[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: can I nat a win2k cluster that uses multicast?

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: can I nat a win2k cluster that uses multicast?
From: Saad Kadhi <bsdguy_(_at_)_noos_(_dot_)_fr>
Date: 15 Aug 2001 09:58:01 +0200

On 15 Aug 2001 00:07:54 -0700, wing chun wrote:
> I'm successfully running a 2.9 ipf/ipnat box to firewall a win2k IIS server 
> but now I suddenly find myself in a bit over my head.  Putting a damper on 
> my jaunty mood is the fact that this single IIS server has a new twin 
> brother and they want to run Microsoft Load Balancing as a cluster.  I am 
> expected to firewall this cluster.
> 
> a brief description of how this MS stuff is supposed to work:
> 
> "You install WLBS or NLB on all servers in the same Web site or cluster, and 
> a virtual IP (VIP) or cluster address represents the Web site or cluster. 
> The software requires all servers to be on the same subnet, and both 
> services use a media access control (MAC) multicast method to redirect 
> client traffic. When the router that the server subnet connects to receives 
> a client request, the router uses a MAC-layer multicast to multicast the 
> request to the cluster."
> 
> Currently I have my OBSD box w/ an external interface of 1.2.3.4 and an 
> internal interface of 192.168.1.1.  The win2k boxes have IP addresses 
> 192.168.1.2 and 192.168.1.3 but each interface also has an alias of 
> 192.168.1.4.  I guess this is a "multicast alias" which must behave 
> differently than a normal one because I didn't think you could have two 
> boxes w/ the same ip on the same subnet but this is how it is supposed to 
> work.  I can readily ping 192.168.1.2 and .3 but i can not ping the virtual 
> ip of .4.  If I send an arp request to .4 I get 2 replies from an identical 
> MAC address, I assume this represents 1 for each server.
yep. They both answer since they have a multicast MAC address. I am not
familiar w/ the M$ clustering product but from yer description, it looks
a lot like SLB (Server Load Balancing) performed by an Alteon box or a
StoneSoft FullCluster. Both of which I am familiar w/. So fire up a
browser & try to access 192.168.1.4 (ping wouldn't work since they only
SLB for http). If it works, simply change your NAT rules to NAT for
192.168.1.4 instead of 192.168.1.2. 
> 
> I need to redirect traffic to the virtual ip of 192.168.1.4 and NAT the 
> traffic back out the external interface of my OBSD box.
> 
> Can this be done?  If it can't be done through NAT how might it be done
> by turning off NAT and just IPF w/ OBSD as a router?
> 
> I understand that multicast routing is not turned on by default and I am 
> trying to digest the 'mrouted' man page as quickly as possible but as I have 
> never had to deal w/ multicast stuff before there are a whole lot of new 
> concepts to absorb in a short amount of time.
you don't need mrouted. I am confident that if M$ "complies" w/ the SLB
algorithms out there, the NAT rules change will be sufficient.
> 

HTH
-- 
//saad

References:
- can I nat a win2k cluster that uses multicast?
  - From: wing chun

Prev by Date: can I nat a win2k cluster that uses multicast?
Next by Date: Re: can I nat a win2k cluster that uses multicast?
Previous by thread: can I nat a win2k cluster that uses multicast?
Next by thread: Re: can I nat a win2k cluster that uses multicast?
Index(es):
- Date
- Thread

Visit your host, monkey.org