[f-nsp] ServerIron FBS16 -- Howto load balance remote servers (aka non physically connected)
Adam Waite
awaite at pandora.com
Wed Mar 14 16:03:56 EDT 2007
You can have the loadbalancer add a HTTP header to the request with the
original client ip in it with this command:
port http request-insert client-ip
Then you just need an Apache module to extract it and substitute it in
the logs.
Adam Waite
Sr Network Engineer
Pandora Media
Ethan Burnside wrote:
> Greetings,
>
> How do you compile accurate transfer/access logs when you use
> source-nat? Everything shows up in the logs as originating from the
> XL's source-ip, correct?
>
> Cheers,
>
> ~Ethan B.
>
> --------------------------------------------------
> Ethan Burnside - Principal, Kattare I/S
> Email: burnside at kattare.com
> Web: http://www.kattare.com
> Phone: 1.877.KATTARE
> FAQ: http://www.kattare.com/docs/faq_browse.kvws
> --------------------------------------------------
>
>
> Unai Rodriguez wrote:
>
>> Thank you all so much all the help!!!
>>
>> :-)))
>>
>> Nils Domrose wrote:
>>
>>> Hi Unai,
>>>
>>> yes you can have that!
>>>
>>> Here is my current config:
>>>
>>> -----snipp-------
>>> server force-delete
>>> server no-fast-bringup
>>> server predictor round-robin
>>> server syn-def 6
>>>
>>>
>>> server port 80
>>> tcp
>>>
>>> server port 3307
>>> tcp
>>>
>>> server source-ip 10.1.1.251 255.255.255.0 10.1.1.1
>>> !
>>> !
>>> !
>>> !
>>> !
>>> !
>>> !
>>> !
>>> !
>>> !
>>> !
>>> !
>>> !
>>> server remote-name app1 10.2.2.2
>>> source-nat
>>> port http
>>> port http url "HEAD /"
>>> port http l4-check-only
>>> !
>>> server remote-name app2 10.2.2.3
>>> source-nat
>>> port http
>>> port http url "HEAD /"
>>> port http l4-check-only
>>> !
>>> server real db1 10.1.1.2
>>> source-nat
>>> port 3307
>>> !
>>> server real db2 10.1.1.3
>>> source-nat
>>> port 3307 disable
>>> !
>>> !
>>> server virtual virtual-app-tmp.prod 10.215.124.202
>>> sym-priority 255
>>> port 80
>>> bind 80 app1 80 app2 80
>>> !
>>> server virtual virtual-db 10.1.1.200
>>> port 3307
>>> bind 3307 db1 3307 db2 3307
>>> !
>>> ip address 10.1.1.253 255.255.255.0
>>> ip default-gateway 10.1.1.1
>>> ------snipp------
>>>
>>> as you can see, server app1 and app2 are remote servers while server db1
>>> and db2 are local servers. We use source-nat in both cases since we
>>> connected the LB's in one arm configuration so they are not in the way
>>> of traffic.
>>>
>>> If you run into problem because the remote server is somehow firewalled
>>> and cannot be pinged, you may need to put in something like:
>>>
>>> server no-remote-l3-check
>>>
>>> because then the the Serveriron does not ping the remote server but
>>> sends an ARP request to the default Router - afterwards you can of cause
>>> tell the serviron to run l4-l7 checks.
>>>
>>>
>>>
>>> Nils
>>>
>>>
>>>
>>> On Mar 14, 2007, at 6:55 AM, Unai Rodriguez wrote:
>>>
>>>
>>>> Thank you so much!!
>>>>
>>>> I am trying to reconfigure the whole ServerIron again. I am using it for
>>>> two different set of servers.
>>>>
>>>> One set is physically connected to it and the other is not (remote).
>>>>
>>>> When I activate the "Source NAT" option, the traffic stops reaching
>>>> anywhere (connected servers and remote servers).
>>>>
>>>> Do you think it's possible to have connected and remote server mixed at
>>>> the same time and load balance among them?
>>>>
>>>> Thank you,
>>>> unai
>>>>
>>>> dalton wrote:
>>>>
>>>>> hi Unai,
>>>>> I use cli,
>>>>>
>>>>> here are the options we have for this which should be enough to get
>>>>> it working:
>>>>>
>>>>> you need a server source-ip line to set the nat ip of the serveriron
>>>>> (to force
>>>>> traffic back to the server iron):
>>>>>
>>>>> server source-ip 10.1.1.100 255.255.255.0 0.0.0.0 (x.x.x.x is an ip
>>>>> in the net
>>>>> of the LB)
>>>>>
>>>>> Real Server config looks like this:
>>>>>
>>>>> server remote-name server1-locationA 10.1.1.1
>>>>> port default disable
>>>>> source-nat
>>>>> port http
>>>>> port http keepalive
>>>>>
>>>>> server remote-name server1-locationB 10.2.2.1
>>>>> port default disable
>>>>> source-nat
>>>>> port http
>>>>> port http keepalive
>>>>>
>>>>> server virtual vip 10.1.1.1
>>>>> predictor least-conn
>>>>> port default disable
>>>>> port http
>>>>>
>>>>> Make sure you have DSR turned off on the vip.
>>>>>
>>>>> Good luck,
>>>>> Dalton
>>>>>
>>>>> on Wed, Mar 14, 2007 at 12:13:10PM +0800, Unai Rodriguez wrote:
>>>>>
>>>>>> Dalton,
>>>>>>
>>>>>> Thank you so much. The options that the ServerIron gives me through the
>>>>>> web based management tool are these:
>>>>>>
>>>>>> --------------------------------------------------
>>>>>> Real ServerServer Name: (name, blank by default)
>>>>>> Server IP: (IP address, 0.0.0.0 by default)
>>>>>> Maximum Connections: (number, 1000000 by default)
>>>>>> Weight: (number, 1 by default)
>>>>>> Host Range: (number, 1 by default)
>>>>>> Remote: (yes/no)
>>>>>> Source NAT: (yes/no)
>>>>>> --------------------------------------------------
>>>>>>
>>>>>> I have attached a screen-shot.
>>>>>>
>>>>>> 1) Do you use the web based tool or you (in your case) can do this only
>>>>>> through the command line interface (CLI)?
>>>>>>
>>>>>> 2) Does your web based management tool show the same options?
>>>>>>
>>>>>> Thank you so much!
>>>>>>
>>>>>> unai
>>>>>>
>>>>>> dalton wrote:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I use foundry serveriron XL which allow the option of
>>>>>>> "server remote-name" (for real servers) which allows you to specify
>>>>>>> servers which are in a different layer 2 and layer 3 space from the
>>>>>>> load balancer.
>>>>>>>
>>>>>>> We for ex. are using this configurtion to load balance app servers
>>>>>>> between
>>>>>>> 2 datacenters. You need to turn off DSR and use server source-ip to
>>>>>>> force
>>>>>>> return traffic back to the foundry.
>>>>>>>
>>>>>>> -dalton
>>>>>>>
>>>>>>> On Wed, Mar 14, 2007 at 09:07:20AM +0800, Unai Rodriguez wrote:
>>>>>>>
>>>>>>>> Dear all,
>>>>>>>>
>>>>>>>> I am currently trying to make a Foundry ServerIron FBS16 load balance
>>>>>>>> two web servers which are not physically connected to it. It's HTTP
>>>>>>>> traffic on port 80.
>>>>>>>>
>>>>>>>> I have been using this hardware load balancer for months. I am
>>>>>>>> currently
>>>>>>>> balancing a number of services, including HTTP and TCP traffic. All
>>>>>>>> these servers that I am sending traffic to from the ServerIron load
>>>>>>>> balancer are physically connected to it.
>>>>>>>>
>>>>>>>> I have been looking for information on this but I can't find the
>>>>>>>> right
>>>>>>>> one. Is there anyone that could point me in the right direction? What
>>>>>>>> short of option(s) or requirements need to be met in order to have
>>>>>>>> the
>>>>>>>> load balancer send traffic to non-physically connected servers?
>>>>>>>>
>>>>>>>> Thank you so much. I really appreciate any help.
>>>>>>>>
>>>>>>>> With Best Wishes,
>>>>>>>> Unai Rodriguez.
>>>>>>>> _______________________________________________
>>>>>>>> foundry-nsp mailing list
>>>>>>>> foundry-nsp at puck.nether.net
>>>>>>>> http://puck.nether.net/mailman/listinfo/foundry-nsp
>>>>>>>>
>>>> _______________________________________________
>>>> foundry-nsp mailing list
>>>> foundry-nsp at puck.nether.net
>>>> http://puck.nether.net/mailman/listinfo/foundry-nsp
>>>>
>> _______________________________________________
>> foundry-nsp mailing list
>> foundry-nsp at puck.nether.net
>> http://puck.nether.net/mailman/listinfo/foundry-nsp
>>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>
More information about the foundry-nsp
mailing list