[f-nsp] ServerIron XL configuration

David J. Hughes bambi at Hughes.com.au
Mon Feb 21 18:46:14 EST 2005 

Hi

I find running ServerIron's in Layer 3 mode (i.e. routing image) just 
seams to make more sense (to me at least).  Then you simply define a 
vlan interface for the subnet with the reals, a vlan interface for the 
client facing subnet and all just works.  It behaves like a load 
balancing router.  Just point the default route of the real servers at 
the server side ve interface and it's all good.

Something like

----
vlan 1 by port
  untagged ethe 1
  router-interface ve 1

vlan 2 by port
  untagged ethe 2
  router-interface ve 2

interface ve 1
  ip address real-ip.254 255.255.255.0

interface ve 2
  ip address 192.168.101.254 255.255.255.0

server real web1 92.168.101.101
  port 8080

server real web2 192.168.101.102
  port 8080

server virtual www real-ip.75
  port http sticky concurrent
  bind http web1 8080 web2 8080
----


David
...



On 22/02/2005, at 5:17 AM, D Dinh wrote:

> Hi,
>
> This is the current setup of our foundry ServerIron XL
>   (version  07.3.04T12)
> ---------------------------
> server source-ip 192.168.101.1 255.255.255.0 0.0.0.0
> server real web1 192.168.101.101
> port 8080
> server real web2 192.168.101.102
> port 8080
> server virtual www [real-ip.75]
> port http sticky concurrent
> bind http web1 8080 web2 8080
>
> ip address [real-ip.76] 255.255.255.240
> ip default-gateway [real-ip.65]
> ---------------------------
>
> We have no other router beside the foundry.
> - our ServerIron XL is handling SLB as expected
>   however we need one of the server to be able to send out mail
>   This setup obviously not doing any level 3 routing.
> - i tried to redo the setup following the "ip forwarding"
>   from an example of the si-guide book but then the SLB is hosed.
> - I tried configure for static NAT for one real ip to an internal 
> server
>   Supposedly that would not affect SLB, but then I can't seem to
>   ssh from one of the server to another!
>
> Question please:
> - do i need to add a router/firewall?
>   I like the current setup is that the ServerIron XL
>   is hiding all of our servers without a need for a full 
> router/firewall
> - Can anyone point me to a good source of ServerIron examples?
>
> Any help would be greatly appreciated.
>
> John
>
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>

More information about the foundry-nsp mailing list