[f-nsp] Serveriron VLAN question

Oliver Adam oadam at madao.de
Sun Aug 3 12:14:39 EDT 2008 

This is true - you need a source-ip in every subnet you would like to 
have servers in. On top of that you have to think about the way you 
are going to route traffic to the clients. You can use

A. a default gateway at the ServerIron pointing to the client 
(internet) and the mgmt networks (internal) - this is very simple and 
source-nat would help to get the traffic back to the ServerIron which 
is able to route everything to its default gateway.

B. reading the stuff below I have the feeling there are multiple 
gateways involved. One pointing to the client and one pointing to the 
mgmt networks and source-nat is not wanted at all. The only thing 
which might help here (undocumented and untested):

"ip alternative-default-gateway..."

This is simulating static routes using L3 code.

R, Oliver

At 02:27 03.08.2008, Alex Blauvelt wrote:
>Jeff-
>
>In my experience, you need to configure a source-ip for the L4 box to
>use in the second vlan.   Every secondary network that doesn't match
>the box's management subnet, must have a source-ip configured that is
>in that secondary subnet.
>
>I see you've got one that lives in 10.1.163.224/27, but you'll need
>another one that lives in 10.1.163.64/27.  If you don't, the
>serveriron will not be able to figure out how to ARP out for those
>servers.
>
>-Alex
>
>
>On Apr 5, 2008, at 3:13 PM, Jeff wrote:
>
>>
>>Hello,
>>
>>We're currently experimenting with a SI 4G as a replacement for
>>another
>>vendor's SLB box.
>>
>>The unit I have does not have a PREM license.
>>
>>I believe the configuration is fairly simple. The 4 ports on the SI
>>are
>>split into 2 LACP groups. One LACP group goes to our L3 switch
>>handling
>>routing for the server farm, the other LACP group connects to an L2
>>switch which serves a VMware cluster where the servers are located.
>>The
>>links are tagged, with several VLANs passing traffic through the SI to
>>the server farm.
>>
>>We have been able to successfully configure SLB for serveral servers
>>located on the same VLAN as the management interface of the SI.
>>
>>My problem/question is that if the SI's management interface is on the
>>VLAN tagged 80, how can I have it also do SLB for hosts on (say)
>>VLAN 7?
>>I can see how that would be done with the PREM license by using the SI
>>as a L3 router, but is there a way to accomplish this without
>>configuring the SI as a router? The docs are kind of sparse in that
>>area
>>and I don't see any way to tell the SI what VLAN a particular server
>>(real or virtual) is on, which makes me think that it's not possible,
>>but I'm hoping I'm incorrect..
>>
>>I'd also like to avoid source nat, if I can help it.
>>
>>Thanks..
>>
>>Here's a snip of the current config on the box in our lab, if it
>>helps.
>>
>>vlan 80 carries 10.1.163.224/27
>>vlan 7 carries 10.1.163.64/27
>>vlan 80 has the management interface for the SI
>>
>>ver 10.2.01TI2
>>!
>>server force-delete
>>server reassign-threshold 200
>>no server no-reassign-count
>>server l7-dont-use-gateway-mac
>>server source-ip 10.1.163.253 255.255.255.224 10.1.163.225
>>server router-ports ethernet 1
>>server router-ports ethernet 2
>>!
>>context default
>>!
>>server real wc4 10.1.163.230
>>  port http
>>  port http url "HEAD /"
>>!
>>server real wc5 10.1.163.231
>>  port http
>>  port http url "HEAD /"
>>!
>>server real ns1a 10.1.163.67
>>  source-nat
>>  source-ip 10.1.163.253
>>  port dns
>>  port dns l4-check-only
>>!
>>server real ns1b 10.1.163.68
>>  port dns
>>!
>>!
>>server virtual testwww 10.1.163.252
>>  port http
>>  bind http wc4 http wc5 http
>>!
>>server virtual testdns 10.1.163.70
>>  predictor response-time
>>  port dns
>>  bind dns ns1a dns ns1b dns
>>!
>>
>>source-ip-debug
>>
>>
>>source-ip-log
>>
>>vlan 1 name DEFAULT-VLAN by port
>>!
>>vlan 7 name DNS by port
>>  tagged ethe 1 to 4
>>!
>>vlan 80 name WEB by port
>>  tagged ethe 1 to 4
>>  no spanning-tree
>>  management-vlan
>>  default-gateway  10.1.163.225 1
>>!
>>
>>ip address 10.1.163.226 255.255.255.224
>>!
>>interface ethernet 1
>>  link-aggregate active
>>!
>>interface ethernet 2
>>  link-aggregate active
>>!
>>interface ethernet 3
>>  link-aggregate active
>>!
>>interface ethernet 4
>>  link-aggregate active
>>!
>>
>>Jeff
>>_______________________________________________
>>foundry-nsp mailing list
>>foundry-nsp at puck.nether.net
>>http://puck.nether.net/mailman/listinfo/foundry-nsp
>
>_______________________________________________
>foundry-nsp mailing list
>foundry-nsp at puck.nether.net
>http://puck.nether.net/mailman/listinfo/foundry-nsp

More information about the foundry-nsp mailing list