[f-nsp] ServerIron FBS16 -- Howto load balance remote servers (aka non physically connected)

Nils Domrose nils at domrose.net
Wed Mar 14 05:39:06 EDT 2007 

Hi Unai,

yes you can have that!

Here is my current config:

-----snipp-------
server force-delete
server no-fast-bringup
server predictor round-robin
server syn-def 6


server port 80
  tcp

server port 3307
  tcp

server source-ip 10.1.1.251 255.255.255.0 10.1.1.1
!
!
!
!
!
!
!
!
!
!
!
!
!
server remote-name app1 10.2.2.2
  source-nat
  port http
  port http url "HEAD /"
  port http l4-check-only
!
server remote-name app2 10.2.2.3
  source-nat
  port http
  port http url "HEAD /"
  port http l4-check-only
!
server real db1 10.1.1.2
  source-nat
  port 3307
!
server real db2 10.1.1.3
  source-nat
  port 3307 disable
!
!
server virtual virtual-app-tmp.prod 10.215.124.202
  sym-priority 255
  port 80
  bind 80 app1 80 app2 80
!
server virtual virtual-db 10.1.1.200
  port 3307
  bind 3307 db1 3307 db2 3307
!
ip address 10.1.1.253 255.255.255.0
ip default-gateway 10.1.1.1
------snipp------

as you can see, server app1 and app2 are remote servers while server  
db1 and db2 are local servers. We use source-nat in both cases since  
we connected the LB's in one arm configuration so they are not in the  
way of traffic.

If you run into problem because the remote server is somehow  
firewalled and cannot be pinged, you may need to put in something like:

server no-remote-l3-check

because then the the Serveriron does not ping the remote server but  
sends an ARP request to the default Router - afterwards you can of  
cause tell the serviron to run l4-l7 checks.



Nils



On Mar 14, 2007, at 6:55 AM, Unai Rodriguez wrote:

> Thank you so much!!
>
> I am trying to reconfigure the whole ServerIron again. I am using  
> it for
> two different set of servers.
>
> One set is physically connected to it and the other is not (remote).
>
> When I activate the "Source NAT" option, the traffic stops reaching
> anywhere (connected servers and remote servers).
>
> Do you think it's possible to have connected and remote server  
> mixed at
> the same time and load balance among them?
>
> Thank you,
> unai
>
> dalton wrote:
>>
>> hi Unai,
>> I use cli,
>>
>> here are the options we have for this which should be enough to  
>> get it working:
>>
>> you need a server source-ip line to set the nat ip of the  
>> serveriron (to force
>> traffic back to the server iron):
>>
>> server source-ip 10.1.1.100 255.255.255.0 0.0.0.0 (x.x.x.x is an  
>> ip in the net
>> of the LB)
>>
>> Real Server config looks like this:
>>
>> server remote-name server1-locationA 10.1.1.1
>>  port default disable
>>  source-nat
>>  port http
>>  port http keepalive
>>
>> server remote-name server1-locationB 10.2.2.1
>>  port default disable
>>  source-nat
>>  port http
>>  port http keepalive
>>
>> server virtual vip 10.1.1.1
>>  predictor least-conn
>>  port default disable
>>  port http
>>
>> Make sure you have DSR turned off on the vip.
>>
>> Good luck,
>> Dalton
>>
>> on Wed, Mar 14, 2007 at 12:13:10PM +0800, Unai Rodriguez wrote:
>>> Dalton,
>>>
>>> Thank you so much. The options that the ServerIron gives me  
>>> through the
>>> web based management tool are these:
>>>
>>> --------------------------------------------------
>>> Real ServerServer Name:	(name, blank by default)
>>> Server IP: (IP address, 0.0.0.0 by default)
>>> Maximum Connections: (number, 1000000 by default)
>>> Weight:	(number, 1 by default)
>>> Host Range: (number, 1 by default)
>>> Remote:	(yes/no)
>>> Source NAT: (yes/no)
>>> --------------------------------------------------
>>>
>>> I have attached a screen-shot.
>>>
>>> 1) Do you use the web based tool or you (in your case) can do  
>>> this only
>>> through the command line interface (CLI)?
>>>
>>> 2) Does your web based management tool show the same options?
>>>
>>> Thank you so much!
>>>
>>> unai
>>>
>>> dalton wrote:
>>>> Hi,
>>>>
>>>> I use foundry serveriron XL which allow the option of
>>>> "server remote-name" (for real servers) which allows you to specify
>>>> servers   which are in a different layer 2 and layer 3 space  
>>>> from the
>>>> load balancer.
>>>>
>>>> We for ex. are using this configurtion to load balance app  
>>>> servers between
>>>> 2 datacenters. You need to turn off DSR and use server source-ip  
>>>> to force
>>>> return traffic back to the foundry.
>>>>
>>>> -dalton
>>>>
>>>> On Wed, Mar 14, 2007 at 09:07:20AM +0800, Unai Rodriguez wrote:
>>>>> Dear all,
>>>>>
>>>>> I am currently trying to make a Foundry ServerIron FBS16 load  
>>>>> balance
>>>>> two web servers which are not physically connected to it. It's  
>>>>> HTTP
>>>>> traffic on port 80.
>>>>>
>>>>> I have been using this hardware load balancer for months. I am  
>>>>> currently
>>>>> balancing a number of services, including HTTP and TCP traffic.  
>>>>> All
>>>>> these servers that I am sending traffic to from the ServerIron  
>>>>> load
>>>>> balancer are physically connected to it.
>>>>>
>>>>> I have been looking for information on this but I can't find  
>>>>> the right
>>>>> one. Is there anyone that could point me in the right  
>>>>> direction? What
>>>>> short of option(s) or requirements need to be met in order to  
>>>>> have the
>>>>> load balancer send traffic to non-physically connected servers?
>>>>>
>>>>> Thank you so much. I really appreciate any help.
>>>>>
>>>>> With Best Wishes,
>>>>> Unai Rodriguez.
>>>>> _______________________________________________
>>>>> foundry-nsp mailing list
>>>>> foundry-nsp at puck.nether.net
>>>>> http://puck.nether.net/mailman/listinfo/foundry-nsp
>>
>>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp

More information about the foundry-nsp mailing list