
ServerIron(config)# server real rs31 100.1.1.31
ServerIron(config-rs-rs31)# port ssl
ServerIron(config-rs-rs31)# port mms
ServerIron(config-rs-rs31)# port http
ServerIron(config-rs-rs31)# port http url "HEAD /"
ServerIron(config-rs-rs31)# port ftp
ServerIron(config-rs-rs31)# port dns
ServerIron(config-rs-rs31)# exit
ServerIron(config)# server real rs29.1 100.1.1.129
ServerIron(config-rs-rs29.1)# port dns
ServerIron(config-rs-rs29.1)# port ftp
ServerIron(config-rs-rs29.1)# port http
ServerIron(config-rs-rs29.1)# port http url "HEAD /"
ServerIron(config-rs-rs29.1)# port mms
ServerIron(config-rs-rs29.1)# port ssl
ServerIron(config-rs-rs29.1)# exit
ServerIron(config)# server real rs30.1 100.1.1.130
ServerIron(config-rs-rs30.1)# port dns
ServerIron(config-rs-rs30.1)# port ftp
ServerIron(config-rs-rs30.1)# port http
ServerIron(config-rs-rs30.1)# port http url "HEAD /"
ServerIron(config-rs-rs30.1)# port mms
ServerIron(config-rs-rs30.1)# port ssl
ServerIron(config-rs-rs30.1)# exit
ServerIron(config)# server real rs31.1 100.1.1.131
ServerIron(config-rs-rs31.1)# port dns
ServerIron(config-rs-rs31.1)# port ftp
ServerIron(config-rs-rs31.1)# port http
ServerIron(config-rs-rs31.1)# port http url "HEAD /"
ServerIron(config-rs-rs31.1)# port mms
ServerIron(config-rs-rs31.1)# port ssl
ServerIron(config-rs-rs31.1)# exit
ServerIron(config)# server virtual-name-or-ip www 10.2.24.100
ServerIron(config-vs-www)# sym-priority 100
ServerIron(config-vs-www)# sym-active
ServerIron(config-vs-www)# predictor round-robin
ServerIron(config-vs-www)# port http
ServerIron(config-vs-www)# bind http rs31.1 http rs30.1 http rs29.1 http rs30 http
ServerIron(config-vs-www)# bind http rs31 http rs29 http
ServerIron(config-vs-www)# exit
ServerIron(config)# server virtual-name-or-ip ftp 10.2.24.102
ServerIron(config-vs-ftp)# sym-priority 100
ServerIron(config-vs-ftp)# sym-active
ServerIron(config-vs-ftp)# port ftp
ServerIron(config-vs-ftp)# bind ftp rs31.1 ftp rs30.1 ftp rs29.1 ftp rs29 ftp
ServerIron(config-vs-ftp)# bind ftp rs30 ftp rs31 ftp
ServerIron(config-vs-ftp)# exit
ServerIron(config)# server virtual-name-or-ip mms 10.2.24.103
ServerIron(config-vs-mms)# sym-priority 100
ServerIron(config-vs-mms)# sym-active
ServerIron(config-vs-mms)# port mms
ServerIron(config-vs-mms)# bind mms rs31.1 mms rs30.1 mms rs29.1 mms rs29 mms
ServerIron(config-vs-mms)# bind mms rs30 mms rs31 mms
ServerIron(config-vs-mms)# exit
ServerIron(config)# server virtual-name-or-ip dns 10.2.24.105
ServerIron(config-vs-dns)# sym-priority 100
ServerIron(config-vs-dns)# sym-active
ServerIron(config-vs-dns)# port dns
ServerIron(config-vs-dns)# bind dns rs31.1 dns rs30.1 dns rs29.1 dns rs29 dns
ServerIron(config-vs-dns)# bind dns rs30 dns rs31 dns
ServerIron(config-vs-dns)# exit
ServerIron(config)# server virtual-name-or-ip ssl 10.2.24.101
ServerIron(config-vs-ssl)# sym-priority 100
ServerIron(config-vs-ssl)# sym-active
ServerIron(config-vs-ssl)# port ssl sticky
ServerIron(config-vs-ssl)# bind ssl rs31.1 ssl rs30.1 ssl rs29.1 ssl rs31 ssl
ServerIron(config-vs-ssl)# bind ssl rs30 ssl rs29 ssl
ServerIron(config-vs-ssl)# exit
Figure 6.11 shows an example of an active-active configuration. Each ServerIron can process IPsec packets individually and synchronize the sessions to its partner ServerIron for redundancy purposes.
ServerIron(config)# ip address 192.168.1.1 255.255.255.0
ServerIron(config)# ip default-gateway 192.168.1.254
The following commands enable session synchronization port 500. This is required both to ensure continued service following a failover and to enable each ServerIron to send server replies back to the clients, regardless of which ServerIron load balanced the request.
ServerIron(config)# server port 500
ServerIron(config-port-500)# session-sync
ServerIron(config-port-500)# exit
ServerIron(config)# server real-name VPN1 192.168.1.10
ServerIron(config-rs-VPN1)# port 500
ServerIron(config-rs-VPN1)# exit
ServerIron(config)# server real-name VPN2 192.168.1.11
ServerIron(config-rs-VPN2)# port 500
ServerIron(config-rs-VPN2)# exit
ServerIron(config)# server virtual-name-or-ip VPNaddr 192.168.1.100
ServerIron(config-vs-VPNaddr)# sw-l4-vpn-tunnel
ServerIron(config-vs-VPNaddr)# sym-priority 254
ServerIron(config-vs-VPNaddr)# sym-active
ServerIron(config-vs-VPNaddr)# port 500
ServerIron(config-vs-VPNaddr)# bind 500 vpn1 500 vpn2 500
ServerIron(config-vs-VPNaddr)# exit
ServerIron(config)# ip policy 1 cache tcp 0 global
ServerIron(config)# write memory
ServerIron(config)# ip address 192.168.1.2 255.255.255.0
ServerIron(config)# ip default-gateway 192.168.1.254
ServerIron(config)# server port 500
ServerIron(config-port-500)# session-sync
ServerIron(config-port-500)# exit
ServerIron(config)# server real-name VPN1 192.168.1.10
ServerIron(config-rs-VPN1)# port 500
ServerIron(config-rs-VPN1)# exit
ServerIron(config)# server real-name VPN2 192.168.1.11
ServerIron(config-rs-VPN2)# port 500
ServerIron(config-rs-VPN2)# exit
ServerIron(config)# server virtual-name-or-ip VPNaddr 192.168.1.100
ServerIron(config-vs-VPNaddr)# sw-l4-vpn-tunnel
ServerIron(config-vs-VPNaddr)# sym-priority 2
ServerIron(config-vs-VPNaddr)# sym-active
ServerIron(config-vs-VPNaddr)# port 500
ServerIron(config-vs-VPNaddr)# bind 500 vpn1 500 vpn2 500
ServerIron(config-vs-VPNaddr)# exit
ServerIron(config)# ip policy 1 cache tcp 0 global
ServerIron(config)# write memory
Copyright © 2009 Brocade Communications Systems, Inc.
