[prev in list] [next in list] [prev in thread] [next in thread]
List: loadbalancing-l
Subject: RES: [load balancing] managing Alteons from several networks
From: "claudio rosa" <crmrosa () terra ! com ! br>
Date: 2002-05-26 22:53:11
[Download RAW message or body]
MessageYou can specify these filters like a Cisco, in the Cisco environment
ACL you must take care of precedence.
Cláudio
-----Mensagem original-----
De: owner-lb-l@vegan.net [mailto:owner-lb-l@vegan.net]Em nome de Arie
Vayner
Enviada em: domingo, 26 de maio de 2002 11:49
Para: lb-l@vegan.net
Assunto: RE: [load balancing] managing Alteons from several networks
I think the dedicated port would be the only solution, an expansive one at
that, but should work.
<complain> Why can't I just specify a few filters for managment like I can
do in Cisco </complain>
Arie
-----Original Message-----
From: Roos, Christian [mailto:Christian.Roos@dregis.com]
Sent: Sunday, May 26, 2002 1:47 PM
To: lb-l@vegan.net
Subject: AW: [load balancing] managing Alteons from several networks
Hi,
tell me why cache redirection prohibites other filtering?
as far as i know filtering is only prohibited if you have advanced vpn
lb (also RTS in WebOS 10) on the same port enabled:
I guess you dont have a "normal" WCR Configuration (here are other
filters allowed) like this:
sip any / dip any / proto tcp / dport 80 / act redir / group of your
cachservers
With the filter i mentioned below you will bypass the redirecting for
the specified host´s / ports (whatever), all other traffic (up on your
config) will be redirected to your cachserver.
This works in basic configurations. But without knowing your config and
network structure there is nothing more to say :)
What about a dedicated port for your management system?
greetz
Chris
-----Ursprüngliche Nachricht-----
Von: Arie Vayner [mailto:ariev@netvision.net.il]
Gesendet: Sonntag, 26. Mai 2002 11:46
An: lb-l@vegan.net
Betreff: RE: [load balancing] managing Alteons from several networks
Hi
Filtering does not work because we are running the cache redirection
functions which prohibit filtering on the main port...
Arie
-----Original Message-----
From: Roos, Christian [mailto:Christian.Roos@dregis.com]
Sent: Sunday, May 26, 2002 9:27 AM
To: lb-l@vegan.net
Subject: RE: [load balancing] managing Alteons from several networks
Hi Arie,
hmm, filtering should work, filters are processed from lowest to
highest,
so, where is the problem to activate a filter like this in front of
your
redirection filter?
sip: your management network
smask: create a mask that only allow´s your hosts i.e like
255.255.255.248,
this allows you to use 6 hosts per subnet
dip: any or whatever you need
action: allow
The other way is adding something like a demilitarized zone to a
dedicated
port on your alteon (descripted in the application guide)
Hope this helps you.
greetz
Chris
-----Ursprüngliche Nachricht-----
Von: Arie Vayner [mailto:ariev@netvision.net.il]
Gesendet: Sonntag, 26. Mai 2002 09:21
An: lb-l@vegan.net
Betreff: [load balancing] managing Alteons from several networks
Hi
How can I manage an Alteon box securly, while having a few
management hosts,
located on different networks?
I have been using the management network feature, but the need has
arised to
have another host running SNMP to the Alteon, and this host is
located on a
different part of my network, so managmenet network is not working
for me.
Also, I cannot run a filter on the main feed port because I am
running
traffic redirection to a proxy, and it does not allow to activate a
filter
on this port.
We are running version 9 something.
Any ideas?
Arie
____________________
The Load Balancing Mailing List
Unsubscribe: mailto:majordomo@vegan.net?body=unsubscribe%20lb-l
Archive: http://vegan.net/lb/archive
LBDigest: http://lbdigest.com
MRTG with SLB: http://vegan.net/MRTG
Hosted by: http://www.tokkisystems.com
____________________
The Load Balancing Mailing List
Unsubscribe: mailto:majordomo@vegan.net?body=unsubscribe%20lb-l
Archive: http://vegan.net/lb/archive
LBDigest: http://lbdigest.com
MRTG with SLB: http://vegan.net/MRTG
Hosted by: http://www.tokkisystems.com
[Attachment #3 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Message</TITLE>
<META http-equiv=Content-Type content="text/html; charset=Windows-1252">
<META content="MSHTML 6.00.2715.400" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=420075022-26052002><FONT face=Arial color=#0000ff size=2>You
can specify these filters like a Cisco, in the Cisco environment ACL you must
take care of precedence.</FONT></SPAN></DIV>
<DIV><SPAN class=420075022-26052002><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=420075022-26052002><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=420075022-26052002><FONT face=Arial color=#0000ff
size=2>Cláudio</FONT></SPAN></DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Mensagem original-----<BR><B>De:</B> owner-lb-l@vegan.net
[mailto:owner-lb-l@vegan.net]<B>Em nome de </B>Arie Vayner<BR><B>Enviada
em:</B> domingo, 26 de maio de 2002 11:49<BR><B>Para:</B>
lb-l@vegan.net<BR><B>Assunto:</B> RE: [load balancing] managing Alteons from
several networks<BR><BR></FONT></DIV>
<DIV><SPAN class=996474714-26052002><FONT face=Arial color=#0000ff size=2>I
think the dedicated port would be the only solution, an expansive one at
that, but should work.</FONT></SPAN></DIV>
<DIV><SPAN class=996474714-26052002><FONT face=Arial color=#0000ff
size=2><complain> Why can't I just specify a few filters for managment
like I can do in Cisco </complain></FONT></SPAN></DIV>
<DIV><SPAN class=996474714-26052002><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=996474714-26052002><FONT face=Arial color=#0000ff
size=2>Arie</FONT></SPAN></DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV></DIV>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left><FONT
face=Tahoma size=2>-----Original Message-----<BR><B>From:</B> Roos,
Christian [mailto:Christian.Roos@dregis.com] <BR><B>Sent:</B> Sunday, May
26, 2002 1:47 PM<BR><B>To:</B> lb-l@vegan.net<BR><B>Subject:</B> AW: [load
balancing] managing Alteons from several networks<BR><BR></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=453314209-26052002>Hi,</SPAN></FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=453314209-26052002>tell me why
cache redirection prohibites other filtering?</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=453314209-26052002>as far as i
know filtering is only prohibited if you have advanced vpn lb
(also RTS in WebOS 10) on the same port enabled:</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=453314209-26052002>I guess you
dont have a "normal" WCR Configuration (here are other filters allowed)
like this:</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=453314209-26052002></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=453314209-26052002>sip any / dip
any / proto tcp / dport 80 / act redir / group of your
cachservers</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=453314209-26052002></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=453314209-26052002>With the filter
i mentioned below you will bypass the redirecting for the specified
host´s / ports (whatever), all other traffic (up on your config) will
be redirected to your cachserver.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=453314209-26052002>This works in
basic configurations. But without knowing your config and
network structure there is nothing more to say
:)</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=453314209-26052002></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=453314209-26052002>What about a
dedicated port for your management system?</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=453314209-26052002></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN
class=453314209-26052002></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN
class=453314209-26052002></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN
class=453314209-26052002>greetz</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=453314209-26052002></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN
class=453314209-26052002>Chris</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=453314209-26052002></SPAN></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=453314209-26052002></SPAN></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=453314209-26052002></SPAN></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2><SPAN
class=453314209-26052002></SPAN></FONT> </DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Ursprüngliche Nachricht-----<BR><B>Von:</B> Arie Vayner
[mailto:ariev@netvision.net.il]<BR><B>Gesendet:</B> Sonntag, 26. Mai 2002
11:46<BR><B>An:</B> lb-l@vegan.net<BR><B>Betreff:</B> RE: [load balancing]
managing Alteons from several networks<BR><BR></DIV></FONT>
<DIV><SPAN class=141023709-26052002><FONT face=Arial color=#0000ff
size=2>Hi</FONT></SPAN></DIV>
<DIV><SPAN class=141023709-26052002><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=141023709-26052002><FONT face=Arial color=#0000ff
size=2>Filtering does not work because we are running the cache
redirection functions which prohibit filtering on the main
port...</FONT></SPAN></DIV>
<DIV><SPAN class=141023709-26052002><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=141023709-26052002><FONT face=Arial color=#0000ff
size=2>Arie</FONT></SPAN></DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV></DIV>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left><FONT
face=Tahoma size=2>-----Original Message-----<BR><B>From:</B> Roos,
Christian [mailto:Christian.Roos@dregis.com] <BR><B>Sent:</B> Sunday,
May 26, 2002 9:27 AM<BR><B>To:</B> lb-l@vegan.net<BR><B>Subject:</B> RE:
[load balancing] managing Alteons from several
networks<BR><BR></FONT></DIV><!-- Converted from text/plain format -->
<P><FONT size=2>Hi Arie,</FONT> </P>
<P><FONT size=2>hmm, filtering should work, filters are processed from
lowest to highest,</FONT> <BR><FONT size=2>so, where is the problem to
activate a filter like this in front of your</FONT> <BR><FONT
size=2>redirection filter?</FONT> </P>
<P><FONT size=2>sip: your management network</FONT> <BR><FONT
size=2>smask: create a mask that only allow´s your hosts i.e like
255.255.255.248,</FONT> <BR><FONT size=2>this allows you to use 6 hosts
per subnet</FONT> <BR><FONT size=2>dip: any or whatever you need</FONT>
<BR><FONT size=2>action: allow</FONT> </P>
<P><FONT size=2>The other way is adding something like a demilitarized
zone to a dedicated</FONT> <BR><FONT size=2>port on your alteon
(descripted in the application guide)</FONT> </P>
<P><FONT size=2>Hope this helps you.</FONT> </P>
<P><FONT size=2>greetz</FONT> </P>
<P><FONT size=2>Chris</FONT> </P><BR><BR>
<P><FONT size=2>-----Ursprüngliche Nachricht-----</FONT> <BR><FONT
size=2>Von: Arie Vayner [<A
href="mailto:ariev@netvision.net.il">mailto:ariev@netvision.net.il</A>]</FONT> \
<BR><FONT size=2>Gesendet: Sonntag, 26. Mai 2002 09:21</FONT> <BR><FONT
size=2>An: lb-l@vegan.net</FONT> <BR><FONT size=2>Betreff: [load
balancing] managing Alteons from several networks</FONT> </P><BR>
<P><FONT size=2>Hi</FONT> </P>
<P><FONT size=2>How can I manage an Alteon box securly, while having a
few management hosts,</FONT> <BR><FONT size=2>located on different
networks?</FONT> <BR><FONT size=2>I have been using the management
network feature, but the need has arised to</FONT> <BR><FONT size=2>have
another host running SNMP to the Alteon, and this host is located on
a</FONT> <BR><FONT size=2>different part of my network, so managmenet
network is not working for me.</FONT> </P>
<P><FONT size=2>Also, I cannot run a filter on the main feed port
because I am running</FONT> <BR><FONT size=2>traffic redirection to a
proxy, and it does not allow to activate a filter</FONT> <BR><FONT
size=2>on this port.</FONT> </P>
<P><FONT size=2>We are running version 9 something.</FONT> </P>
<P><FONT size=2>Any ideas?</FONT> </P>
<P><FONT size=2>Arie</FONT> <BR><FONT size=2>____________________</FONT>
<BR><FONT size=2>The Load Balancing Mailing List</FONT> <BR><FONT
size=2>Unsubscribe: <A
href="mailto:majordomo@vegan.net?body=unsubscribe%20lb-l">mailto:majordomo@vegan.net?body=unsubscribe%20lb-l</A></FONT> \
<BR><FONT size=2>Archive: <A
href="http://vegan.net/lb/archive">http://vegan.net/lb/archive</A></FONT>
<BR><FONT size=2>LBDigest: <A
href="http://lbdigest.com">http://lbdigest.com</A></FONT> <BR><FONT
size=2>MRTG with SLB: <A
href="http://vegan.net/MRTG">http://vegan.net/MRTG</A></FONT> <BR><FONT
size=2>Hosted by: <A
href="http://www.tokkisystems.com">http://www.tokkisystems.com</A></FONT>
<BR><FONT size=2>____________________</FONT> <BR><FONT size=2>The Load
Balancing Mailing List</FONT> <BR><FONT
size=2>Unsubscribe: <A
href="mailto:majordomo@vegan.net?body=unsubscribe%20lb-l">mailto:majordomo@vegan.net?body=unsubscribe%20lb-l</A></FONT> \
<BR><FONT size=2>Archive: <A
href="http://vegan.net/lb/archive">http://vegan.net/lb/archive</A></FONT>
<BR><FONT size=2>LBDigest: <A
href="http://lbdigest.com">http://lbdigest.com</A></FONT> <BR><FONT
size=2>MRTG with SLB: <A
href="http://vegan.net/MRTG">http://vegan.net/MRTG</A></FONT> <BR><FONT
size=2>Hosted by: <A
href="http://www.tokkisystems.com">http://www.tokkisystems.com</A></FONT>
</P></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>
____________________
The Load Balancing Mailing List
Unsubscribe: mailto:majordomo@vegan.net?body=unsubscribe%20lb-l
Archive: http://vegan.net/lb/archive
LBDigest: http://lbdigest.com
MRTG with SLB: http://vegan.net/MRTG
Hosted by: http://www.tokkisystems.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic