[f-nsp] Silly many-to-one redirection with csw-policy

png rhg pngrhg2 at gmail.com
Wed Mar 21 18:42:52 EDT 2007 

 Neat. Though I haven't worked through the intricacies of where this could
be beneficial over "no port translate", though it does appear a bit more
explicit as far as reading the config.

Regardless, the command only allows for one real-port assignment. What I've
got is something along these lines:

server real host1 x.x.x.y
  port 8600

server real host2 x.x.x.x
  port 8505
  port 8506
  port 8507

server virtual virt1 z.z.z.b
  port 6000
  <csw-policy stuff here>
  bind 6000 host1 8600

server virtual virt2 z.z.z.a
  port 7000
  <csw-policy stuff here>
  bind 7000 host2 8505 host2 8506 host2 8507
  <*** want to get something eqiv. to "bind 7000 host1 8600" ***>

I've got a couple of Foundry guys working on this, though they haven't
gotten to an "a-HA!" moment yet. I don't have a lot of faith at this point.

- Pat


On 3/21/07, Jamie Dahl <jamied at meatball.net> wrote:
>
> enable source-nat..(if possible..) but have you also read up on using the
> "real-port" feature under the VS?
>
> server real blah x.x.x.x
> port a
> port b
> server virt blah x.x.x.x
> port a
> port a real-port a
> bind a blah1 b
>
> We're using that under limited deployment b/c of other issues (w/
> healthchecking)..  This can also be used if you want the VIP to be one
> port, but the servers all run a different port too..there are many
> applications for this setup, if only FDRY would figure out the bugs...
>
>
>
> On Tue, March 20, 2007 16:25, png rhg wrote:
> > I have a need to bind the same real server port to multiple virtual
> > servers
> > while maintaining port translation (based on a csw-policy).  Of course
> > it's
> > not so simple as to just bind the real port twice -- once to each
> VS.  So
> > I
> > started looking at what is referred to as a "many-to-one" binding, as so
> > called by the Foundry folks, and the associated alias port shuffle.  I
> did
> > some tests and I can get this to work for situations where port
> > translation
> > isn't required, however, I kinda really need both functions at the same
> > time.
> >
> > Here's a summary:
> > 1.  Requests are made to a VIP on the SI on port 8500.
> > 2.  URI matching/parsing is performed via csw-policy to determine where
> > the
> > traffic should be sent (forward <group-id>)
> > 3.  Most applications reside on a single physical host (host1)
> > 4.  One applications resides on a different host (host2) and is already
> > bound to another RS.
> >
> > Port translation is required for all traffic to the real servers (blame
> > the
> > developers).  Host2 runs an application that's required for another
> > application and can not easily be replicated on a new host (blame
> > management).
> >
> > Ultimate question:  Is there a way to combine alias ports, port
> > translation
> > and content switching all in some neat package?  Heck, it doesn't event
> > have
> > to be a neat package.
> >
> > Environment:  ServerIron GT-E, ver. 9.4.00s
> >
> > Suggestions appreciated.  Solutions desired.
> >
> >
> > - Pat
> > _______________________________________________
> > foundry-nsp mailing list
> > foundry-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/foundry-nsp
> >
>
>
> --
> Jamie Dahl
>
> "Thousands of tired, nerve-shaken, over-civilized people are beginning to
> find out that going to the mountains is going home; that wilderness is a
> necessity; and that mountain parks and reservations are useful not only as
> fountains of timber and irrigating rivers, but as fountains of life."
> --John Muir
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20070321/e5a3fb8a/attachment.html>

More information about the foundry-nsp mailing list