Link Load Balance A10 Thunder
facevedo
Member ✭
Hi Everyone!
I would like to know, what is the best form to make load balance on my A10 if i have 3 ISP links.
Example
LOCAL NET ---> Inside -- A10 --Outside ----3 ISP links
i understand that is with a Wildcard VS, but i would like be sure of that.
Please if you can help me.
I would like to know, what is the best form to make load balance on my A10 if i have 3 ISP links.
Example
LOCAL NET ---> Inside -- A10 --Outside ----3 ISP links
i understand that is with a Wildcard VS, but i would like be sure of that.
Please if you can help me.
Tagged:
0
Comments
This is correct, you should use a Wildcard VIP to catch the traffic destinated to Internet IPs.
Please find below a "basic" config example working (ACOS 4.x or later)
vlan 150 untagged ethernet 1 router-interface ve 150 name "Inside" ! vlan 500 untagged ethernet 2 router-interface ve 500 name "Outside_ISP_A" ! vlan 501 untagged ethernet 3 router-interface ve 501 name "Outside_ISP_B" ! interface ve 150 ip address 192.168.100.254 ip allow-promiscuous-vip ! interface ve 500 ip address 10.10.0.1 255.255.255.0 ! interface ve 501 ip address 10.10.1.1 255.255.255.0 ! interface ethernet 1 enable ! interface ethernet 2 enable ! interface ethernet 3 enable ! ip nat pool ISP_A 10.10.0.50 10.10.0.50 netmask /24 ! ip nat pool ISP_B 10.10.1.50 10.10.1.50 netmask /24 ! ip nat pool-group NAT_Internet member ISP_A member ISP_B ! slb server ISP_A 10.10.0.254 port 0 tcp health-check-disable port 0 udp health-check-disable ! slb server ISP_B 10.10.1.254 port 0 tcp health-check-disable port 0 udp health-check-disable slb service-group Internet_TCP tcp member ISP_A 0 member ISP_B 0 ! slb service-group Internet_UDP udp member ISP_A 0 member ISP_B 0 ! slb virtual-server VIP 0.0.0.0 port 0 tcp source-nat pool NAT_Internet service-group Internet_TCP use-rcv-hop-for-resp no-dest-nat port 0 udp source-nat pool NAT_Internet service-group Internet_UDP use-rcv-hop-for-resp no-dest-nat port 0 others source-nat pool NAT_Internet service-group Internet_TCP use-rcv-hop-for-resp no-dest-natI have a question, what about the ICMP traffic that is outgoing to my network.
How can i permit that my LAN USER reach something on internit through ICMP....
EXAMPLE
LAN --> A10 --> ISP --> TEST icmp 8.8.8.8
Maybe created another VS Type?
Best Regards!
Fabián A.
You have 3 types of Service configured under the Wildcard VIP : TCP/UDP/Others.
ICMP traffic is managed through Others. With the given configuration, any type of traffic is Load Balanced across the 2 ISPs routers.
Regards,
Yann
EXAMPLE
User goes to internet ---> ISP IP 1 ---> SITE WWW
Sometimes the replys on the websites goes to another IP
There are some recommended form to make this???
BEst Regards!
!
slb template persist source-ip src-ip-persist
timeout 10
!
slb template persist destination-ip LLB-persist-dest
netmask 255.255.255.0
timeout 10
!
slb virtual-server LLB_vip 0.0.0.0
port 0 tcp
name _wildcard_TCP_65535
source-nat pool ISP-NAT-Group
service-group sg_pool-isp1-2-tcp
use-rcv-hop-for-resp
no-dest-nat
ha-conn-mirror
template persist destination-ip LLB-persist-dest
port 0 udp
name _wildcard_UDP_65535
source-nat pool ISP-NAT-Group
service-group sg_pool-isp1-2-udp
use-rcv-hop-for-resp
template udp vpn-ageout
no-dest-nat
template persist source-ip src-ip-persist
port 0 others
name _wildcard_Others_65535
source-nat pool ISP-NAT-Group
service-group sg_pool-isp1-2
use-rcv-hop-for-resp
no-dest-nat
template persist destination-ip LLB-persist-dest
port 21 ftp
name _wildcard_FTP_21
source-nat pool ISP-NAT-Group
service-group ISP1
use-rcv-hop-for-resp
no-dest-nat
ha-conn-mirror
template persist destination-ip LLB-persist-dest
slb virtual-server wildcard-vip 0.0.0.0
port 0 tcp
name _wildcard_v4_TCP_0
source-nat pool outbound-nat-group
service-group outbound-tcp-links
use-rcv-hop-for-resp
template tcp TCP-5
no-dest-nat
template persist destination-ip LLB-persist-dest
port 0 udp
name _wildcard_v4_UDP_0
source-nat pool outbound-nat-group
service-group outbound-udp-links
use-rcv-hop-for-resp use-src-ip-for-dst-persist
no-dest-nat
port 0 others
name _wildcard_v4_Others_0
source-nat pool outbound-nat-group
service-group outbound-tcp-links
use-rcv-hop-for-resp use-src-ip-for-dst-persist
no-dest-nat
I have 3 publics IPs:
example 100.100.100.100, 100.100.100.101 and 100.100.100.102
When i query a site www.example.com
On the session I can see that the Public IP from A10 changes, is like that does not keep the dst-persistence.
Regards!
Using Persistence, means the A10 will forward the traffic through the SAME Gateway depending the persistence type (Per Client SRC IP or per Server DST IP). Persistence does not mean the A10 will always reuse the same SRC-NAT IP (if multiple IP in the same NAT Pool) for outgoing traffic through an ISP.
Can you please share your config for a full review ? Can you please also give more details about the behaviour you are seeing and what you are expecting ?
Thanks
Regards!
Persistency just keep gateway consistency. If you also want to keep same source-nat ip then
you need to add "clientip-sticky-nat" to the outbound virtual services (tcp, udp & others). From CLI guide:
Description Configure client stickiness for outbound NHLD.
Syntax [no] clientip-sticky-nat
Default Disabled
Mode Virtual port
Introduced in Release 2.7.0
Usage Sticky NAT for outbound Next Hop Load Distributor (NHLD) provides a virtual-port option to
ensure the ACOS device always uses the same outbound link for a given client’s traffic. You
can enable it on individual virtual ports.
NOTE: The Sticky NAT option applies only to NHLD. The option does not apply to other
features, such as SLB.
Regards
Regards!!
can you upload your configuration ? i want to see.
thanks