<HTML><BODY style="word-wrap: break-word; -khtml-nbsp-mode: space; -khtml-line-break: after-white-space; "><DIV>Hi,</DIV><DIV><BR class="khtml-block-placeholder"></DIV>I think even different vlans will not solve the problem,<DIV>you will send a packet with the source of one smtp server and destination IP VIP to the SiXL. </DIV><DIV>The SiXL will rewirte the destination Address based on the loadbalancing algorithm and send out the packet to one of the real servers bound to the VIP. </DIV><DIV>The Server will recieve a packet with source IP of the original requesting server and his own address as destination. </DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Since both servers (requesting real server and target real server) are in the same IP network and vlan, the answer will be send to the requesting real server directly.<DIV><BR class="khtml-block-placeholder"></DIV><DIV>Since it is also most likely that the requesting server will recieve his own request via the VIP i think the only option is to use source NAT to ensure that traffic is always send back to the sixl. Maybe you can also put NAT in place so that the request is first translated into a "external" Address before it hits the VIP - but i would not recommend such a setup. I used to work with (if required even conditional) smtp routes on server side if possible - but this also depends on the software you use ;-) </DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Nils </DIV><DIV><BR><DIV><DIV>On Jan 22, 2007, at 8:00 PM, Ryan DeBerry wrote:</DIV><BR class="Apple-interchange-newline"><BLOCKQUOTE type="cite">What is the vlan configuration like? You only have one VE?<BR><BR><DIV><SPAN class="gmail_quote">On 1/22/07, <B class="gmail_sendername"><A href="http://news.gmane.org">news.gmane.org</A></B> <<A href="mailto:matthew.kirkland@uk.clara.net"> matthew.kirkland@uk.clara.net</A>> wrote:</SPAN><BLOCKQUOTE class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hello<BR><BR>I am having an issue with a load balancer config whereby the real <BR>servers (smtp servers) cannot access the VIP that they are part of.<BR><BR>The servers are able to ping the VIP but any connections to port 25 are<BR>timed out.<BR><BR>The load balancer is running ip forwarding, with the VIP range and real <BR>server range on the same VE.<BR><BR>Enabling "server source-nat" resolves this , but makes all the<BR>connections on the servers appear to come from the load balancer alone.<BR><BR>I need the real servers to be able to contact the VIP without <BR>translation taking place.<BR><BR>Does anyone know a solution to this problem ?<BR><BR>Thanks<BR>Matthew Kirkland<BR>Claranet Network Engineering<BR><BR>_______________________________________________<BR>foundry-nsp mailing list <BR><A href="mailto:foundry-nsp@puck.nether.net">foundry-nsp@puck.nether.net</A><BR><A href="http://puck.nether.net/mailman/listinfo/foundry-nsp">http://puck.nether.net/mailman/listinfo/foundry-nsp</A><BR></BLOCKQUOTE></DIV> <BR><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">_______________________________________________</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">foundry-nsp mailing list</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><A href="mailto:foundry-nsp@puck.nether.net">foundry-nsp@puck.nether.net</A></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><A href="http://puck.nether.net/mailman/listinfo/foundry-nsp">http://puck.nether.net/mailman/listinfo/foundry-nsp</A></DIV> </BLOCKQUOTE></DIV><BR></DIV></DIV></BODY></HTML>