[f-nsp] ServerIron sample configs using L3 code

Raja Subramanian rajasuperman at gmail.com
Thu May 3 15:38:22 EDT 2007


Hi All,

I have a Foundry ServerIron 4G-SSL running L2/L3 firmware ver 10.0.0.
Using L2 code, I've had partial success and managed to load balance
my web servers, but I just can't get it working using the L3 code.

Can anyone please share their configuration files?

I'm trying to setup the following but am facing difficulties:

1. SI in one-arm setup running only simple SLB (no GSLB, etc).
2. Client IP needs to be visible to my apps, so I can't use
   source-nat.  I can't use DSR either.
3. Return traffic from servers pass through the SI because the
   servers use the SI as their gateway.
4. Real servers are in 10.0.10.x/24 network, with gateway set
   to the SI (10.0.10.1).  VIP is 172.16.10.10 and 172.16.10.13.
5. Real servers need to initiate connections to external networks.
6. When (5) happens, the SI must rewrite SRC address with the bound
   VIP.
7. In the same subnet, there are 3 different routers with different
   subnets attached, and a separate default gateway.  Traffic from
   all subnets reaches my VIPs, so ideally I want to run L3 code in
   my SI and assign static routes.

Using the L2 code, I've got 1-4 working correctly, but can't get
5,6 working.  If I use the L3 code, nothing works.

To get 5,6 working, the Foundry manuals advise the use of the
"server reverse-nat" command.  But these manuals are circa 2003,
2005 and my SI running the latest 10.0.0 firmware does not even
support this command.  I can't get anything working using the
L3 code, and I'm stuck!

Can someone please throw some light?

Thank you for reading!

- Raja



More information about the foundry-nsp mailing list