[f-nsp] ServerIron FBS16 -- Howto load balance remote servers (aka non physically connected)

Ethan Burnside burnside at kattare.com
Wed Mar 14 15:27:57 EDT 2007 

Greetings,

     How do you compile accurate transfer/access logs when you use 
source-nat?  Everything shows up in the logs as originating from the 
XL's source-ip, correct?

Cheers,

~Ethan B.

  --------------------------------------------------
   Ethan Burnside - Principal, Kattare I/S
   Email: burnside at kattare.com
   Web: http://www.kattare.com
   Phone: 1.877.KATTARE
   FAQ: http://www.kattare.com/docs/faq_browse.kvws
  --------------------------------------------------


Unai Rodriguez wrote:
> Thank you all so much all the help!!!
> 
> :-)))
> 
> Nils Domrose wrote:
>> Hi Unai,
>>
>> yes you can have that!
>>
>> Here is my current config:
>>
>> -----snipp-------
>> server force-delete
>> server no-fast-bringup
>> server predictor round-robin
>> server syn-def 6
>>
>>
>> server port 80
>>  tcp
>>
>> server port 3307
>>  tcp
>>
>> server source-ip 10.1.1.251 255.255.255.0 10.1.1.1
>> !
>> !
>> !
>> !
>> !
>> !
>> !
>> !
>> !
>> !
>> !
>> !
>> !
>> server remote-name app1 10.2.2.2
>>  source-nat
>>  port http
>>  port http url "HEAD /"
>>  port http l4-check-only
>> !
>> server remote-name app2 10.2.2.3
>>  source-nat
>>  port http
>>  port http url "HEAD /"
>>  port http l4-check-only
>> !
>> server real db1 10.1.1.2
>>  source-nat
>>  port 3307
>> !
>> server real db2 10.1.1.3
>>  source-nat
>>  port 3307 disable
>> !
>> !
>> server virtual virtual-app-tmp.prod 10.215.124.202
>>  sym-priority 255
>>  port 80
>>  bind 80 app1 80 app2 80
>> !
>> server virtual virtual-db 10.1.1.200
>>  port 3307
>>  bind 3307 db1 3307 db2 3307
>> !
>> ip address 10.1.1.253 255.255.255.0
>> ip default-gateway 10.1.1.1
>> ------snipp------
>>
>> as you can see, server app1 and app2 are remote servers while server db1 
>> and db2 are local servers. We use source-nat in both cases since we 
>> connected the LB's in one arm configuration so they are not in the way 
>> of traffic.
>>
>> If you run into problem because the remote server is somehow firewalled 
>> and cannot be pinged, you may need to put in something like:
>>
>> server no-remote-l3-check
>>
>> because then the the Serveriron does not ping the remote server but 
>> sends an ARP request to the default Router - afterwards you can of cause 
>> tell the serviron to run l4-l7 checks.
>>
>>
>>
>> Nils
>>
>>
>>
>> On Mar 14, 2007, at 6:55 AM, Unai Rodriguez wrote:
>>
>>> Thank you so much!!
>>>
>>> I am trying to reconfigure the whole ServerIron again. I am using it for
>>> two different set of servers.
>>>
>>> One set is physically connected to it and the other is not (remote).
>>>
>>> When I activate the "Source NAT" option, the traffic stops reaching
>>> anywhere (connected servers and remote servers).
>>>
>>> Do you think it's possible to have connected and remote server mixed at
>>> the same time and load balance among them?
>>>
>>> Thank you,
>>> unai
>>>
>>> dalton wrote:
>>>> hi Unai,
>>>> I use cli,
>>>>
>>>> here are the options we have for this which should be enough to get 
>>>> it working:
>>>>
>>>> you need a server source-ip line to set the nat ip of the serveriron 
>>>> (to force
>>>> traffic back to the server iron):
>>>>
>>>> server source-ip 10.1.1.100 255.255.255.0 0.0.0.0 (x.x.x.x is an ip 
>>>> in the net
>>>> of the LB)
>>>>
>>>> Real Server config looks like this:
>>>>
>>>> server remote-name server1-locationA 10.1.1.1
>>>>  port default disable
>>>>  source-nat
>>>>  port http
>>>>  port http keepalive
>>>>
>>>> server remote-name server1-locationB 10.2.2.1
>>>>  port default disable
>>>>  source-nat
>>>>  port http
>>>>  port http keepalive
>>>>
>>>> server virtual vip 10.1.1.1
>>>>  predictor least-conn
>>>>  port default disable
>>>>  port http
>>>>
>>>> Make sure you have DSR turned off on the vip.
>>>>
>>>> Good luck,
>>>> Dalton
>>>>
>>>> on Wed, Mar 14, 2007 at 12:13:10PM +0800, Unai Rodriguez wrote:
>>>>> Dalton,
>>>>>
>>>>> Thank you so much. The options that the ServerIron gives me through the
>>>>> web based management tool are these:
>>>>>
>>>>> --------------------------------------------------
>>>>> Real ServerServer Name:    (name, blank by default)
>>>>> Server IP: (IP address, 0.0.0.0 by default)
>>>>> Maximum Connections: (number, 1000000 by default)
>>>>> Weight:    (number, 1 by default)
>>>>> Host Range: (number, 1 by default)
>>>>> Remote:    (yes/no)
>>>>> Source NAT: (yes/no)
>>>>> --------------------------------------------------
>>>>>
>>>>> I have attached a screen-shot.
>>>>>
>>>>> 1) Do you use the web based tool or you (in your case) can do this only
>>>>> through the command line interface (CLI)?
>>>>>
>>>>> 2) Does your web based management tool show the same options?
>>>>>
>>>>> Thank you so much!
>>>>>
>>>>> unai
>>>>>
>>>>> dalton wrote:
>>>>>> Hi,
>>>>>>
>>>>>> I use foundry serveriron XL which allow the option of
>>>>>> "server remote-name" (for real servers) which allows you to specify
>>>>>> servers   which are in a different layer 2 and layer 3 space from the
>>>>>> load balancer.
>>>>>>
>>>>>> We for ex. are using this configurtion to load balance app servers 
>>>>>> between
>>>>>> 2 datacenters. You need to turn off DSR and use server source-ip to 
>>>>>> force
>>>>>> return traffic back to the foundry.
>>>>>>
>>>>>> -dalton
>>>>>>
>>>>>> On Wed, Mar 14, 2007 at 09:07:20AM +0800, Unai Rodriguez wrote:
>>>>>>> Dear all,
>>>>>>>
>>>>>>> I am currently trying to make a Foundry ServerIron FBS16 load balance
>>>>>>> two web servers which are not physically connected to it. It's HTTP
>>>>>>> traffic on port 80.
>>>>>>>
>>>>>>> I have been using this hardware load balancer for months. I am 
>>>>>>> currently
>>>>>>> balancing a number of services, including HTTP and TCP traffic. All
>>>>>>> these servers that I am sending traffic to from the ServerIron load
>>>>>>> balancer are physically connected to it.
>>>>>>>
>>>>>>> I have been looking for information on this but I can't find the 
>>>>>>> right
>>>>>>> one. Is there anyone that could point me in the right direction? What
>>>>>>> short of option(s) or requirements need to be met in order to have 
>>>>>>> the
>>>>>>> load balancer send traffic to non-physically connected servers?
>>>>>>>
>>>>>>> Thank you so much. I really appreciate any help.
>>>>>>>
>>>>>>> With Best Wishes,
>>>>>>> Unai Rodriguez.
>>>>>>> _______________________________________________
>>>>>>> foundry-nsp mailing list
>>>>>>> foundry-nsp at puck.nether.net
>>>>>>> http://puck.nether.net/mailman/listinfo/foundry-nsp
>>>>
>>> _______________________________________________
>>> foundry-nsp mailing list
>>> foundry-nsp at puck.nether.net
>>> http://puck.nether.net/mailman/listinfo/foundry-nsp
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp

More information about the foundry-nsp mailing list