Cisco has announced the end-of-sale for the Cisco LocalDirector. For more information, refer to the LocalDirector 400 Series End-of-Life and End-of-Sale Notices and Product Bulletins.
This document shows how to configure an alias IP address on the LocalDirector (LD) when you do not have the ability to add a secondary address on the outside router or firewall. The alias IP address was designed to eliminate the need for LocalDirector to go to an inside router in order to get to servers on a different subnet. The alias IP address does not eliminate the need for these servers to have a route back to the public network.
This can be achieved by the addition of a secondary address on the router that is on the same private subnet as the servers. This is not a solution to use when you can not add a secondary address to the router interface.
This document provides a configuration of the servers with a route containing a pseudo IP address for the outside router. There is no concern that this is not the router's real address, since the packets are routed via the MAC address of the router, not the IP address. When the packet leaves the server, the destination is the client's IP address and the MAC address of the next hop.
For more information on document conventions, see the Cisco Technical Tips Conventions.
There are no specific prerequisites for this document.
The information in this document is based on the software and hardware versions below.
LocalDirector 416 in a lab environment with cleared configurations.
LocalDirector software version 4.2.1
The information presented in this document was created from devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If you are working in a live network, ensure that you understand the potential impact of any command before using it.
In this section, you are presented with the information to configure the features described in this document.
This document uses the network setup shown in the diagram below.
This document uses the configurations shown below.
implementing private networks using the alias ip command when a secondary address can not be added to a router or firewall interface
creating an Address Resolution Protocol (ARP) entry for a pseudo router address using Windows 2000
Creating an ARP entry for a pseudo router address using Solaris
|Implementing Private Networks|
!--- Configure LD with an IP address on the public network. ip address 192.168.1.253 255.255.255.0 !--- Configure LD with an alias IP address on the private network. alias ip address 10.10.10.253 255.255.255.0 !--- Configure a virtual server with a public address for inbound connections. virtual 192.168.1.100:80:0:tcp is !--- Configure port-specific real servers on a private network. real 10.10.10.193:80:0:tcp is real 10.10.10.192:80:0:tcp is !--- Bind the virtual servers to the real servers. bind 192.168.1.100:80:0:tcp 10.10.10.193:80:0:tcp bind 192.168.1.100:80:0:tcp 10:10:10:192:80:0:tcp
The inbound request passes from the outside router, and is forwarded to the real server. At this point, there is no router on the private subnet, so the server can not reply. It is important to understand that the router would not have to actually be configured with an IP address on the private subnet, as routed traffic contains only the MAC address of the router, not its IP address.
The servers on the private network need to be convinced that they actually can connect to a router on that network. This can be accomplished by creating static ARP entries. Rather than having the inside server ARP for the router's MAC address, it is preconfigured as a static entry in the ARP table.
|Creating an ARP entry for a pseudo router address using Windows 2000|
!--- Create a text file with the ARP entry !--- for the router's pseudo IP address. !--- Assume the router's real MAC address !--- is 10-21-22-33-44-55. "arp -s 10.10.10.1 10-21-22-33-44-55" !--- Configure the Windows 2000 machine so that !--- the text file is executed at start time. !--- From the Start menu, select Settings. !--- From the Settings menu, select Taskbar & Start menu. !--- From the Taskbar & Start menu, select Advanced. !--- From the Advanced menu, select Add . !--- Enter the location of the batch file, or browse to find it. !--- Select the Startup folder -> Finish. !--- When the system is rebooted, the ARP entry will !--- be statically created. !--- To immediately add the ARP entry, issue the !--- arp -s command from the command prompt. !--- Configure the server to point to address !--- 10.10.10.1 as its default gateway. !--- The static ARP entry maps this address to the outside !--- router, which it will reach after passing !--- through the LD.
|Creating an ARP entry for a pseudo router address using Solaris|
"arp -s 10.10.10.1 10-21-22-33-44-55" pub !--- Configure the server to point to address !--- 10.10.10.1 as its default gateway. !--- The static ARP entry maps this address to the outside !--- router, which it will reach after passing !--- through the LD.
This section provides information you can use to confirm your configuration is working properly.
show config - displays the configuration running on the LocalDirector.
netstat -nr - verify the routing entry on the server.
arp -a - verify the MAC of the router.
Note: Issuing a ping from the server to the default gateway will not work, as the router does not actually have the IP address configured on its interface.
To troubleshoot, initiate a connection from the client to the virtual address.
The Cisco Support Community is a forum for you to ask and answer questions, share suggestions, and collaborate with your peers.
Refer to Cisco Technical Tips Conventions for information on conventions used in this document.