[f-nsp] Foundry ServerIron - source-nat
Wouter Prins
wp at null0.nl
Fri Nov 2 13:03:54 EDT 2007
hi,
Can you specify the following command in global config (just to be
sure):
server router-ports 1
You are running layer2 code, so a realserver in another subnet should be
specified with: 'server remote-name bla 1.1.1.1' and not 'server real',
to have the flows back to the serveriron you should specify source-nat
only for these remote realservers. The rest of the local realservers can
be left without source-nat. Don't specify source-nat globally.
If this doesn't work, i would recommend upgrading it, it's a prehistoric
version. ;)
Regards,
Wouter
On Fri, 2007-11-02 at 15:25 +0100, Gaurav Sabharwal wrote:
> Attached is the running configuration. The VIP www.test.dk is not
> working. It starts working as soon as I add the source-nat to the real
> servers that are part of the VIP.
>
> In production all the IP addresses are public IP addresses.
>
> Thanks,
> - Gaurav
> on 11/01/2007 09:47 PM Raja Subramanian said the following:
> > On 11/2/07, Gaurav Sabharwal <gaurav at inwire.net> wrote:
> >> When we disable source-nat for the real servers, no traffic hits the
> >> real server at all. I tried to "debug ip tcp IP.Add.of.Server" on the SI
> >> but can't seem to get an debug messages on the screen. debug console is
> >> enabled.
> >
> > When you disable soure-nat, is the SI still able to health check your real
> > servers? What is your "show server sessions" output?
> >
> > Post full output of your "show run" if possible, it's difficult
> > troubleshoot without
> > the full picture.
> >
> > - Raja
> >
>
> plain text document attachment (lb.txt)
> Current configuration:
> !
> ver 07.3.05T12
> !
> !
>
> server port 80
> tcp keepalive 10 2
>
> server port 443
> tcp keepalive 10 2
>
> server port 21
> tcp keepalive 10 2
>
> server port 3306
> tcp keepalive 99 2
> server source-ip 192.168.1.157 255.255.255.224 0.0.0.0
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> server real sql1.test.com 192.168.1.136
> source-nat
> port 3306
> port 3306 keepalive
> !
> server real sql2.test.com 192.168.1.137
> source-nat
> port 3306
> port 3306 keepalive
> !
> server real server1.test.co.uk 192.168.1.133
> source-nat
> port http
> port http url "HEAD /"
> !
> server real server2.test.co.uk 192.168.1.134
> source-nat
> port http
> port http url "HEAD /"
> !
> server real server1.test.de 192.168.1.140
> source-nat
> port http
> port http url "HEAD /"
> !
> server real server2.test.de 192.168.1.141
> source-nat
> port http
> port http url "HEAD /"
> !
> server real server1.test.se 192.168.1.143
> source-nat
> port http
> port http url "HEAD /"
> !
> server real server2.test.se 192.168.1.144
> source-nat
> port http
> port http url "HEAD /"
> !
> server real server1.test.nl 192.168.1.149
> source-nat
> port http
> port http url "HEAD /"
> !
> server real server2.test.nl 192.168.1.150
> source-nat
> port http
> port http url "HEAD /"
> !
> server real server1.test.fr 192.168.2.72
> source-nat
> port http
> port http url "HEAD /"
> !
> server real server2.test.fr 192.168.2.73
> source-nat
> port http
> port http url "HEAD /"
> !
> server real server1.test.es 192.168.2.75
> source-nat
> port http
> port http url "HEAD /"
> !
> server real server2.test.es 192.168.2.76
> source-nat
> port http
> port http url "HEAD /"
> !
> server real server1.test.it 192.168.2.69
> source-nat
> port http
> port http url "HEAD /"
> !
> server real server2.test.it 192.168.2.70
> source-nat
> port http
> port http url "HEAD /"
> !
> server real server1.test.com 192.168.2.77
> source-nat
> port http
> port http url "HEAD /"
> !
> server real server2.test.com 192.168.2.78
> source-nat
> port http
> port http url "HEAD /"
> !
> server real server2.test1.co.uk 192.168.2.81
> source-nat
> port http
> port http url "HEAD /"
> !
> server real server1.test1.co.uk 192.168.2.80
> source-nat
> port http
> port http url "HEAD /"
> !
> server real site1.test.co.uk 192.168.2.83
> source-nat
> port http
> port http url "HEAD /"
> port ssl
> !
> server real site2.test.co.uk 192.168.2.84
> source-nat
> port http
> port http url "HEAD /"
> port ssl
> !
> server real server1.test.dk 192.168.1.146
> port http
> port http url "HEAD /"
> !
> server real server2.test.dk 192.168.1.147
> port http
> port http url "HEAD /"
> !
> !
> server virtual sql.test.com 192.168.1.138
> predictor least-conn
> port 3306 sticky
> bind 3306 sql1.test.com 3306 sql2.test.com 3306
> !
> server virtual www.test.co.uk 192.168.1.139
> predictor least-conn
> port http sticky
> bind http server1.test.co.uk http server2.test.co.uk http
> !
> server virtual www.test.de 192.168.1.142
> predictor least-conn
> port http sticky
> no port http translate
> bind http server2.test.de http server1.test.de http
> !
> server virtual www.test.se 192.168.1.145
> predictor least-conn
> port http sticky
> bind http server1.test.se http server2.test.se http
> !
> server virtual www.test.nl 192.168.1.151
> predictor least-conn
> port http sticky
> bind http server1.test.nl http server2.test.nl http
> !
> server virtual www.test.fr 192.168.2.74
> predictor least-conn
> port http sticky
> bind http server1.test.fr http server2.test.fr http
> !
> server virtual www.test.es 192.168.2.68
> predictor least-conn
> port http sticky
> bind http server1.test.es http server2.test.es http
> !
> server virtual www.test.it 192.168.2.71
> predictor least-conn
> port http sticky
> bind http server1.test.it http server2.test.it http
> !
> server virtual www.test.com 192.168.2.79
> predictor least-conn
> port http sticky
> bind http server1.test.com http server2.test.com http
> !
> server virtual www.test1.co.uk 192.168.2.82
> predictor least-conn
> port http sticky
> bind http server1.test1.co.uk http server2.test1.co.uk http
> !
> server virtual cluster.test.co.uk 192.168.2.85
> predictor least-conn
> port http sticky
> port ssl sticky
> bind http site1.test.co.uk http site2.test.co.uk http
> bind ssl site1.test.co.uk ssl site2.test.co.uk ssl
> !
> server virtual www.test.dk 192.168.1.148
> predictor least-conn
> port http sticky
> bind http server1.test.dk http server2.test.dk http
> !
>
>
>
>
> !
>
>
>
> !
> vlan 1 name DEFAULT-VLAN by port
> no spanning-tree
> !
> aaa authentication web-server default local
> aaa authentication enable default enable
> aaa authentication login default local line tacacs+
> aaa authorization exec default none
> enable telnet authentication
> enable telnet password .....
> enable super-user-password .....
> hostname C31657.lb01.ah34c.02.dllstx6
> ip icmp burst-normal 10000 burst-max 20000 lockup 300
> ip address 192.168.1.157 255.255.255.224
> ip default-gateway 192.168.1.129
> ip dns domain-name test.com
> ip dns server-address 172.16.202.1
> logging console
> username admin password .....
> username msoadmin password .....
> username planetadmin password .....
> snmp-server community ..... ro
> snmp-server community ..... ro
> interface e 1
> port-name uplink
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> crypto key generate rsa public_key "1024 37 125194308099841071250436555926596450321291303991847137201761255670814273948527801469006855230983093783843484381307904705056491512315569108084393072171215558314289110067065310514356043575905632795744795676623878341313979966985183225998807211834343834928243446865874411471864701922394019959599994632445575302677 C31657.lb01.ah34c.02.dllstx6 at theplanet.com"
> !
> crypto key generate rsa private_key "*************************"
>
> !
> end
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
More information about the foundry-nsp
mailing list