[f-nsp] SI GT - SLB with Router Image?

Ryan DeBerry rdeberry at gmail.com
Mon Jul 10 11:33:49 EDT 2006 

What is your real servers default route?

On 7/10/06, Paul Raj Khangure <foundry-nsp at digitaljunkie.net> wrote:
>
> G'day all,
>
> I'm trying to get a SI GT with the router image on it to function as an
> SLB.
>
> The router image is  due to needing the "advertise-vip-route" command
> (it advertises the VIP IP via dynamic routing protocol if health checks
> have the VIP as up) which isn't available on the switching image.
>
> I'd prefer the SLB to work in DSR mode, but I currently can't get the
> SLB function working at all in any mode with the router image!
>
> The SLB can see the real server, it's doing health checks (to the
> dummy address on the SMT Port), and marking the real as active. It then
> advertises the Virtual via OSPF, as desired. I can telnet to the real
> server on port 25 from the SLB and it responds with the SMTP prompts.
>
> I can ping the Virtual IP fine from externally when it's advertised via
> OSPF, but if I try and telnet to the virtual IP on the SMTP port, I dont
> see anything at all in a tcpdump on the real server.
>
> The stats on the SLB don't show any connection attempts to that real
> either:
>
> telnet at ica-grafton-slb1#sh serv real mail1
> Real Servers Info
> ========================
> State(St) - ACT:active, ENB:enabled, FAL:failed, TST:test, DIS:disabled,
>             UNK:unknown, UNB:unbind, AWU:await-unbind, AWD:await-delete
>
> Name: mail1                  State: Active       Cost: 0  IP:10.200.41.1:
> 1
> Mac: 0014.5e31.59e6          Weight: 0                  MaxConn: 1000000
> SrcNAT: not-cfg, not-op      DstNAT: not-cfg, not-op    Serv-Rsts: 0
> tcp conn rate:udp conn rate = 0:0, max tcp conn rate:max udp conn rate =
> 0:0
>
> Port    St  Ms CurConn TotConn    Rx-pkts   Tx-pkts   Rx-octet
> Tx-octet   Reas
> ----    --  -- ------- -------    -------   -------   --------
> --------   ----
> default UNB 0  0       0          0         0
> 0          0          0
> smtp    ACT 0  0       0          0         0
> 0          0          0
>
> Server  Total  0       0          0         0
> 0          0          0
>
> telnet at ica-grafton-slb1#
>
> >From a linux box well outside the network, I can ping the VIP:
>
> --- 203.x.y.x ping statistics ---
> 3 packets transmitted, 3 packets received, 0% packet loss
> round-trip min/avg/max = 127.9/147.2/167.7 ms
>
> But a telnet reports no route to host:
>
> > telnet 203.x.y.x 25
> Trying 203.x.y.z...
> telnet: Unable to connect to remote host: No route to host
> >
>
> >From the next hop from the SLB (where the route is being advertised via
> OSPF) I can again ping the device:
>
> #ping 203.x.y.z
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 203.x.y.z, timeout is 2 seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms
> #
>
> But again, can't telnet on the SMTP port:
>
> #telnet 203.x.y.z 25
> Trying 203.x.y.z, 25 ...
> % Connection timed out; remote host not responding
>
> #
>
> Again, no change to the stats for mail1 - it's not showing the
> connection attempt, and the server itself sees nothing via tcpdump.
>
> The route is definitely there and learned by OSPF though:
>
> #sh ip route 203.x.y.z
> Routing entry for 203.x.y.z/32
>   Known via "ospf 253", distance 110, metric 10, type extern 2, forward
> metric 10
>   Last update from 10.200.253.250 on Vlan253, 03:00:48 ago
>   Routing Descriptor Blocks:
>   * 10.200.253.250, from 10.200.40.250, 03:00:48 ago, via Vlan253
>       Route metric is 10, traffic share count is 1
>
> #
>
> I've tried various combinations of source nat, dest nat, and dsr without
> any avail.
>
> I've tried removing the advertisment via OSPF and statically routing the
> Virtual IP via 10.200.253.250 or 10.200.254.15 with no luck.
>
> I've also tried removing the ve41 interface, and changing vlan 41 to:
>
> vlan 41 name Untrusted2 by port
> tagged ethe 3/1
> ip-subnet 10.200.41.0 255.255.255.0
> !
>
> With no avail (health checks no longer work if I don't have the ve41 on
> the 10.200.41.0/24 subnet).
>
> I also notice that in the router image, I don't have the "server
> source-ip" command available which I would normally use with the above
> ip-subnet configuration.
>
> It's as if it's not making it to the SLB layer at all.
>
> Any help with this would be greatly appreciated as I'm running out of
> hair.
>
> Version and config included below.
>
> Cheers,
>
> prk.
>
>
> Version:
>
> #sh ver
>   SW: Version 09.3.00aTD4 Copyright (c) 1996-2003 Foundry Networks, Inc.
>       Compiled on Apr 25 2005 at 21:02:19 labeled as WXR09300a
>   HW: ServerIronGT E-1 Router, SYSIF version 21, Serial #: Non-exist
> ==========================================================================
> SL 1: B0GMR WSM2 Management Module, SYSIF 2, M6, ACTIVE
>       Serial #:   CHxxxxxxxx
>     0 MB SHM, 1 Application Processors
> 16384 KB BRAM, SMC version 5, BM version 21
>   SW: (1)09.3.00aTF2
> ==========================================================================
> SL 3: J-B2404CF JetCore Slave Module, SYSIF 2 (Mini GBIC)
>       Serial #:   CXxxxxxxxx
> 4096 KB BRAM, JetCore ASIC IPC+IGC version 49, BIA version 8a
> 32768 KB PRAM and 2M-Bit*1 CAM for IPC  8, version 1848
> 32768 KB PRAM and 2M-Bit*1 CAM for IGC  9, version 0449
> ==========================================================================
> Active management module:
>   1.0 GHz Power PC processor 750GX (version 7002/0101) 66 MHz bus
>   512 KB boot flash memory
> 16384 KB code flash memory
>   512 KB SRAM
>   512 MB DRAM
> The system uptime is 6 hours 29 minutes 29 seconds
> The system : started=warm start   reloaded=by "reload"
>
>
> Config:
>
> !
> ver 09.3.00aTD4
> !
> module 1 bi-0-port-wsm2-management-module
> module 3 bi-jc-2404-slave-module
> !
> global-stp
> global-protocol-vlan
> !
> !
> !
> !
> !
> !
> !
> server ping-interval 5
> server predictor response-time
> server syn-limit 2000
> server sticky-age 15
> server tcp-age 2
> server udp-age 2
> !
> server port 25
> tcp keepalive 60 2
> server icmp-message
> server reset-message
> server router-ports ethernet 3/1
> !
> !
> !
> !
> server real mail1 10.200.41.1
> port smtp
> port smtp clear-all-seesion-on-port-up
> port smtp keepalive
> !
> server virtual mail-backend 203.x.y.z
> predictor least-conn
> advertise-vip-route
> port smtp
> port smtp dsr
> port smtp reset-on-port-fail
> bind smtp mail1 smtp
> !
> !
> vlan 1 name DEFAULT-VLAN by port
> !
> vlan 254 name Admin by port
> tagged ethe 3/1
> router-interface ve 254
> !
> vlan 41 name Untrusted2 by port
> tagged ethe 3/1
> router-interface ve 41
> !
> vlan 253 name External_SLB by port
> tagged ethe 3/1
> router-interface ve 253
> !
> hostname blah
> ip dns domain-name blah.com
> ip dns server-address 1.2.3.4
> ip route 0.0.0.0 0.0.0.0 10.200.254.254
> !
> logging buffered 200
> !
> router ospf
> area 253
> redistribution static
> log adjacency
> !
> interface ethernet 3/1
> port-name uplink
> !
> interface ve 41
> ip address 10.200.41.250 255.255.255.0
> !
> interface ve 253
> ip address 10.200.253.250 255.255.255.0
> ip ospf area 253
> !
> interface ve 254
> ip address 10.200.254.15 255.255.255.0
> !
> !
> end
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20060710/b9ef90e0/attachment.html>

More information about the foundry-nsp mailing list