[f-nsp] Serveriron XL uplink to switch

Cliff Fogle Cliff at kodakgallery.com
Wed Feb 1 12:55:23 EST 2006 

Classic problem of two arm load balancing.

Your real servers are responding directly to each other.  It goes like
this:

Assuming rs1 and rs2 are members of vip1 on your load balancer.


Rs1 192.168.0.5 sends a request to VIP1 10.0.0.100.  The load balancer
decides to use rs2 192.168.0.6 and forwards the request by translating
the destination IP of the request to the ip of rs2 192.168.0.6.

So we now have a packet sourced from 192.168.0.5 and a destined for
192.168.0.6.  The problem at this point should be obvious right about
now.  Rs1 is expecting a response from vip1, but instead gets one from
rs2, which it would immediately drop.

Since you are using an XL and probably don't have layer 3 code you will
need to use source-nat for the above scenario it would be configured
like so:

(This first line may or may not be necessary, depends on your config)

server source-ip 192.168.0.2 255.255.255.0 192.168.02

server real rs1 192.168.0.5
 port http
 <whatever other config you may have>
 source-nat

server real rs2 192.168.0.6
 port http
 <whatever other config you may have>
 source-nat

No additional config should be needed.  At this point the serveriron
will translate ALL inbound requests to appear as if they are sourced
from 192.168.0.2 (The server source-ip from above.)

There are some other mandatory settings depending on your config.  You
can email me off list if you please.

-----Original Message-----
From: foundry-nsp-bounces at puck.nether.net
[mailto:foundry-nsp-bounces at puck.nether.net] On Behalf Of Joel Fin
Sent: Tuesday, January 31, 2006 7:54 PM
To: foundry-nsp at puck.nether.net
Subject: [f-nsp] Serveriron XL uplink to switch

Hello,

I just added a virtual server (jp-vip), and a couple of real servers to
out SI, however we were out of ports on the SI so I attached a
non-managed Dell Gb switch to one of the ports (e13) on the SI.
Everything thing seemed to work at first. I can get to the site from
outside, and all real server directly connected to the SI can connect to
jp-vip without any problem.  However I'm unable to connect to jp-vip
from any of the real servers connected to the Dell switch. The real
servers on the dell switch can connect to any of the other VIPs on the
SI. All real servers, and VIPs are on the same subnet.

I'm pretty new to SLB, and networking in general and would appreciate
any suggestions. I feel there must be a pretty simple solution to this
that I'm missing.

thanks,
-joel


_______________________________________________
foundry-nsp mailing list
foundry-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp

More information about the foundry-nsp mailing list