[f-nsp] Configuring default real server for non HTTP traffic?

Bjørn Mork bjorn at mork.no
Fri Dec 2 06:48:00 EST 2005


"Zurek, Patrick" <pzurek at uillinois.edu> writes:

> I'm trying to share a particular IP address between our main
> application server and our VIP.  Basically, I would like all
> requests to port 80 on ishare.illinois.edu (for example) to be
> distributed amongst the real web servers, like it currently is.
> Otherwise, all other traffic should to default to the application
> server, or at least the particular ports I'm interested in.  This
> can probably be done with FreeBSD & pf but I'm trying to use
> resources already in place.

You could probably do this with a transparent vip.  It's simple in
theory.  The idea is to use a layer 4 policy to just redirect tcp/80
from the vip address to the real servers, letting other traffic
destined for this address through to some other port (i.e. your
appserver): 
 
(config)# server transparent-vip
(config)# ip policy 1 cache tcp 80 local

(config)# server virtual eisweb 128.174.93.40
(config)#  transparent-vip
(config)#  ...

and then for each port connected to clients:

(config)# int e 1
(config)#  ip policy 1

I haven't tried it though...

ref http://www.foundrynet.com/services/documentation/sixl/slb.html#66179


> The best I can come up with so far is to define the application
> server as a real server and bind all the ports I want forwarded to
> the app server on the VIP.

binding to the default port, as Mike suggested, should also let you do
this without having to specify all the individual ports.


Bjørn




More information about the foundry-nsp mailing list