[f-nsp] [ServerIronXL] accessing VIP from real server

Nils Domrose nils at domrose.net
Mon Jan 22 14:51:14 EST 2007 

Hi,

I think even different vlans will not solve the problem,
you will send a packet with the source of one smtp server  and  
destination IP VIP to the SiXL.
The SiXL will rewirte the destination Address based on the  
loadbalancing algorithm and send out the packet to one of the real  
servers bound to the VIP.
The Server will recieve a packet with source IP of the original  
requesting server and his own address as destination.

Since both servers (requesting real server and target real server)  
are in the same IP network and vlan, the answer will be send to the   
requesting real server directly.

Since it is also most likely that the requesting server will recieve  
his own request via the VIP i think the only option is to use source  
NAT to ensure that traffic is always send back to the sixl.  Maybe  
you can also put NAT in place so that the request is first translated  
into a "external" Address before it hits the VIP - but i would not  
recommend such a setup. I used to work with (if required even  
conditional) smtp routes on server side if possible - but this also  
depends on the software you use ;-)


Nils

On Jan 22, 2007, at 8:00 PM, Ryan DeBerry wrote:

> What is the vlan configuration like?  You only have one VE?
>
> On 1/22/07, news.gmane.org < matthew.kirkland at uk.clara.net> wrote:
> Hello
>
> I am having an issue with a load balancer config whereby the real
> servers (smtp servers) cannot access the VIP that they are part of.
>
> The servers are able to ping the VIP but any connections to port 25  
> are
> timed out.
>
> The load balancer is running ip forwarding, with the VIP range and  
> real
> server range on the same VE.
>
> Enabling "server source-nat" resolves this , but makes all the
> connections on the servers appear to come from the load balancer  
> alone.
>
> I need the real servers to be able to contact the VIP without
> translation taking place.
>
> Does anyone know a solution to this problem ?
>
> Thanks
> Matthew Kirkland
> Claranet Network Engineering
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20070122/8625a926/attachment.html>

More information about the foundry-nsp mailing list