[f-nsp] Multiple subnets on a single ServerIron TurboSLB (across a trunk)

Afsheen Bigdeli afsheenb at gravityplaysfavorites.net
Wed Oct 18 22:24:59 EDT 2006 

Hello,

I'm trying to get a TurboSLB (T8F Fiber, firmware 07.1.21T42) to load 
balance traffic for two sets of virtual servers, in different vlans. 
I've been unable to get the second virtual server working, however. The 
serveriron is unable to ping the gateway of the second vlan (10.10.4.1), 
nor do I see any ARP requests coming from the second virtual server if I 
do a tcpdump from a server in the same vlan. I was under the impression 
from the foundry documentation that turning source-nat on and providing 
different server source-ip's  would allow this to work, but so far it 
hasn't.

The only difference between the two sets of virtual/real servers, at 
least from the foundry's view, is that one has a VIP on an outside 
network, with real servers in RFC1918 space, and the other has both VIP 
and real servers in the same subnet (also RFC1918 space). It's the 
second of these two cases that isn't working.



The uplink that eth 1 is connected to is on a Cisco switch, and set up 
as a trunk (in Cisco-speak, not Foundry-speak), with both vlans allowed 
on it.

If anyone has done this before, or has any insight, I'd appreciate it.

The relevant portions of the (sanitized) config are:

<snip>

!
server source-nat
server source-ip 10.10.12.9 255.255.255.0 0.0.0.0
server source-ip 10.10.4.9 255.255.255.0 0.0.0.0
!
!
server real webserver1 10.10.12.11
  port http
  port http keepalive
  port http url "HEAD /"
!
server real webserver2 10.10.12.12
  port http
  port http keepalive
  port http url "HEAD /"

!
server real mailserver2 10.10.4.21
  port smtp
  port smtp keepalive
!
server real mailserver2 10.10.4.22
  port smtp
  port smtp keepalive
!
!
server virtual webservervip 10.20.30.26
  sym-priority 2
  predictor round-robin
  port http
  port http dsr
  bind http webserver1 http webserver2 http
!
server virtual mailservervip 10.2.4.20
  sym-priority 2
  predictor round-robin
  port smtp
  port smtp dsr
  bind smtp mailserver1 smtp mailserver2 smtp
!

vlan 1 name DEFAULT-VLAN by port
  no spanning-tree
!
vlan 10 name outside by port
  tagged ethe 1
  untagged ethe 2 to 8
  no spanning-tree
  ip-subnet 10.20.30 255.255.255.0
!
vlan 12 name webserver by port
  tagged ethe 1
  no spanning-tree
  ip-subnet 10.10.12.0 255.255.255.0
!
vlan 4 name mailserver by port
  tagged ethe 1
  no spanning-tree
  ip-subnet 10.10.4.0 255.255.255.0
!

</snip>


Thanks,
--afsheenb

More information about the foundry-nsp mailing list