[f-nsp] ServerIron FBS16 -- Howto load balance remote servers (aka non physically connected)

Adam Waite awaite at pandora.com
Wed Mar 14 16:03:56 EDT 2007 

You can have the loadbalancer add a HTTP header to the request with the 
original client ip in it with this command:

 port http request-insert client-ip

Then you just need an Apache module to extract it and substitute it in 
the logs.

Adam Waite
Sr Network Engineer
Pandora Media


Ethan Burnside wrote:
> Greetings,
>
>      How do you compile accurate transfer/access logs when you use 
> source-nat?  Everything shows up in the logs as originating from the 
> XL's source-ip, correct?
>
> Cheers,
>
> ~Ethan B.
>
>   --------------------------------------------------
>    Ethan Burnside - Principal, Kattare I/S
>    Email: burnside at kattare.com
>    Web: http://www.kattare.com
>    Phone: 1.877.KATTARE
>    FAQ: http://www.kattare.com/docs/faq_browse.kvws
>   --------------------------------------------------
>
>
> Unai Rodriguez wrote:
>   
>> Thank you all so much all the help!!!
>>
>> :-)))
>>
>> Nils Domrose wrote:
>>     
>>> Hi Unai,
>>>
>>> yes you can have that!
>>>
>>> Here is my current config:
>>>
>>> -----snipp-------
>>> server force-delete
>>> server no-fast-bringup
>>> server predictor round-robin
>>> server syn-def 6
>>>
>>>
>>> server port 80
>>>  tcp
>>>
>>> server port 3307
>>>  tcp
>>>
>>> server source-ip 10.1.1.251 255.255.255.0 10.1.1.1
>>> !
>>> !
>>> !
>>> !
>>> !
>>> !
>>> !
>>> !
>>> !
>>> !
>>> !
>>> !
>>> !
>>> server remote-name app1 10.2.2.2
>>>  source-nat
>>>  port http
>>>  port http url "HEAD /"
>>>  port http l4-check-only
>>> !
>>> server remote-name app2 10.2.2.3
>>>  source-nat
>>>  port http
>>>  port http url "HEAD /"
>>>  port http l4-check-only
>>> !
>>> server real db1 10.1.1.2
>>>  source-nat
>>>  port 3307
>>> !
>>> server real db2 10.1.1.3
>>>  source-nat
>>>  port 3307 disable
>>> !
>>> !
>>> server virtual virtual-app-tmp.prod 10.215.124.202
>>>  sym-priority 255
>>>  port 80
>>>  bind 80 app1 80 app2 80
>>> !
>>> server virtual virtual-db 10.1.1.200
>>>  port 3307
>>>  bind 3307 db1 3307 db2 3307
>>> !
>>> ip address 10.1.1.253 255.255.255.0
>>> ip default-gateway 10.1.1.1
>>> ------snipp------
>>>
>>> as you can see, server app1 and app2 are remote servers while server db1 
>>> and db2 are local servers. We use source-nat in both cases since we 
>>> connected the LB's in one arm configuration so they are not in the way 
>>> of traffic.
>>>
>>> If you run into problem because the remote server is somehow firewalled 
>>> and cannot be pinged, you may need to put in something like:
>>>
>>> server no-remote-l3-check
>>>
>>> because then the the Serveriron does not ping the remote server but 
>>> sends an ARP request to the default Router - afterwards you can of cause 
>>> tell the serviron to run l4-l7 checks.
>>>
>>>
>>>
>>> Nils
>>>
>>>
>>>
>>> On Mar 14, 2007, at 6:55 AM, Unai Rodriguez wrote:
>>>
>>>       
>>>> Thank you so much!!
>>>>
>>>> I am trying to reconfigure the whole ServerIron again. I am using it for
>>>> two different set of servers.
>>>>
>>>> One set is physically connected to it and the other is not (remote).
>>>>
>>>> When I activate the "Source NAT" option, the traffic stops reaching
>>>> anywhere (connected servers and remote servers).
>>>>
>>>> Do you think it's possible to have connected and remote server mixed at
>>>> the same time and load balance among them?
>>>>
>>>> Thank you,
>>>> unai
>>>>
>>>> dalton wrote:
>>>>         
>>>>> hi Unai,
>>>>> I use cli,
>>>>>
>>>>> here are the options we have for this which should be enough to get 
>>>>> it working:
>>>>>
>>>>> you need a server source-ip line to set the nat ip of the serveriron 
>>>>> (to force
>>>>> traffic back to the server iron):
>>>>>
>>>>> server source-ip 10.1.1.100 255.255.255.0 0.0.0.0 (x.x.x.x is an ip 
>>>>> in the net
>>>>> of the LB)
>>>>>
>>>>> Real Server config looks like this:
>>>>>
>>>>> server remote-name server1-locationA 10.1.1.1
>>>>>  port default disable
>>>>>  source-nat
>>>>>  port http
>>>>>  port http keepalive
>>>>>
>>>>> server remote-name server1-locationB 10.2.2.1
>>>>>  port default disable
>>>>>  source-nat
>>>>>  port http
>>>>>  port http keepalive
>>>>>
>>>>> server virtual vip 10.1.1.1
>>>>>  predictor least-conn
>>>>>  port default disable
>>>>>  port http
>>>>>
>>>>> Make sure you have DSR turned off on the vip.
>>>>>
>>>>> Good luck,
>>>>> Dalton
>>>>>
>>>>> on Wed, Mar 14, 2007 at 12:13:10PM +0800, Unai Rodriguez wrote:
>>>>>           
>>>>>> Dalton,
>>>>>>
>>>>>> Thank you so much. The options that the ServerIron gives me through the
>>>>>> web based management tool are these:
>>>>>>
>>>>>> --------------------------------------------------
>>>>>> Real ServerServer Name:    (name, blank by default)
>>>>>> Server IP: (IP address, 0.0.0.0 by default)
>>>>>> Maximum Connections: (number, 1000000 by default)
>>>>>> Weight:    (number, 1 by default)
>>>>>> Host Range: (number, 1 by default)
>>>>>> Remote:    (yes/no)
>>>>>> Source NAT: (yes/no)
>>>>>> --------------------------------------------------
>>>>>>
>>>>>> I have attached a screen-shot.
>>>>>>
>>>>>> 1) Do you use the web based tool or you (in your case) can do this only
>>>>>> through the command line interface (CLI)?
>>>>>>
>>>>>> 2) Does your web based management tool show the same options?
>>>>>>
>>>>>> Thank you so much!
>>>>>>
>>>>>> unai
>>>>>>
>>>>>> dalton wrote:
>>>>>>             
>>>>>>> Hi,
>>>>>>>
>>>>>>> I use foundry serveriron XL which allow the option of
>>>>>>> "server remote-name" (for real servers) which allows you to specify
>>>>>>> servers   which are in a different layer 2 and layer 3 space from the
>>>>>>> load balancer.
>>>>>>>
>>>>>>> We for ex. are using this configurtion to load balance app servers 
>>>>>>> between
>>>>>>> 2 datacenters. You need to turn off DSR and use server source-ip to 
>>>>>>> force
>>>>>>> return traffic back to the foundry.
>>>>>>>
>>>>>>> -dalton
>>>>>>>
>>>>>>> On Wed, Mar 14, 2007 at 09:07:20AM +0800, Unai Rodriguez wrote:
>>>>>>>               
>>>>>>>> Dear all,
>>>>>>>>
>>>>>>>> I am currently trying to make a Foundry ServerIron FBS16 load balance
>>>>>>>> two web servers which are not physically connected to it. It's HTTP
>>>>>>>> traffic on port 80.
>>>>>>>>
>>>>>>>> I have been using this hardware load balancer for months. I am 
>>>>>>>> currently
>>>>>>>> balancing a number of services, including HTTP and TCP traffic. All
>>>>>>>> these servers that I am sending traffic to from the ServerIron load
>>>>>>>> balancer are physically connected to it.
>>>>>>>>
>>>>>>>> I have been looking for information on this but I can't find the 
>>>>>>>> right
>>>>>>>> one. Is there anyone that could point me in the right direction? What
>>>>>>>> short of option(s) or requirements need to be met in order to have 
>>>>>>>> the
>>>>>>>> load balancer send traffic to non-physically connected servers?
>>>>>>>>
>>>>>>>> Thank you so much. I really appreciate any help.
>>>>>>>>
>>>>>>>> With Best Wishes,
>>>>>>>> Unai Rodriguez.
>>>>>>>> _______________________________________________
>>>>>>>> foundry-nsp mailing list
>>>>>>>> foundry-nsp at puck.nether.net
>>>>>>>> http://puck.nether.net/mailman/listinfo/foundry-nsp
>>>>>>>>                 
>>>> _______________________________________________
>>>> foundry-nsp mailing list
>>>> foundry-nsp at puck.nether.net
>>>> http://puck.nether.net/mailman/listinfo/foundry-nsp
>>>>         
>> _______________________________________________
>> foundry-nsp mailing list
>> foundry-nsp at puck.nether.net
>> http://puck.nether.net/mailman/listinfo/foundry-nsp
>>     
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>

More information about the foundry-nsp mailing list