[f-nsp] ServerIron FBS16 -- Howto load balance remote servers (aka non physically connected)

Wed Mar 14 05:48:32 EDT 2007

Thank you all so much all the help!!!

:-)))

Nils Domrose wrote:
> Hi Unai,
> 
> yes you can have that!
> 
> Here is my current config:
> 
> -----snipp-------
> server force-delete
> server no-fast-bringup
> server predictor round-robin
> server syn-def 6
> 
> 
> server port 80
>  tcp
> 
> server port 3307
>  tcp
> 
> server source-ip 10.1.1.251 255.255.255.0 10.1.1.1
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> server remote-name app1 10.2.2.2
>  source-nat
>  port http
>  port http url "HEAD /"
>  port http l4-check-only
> !
> server remote-name app2 10.2.2.3
>  source-nat
>  port http
>  port http url "HEAD /"
>  port http l4-check-only
> !
> server real db1 10.1.1.2
>  source-nat
>  port 3307
> !
> server real db2 10.1.1.3
>  source-nat
>  port 3307 disable
> !
> !
> server virtual virtual-app-tmp.prod 10.215.124.202
>  sym-priority 255
>  port 80
>  bind 80 app1 80 app2 80
> !
> server virtual virtual-db 10.1.1.200
>  port 3307
>  bind 3307 db1 3307 db2 3307
> !
> ip address 10.1.1.253 255.255.255.0
> ip default-gateway 10.1.1.1
> ------snipp------
> 
> as you can see, server app1 and app2 are remote servers while server db1 
> and db2 are local servers. We use source-nat in both cases since we 
> connected the LB's in one arm configuration so they are not in the way 
> of traffic.
> 
> If you run into problem because the remote server is somehow firewalled 
> and cannot be pinged, you may need to put in something like:
> 
> server no-remote-l3-check
> 
> because then the the Serveriron does not ping the remote server but 
> sends an ARP request to the default Router - afterwards you can of cause 
> tell the serviron to run l4-l7 checks.
> 
> 
> 
> Nils
> 
> 
> 
> On Mar 14, 2007, at 6:55 AM, Unai Rodriguez wrote:
> 
>> Thank you so much!!
>>
>> I am trying to reconfigure the whole ServerIron again. I am using it for
>> two different set of servers.
>>
>> One set is physically connected to it and the other is not (remote).
>>
>> When I activate the "Source NAT" option, the traffic stops reaching
>> anywhere (connected servers and remote servers).
>>
>> Do you think it's possible to have connected and remote server mixed at
>> the same time and load balance among them?
>>
>> Thank you,
>> unai
>>
>> dalton wrote:
>>>
>>> hi Unai,
>>> I use cli,
>>>
>>> here are the options we have for this which should be enough to get 
>>> it working:
>>>
>>> you need a server source-ip line to set the nat ip of the serveriron 
>>> (to force
>>> traffic back to the server iron):
>>>
>>> server source-ip 10.1.1.100 255.255.255.0 0.0.0.0 (x.x.x.x is an ip 
>>> in the net
>>> of the LB)
>>>
>>> Real Server config looks like this:
>>>
>>> server remote-name server1-locationA 10.1.1.1
>>>  port default disable
>>>  source-nat
>>>  port http
>>>  port http keepalive
>>>
>>> server remote-name server1-locationB 10.2.2.1
>>>  port default disable
>>>  source-nat
>>>  port http
>>>  port http keepalive
>>>
>>> server virtual vip 10.1.1.1
>>>  predictor least-conn
>>>  port default disable
>>>  port http
>>>
>>> Make sure you have DSR turned off on the vip.
>>>
>>> Good luck,
>>> Dalton
>>>
>>> on Wed, Mar 14, 2007 at 12:13:10PM +0800, Unai Rodriguez wrote:
>>>> Dalton,
>>>>
>>>> Thank you so much. The options that the ServerIron gives me through the
>>>> web based management tool are these:
>>>>
>>>> --------------------------------------------------
>>>> Real ServerServer Name:    (name, blank by default)
>>>> Server IP: (IP address, 0.0.0.0 by default)
>>>> Maximum Connections: (number, 1000000 by default)
>>>> Weight:    (number, 1 by default)
>>>> Host Range: (number, 1 by default)
>>>> Remote:    (yes/no)
>>>> Source NAT: (yes/no)
>>>> --------------------------------------------------
>>>>
>>>> I have attached a screen-shot.
>>>>
>>>> 1) Do you use the web based tool or you (in your case) can do this only
>>>> through the command line interface (CLI)?
>>>>
>>>> 2) Does your web based management tool show the same options?
>>>>
>>>> Thank you so much!
>>>>
>>>> unai
>>>>
>>>> dalton wrote:
>>>>> Hi,
>>>>>
>>>>> I use foundry serveriron XL which allow the option of
>>>>> "server remote-name" (for real servers) which allows you to specify
>>>>> servers   which are in a different layer 2 and layer 3 space from the
>>>>> load balancer.
>>>>>
>>>>> We for ex. are using this configurtion to load balance app servers 
>>>>> between
>>>>> 2 datacenters. You need to turn off DSR and use server source-ip to 
>>>>> force
>>>>> return traffic back to the foundry.
>>>>>
>>>>> -dalton
>>>>>
>>>>> On Wed, Mar 14, 2007 at 09:07:20AM +0800, Unai Rodriguez wrote:
>>>>>> Dear all,
>>>>>>
>>>>>> I am currently trying to make a Foundry ServerIron FBS16 load balance
>>>>>> two web servers which are not physically connected to it. It's HTTP
>>>>>> traffic on port 80.
>>>>>>
>>>>>> I have been using this hardware load balancer for months. I am 
>>>>>> currently
>>>>>> balancing a number of services, including HTTP and TCP traffic. All
>>>>>> these servers that I am sending traffic to from the ServerIron load
>>>>>> balancer are physically connected to it.
>>>>>>
>>>>>> I have been looking for information on this but I can't find the 
>>>>>> right
>>>>>> one. Is there anyone that could point me in the right direction? What
>>>>>> short of option(s) or requirements need to be met in order to have 
>>>>>> the
>>>>>> load balancer send traffic to non-physically connected servers?
>>>>>>
>>>>>> Thank you so much. I really appreciate any help.
>>>>>>
>>>>>> With Best Wishes,
>>>>>> Unai Rodriguez.
>>>>>> _______________________________________________
>>>>>> foundry-nsp mailing list
>>>>>> foundry-nsp at puck.nether.net
>>>>>> http://puck.nether.net/mailman/listinfo/foundry-nsp
>>>
>>>
>> _______________________________________________
>> foundry-nsp mailing list
>> foundry-nsp at puck.nether.net
>> http://puck.nether.net/mailman/listinfo/foundry-nsp
> 