[f-nsp] Foundry ServerIron - source-nat

Jamie Dahl jamied at meatball.net
Fri Nov 2 19:10:53 EDT 2007


So I looked at your configuration, and the source-ip you have configured
and your system IP address are duplicated, that's not a good thing.
>>
ip address 192.168.1.157 255.255.255.224
ip default-gateway 192.168.1.129

server source-ip 192.168.1.157 255.255.255.224 0.0.0.0
>>
so you can drop that first server source-ip command.

It looks like you have many subnets out of both 192.168.1.x and
192.168.2.x range; you will need to add a source-ip for each subnet,
otherwise your load balancer will not be able to reach those machines (for
healthcheck or LB traffic) as the  Load balancer needs to be "local" *same
subnet/vlan/etc..* as the servers they send traffic to.

Also if the load balancer is not being used as a gateway device for those
subnets then dont put 0.0.0.0 as the last option, but use the actual
gateway configured on your router. SO..I'll use an example of the existing
one that you have..

it should be:
server source-ip 192.168.1.157 255.255.255.224 192.168.1.157
not
server source-ip 192.168.1.157 255.255.255.224 0.0.0.0

(this will mostly make a difference if you introduce either a firewall or
VLAN structure into your network), but better to do it and not need it,
then to be scratching your head later when the network architecture gets
changed on you.


Make those changes and let us know if you have any issues.
also that's an SIXL, so I'm not entirely sure there's a 9.x or a 10.x code
train for those as those are EOL..







On Thu, November 1, 2007 09:00, Gaurav Sabharwal wrote:
> Hi,
>
> We have a ServerIron XL Load Balancer on which we do SLB for mysql and
> http. We have source-nat enabled. In order to get the client IP address
> in the log file for statistics, etc. I wanted to disable the source-nat
> for one particular VIP compromising of two real servers.
>
> After disabling the source-nat from the real servers, the traffic to the
> real server stops. Below is the relevant configuration.
>
> server real server1.test.com 192.168.254.2
>   port http
>   port http url "HEAD /"
> !
> server real server2.test.com 192.168.254.3
>   port http
>   port http url "HEAD /"
> !
> server virtual www.test.com 192.168.254.1
>   predictor least-conn
>   port http sticky
>   bind http server1.test.com http server2.test.com http
>
> The configuration works fine if I add the source-nat command to the real
> servers. global source-nat is not enabled.
>
> #sh ver
>   SW: Version 07.3.05T12 Copyright (c) 1996-2002 Foundry Networks, Inc.
>       Compiled on Jul 18 2002 at 17:20:18 labeled as SLB07305
>   HW: ServerIron Switch, serial number 157b24
>   400 MHz Power PC processor 740 (revision 8) with 32756K bytes of DRAM
>     8 100BaseT interfaces with Level 1 Transceiver LXT975
>     0  uplink interfaces
>   256 KB PRAM and 8*2048 CAM entries for DMA 2, version 0807
>   128 KB boot flash memory
> 4096 KB code flash memory
> 2048 KB BRAM, BM version 02
>   128 KB QRAM
>   512 KB SRAM
> Octal System, Maximum Code Image Size Supported: 1965568 (0x001dfe00)
> The system uptime is 1 hours 19 minutes 50 seconds
> The system : started=warm start   reloaded=by "reload"
>
> Thanks,
> - Gaurav
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>


-- 
Jamie Dahl

"Thousands of tired, nerve-shaken, over-civilized people are beginning to
find out that going to the mountains is going home; that wilderness is a
necessity; and that mountain parks and reservations are useful not only as
fountains of timber and irrigating rivers, but as fountains of life."
--John Muir

"We must remember the First Amendment which protects any shrill jackass no
matter how self-seeking" -- F. G. Withington

"The Mountains are calling so I must go" --John Muir






More information about the foundry-nsp mailing list