[f-nsp] multi-subnet basic configuration question

Matthew Lineen matt at tablexi.com
Mon Jan 9 15:19:40 EST 2006


Hi all,

I'm new to the ServerIron XL boxes and was hoping someone could help me 
troubleshoot the following configuration.  I've been looking through the 
archives on this list but couldn't really find the specifics I need.

Basically, we'd like to use a pair of ServerIrons to load balance a a 
pair of lightweight apache reverse proxy boxes (proxy01, proxy02) that 
will be shared across our ~5 clients.  These proxy machines will handle 
SSL, connection buffering, serve static content, and run mod_proxy. 
Additionally, we'd like to use the same ServerIrons to load balance (at 
least) a pair of application servers per client.

Instead of running a NAT device with IPSec, we'd like the application 
servers to also be publicly accessible for management, sending email, 
etc.  The web traffic should be handled on a private network by the 
ServerIrons so we don't eat up too many IPs.

Essentially, I believe the problem I'm having is figuring out which of 
the multinet configurations (virtual router, server source-nat, server 
source-nat-ip, or ip forwarding) to use, and what the configuration 
directives are to make it work.

Any help is much appreciated!  The details of the configuration are below.

Thanks,
Matthew

==========

Each of the servers have 4 interfaces (bge0, bge1, em0, em1):
- bge0 will be connected to a switch, then to a firewall, then to the 
ISP's router
- bge1 will remain unused
- em0 will be connected to the first ServerIron
- em1 will be connected to the second ServerIron

I was planning on using the following IPs with a 10.x.x.x/8 network:

	shared-proxy01-bge0	64.real.ip.19
	shared-proxy01-em0	10.1.client#.11
	shared-proxy01-em1	10.2.client#.11

	shared-proxy02-bge0	64.real.ip.123
	shared-proxy02-em0	10.1.client#.12
	shared-proxy02-em1	10.2.client#.12

	client01-app01-bge0	64.real.ip.149
	client01-app01-em0	10.1.client#.101
	client01-app01-em1	10.2.client#.101

	client01-app02-bge0	64.real.ip.179
	client01-app02-em0	10.1.client#.102
	client01-app02-em1	10.2.client#.102

Port 1 of each load balancer is connected to the ISP's router.

I have been trying to test this setup with the first ServerIron (and 
have been ignoring the SSL configuration):

	hostname lb01
	ip address 64.real.ip.202 255.255.255.0
	ip default-gateway 64.real.ip.1

	vlan 2 name public by port
	untagged ethernet 1 to 2

	vlan 3 name private by port
	untagged ethernet 3 to 23

	vlan 4 name session by port
	untagged ethernet 24
	no spanning-tree

	server real client01-shared-proxy01 10.1.4.11
	port http

	server real client01-shared-proxy02 10.1.4.12
	port http

	server virtual client01 64.real.ip.212
	port http
	bind http client01-proxy01 http
	bind http client01-proxy02 http

	server real client01-app01 10.1.4.101
	port http

	server real client01-app02 10.1.4.102
	port http

	server virtual client01-app 10.1.4.100
	port http
	bind http client01-app01 http
	bind http client01-app02 http




More information about the foundry-nsp mailing list