[f-nsp] Problem with NAT Foundry Server Iron XL

Jamie Dahl jamied at meatball.net
Tue Aug 8 18:06:52 EDT 2006 

Y are you using a server iron as a NAT box?  unless you're doing some sort
of load balancing as well w/ the hosts being Nat'd.

I'd say you'd do better just getting some old P3/4/ amd k6/7 and
installing Free BSD using ipfw or install linux and use iptables.

it's a lot cheaper, and a lot faster/better for internet gateway nat.

IF you're doing load balancing and the hosts behind are on private nets
then you can confiure source-nat on the reals and accomplish what you need
as well.  It really just depends on what you're trying to accomplish, but
as much as I love the SI platform, I would not recommend using it for
anything other then Server Load Balancing.



On Mon, August 7, 2006 21:12, Ramón Alvarez Rayo wrote:
> Hello,
>
> I made some changes in my topology to avoid some equipments, actually I
> have
> the server iron connected directly to my Internet gateway. In order to
> troubleshoot the nat configuration but I found the mac-address on my
> outside
> interface is:
>
> telnet at NAT_CENTRAL#show int eth 16
> FastEthernet16 is up
>   Hardware is FastEthernet, address is 0004.8065.3b84 (bia 0004.8065.3b84)
>
> But in the network it registered with another mac-addres,
>
> Internet  200.62.80.2             0   0204.8065.3b75  ARPA
> FastEthernet0/1
>
> And i want to known if this is normal, because i look for this layer 2
> address on every interface but i didn't find. Is it the cause of the delay
> on nat Translations ?
>
>
>
>
> -----Mensaje original-----
> De: Tom Samplonius [mailto:tom at uniserve.com]
> Enviado el: Lunes, 07 de Agosto de 2006 12:14 p.m.
> Para: Ramón Alvarez Rayo
> CC: 'Ryan DeBerry'; foundry-nsp at puck.nether.net
> Asunto: Re: [f-nsp] Problem with NAT Foundry Server Iron XL
>
>
> Ramon,
>
>    I find that the XLs are not very tolerant of misconfigurations, and
> when
> there
> are problems, they just perform inconsistantly like this, rather than
> logging
> any errors.  So I would look for any duplicate IPs, or duplex mismatches,
> plus
> any errors on the XL ports, plus any switches/routers that the XL is
> connected
> to.
>
>
> Tom
>
>
> On Mon, 7 Aug 2006, [iso-8859-1] Ramsn Alvarez Rayo wrote:
>
>> Yes, the cisco 3845 has to much cpu use and memory. Now with the server
> iron
>> xl why is this variable performance? The entire session is slow and the
>> after finished and wait 10 minutes I start a new one and this is very
> fast?
>>
>>
>>
>>  _____
>>
>> De: Ryan DeBerry [mailto:rdeberry at gmail.com]
>> Enviado el: Lunes, 07 de Agosto de 2006 12:00 p.m.
>> Para: Ramsn Alvarez Rayo
>> CC: foundry-nsp at puck.nether.net
>> Asunto: Re: [f-nsp] Problem with NAT Foundry Server Iron XL
>>
>>
>>
>> The Server Iron is purpose built for SLB or Server Load Balancing.  Are
> you
>> replacing this due to performance issues?
>>
>> On 8/7/06, Ramsn Alvarez Rayo < ramon.alvarez at alfanumeric.com.ni> wrote:
>>
>> We recently received a Server Iron Switch (16 10/100 + 2 Geth), i
> configured
>> this switch to do NAT for our networks, but we are experimenting service
>> instablility when we use as gateway the Server iron, some times is very
> show
>> and then few moments later is very fast. We want to replace a Cisco 3845
>> that is doing NAT translation with this equipment but we can't move to
>> production this equipment.
>>
>>
>>
>> The Software version is 07.5.00T12, and the config related to nat is the
>> following, actually we have only nat in this equipment.  I tried to
>> setup
>> the timeout for nat session and we don't get any changes.
>>
>>
>>
>> What could be cause this issue ?
>>
>>
>>
>> vlan 200 name RED_PUBLICA by port
>>
>> untagged ethe 16
>>
>>  router-interface ve 1
>>
>> !
>>
>> vlan 199 name RED_PRIVADA by port
>>
>> untagged ethe 15
>>
>>  router-interface ve 2
>>
>> !
>>
>> ip nat inside
>>
>> ip nat inside source list 10 pool NAT1 overload
>>
>> ip nat pool NAT1 200.62.80.3 200.62.80.4 prefix-len 29
>>
>> ip default-gateway 200.62.80.1
>>
>> ip dns domain-name alfanumeric.com.ni
>>
>> ip dns server-address 200.62.65.1
>>
>>
>>
>> interface e 15
>>
>> speed-duplex 100-full
>>
>> !
>>
>> interface e 16
>>
>> speed-duplex 100-full
>>
>> !
>>
>>
>>
>> interface ve 1
>>
>> ip address 200.62.80.2 255.255.255.248
>>
>> !
>>
>> interface ve 2
>>
>> ip address 192.168.4.254 255.255.255.0
>>
>> !
>>
>>
>>
>> access-list 10 permit 192.168.4.0 0.0.0.255
>>
>> !
>>
>>
>> _______________________________________________
>> foundry-nsp mailing list
>> foundry-nsp at puck.nether.net
>> http://puck.nether.net/mailman/listinfo/foundry-nsp
>>
>>
>>
>>
>>
>>
>
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>


-- 
Jamie Dahl

"Thousands of tired, nerve-shaken, over-civilized people are beginning to
find out that going to the mountains is going home; that wilderness is a
necessity; and that mountain parks and reservations are useful not only as
fountains of timber and irrigating rivers, but as fountains of life."
--John Muir

More information about the foundry-nsp mailing list