[f-nsp] ServerIron sample configs using L3 code
Adam Waite
awaite at pandora.com
Thu May 3 16:18:24 EDT 2007
Is there any chance you can use client-ip insertion to supply your apps
with the original addresses, and use source-nat?
Adam Waite
Sr Network Engineer
Pandora Media
Raja Subramanian wrote:
> Hi All,
>
> I have a Foundry ServerIron 4G-SSL running L2/L3 firmware ver 10.0.0.
> Using L2 code, I've had partial success and managed to load balance
> my web servers, but I just can't get it working using the L3 code.
>
> Can anyone please share their configuration files?
>
> I'm trying to setup the following but am facing difficulties:
>
> 1. SI in one-arm setup running only simple SLB (no GSLB, etc).
> 2. Client IP needs to be visible to my apps, so I can't use
> source-nat. I can't use DSR either.
> 3. Return traffic from servers pass through the SI because the
> servers use the SI as their gateway.
> 4. Real servers are in 10.0.10.x/24 network, with gateway set
> to the SI (10.0.10.1). VIP is 172.16.10.10 and 172.16.10.13.
> 5. Real servers need to initiate connections to external networks.
> 6. When (5) happens, the SI must rewrite SRC address with the bound
> VIP.
> 7. In the same subnet, there are 3 different routers with different
> subnets attached, and a separate default gateway. Traffic from
> all subnets reaches my VIPs, so ideally I want to run L3 code in
> my SI and assign static routes.
>
> Using the L2 code, I've got 1-4 working correctly, but can't get
> 5,6 working. If I use the L3 code, nothing works.
>
> To get 5,6 working, the Foundry manuals advise the use of the
> "server reverse-nat" command. But these manuals are circa 2003,
> 2005 and my SI running the latest 10.0.0 firmware does not even
> support this command. I can't get anything working using the
> L3 code, and I'm stuck!
>
> Can someone please throw some light?
>
> Thank you for reading!
>
> - Raja
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>
More information about the foundry-nsp
mailing list