[f-nsp] Serveriron VLAN question

Oliver Adam oadam at madao.de
Thu Jul 31 10:46:28 EDT 2008


This is a bit of a problem - you are running L2 / 
switching code. There is a single gateway only 
running this code. The PREM Version of the 
software is able to do real routing and it is 
able to handle static routes, a default gateway 
and a lot more. Layer 2 code does not have these 
feature. Your default gateway is pointing into 
the direction of the management network and it is 
therefore not able to route back to the clients - this is a bit of a problem.

There is not nice solution for this. All you 
could try is to have the ServerIron inline and to 
have the real servers to point to an upstream gateway behind the ServerIron:

Internet ---- Router .1 ServerIron ---- real servers (gateway: Router)

This might work.

Or you could try to use the command:

ip alternative-default-gateway a.b.c.d e.f.g.h i.j.k.l

This is something like a static route you can 
configure using L2 code. I would suggest to use 
this "static route" to point to the management 
network and to use the default gateway to point 
to the internet. This might work. It is not 
documented - untested as far as I know. Please 
check with you local Foundry SE / Foundry TAC to get some more details.

R, Oliver

At 17:07 29.07.2008, Joffrey Agoutin wrote:
>Hello,
>
>I also have the exact same problem with my 2 SI 
>4G. I'm unable to setup SLB with V-IP on a VLAN 
>different than the management VLAN.
>It's quite normal as we cannot define the SI's 
>gateway, except for the management VLAN.
>
>Does anyone found a way to do it ?
>Any help would be very appreciated.
>
>@Jeff: have you succeeded in your setup ?
>
>Thank you.
>Best reagards,
>
>Joffrey Agoutin
>
>-----Message d'origine-----
>De : foundry-nsp-bounces at puck.nether.net 
>[mailto:foundry-nsp-bounces at puck.nether.net] De la part de Jeff
>Envoyé : samedi 5 avril 2008 21:13
>À : foundry-nsp at puck.nether.net
>Objet : [f-nsp] Serveriron VLAN question
>
>
>Hello,
>
>We're currently experimenting with a SI 4G as a replacement for another
>vendor's SLB box.
>
>The unit I have does not have a PREM license.
>
>I believe the configuration is fairly simple. The 4 ports on the SI are
>split into 2 LACP groups. One LACP group goes to our L3 switch handling
>routing for the server farm, the other LACP group connects to an L2
>switch which serves a VMware cluster where the servers are located. The
>links are tagged, with several VLANs passing traffic through the SI to
>the server farm.
>
>We have been able to successfully configure SLB for serveral servers
>located on the same VLAN as the management interface of the SI.
>
>My problem/question is that if the SI's management interface is on the
>VLAN tagged 80, how can I have it also do SLB for hosts on (say) VLAN 7?
>I can see how that would be done with the PREM license by using the SI
>as a L3 router, but is there a way to accomplish this without
>configuring the SI as a router? The docs are kind of sparse in that area
>and I don't see any way to tell the SI what VLAN a particular server
>(real or virtual) is on, which makes me think that it's not possible,
>but I'm hoping I'm incorrect..
>
>I'd also like to avoid source nat, if I can help it.
>
>Thanks..
>
>Here's a snip of the current config on the box in our lab, if it helps.
>
>vlan 80 carries 10.1.163.224/27
>vlan 7 carries 10.1.163.64/27
>vlan 80 has the management interface for the SI
>
>ver 10.2.01TI2
>!
>server force-delete
>server reassign-threshold 200
>no server no-reassign-count
>server l7-dont-use-gateway-mac
>server source-ip 10.1.163.253 255.255.255.224 10.1.163.225
>server router-ports ethernet 1
>server router-ports ethernet 2
>!
>context default
>!
>server real wc4 10.1.163.230
>   port http
>   port http url "HEAD /"
>!
>server real wc5 10.1.163.231
>   port http
>   port http url "HEAD /"
>!
>server real ns1a 10.1.163.67
>   source-nat
>   source-ip 10.1.163.253
>   port dns
>   port dns l4-check-only
>!
>server real ns1b 10.1.163.68
>   port dns
>!
>!
>server virtual testwww 10.1.163.252
>   port http
>   bind http wc4 http wc5 http
>!
>server virtual testdns 10.1.163.70
>   predictor response-time
>   port dns
>   bind dns ns1a dns ns1b dns
>!
>
>source-ip-debug
>
>
>source-ip-log
>
>vlan 1 name DEFAULT-VLAN by port
>!
>vlan 7 name DNS by port
>   tagged ethe 1 to 4
>!
>vlan 80 name WEB by port
>   tagged ethe 1 to 4
>   no spanning-tree
>   management-vlan
>   default-gateway  10.1.163.225 1
>!
>
>ip address 10.1.163.226 255.255.255.224
>!
>interface ethernet 1
>   link-aggregate active
>!
>interface ethernet 2
>   link-aggregate active
>!
>interface ethernet 3
>   link-aggregate active
>!
>interface ethernet 4
>   link-aggregate active
>!
>
>Jeff
>_______________________________________________
>foundry-nsp mailing list
>foundry-nsp at puck.nether.net
>http://puck.nether.net/mailman/listinfo/foundry-nsp
>_______________________________________________
>foundry-nsp mailing list
>foundry-nsp at puck.nether.net
>http://puck.nether.net/mailman/listinfo/foundry-nsp





More information about the foundry-nsp mailing list