RE: ICMP Flood

• From: "John C. Shepard" <jshepard@xxxxxxxxxxx>
• To: <isalist@xxxxxxxxxxxxx>
• Date: Wed, 7 Nov 2001 15:25:10 -0800

Robert, I had similar problem when I tried the same setup using a single
NIC per machine for NLB. After I installed another NIC for NLB
communication everything cleared out. Configuration was a lot easier and
cleaner that way. With a separate NIC for NLB you no longer need
Multicast support... Of course that means 3 NICs per box (if you don't
have a DMZ), small price in my opinion.
 
John Shepard
Network Administrator
atinera
 
 
-----Original Message-----
From: Weiss, Robert [mailto:WeissR@xxxxxxxxxx]
Sent: Wednesday, November 07, 2001 2:40 PM
To: [ISAserver.org Discussion List]
Cc: [ISAserver.org Discussion List]
Subject: [isalist] RE: ICMP Flood
 
http://www.ISAserver.org
John,
I should have mentioned that in my post.  I am using the Load Balancing
on the internal interface only.  The IP configuration for my server is
as follows:
External Interface
IP Address              207.254.161.xxx/27
Default Gateway         207.254.161.yyy - Router
Internal Interface
IP Address              172.24.1.160/16
                        172.24.1.158/16 - Cluster Address
Default Gateway Not set as per Microsoft documentation
Robert Weiss
Manager, Network and Academic Systems
Philadelphia University
Office of Information Technology
215-951-2689
http://www.PhilaU.edu/OIT <http://www.PhilaU.edu/OIT> 
-----Original Message-----
From: John C. Shepard [ mailto:jshepard@xxxxxxxxxxx
<mailto:jshepard@xxxxxxxxxxx> ]
Sent: Wednesday, November 07, 2001 5:34 PM
To: [ISAserver.org Discussion List]; weissr@xxxxxxxxxx
Subject: RE: ICMP Flood
Robert, are you Load Balancing the internal interface?
John Shepard
Network Administrator
atinera
 
                 -----Original Message-----
                From:   Weiss, Robert [ mailto:WeissR@xxxxxxxxxx
<mailto:WeissR@xxxxxxxxxx> ] 
                Sent:   Wednesday, November 07, 2001 2:29 PM
                To:     [ISAserver.org Discussion List]
                Subject:        ICMP Flood
                Importance:     High
                We are having a strange problem with our ISA Servers.
We currently have three stand-alone servers running in integrated mode
using Network Load Balancing to create an ISA "cluster".  When ever we
try to add a fourth server to the cluster, our network is overrun with
ICMP floods.
                What I see when I "sniff" my network is thousands of
"Destination Host Unreachable" packets with the IP address of my
DNS/WINS/DHCP Servers to the IP address of my ISA Servers.
                If I can't get Network Load Balancing to work, we will
need to go back to Round Robin DNS, unless someone else has a good load
balancing solution.
                Please reply directly back to weissr@xxxxxxxxxx
< mailto:weissr@xxxxxxxxxx <mailto:weissr@xxxxxxxxxx> >  as well as
posting to the list if possible.
                Thank you,
                Robert Weiss
                Manager, Network and Academic Systems
                Philadelphia University
                Office of Information Technology
                215-951-2689
                http://www.PhilaU.edu/OIT <http://www.PhilaU.edu/OIT> 
                
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
john@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

• » ICMP Flood
• » RE: ICMP Flood
• » ICMP Flood
• » RE: ICMP Flood

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page
• » View list details
• » Manage your subscription