[f-nsp] Serveriron VLAN question

Jeff fnsp at hvnc.net
Sat Apr 5 15:13:12 EDT 2008


Hello,

We're currently experimenting with a SI 4G as a replacement for another 
vendor's SLB box.

The unit I have does not have a PREM license.

I believe the configuration is fairly simple. The 4 ports on the SI are 
split into 2 LACP groups. One LACP group goes to our L3 switch handling 
routing for the server farm, the other LACP group connects to an L2 
switch which serves a VMware cluster where the servers are located. The 
links are tagged, with several VLANs passing traffic through the SI to 
the server farm.

We have been able to successfully configure SLB for serveral servers 
located on the same VLAN as the management interface of the SI.

My problem/question is that if the SI's management interface is on the 
VLAN tagged 80, how can I have it also do SLB for hosts on (say) VLAN 7? 
I can see how that would be done with the PREM license by using the SI 
as a L3 router, but is there a way to accomplish this without 
configuring the SI as a router? The docs are kind of sparse in that area 
and I don't see any way to tell the SI what VLAN a particular server 
(real or virtual) is on, which makes me think that it's not possible, 
but I'm hoping I'm incorrect..

I'd also like to avoid source nat, if I can help it.

Thanks..

Here's a snip of the current config on the box in our lab, if it helps.

vlan 80 carries 10.1.163.224/27
vlan 7 carries 10.1.163.64/27
vlan 80 has the management interface for the SI

ver 10.2.01TI2
!
server force-delete
server reassign-threshold 200
no server no-reassign-count
server l7-dont-use-gateway-mac
server source-ip 10.1.163.253 255.255.255.224 10.1.163.225
server router-ports ethernet 1
server router-ports ethernet 2
!
context default
!
server real wc4 10.1.163.230
  port http
  port http url "HEAD /"
!
server real wc5 10.1.163.231
  port http
  port http url "HEAD /"
!
server real ns1a 10.1.163.67
  source-nat
  source-ip 10.1.163.253
  port dns
  port dns l4-check-only
!
server real ns1b 10.1.163.68
  port dns
!
!
server virtual testwww 10.1.163.252
  port http
  bind http wc4 http wc5 http
!
server virtual testdns 10.1.163.70
  predictor response-time
  port dns
  bind dns ns1a dns ns1b dns
!

source-ip-debug


source-ip-log

vlan 1 name DEFAULT-VLAN by port
!
vlan 7 name DNS by port
  tagged ethe 1 to 4
!
vlan 80 name WEB by port
  tagged ethe 1 to 4
  no spanning-tree
  management-vlan
  default-gateway  10.1.163.225 1
!

ip address 10.1.163.226 255.255.255.224
!
interface ethernet 1
  link-aggregate active
!
interface ethernet 2
  link-aggregate active
!
interface ethernet 3
  link-aggregate active
!
interface ethernet 4
  link-aggregate active
!

Jeff



More information about the foundry-nsp mailing list