[f-nsp] Foundry ServerIron - source-nat

Gaurav Sabharwal gaurav at inwire.net
Fri Nov 2 13:56:49 EDT 2007


on 11/02/2007 06:03 PM Wouter Prins said the following:
> hi,
> 
> Can you specify the following command in global config (just to be
> sure): 
> 
> server router-ports 1
Tried this. The "no source-nat" VIP/real server combo still does not works.

> You are running layer2 code, so a realserver in another subnet should be
> specified with: 'server remote-name bla 1.1.1.1' and not 'server real',
> to have the flows back to the serveriron you should specify source-nat
> only for these remote realservers. The rest of the local realservers can
> be left without source-nat. Don't specify source-nat globally.
Yep. Figured this one out when I read the documentation. Will fix this ASAP.

> If this doesn't work, i would recommend upgrading it, it's a prehistoric
> version. ;)
On the verge of doing it. Should I be aware of anything in advance 
before I do the upgrade? I understand that I have to upgrade to 7.3 
first and then upgrade the boot code and only then I can jump to the 
latest stable. I will of course test and see if the problem is resolved 
using the 7.3 code.

Thanks for the help.

Cheers,
- Gaurav
> 
> Regards,
> Wouter
> 
> On Fri, 2007-11-02 at 15:25 +0100, Gaurav Sabharwal wrote:
>> Attached is the running configuration. The VIP www.test.dk is not 
>> working. It starts working as soon as I add the source-nat to the real 
>> servers that are part of the VIP.
>>
>> In production all the IP addresses are public IP addresses.
>>
>> Thanks,
>> - Gaurav
>> on 11/01/2007 09:47 PM Raja Subramanian said the following:
>>> On 11/2/07, Gaurav Sabharwal <gaurav at inwire.net> wrote:
>>>> When we disable source-nat for the real servers, no traffic hits the
>>>> real server at all. I tried to "debug ip tcp IP.Add.of.Server" on the SI
>>>> but can't seem to get an debug messages on the screen. debug console is
>>>> enabled.
>>> When you disable soure-nat, is the SI still able to health check your real
>>> servers?  What is your "show server sessions" output?
>>>
>>> Post full output of your "show run" if possible, it's difficult
>>> troubleshoot without
>>> the full picture.
>>>
>>> - Raja
>>>
>> plain text document attachment (lb.txt)
>> Current configuration:
>> !
>> ver 07.3.05T12
>> !
>> !
>>
>> server port 80
>>  tcp keepalive 10 2
>>
>> server port 443
>>  tcp keepalive 10 2
>>
>> server port 21
>>  tcp keepalive 10 2
>>
>> server port 3306
>>  tcp keepalive 99 2
>> server source-ip 192.168.1.157 255.255.255.224 0.0.0.0
>> !
>> !
>> !
>> !
>> !
>> !                                                                 
>> !
>> !
>> !
>> !
>> !
>> !
>> !
>> server real sql1.test.com 192.168.1.136
>>  source-nat
>>  port 3306
>>  port 3306 keepalive
>> !
>> server real sql2.test.com 192.168.1.137
>>  source-nat
>>  port 3306
>>  port 3306 keepalive
>> !
>> server real server1.test.co.uk 192.168.1.133
>>  source-nat
>>  port http
>>  port http url "HEAD /"
>> !
>> server real server2.test.co.uk 192.168.1.134                     
>>  source-nat
>>  port http
>>  port http url "HEAD /"
>> !
>> server real server1.test.de 192.168.1.140
>>  source-nat
>>  port http
>>  port http url "HEAD /"
>> !
>> server real server2.test.de 192.168.1.141
>>  source-nat
>>  port http
>>  port http url "HEAD /"
>> !
>> server real server1.test.se 192.168.1.143
>>  source-nat
>>  port http
>>  port http url "HEAD /"
>> !
>> server real server2.test.se 192.168.1.144
>>  source-nat
>>  port http
>>  port http url "HEAD /"                                           
>> !
>> server real server1.test.nl 192.168.1.149
>>  source-nat
>>  port http
>>  port http url "HEAD /"
>> !
>> server real server2.test.nl 192.168.1.150
>>  source-nat
>>  port http
>>  port http url "HEAD /"
>> !
>> server real server1.test.fr 192.168.2.72
>>  source-nat
>>  port http
>>  port http url "HEAD /"
>> !
>> server real server2.test.fr 192.168.2.73
>>  source-nat
>>  port http
>>  port http url "HEAD /"
>> !
>> server real server1.test.es 192.168.2.75
>>  source-nat                                                       
>>  port http
>>  port http url "HEAD /"
>> !
>> server real server2.test.es 192.168.2.76
>>  source-nat
>>  port http
>>  port http url "HEAD /"
>> !
>> server real server1.test.it 192.168.2.69
>>  source-nat
>>  port http
>>  port http url "HEAD /"
>> !
>> server real server2.test.it 192.168.2.70
>>  source-nat
>>  port http
>>  port http url "HEAD /"
>> !
>> server real server1.test.com 192.168.2.77
>>  source-nat
>>  port http
>>  port http url "HEAD /"
>> !                                                                 
>> server real server2.test.com 192.168.2.78
>>  source-nat
>>  port http
>>  port http url "HEAD /"
>> !
>> server real server2.test1.co.uk 192.168.2.81
>>  source-nat
>>  port http
>>  port http url "HEAD /"
>> !
>> server real server1.test1.co.uk 192.168.2.80
>>  source-nat
>>  port http
>>  port http url "HEAD /"
>> !
>> server real site1.test.co.uk 192.168.2.83
>>  source-nat
>>  port http
>>  port http url "HEAD /"
>>  port ssl
>> !
>> server real site2.test.co.uk 192.168.2.84
>>  source-nat                                                       
>>  port http
>>  port http url "HEAD /"
>>  port ssl
>> !
>> server real server1.test.dk 192.168.1.146
>>  port http
>>  port http url "HEAD /"
>> !
>> server real server2.test.dk 192.168.1.147
>>  port http
>>  port http url "HEAD /"
>> !
>> !
>> server virtual sql.test.com 192.168.1.138
>>  predictor least-conn
>>  port 3306 sticky
>>  bind 3306 sql1.test.com 3306 sql2.test.com 3306
>> !
>> server virtual www.test.co.uk 192.168.1.139
>>  predictor least-conn
>>  port http sticky                                                 
>>  bind http server1.test.co.uk http server2.test.co.uk http
>> !
>> server virtual www.test.de 192.168.1.142
>>  predictor least-conn
>>  port http sticky
>>  no port http translate
>>  bind http server2.test.de http server1.test.de http
>> !
>> server virtual www.test.se 192.168.1.145
>>  predictor least-conn
>>  port http sticky
>>  bind http server1.test.se http server2.test.se http
>> !
>> server virtual www.test.nl 192.168.1.151
>>  predictor least-conn
>>  port http sticky
>>  bind http server1.test.nl http server2.test.nl http
>> !
>> server virtual www.test.fr 192.168.2.74
>>  predictor least-conn
>>  port http sticky
>>  bind http server1.test.fr http server2.test.fr http
>> !                                                                 
>> server virtual www.test.es 192.168.2.68
>>  predictor least-conn
>>  port http sticky
>>  bind http server1.test.es http server2.test.es http
>> !
>> server virtual www.test.it 192.168.2.71
>>  predictor least-conn
>>  port http sticky
>>  bind http server1.test.it http server2.test.it http
>> !
>> server virtual www.test.com 192.168.2.79
>>  predictor least-conn
>>  port http sticky
>>  bind http server1.test.com http server2.test.com http
>> !
>> server virtual www.test1.co.uk 192.168.2.82
>>  predictor least-conn
>>  port http sticky
>>  bind http server1.test1.co.uk http server2.test1.co.uk http
>> !
>> server virtual cluster.test.co.uk 192.168.2.85
>>  predictor least-conn
>>  port http sticky                                                 
>>  port ssl sticky
>>  bind http site1.test.co.uk http site2.test.co.uk http
>>  bind ssl site1.test.co.uk ssl site2.test.co.uk ssl
>> !
>> server virtual www.test.dk 192.168.1.148
>>  predictor least-conn
>>  port http sticky
>>  bind http server1.test.dk http server2.test.dk http
>> !
>>
>>
>>
>>
>> !
>>
>>
>>
>> !
>> vlan 1 name DEFAULT-VLAN by port
>>  no spanning-tree
>> !
>> aaa authentication web-server default local
>> aaa authentication enable default enable                          
>> aaa authentication login default local line tacacs+
>> aaa authorization exec default  none
>> enable telnet authentication
>> enable telnet password .....
>> enable super-user-password .....
>> hostname C31657.lb01.ah34c.02.dllstx6
>> ip icmp burst-normal 10000 burst-max 20000 lockup 300
>> ip address 192.168.1.157 255.255.255.224
>> ip default-gateway 192.168.1.129
>> ip dns domain-name test.com
>> ip dns server-address 172.16.202.1
>> logging console
>> username admin password .....
>> username msoadmin password .....
>> username planetadmin password .....
>> snmp-server community ..... ro
>> snmp-server community ..... ro
>> interface e 1
>>  port-name uplink
>> !
>> !
>> !
>> !                                                                 
>> !
>> !
>> !
>> !
>> !
>> !
>> !
>> !
>> !
>> !
>> !
>> !
>> !
>> !
>> !
>> !
>> !
>> !
>> !
>> !
>> !
>> !
>> crypto key generate rsa public_key "1024 37 125194308099841071250436555926596450321291303991847137201761255670814273948527801469006855230983093783843484381307904705056491512315569108084393072171215558314289110067065310514356043575905632795744795676623878341313979966985183225998807211834343834928243446865874411471864701922394019959599994632445575302677 C31657.lb01.ah34c.02.dllstx6 at theplanet.com"
>> !
>> crypto key generate rsa private_key "*************************"
>>
>> !
>> end
>> _______________________________________________
>> foundry-nsp mailing list
>> foundry-nsp at puck.nether.net
>> http://puck.nether.net/mailman/listinfo/foundry-nsp
> 
> 




More information about the foundry-nsp mailing list