[f-nsp] serverionXL Drops and Unsuccessful
Raja Subramanian
rajasuperman at gmail.com
Fri Apr 25 04:15:59 EDT 2008
On Thu, Apr 24, 2008 at 12:59 PM, Rudy Setiawan <rudal at online.rudal.com> wrote:
> I cant seem to make the serverironXL to load balance or even redirect traffic.
When remote clients access the VIP, the return traffic from the servers must
also pass through the SI.
Look at it from the firewall's perspective -- your firewall is sending forward
traffic to the SI VIP, but the reply comes directly from the server to the
firewall. This confuses the firewall and it drops the replies. Running a
packet capture on the servers will clear things up.
You can force the return traffic through the SI in the following ways:
1. Connect the servers directly to the SI
2. Use the SI as the default gateway for the servers
3. Use source/reverse/dynamic nat -- warning servers see SI as source
for all incoming connections!
The SI Configuration Guide (pdf) has many examples that you can use.
- Raja
More information about the foundry-nsp
mailing list