[f-nsp] LB fails when source-nat is disabled
Brad Volz
bradv at curmudgeon.net
Mon Dec 22 16:30:33 EST 2008
Hello Gaurav,
I don't know if any of this will help, but when I was looking over
your configuration I had a few questions. First of all, I assume that
the ServerIron is in layer-2 mode, and that there is only a single
vlan - vlan1 in which everything resides ( real & virtual servers and
default gateway ). With that in mind, my questions were:
a/ for the real/virtual servers in the 74.53.217.x subnet, how do
these hosts reach the default gateway (50.1.1.129) ?
b/ for everything that is in the 50.1.1.x subnet, would it not be
correct for the ServerIron to send each of the real-servers an ICMP
redirect to its default-gateway ( which is on the same subnet as the
real-servers themselves ) ? If this were the case, then the
ServerIron would never see the return path traffic from the real-
servers.
Good luck in finding the issue.
Brad
On Dec 22, 2008, at 6:37 AM, Gaurav Sabharwal wrote:
> Hi Mischa,
>
> Thanks for the reply. The config. is attached. All servers point to
> the LB as the default router.
>
> I will try to upgrade later in the evening today.
>
> Thanks,
> Gaurav
> On Mon, Dec 22, 2008 at 9:24 AM, Mischa Peters <foundry at high5.nl>
> wrote:
>> Hi Gaurav,
>>
>> Do you have a network setup and config for us?
>> One other suggestion, see if you can upgrade to 7.4.01m.
>>
>> Mischa
>>
>>
>>> Hi,
>>>
>>> Yes. The traffic is routed via the ServerIron.
>>>
>>> Thanks,
>>> Gaurav
>>>
>>> On Dec 22, 2008 9:09am, Wouter Prins <wp at null0.nl> wrote:
>>>> Hi Guarav,
>>>>
>>>>
>>>>
>>>> Are the flows send from the server to the client going through the
>>>>
>>>> ServerIron somehow?
>>>>
>>>>
>>>>
>>>> 2008/12/22 Gaurav Sabharwal gaurav.k.sabharwal at googlemail.com>:
>>>>
>>>>> Some time ago, we had to enable source-nat on the LB. Now we are
>>>>
>>>>> trying to disable source-nat on the LB. When we disable the
>>>>> source-nat
>>>>
>>>>> on the load balancer, the VIP does not responds to the HTTP
>>>>
>>>>> connections.
>>>>
>>>>>
>>>>
>>>>> tcpdump on the server confirms that the packets are reaching the
>>>>
>>>>> server and are being sent back. However nothing reaches the web
>>>>
>>>>> browser.
>>>>
>>>>>
>>>>
>>>>> show version output:
>>>>
>>>>>
>>>>
>>>>> SW: Version 07.3.05T12 Copyright (c) 1996-2002 Foundry Networks,
>>>>> Inc.
>>>>
>>>>> Compiled on Jul 18 2002 at 17:20:18 labeled as SLB07305
>>>>
>>>>> HW: ServerIron Switch, serial number 157b24
>>>>
>>>>> 400 MHz Power PC processor 740 (revision 8) with 32756K bytes of
>>>>> DRAM
>>>>
>>>>> 8 100BaseT interfaces with Level 1 Transceiver LXT975
>>>>
>>>>> 0 uplink interfaces
>>>>
>>>>> 256 KB PRAM and 8*2048 CAM entries for DMA 2, version 0807
>>>>
>>>>> 128 KB boot flash memory
>>>>
>>>>> 4096 KB code flash memory
>>>>
>>>>> 2048 KB BRAM, BM version 02
>>>>
>>>>> 128 KB QRAM
>>>>
>>>>> 512 KB SRAM
>>>>
>>>>> Octal System, Maximum Code Image Size Supported: 1965568
>>>>> (0x001dfe00)
>>>>
>>>>> The system uptime is 2 days 21 hours 28 minutes 32 seconds
>>>>
>>>>> The system : started=warm start reloaded=by "reload"
>>>>
>>>>>
>>>>
>>>>> The configuration is attached. Any help is highly appreciated.
>>>>
>>>>>
>>>>
>>>>> Thanks,
>>>>
>>>>> Gaurav
>>>>
>>>>>
>>>>
>>>>> _______________________________________________
>>>>
>>>>> foundry-nsp mailing list
>>>>
>>>>> foundry-nsp at puck.nether.net
>>>>
>>>>> http://puck.nether.net/mailman/listinfo/foundry-nsp
>>>>
>>>>>
>>>> _______________________________________________
>>> foundry-nsp mailing list
>>> foundry-nsp at puck.nether.net
>>> http://puck.nether.net/mailman/listinfo/foundry-nsp
>>
>>
> <rglb-config.txt>_______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
More information about the foundry-nsp
mailing list