Scenario:

NetIQ docs state that if you are load balancing your IDS/AG stuff, that
the IDS and AG cluster server members need to be on separate
switches/networks so that the two cluster sets cannot talk directly to
each other.

The issue is that we are consolidating all our physical machines into a
set of VMware hosts on an HP FlexFabric chassis, so as a result, there's
only one physical cable where the VLAN's reside.

Further, our existing IDS/AG servers are on the same VLANs (just
currently on different switches). Creating like 8 new VLANs for all our
cluster servers is not an option.

I'll use just one setup as an example:

idp1.abc.com = 192.168.1.11
idp2.abc.com = 192.168.1.12

ag1.abc.com = 192.168.1.21
ag2.abc.com = 192.168.1.22

The Cisco CSS (load balancer) VIPS corresond to the DNS entries:

idp.abc.com = 192.168.1.10 (VIP on the CSS for the IDS servers)
ag.abc.com = 192.168.1.20 ( VIP on the CSS For the AG cluster servers)

Now, I was told by 2 people that you could use ARP table overrides in
the SLES OS so that you no longer needed to use separate physical
switches/networks anymore?

While this may be an OS/networking question, I figured I'd ask here
since it's kinda NAM specific.

??


--
kjhurni
------------------------------------------------------------------------
kjhurni's Profile: https://forums.netiq.com/member.php?userid=322
View this thread: https://forums.netiq.com/showthread.php?t=52389