[f-nsp] SI GT - SLB with Router Image?

Paul Raj Khangure foundry-nsp at digitaljunkie.net
Mon Jul 10 11:24:03 EDT 2006 

G'day all,

I'm trying to get a SI GT with the router image on it to function as an SLB.

The router image is  due to needing the "advertise-vip-route" command
(it advertises the VIP IP via dynamic routing protocol if health checks
have the VIP as up) which isn't available on the switching image.

I'd prefer the SLB to work in DSR mode, but I currently can't get the
SLB function working at all in any mode with the router image!

The SLB can see the real server, it's doing health checks (to the
dummy address on the SMT Port), and marking the real as active. It then
advertises the Virtual via OSPF, as desired. I can telnet to the real
server on port 25 from the SLB and it responds with the SMTP prompts.

I can ping the Virtual IP fine from externally when it's advertised via
OSPF, but if I try and telnet to the virtual IP on the SMTP port, I dont
see anything at all in a tcpdump on the real server.

The stats on the SLB don't show any connection attempts to that real
either:

telnet at ica-grafton-slb1#sh serv real mail1
Real Servers Info
========================
State(St) - ACT:active, ENB:enabled, FAL:failed, TST:test, DIS:disabled,
            UNK:unknown, UNB:unbind, AWU:await-unbind, AWD:await-delete

Name: mail1                  State: Active       Cost: 0  IP:10.200.41.1:   1
Mac: 0014.5e31.59e6          Weight: 0                  MaxConn: 1000000
SrcNAT: not-cfg, not-op      DstNAT: not-cfg, not-op    Serv-Rsts: 0
tcp conn rate:udp conn rate = 0:0, max tcp conn rate:max udp conn rate = 0:0

Port    St  Ms CurConn TotConn    Rx-pkts   Tx-pkts   Rx-octet   Tx-octet   Reas
----    --  -- ------- -------    -------   -------   --------   --------   ----
default UNB 0  0       0          0         0         0          0          0
smtp    ACT 0  0       0          0         0         0          0          0

Server  Total  0       0          0         0         0          0          0

telnet at ica-grafton-slb1#

>From a linux box well outside the network, I can ping the VIP:

--- 203.x.y.x ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 127.9/147.2/167.7 ms

But a telnet reports no route to host:

> telnet 203.x.y.x 25
Trying 203.x.y.z...
telnet: Unable to connect to remote host: No route to host
>

>From the next hop from the SLB (where the route is being advertised via
OSPF) I can again ping the device:

#ping 203.x.y.z

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 203.x.y.z, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms
#

But again, can't telnet on the SMTP port:

#telnet 203.x.y.z 25
Trying 203.x.y.z, 25 ...
% Connection timed out; remote host not responding

#

Again, no change to the stats for mail1 - it's not showing the
connection attempt, and the server itself sees nothing via tcpdump.

The route is definitely there and learned by OSPF though:

#sh ip route 203.x.y.z
Routing entry for 203.x.y.z/32
  Known via "ospf 253", distance 110, metric 10, type extern 2, forward metric 10
  Last update from 10.200.253.250 on Vlan253, 03:00:48 ago
  Routing Descriptor Blocks:
  * 10.200.253.250, from 10.200.40.250, 03:00:48 ago, via Vlan253
      Route metric is 10, traffic share count is 1

#

I've tried various combinations of source nat, dest nat, and dsr without
any avail.

I've tried removing the advertisment via OSPF and statically routing the
Virtual IP via 10.200.253.250 or 10.200.254.15 with no luck.

I've also tried removing the ve41 interface, and changing vlan 41 to:

vlan 41 name Untrusted2 by port
 tagged ethe 3/1
 ip-subnet 10.200.41.0 255.255.255.0
!

With no avail (health checks no longer work if I don't have the ve41 on
the 10.200.41.0/24 subnet).

I also notice that in the router image, I don't have the "server
source-ip" command available which I would normally use with the above
ip-subnet configuration.

It's as if it's not making it to the SLB layer at all.

Any help with this would be greatly appreciated as I'm running out of
hair.

Version and config included below.

Cheers,

prk.


Version:

#sh ver
  SW: Version 09.3.00aTD4 Copyright (c) 1996-2003 Foundry Networks, Inc.
      Compiled on Apr 25 2005 at 21:02:19 labeled as WXR09300a
  HW: ServerIronGT E-1 Router, SYSIF version 21, Serial #: Non-exist
==========================================================================
SL 1: B0GMR WSM2 Management Module, SYSIF 2, M6, ACTIVE
      Serial #:   CHxxxxxxxx
    0 MB SHM, 1 Application Processors
16384 KB BRAM, SMC version 5, BM version 21
  SW: (1)09.3.00aTF2
==========================================================================
SL 3: J-B2404CF JetCore Slave Module, SYSIF 2 (Mini GBIC)
      Serial #:   CXxxxxxxxx
 4096 KB BRAM, JetCore ASIC IPC+IGC version 49, BIA version 8a
32768 KB PRAM and 2M-Bit*1 CAM for IPC  8, version 1848
32768 KB PRAM and 2M-Bit*1 CAM for IGC  9, version 0449
==========================================================================
Active management module:
  1.0 GHz Power PC processor 750GX (version 7002/0101) 66 MHz bus
  512 KB boot flash memory
16384 KB code flash memory
  512 KB SRAM
  512 MB DRAM
The system uptime is 6 hours 29 minutes 29 seconds
The system : started=warm start   reloaded=by "reload"


Config:

!
ver 09.3.00aTD4
!
module 1 bi-0-port-wsm2-management-module
module 3 bi-jc-2404-slave-module
!
global-stp
global-protocol-vlan
!
!
!
!
!
!
!
server ping-interval 5
server predictor response-time
server syn-limit 2000
server sticky-age 15
server tcp-age 2
server udp-age 2
!
server port 25
 tcp keepalive 60 2
server icmp-message
server reset-message
server router-ports ethernet 3/1
!
!
!
!
server real mail1 10.200.41.1
 port smtp
 port smtp clear-all-seesion-on-port-up
 port smtp keepalive
!
server virtual mail-backend 203.x.y.z
 predictor least-conn
 advertise-vip-route
 port smtp
 port smtp dsr
 port smtp reset-on-port-fail
 bind smtp mail1 smtp
!
!
vlan 1 name DEFAULT-VLAN by port
!
vlan 254 name Admin by port
 tagged ethe 3/1
 router-interface ve 254
!
vlan 41 name Untrusted2 by port
 tagged ethe 3/1
 router-interface ve 41
!
vlan 253 name External_SLB by port
 tagged ethe 3/1
 router-interface ve 253
!
hostname blah
ip dns domain-name blah.com
ip dns server-address 1.2.3.4
ip route 0.0.0.0 0.0.0.0 10.200.254.254
!
logging buffered 200
!
router ospf
 area 253
 redistribution static
 log adjacency
!
interface ethernet 3/1
 port-name uplink
!
interface ve 41
 ip address 10.200.41.250 255.255.255.0
!
interface ve 253
 ip address 10.200.253.250 255.255.255.0
 ip ospf area 253
!
interface ve 254
 ip address 10.200.254.15 255.255.255.0
!
!
end

More information about the foundry-nsp mailing list