[f-nsp] Serveriron VLAN question

Alex Blauvelt blauvelta at gmail.com
Sat Aug 2 20:27:13 EDT 2008 

Jeff-

In my experience, you need to configure a source-ip for the L4 box to  
use in the second vlan.   Every secondary network that doesn't match  
the box's management subnet, must have a source-ip configured that is  
in that secondary subnet.

I see you've got one that lives in 10.1.163.224/27, but you'll need  
another one that lives in 10.1.163.64/27.  If you don't, the  
serveriron will not be able to figure out how to ARP out for those  
servers.

-Alex


On Apr 5, 2008, at 3:13 PM, Jeff wrote:

>
> Hello,
>
> We're currently experimenting with a SI 4G as a replacement for  
> another
> vendor's SLB box.
>
> The unit I have does not have a PREM license.
>
> I believe the configuration is fairly simple. The 4 ports on the SI  
> are
> split into 2 LACP groups. One LACP group goes to our L3 switch  
> handling
> routing for the server farm, the other LACP group connects to an L2
> switch which serves a VMware cluster where the servers are located.  
> The
> links are tagged, with several VLANs passing traffic through the SI to
> the server farm.
>
> We have been able to successfully configure SLB for serveral servers
> located on the same VLAN as the management interface of the SI.
>
> My problem/question is that if the SI's management interface is on the
> VLAN tagged 80, how can I have it also do SLB for hosts on (say)  
> VLAN 7?
> I can see how that would be done with the PREM license by using the SI
> as a L3 router, but is there a way to accomplish this without
> configuring the SI as a router? The docs are kind of sparse in that  
> area
> and I don't see any way to tell the SI what VLAN a particular server
> (real or virtual) is on, which makes me think that it's not possible,
> but I'm hoping I'm incorrect..
>
> I'd also like to avoid source nat, if I can help it.
>
> Thanks..
>
> Here's a snip of the current config on the box in our lab, if it  
> helps.
>
> vlan 80 carries 10.1.163.224/27
> vlan 7 carries 10.1.163.64/27
> vlan 80 has the management interface for the SI
>
> ver 10.2.01TI2
> !
> server force-delete
> server reassign-threshold 200
> no server no-reassign-count
> server l7-dont-use-gateway-mac
> server source-ip 10.1.163.253 255.255.255.224 10.1.163.225
> server router-ports ethernet 1
> server router-ports ethernet 2
> !
> context default
> !
> server real wc4 10.1.163.230
>  port http
>  port http url "HEAD /"
> !
> server real wc5 10.1.163.231
>  port http
>  port http url "HEAD /"
> !
> server real ns1a 10.1.163.67
>  source-nat
>  source-ip 10.1.163.253
>  port dns
>  port dns l4-check-only
> !
> server real ns1b 10.1.163.68
>  port dns
> !
> !
> server virtual testwww 10.1.163.252
>  port http
>  bind http wc4 http wc5 http
> !
> server virtual testdns 10.1.163.70
>  predictor response-time
>  port dns
>  bind dns ns1a dns ns1b dns
> !
>
> source-ip-debug
>
>
> source-ip-log
>
> vlan 1 name DEFAULT-VLAN by port
> !
> vlan 7 name DNS by port
>  tagged ethe 1 to 4
> !
> vlan 80 name WEB by port
>  tagged ethe 1 to 4
>  no spanning-tree
>  management-vlan
>  default-gateway  10.1.163.225 1
> !
>
> ip address 10.1.163.226 255.255.255.224
> !
> interface ethernet 1
>  link-aggregate active
> !
> interface ethernet 2
>  link-aggregate active
> !
> interface ethernet 3
>  link-aggregate active
> !
> interface ethernet 4
>  link-aggregate active
> !
>
> Jeff
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp

More information about the foundry-nsp mailing list