[f-nsp] ServerIron config question - can this be done?
Clifton Royston
cliftonr at lava.net
Wed Jan 22 13:36:41 EST 2003
I am trying to configure a particular load-balancing+failover setup
for a web customer who will be colo'ed with us, and am wondering if
there is a way to do this. I've got 2 original ServerIrons and one
ServerIron XL, I'm planning to put this onto the XL.
I would like the configuration to have the following properties:
1) The ServerIron can determine when any of the real servers is down
(i.e. failover works correctly)
2) The customer web servers do not have to be physically connected
"through" the ServerIron.
3) The original source IP address of the connection is preserved (they
need that for their logging and analysis.)
4) Preferably, the customer servers are in their own address block and
VLAN (Ethernet broadcast domain.)
Is there any way to get all of these at one time?
I know I can achieve 1, 3, and 4 by physically routing their
connection through a ServerIron port dedicated to their VLAN; that's
close to our standard configuration so I'm not showing that here.
That's my fallback solution, but I'd like to be able to do this without
dedicating a port.
I think I could achieve 2, 3, and 4 by defining the servers as
"remote" instead of "real" and configuring DSR, but the documentation
seems to imply that the ServerIrons can't automatically detect a failed
server in that case.
I know I can achieve the combination of properties 1, 2, and 4 by
configuring a tagged VLAN on the main Ethernet link to our main switch
and configuring their servers with source NAT like this; this rewrites
the source IP, but routes everything correctly, distributes load
fairly, detects failed servers, and keeps them in their own VLAN:
server source-ip xx.yy.zz.14 255.255.255.240 xx.yy.zz.1
real server their-server-1 xx.yy.zz.2
source-nat
port http
port http url "HEAD /"
real server their-server-2 xx.yy.zz.3
source-nat
port http
port http url "HEAD /"
server virtual virtual-85 ww.vv.uu.tt
sym-priority 100
port http
bind http their-server-1 their-server-2
Is there any way to get all of what I want - failover detection, not
dedicating a port to put the servers "behind" the ServerIron, source IP
preserved, and keeping them in their own VLAN?
Thanks in advance for any help.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- cliftonr at lava.net
"If you ride fast enough, the Specialist can't catch you."
"What's the Specialist?" Samantha says.
"The Specialist wears a hat," says the babysitter. "The hat makes noises."
She doesn't say anything else.
Kelly Link, _The Specialist's Hat_
More information about the foundry-nsp
mailing list