1. DNS based Global Server Load Balancing
2. BGP Host Route Injection

The most common and one most common method would be the 1^st one which is DNS based Global Server Load Balancing. GSLB directs DNS requests to the best-performing GSLB site in a distributed Internet environment and enables distribution of traffic across multiple sites, manages disaster recovery, and ensures that applications are consistently accessible. When a client sends a DNS request, the system determines the best-performing site and returns its IP to the client.  Following features are some of features available in this load balancing technique.

• Directs client requests to the geographically closest GSLB site (geographic and network proximity-based traffic redirection)
• Directs client requests to surviving data centers when an outage occurs
• Directs client requests to alternate data centers, when a pre-defined traffic load limit is reached
• Directs client requests to be distributed among multiple data centers

According to above features, load balancing requirements, which users can be directed based on the users network address and failover between sites can be achieved.

Sample Example is shown below. In this case simple failover and load balancing is demonstrated. To achieve more features like route traffic according to source network address, device would be configured with features such as proximity-based traffic redirection and so on.

Fig 01: Example of two sites and users connecting via Internet

Site A in has a virtual IP address (VIP) of 1.1.1.1, and Site B has a VIP of 2.2.2.2. A GSLB device is acting as the authoritative name server for www.mydomain.net. Upon a DNS query for www.mydomain.net, the job of the GSLB is to determine whether to return the IP address 1.1.1.1 or 2.2.2.2.

1.     The stub resolver (a software program running on the client computer) makes a request to the assigned local DNS server.

2.    The client’s DNS server performs an iterative resolution on behalf of the client, querying the root name servers and eventually ending up at the authoritative name server for www.mydomain.net. In this case the GSLB device is that authoritative name server.

3.      The GSLB device performs some sort of communications with devices at each site, gathering information such as site health, number of connections, and response time.

4.      Using the information gathered the GSLB device makes a determination as to the preferred site, and returns the answer to the client’s DNS server. The answer is either IP address 1.1.1.1 or IP address 2.2.2.2.

5.      The DNS answer is returned to the client’s stub resolver.

6. After DNS resolution is complete, the client makes a TCP connection to the preferred site.

Password:

Password:

% Bad secrets

Check the config register value

Router>show version

………………………………………………………..

Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory.

Processor board ID FTX0947Z18E

M860 processor: part number 0, mask 49

2 FastEthernet/IEEE 802.3 interface(s)

191K bytes of NVRAM.

31360K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0×2102

Then we need go to the Rom monitor mode. For that we can use several key sequences like Ctrl+BackSpace+Break while router is rebooted.

System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1)

Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory.

Self decompressing the image :

###############

monitor: command “boot” aborted due to user interrupt

We need to assign the config register value as 0×2142 where router will ignore the contents of NVRAM during the boot process.

rommon 1 > confreg 2142

rommon 2 > reset

Router>en

Router#show version

………………………………………………………..

Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory.

Processor board ID FTX0947Z18E

M860 processor: part number 0, mask 49

2 FastEthernet/IEEE 802.3 interface(s)

191K bytes of NVRAM.

31360K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0×2142

Router(config)#enable secret 12345

Router(config)#config-register 2102

Router(config)#^Z

%SYS-5-CONFIG_I: Configured from console by console

Router#show version

………………………………………………………..

Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory.

Processor board ID FTX0947Z18E

M860 processor: part number 0, mask 49

2 FastEthernet/IEEE 802.3 interface(s)

191K bytes of NVRAM.

31360K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0×2142 (will be 0×2102 at next reload)

Reboot the route after that.

………………………………………………………..

%LINK-5-CHANGED: Interface Vlan1, changed state to administratively down

Press RETURN to get started!

Router>en

Password:

Router#

We are good to go with new password.

Router#show version

………………………………………………………..

Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory.

Processor board ID FTX0947Z18E

M860 processor: part number 0, mask 49

2 FastEthernet/IEEE 802.3 interface(s)

191K bytes of NVRAM.

31360K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0×2102

According to the above picture we have 2 leased lines between 2 routers. Configurations of achieving failover between those two lines are shown below. Here are the IP addresses of interfaces.

Router 1:

R1#show ip interface brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 172.18.20.251 YES manual up up

Serial1/0 10.0.0.1 YES manual up up

Serial1/1 10.0.0.5 YES manual up up

Router 2:

R2#show ip interface brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 192.168.0.1 YES manual up up

Serial1/0 10.0.0.2 YES manual up up

Serial1/1 10.0.0.6 YES manual up up

Then we are going to configure static routes of both routers.

Router 1:

R1(config)#ip route 192.168.0.0 255.255.255.0 10.0.0.2

R1(config)#ip route 192.168.0.0 255.255.255.0 10.0.0.6

R1#show ip route

Gateway of last resort is not set

172.18.0.0/24 is subnetted, 1 subnets

C 172.18.20.0 is directly connected, FastEthernet0/0

10.0.0.0/30 is subnetted, 2 subnets

C 10.0.0.0 is directly connected, Serial1/0

C 10.0.0.4 is directly connected, Serial1/1

S 192.168.0.0/24 [1/0] via 10.0.0.6

[1/0] via 10.0.0.2

Router 2:

R2(config)#ip route 172.18.20.0 255.255.255.0 10.0.0.1

R2(config)#ip route 172.18.20.0 255.255.255.0 10.0.0.5

R2#show ip route

172.18.0.0/24 is subnetted, 1 subnets

S 172.18.20.0 [1/0] via 10.0.0.5

[1/0] via 10.0.0.1

10.0.0.0/30 is subnetted, 2 subnets

C 10.0.0.0 is directly connected, Serial1/0

C 10.0.0.4 is directly connected, Serial1/1

C 192.168.0.0/24 is directly connected, FastEthernet0/0

According to the routing tables you can identify that to access 192.168.0.0/24 and 172.18.0.0/24 networks we have 2 paths.

S 192.168.0.0/24 [1/0] via 10.0.0.6 S 172.18.20.0 [1/0] via 10.0.0.5

[1/0] via 10.0.0.2 [1/0] via 10.0.0.1

Then we will simulate the failover mechanism.

I will do a repeat ping from R1 to R2 Ethernet interface and I will enable icmp packet capture in R2 router to identify the packets coming to the R2.

R1#ping 192.168.0.1 repeat 1000000000

Type escape sequence to abort.

Sending 1000000000, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

R2#debug ip icmp

ICMP packet debugging is on

*Jan 14 12:53:02.087: ICMP: echo reply sent, src 192.168.0.1, dst 10.0.0.1

*Jan 14 12:53:02.399: ICMP: echo reply sent, src 192.168.0.1, dst 10.0.0.1

*Jan 14 12:53:02.495: ICMP: echo reply sent, src 192.168.0.1, dst 10.0.0.1

*Jan 14 12:53:02.591: ICMP: echo reply sent, src 192.168.0.1, dst 10.0.0.1

*Jan 14 12:53:03.275: ICMP: echo reply sent, src 192.168.0.1, dst 10.0.0.1

As you can see now traffic is coming via 10.0.0.1 that is via line 1. Now I’m going to disable line 1 and let’s see the results in R1 and R2.

R2(config)#int s1/0

R2(config-if)#shutdown

Let’s see what will happen to the ping after line1 is disabled.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!……………

*Jan 14 13:05:09.899: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0,

changed state to down.!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

R2 Output:

*Jan 14 13:02:06.015: ICMP: echo reply sent, src 192.168.0.1, dst 10.0.0.1

*Jan 14 13:02:06.159: ICMP: echo reply sent, src 192.168.0.1, dst 10.0.0.1

*Jan 14 13:02:07.191: ICMP: echo reply sent, src 192.168.0.1, dst 10.0.0.1

*Jan 14 13:02:08.779: ICMP: echo reply sent, src 192.168.0.1, dst 10.0.0.1

*Jan 14 13:02:11.103: ICMP: echo reply sent, src 192.168.0.1, dst 10.0.0.1

*Jan 14 13:02:15.735: ICMP: echo reply sent, src 192.168.0.1, dst 10.0.0.5

*Jan 14 13:02:15.879: ICMP: echo reply sent, src 192.168.0.1, dst 10.0.0.5

*Jan 14 13:02:16.023: ICMP: echo reply sent, src 192.168.0.1, dst 10.0.0.5

*Jan 14 13:02:16.095: ICMP: echo reply sent, src 192.168.0.1, dst 10.0.0.5

*Jan 14 13:02:16.167: ICMP: echo reply sent, src 192.168.0.1, dst 10.0.0.5

As you can see above ping in R1 gets interrupted for a while due to the shutdown of line 1 and it starts again after a while and you can clearly identify the difference from the R2 output. Source changes from 10.0.0.1 to 10.0.0.5. That means traffic is transferred to the line2 as line1 was disabled.

This scenario can be used in any number of lines. It is very simple and easy to trouble shoot.

Here again we are going to discuss about another importanat topic in networking. We have mainly 3 types of NATTING. They are Static ,Dynamic and NAT overloading usually known as PAT. I will give you some basic examples why we need this concept. Let’s say that you have one public IP given by the ISP and you need to connect 20 PCs to the internet. There you can use this technique. Another example is you have a PC with IP 172.16.5.1 and you need to connect one of your application in that machine to another server in another network.But that netwoks firewall allowes only source IP 10.10.10.1 only to access that server. In that case you can NAT IP 172.16.5.1 in to 10.10.10.1 where you can access that server now.

Let’s define NAT terms:
• Inside local address – The IP address assigned to a host on the inside network. The address is usually not an IP address assigned by the Internet Network Information Center (InterNIC) or service provider. This address is likely to be an RFC 1918 private address.
• Inside global address – A legitimate IP address assigned by the InterNIC or service provider that represents one or more inside local IP addresses to the outside world.
• Outside local address – The IP address of an outside host as it is known to the hosts on the inside network.
• Outside global address – The IP address assigned to a host on the outside network. The owner of the host assigns this address.

Let’s configure a static NAT between the private IP 10.6.1.2 & the public 171.69.68.10

Router(config)#ip nat inside source static 10.6.1.2 171.69.68.10
Router(config)#int e0
Router(config-if)#ip nat inside
Router(config-if)#int e1
Router(config-if)#ip nat outside

To configure dynamic inside source address translation an access list must permit only those addresses that are to be translated. Remember that there is an implicit “deny all” at the end of each access list.

Now lets NAT 2 PCs 10.1.1.1 and 10.1.1.2 in to public IP 194.16.10.1.If you have many public IPs you can use all in the pool as I used only one here.
Router(config)#ip nat pool Ravindu 194.16.10.1 194.16.10.1 netmask 255.255.255
Router(config)#access-list 7 permit 10.1.1.0 0.0.0.3
Router(config)#ip nat inside sourse list 7 pool Ravindu
Router(config)#int e0
Router(config-if)#ip nat inside
Router(config-if)#int s0
Router(config-if)#ip nat outside

--Hope this has been useful for you and thank you for veiwing–

According to the diagram fastethernet0/1 and fastethernet0/24 of switch 0 and fastethernet0/1 of switch 1 are trunk ports as every VLAN traffic goes through that ports.

Then fastethernet0/2 and fastethernet0/3 of Switch 0 and fastethernet0/2 and fastethernet0/3 of switch 1 are access links as they are conneted to particular VLANs.

Then here we have two switches. So we have to define Vlan Trunking Protocol to send VLAN information of one switch to other. There both switches should be in the same VTP domain and one Shoul be VTP Server.

When we create VLANs first we need to create and then we need to name the VLAN.

Now lets consider the step by step configurations.

Switch 0:

interface FastEthernet0/1

switchport mode trunk

interface FastEthernet0/24

switchport mode trunk

Switch 1:

interface FastEthernet0/1

switchport mode trunk

Trunking is done. Next we define the Vlan Trunking Protocol(VTP).

Switch 0:

vtp mode server

vtp domain MYVLAN

Switch 1:

vtp mode client

vtp domain MYVLAN

Now we will create VLANs.As we define VTP we need to do this in server switch only.

Switch 0:

vlan 2

name VLAN2

vlan 3

name VLAN3

Then we have to assign particular switch port to the appropriate VLAN.

Switch 0:

int fa0/2

switchport access vlan 2

int fa0/3

switchport access vlan 3

Switch 1:

int fa0/2

switchport access vlan 3

int fa0/3

switchport access vlan 2

Now everything is done. We can confirm it as shown below.

Switch#show vtp status
VTP Version                     : 2
Configuration Revision          : 4
Maximum VLANs supported locally : 64
Number of existing VLANs        : 7
VTP Operating Mode              : Server
VTP Domain Name                 : MYVLAN
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0×44 0xD9 0×26 0×26 0xB2 0×45 0xC0 0xBF
Configuration last modified by 0.0.0.0 at 3-1-93 00:30:27
Local updater ID is 0.0.0.0 (no valid interface found)

Switch#show vlan brief

VLAN Name                             Status    Ports
—- ——————————– ——— ——————————-
1    default                          active    Fa0/4, Fa0/5, Fa0/6, Fa0/7
Fa0/8, Fa0/9, Fa0/10, Fa0/11
Fa0/12, Fa0/13, Fa0/14, Fa0/15
Fa0/16, Fa0/17, Fa0/18, Fa0/19
Fa0/20, Fa0/21, Fa0/22, Fa0/23
2    VLAN2                           active    Fa0/2
3    VLAN3                           active    Fa0/3
1002 fddi-default               active
1003 token-ring-default    active
1004 fddinet-default           active
1005 trnet-default               active

Yo! man you are done with VLANs. Have fun

As the first step of configuring a small VPN you can connect two routers as shown in the diagram which is called Back-to-back connection and connect two switches to two Routers and you can connect your PCs to the both switches. As you all know Router a Layer 3 device seperates the broadcast domain. So you have to assign two different network addresses to the both sides.Now lets see the configuration. Since this is your first step we are not going to do any configuration to the switches as we don’t consider any VLAN or other advance options at the moment. In this topic we mainly consider about the router configurations. Here we go…

Router 0:

interface FastEthernet0/0

ip address 192.168.10.254 255.255.255.0

no shut

interface Serial2/0

ip address 10.0.0.1 255.255.255.0

no shut

ip route 192.168.11.0 255.255.255.0 10.0.0.2

copy run start

Router 1:

interface FastEthernet0/0

ip address 192.168.11.254 255.255.255.0

no shut

interface Serial2/0

ip address 10.0.0.2 255.255.255.0

clock rate 64000

ip route 192.168.10.0 255.255.255.0 10.0.0.1

copy run start

Since we use back to back configuration we need to provide the clocking to the DCE interface of the router using clock rate command which you do not need to do in reality as your CSU/DSU provide clocking there.

Then you will have to configure the IPs of the PCs according to the network addresses that we used in router ethernet interfaces and defaulte gateways of that PC should be the IP of the ethernet interface of that router. Here I have shown you only the basic configurations only. Other than this the usual configurations sucha as assignig passwords and descriptions and so on to be done.

Then you need to make sure whether everything is done correctly. Here we do that.

Router#sh ip int brief

Interface                IP-Address           OK? Method Status                Protocol
FastEthernet0/0     192.168.11.254   YES manual up                       up
Serial2/0                10.0.0.2               YES manual up                       up

Router#sh ip route

10.0.0.0/24 is subnetted, 1 subnets
C       10.0.0.0 is directly connected, Serial2/0
S    192.168.10.0/24 [1/0] via 10.0.0.1
C    192.168.11.0/24 is directly connected, FastEthernet0/0

As you can see assigning IP  and configuration of routing are done. Since we have limited number of networks here we don’t use any routing protocol to configure routing. We will see them later.

Ok then you are done. Try to ping from one side PC to other side PC. You can do it now as we do not block pings here. We will talk about how to block things such as ping and how to firewall the network later.So you can ping right?Have fun.

–Thank you for reading & hope you have got something–

–do not complain if you already know because I can’t help for that–

]]> http://ravinducj.wordpress.com/2008/08/29/designofsimplevpn/feed/ 0 ravinducj http://ravinducj.wordpress.com/2008/08/29/redhatinstallationdeployments/ http://ravinducj.wordpress.com/2008/08/29/redhatinstallationdeployments/#comments Fri, 29 Aug 2008 08:20:52 +0000 Ravindu Jayalath http://ravinducj.wordpress.com/?p=4 ]]> When we talk about open source specially about the Linux OS,the installation and deployments are  very  important.Proper installation is highly require to maintain an efficient network.Here are some basic steps to follow out the installation.

=>Choose Language-English

=>Keyboard Type-US

<Use prefered installation method>

Disk partitioning layout-Create custom layout(Important)

Disk Partitioning tables

/boot  –fstype ext3 –size=100MB -as primary

Volume Group vg00 (LVMv2)

swap  –size=8GB(usually 1.5 times RAM)

/        –fstype ext3 -size=4GB

/var   –fstype ext3 -size=3GB

/usr        –fstype ext3 -size=10GB

/tmp        –fstype ext3 -size=2GB

/home        –fstype ext3 -size=80GB

Keep rest of the disk space as spare in Volume Group

Use Default GRUB boot loader

No boot loader(GRUB)password-Assuming high physical security

Network

Use static IPv4 and gateway,DNS accordingly

Select Time Zone(for servers better GMT)

Software Installation(As u preffer-do not need much to a server)

Firewall – Disabled

SELinux – Disabled

Make sure ssh is enabled.

–Thank you for reading & hope you have got something–