Guest

Cisco LocalDirector 400 Series

Using IP Alias on LocalDirector When No Router Is On Server Subnet

Cisco - Using IP Alias on LocalDirector When No Router Is On Server Subnet

Document ID: 22150

Updated: Jan 31, 2006

   Print

Introduction

This document shows how to configure an alias IP address on the LocalDirector (LD) when you do not have the ability to add a secondary address on the outside router or firewall. The alias IP address was designed to eliminate the need for LocalDirector to go to an inside router in order to get to servers on a different subnet. The alias IP address does not eliminate the need for these servers to have a route back to the public network.

This can be achieved by the addition of a secondary address on the router that is on the same private subnet as the servers. This is not a solution to use when you can not add a secondary address to the router interface.

This document provides a configuration of the servers with a route containing a pseudo IP address for the outside router. There is no concern that this is not the router's real address, since the packets are routed via the MAC address of the router, not the IP address. When the packet leaves the server, the destination is the client's IP address and the MAC address of the next hop.

Before You Begin

Conventions

For more information on document conventions, see the Cisco Technical Tips Conventions.

Prerequisites

There are no specific prerequisites for this document.

Components Used

The information in this document is based on the software and hardware versions below.

  • LocalDirector 416 in a lab environment with cleared configurations.

  • LocalDirector software version 4.2.1

The information presented in this document was created from devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If you are working in a live network, ensure that you understand the potential impact of any command before using it.

Configure

In this section, you are presented with the information to configure the features described in this document.

Note: To find additional information on the commands used in this document, use the Command Lookup Tool (registered customers only) .

Network Diagram

This document uses the network setup shown in the diagram below.

ld-alias.gif

Configurations

This document uses the configurations shown below.

  • implementing private networks using the alias ip command when a secondary address can not be added to a router or firewall interface

  • creating an Address Resolution Protocol (ARP) entry for a pseudo router address using Windows 2000

  • Creating an ARP entry for a pseudo router address using Solaris

Implementing Private Networks


!--- Configure LD with an IP address on the public network.

    ip address  192.168.1.253 255.255.255.0


!--- Configure LD with an alias IP address on the private network.
 
    alias ip address  10.10.10.253 255.255.255.0


!--- Configure a virtual server with a public address for inbound connections.
 
     virtual 192.168.1.100:80:0:tcp is


!--- Configure port-specific real servers on a private network.
 
     real 10.10.10.193:80:0:tcp is
     real 10.10.10.192:80:0:tcp is


!--- Bind the virtual servers to the real servers.

    bind 192.168.1.100:80:0:tcp 10.10.10.193:80:0:tcp
    bind 192.168.1.100:80:0:tcp 10:10:10:192:80:0:tcp

The inbound request passes from the outside router, and is forwarded to the real server. At this point, there is no router on the private subnet, so the server can not reply. It is important to understand that the router would not have to actually be configured with an IP address on the private subnet, as routed traffic contains only the MAC address of the router, not its IP address.

The servers on the private network need to be convinced that they actually can connect to a router on that network. This can be accomplished by creating static ARP entries. Rather than having the inside server ARP for the router's MAC address, it is preconfigured as a static entry in the ARP table.

Creating an ARP entry for a pseudo router address using Windows 2000


!--- Create a text file with the ARP entry 
!--- for the router's pseudo IP address.
!--- Assume the router's real MAC address 
!--- is 10-21-22-33-44-55.


"arp -s  10.10.10.1 10-21-22-33-44-55"


!--- Configure the Windows 2000 machine so that 
!--- the  text file is executed at start time.
!--- From the Start menu, select Settings. 
!--- From the Settings menu, select Taskbar & Start menu. 
!--- From the Taskbar & Start menu, select Advanced.
!--- From the Advanced menu, select Add .
!--- Enter the location of the batch file, or browse to find it. 
!--- Select the Startup folder -> Finish. 

!--- When the system is rebooted, the ARP entry will 
!--- be statically created. 
!--- To immediately add the ARP entry, issue the 
!--- arp -s command from the command prompt. 




!--- Configure the server to point to address 
!--- 10.10.10.1 as its default gateway. 
!--- The static ARP entry maps this address to the outside 
!--- router, which it will reach after passing 
!--- through the LD. 


Creating an ARP entry for a pseudo router address using Solaris
"arp -s  10.10.10.1 10-21-22-33-44-55" pub


!--- Configure the server to point to address 
!--- 10.10.10.1 as its default gateway. 
!--- The static ARP entry maps this address to the outside 
!--- router, which it will reach after passing 
!--- through the LD. 


Verify

This section provides information you can use to confirm your configuration is working properly.

Certain show commands are supported by the Output Interpreter Tool (registered customers only) , which allows you to view an analysis of show command output.

  • show config - displays the configuration running on the LocalDirector.

  • netstat -nr - verify the routing entry on the server.

  • arp -a - verify the MAC of the router.

Note: Issuing a ping from the server to the default gateway will not work, as the router does not actually have the IP address configured on its interface.

Troubleshoot

To troubleshoot, initiate a connection from the client to the virtual address.

Related Information

Updated: Jan 31, 2006
Document ID: 22150