Mailing List Archive

Thanks for the quick response!

> > We are wanting to use the device for load-balancing multiple client
> > co-lo servers (All In different subnets)
> >
> How many ports?

Only the 8 port version. :( - but really liking the features so far!!
(Plus SI's are about a 1/4 of the price of comparable devices)

> Actually, the XL only needs to have an IP in the
> subnet, NOT be the gateway. We have the gateway on the device
> BEFORE the XL, and the server AFTER the XL.
>
> EG:
>
> Fenris.ttsg.com is at a base IP of 216.231.108.205,
> with a netmask of 255.255.255.224, and a default GW of
> 216.231.108.222.
>
> The SIXL before it is
>
> server source-ip 216.231.108.221 255.255.255.224 0.0.0.0
>
> And the SERVER REAL is at 216.231.108.194, with the
> SERVER VIRTUAL is actually 216.231.104.29 (Which is part of
> the base IPs for the SIXL {ip address 216.231.104.1 255.255.255.192})

Ok - from what you have described above(If I'm reading it correctly!),
it appears as though the device in front of the SI(Router?/FW?) Must
have an IP of 216.231.108.222(Web Servers def GW) and also an IP in the
216.231.104.x range (Which would be the SI's def gw?)....i.e. Multiple
subnets on the one device?

The
docco(http://www.foundrynet.com/services/documentation/siug/ServerIron_S
erver_Load_Balancing.html#43893) states you can either have your router
configured with all subnets, or have the SI utilise source IP
addresses+source NAT:

"If you have network topology similar to the example in Figure 6.21, but
you do not want to configure the router with multiple sub-nets, you can
instead enable source NAT and configure a source IP address on the
ServerIron. The source IP address allows the ServerIron to be in
multiple sub-nets, in addition to the sub-net of the ServerIron's
management IP address. Source NAT enables the ServerIron to perform IP
address translation on the source address in packets addressed to the
real servers. When source NAT is enabled, the ServerIron changes the
source address in the IP packets addressed to the real server to the
source IP address configured on the ServerIron. Figure 6.22 shows an
example of the topology shown in Figure 6.21, but in this case the
ServerIron is configured for multiple sub-nets instead of the router."

If I use this scenario (Not have mutliple subnets on the router in front
of the SI), what Def. GW would I be assigning the Real Webservers?(The
source ip defined for that subnet on the SI?) - Or is "best practice" to
have the router in front of the SI multi-homed?

> >
> > If the webservers are not configured with a def gw, how would the
> > clients "manage" there servers (Eg. Would I have to configure ports
> > and bindings for each service that needs to be accessed - RDP, FTP,
> > SSH
> > etc?)
> >
> If they don't have a default gateway, how the HECK do
> they get anywhere?

Hehe...precisely...they can't! That's why I'm asking what def gateway to
give the real servers, as my router is not(presently) multi-homed.

Regards,
MB

Hi,

Just point the real server's default at the layer 3 vlan
interface address (the VE interface). Route the real
server vlan prefix at the serveriron from your core
router(s) and you'll be able to talk to the reals
directly for management etc.


David
...


On 09/10/2004, at 12:46 PM, Michael Bellears wrote:

> Just got a new serveriron xl to replace some old Cisco LD's.
>
> We are wanting to use the device for load-balancing multiple client
> co-lo servers (All In different subnets)
>
>> From the docco, it appears as though the VIP for each site we want to
> loadbalance for, must be contained within the same subnet as the
> management IP?(I was originally going to run a /30 for management, but
> it appears as though I will not be able to?)
>
> If I run a /28 (To allow for multiple VIPs), and then have a source
> IP(In a different subnet) for each clients webserver(Which would also
> have an IP in this different subnet) farm, would each of the clients
> Webservers have a default GW of the Source IP on the serveriron?
>
> If the webservers are not configured with a def gw, how would the
> clients "manage" there servers (Eg. Would I have to configure ports and
> bindings for each service that needs to be accessed - RDP, FTP, SSH
> etc?)
>
> Regards,
> MB
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>

Hi David,

>
> Just point the real server's default at the layer 3 vlan
> interface address (the VE interface). Route the real
> server vlan prefix at the serveriron from your core
> router(s) and you'll be able to talk to the reals directly
> for management etc.

Thanks for the info.

I'm getting the following when attempting to configure the VE Int:

Telnet@ServerIron(config)#int ve 1
Please configure the ve before proceeding further

telnet@ServerIron(config)#ve
ASCII string
telnet@ServerIron(config)#ve 2
telnet@ServerIron(config)#

It appears as though the ServerIron XL does not support Virtual Routing
Interfaces?

I am running ver 07.4.00T12

Regards,
MB

> Thanks for the info.
>
> I'm getting the following when attempting to configure the VE Int:
>
> Telnet@ServerIron(config)#int ve 1
> Please configure the ve before proceeding further
>
> telnet@ServerIron(config)#ve
> ASCII string
> telnet@ServerIron(config)#ve 2
> telnet@ServerIron(config)#
>
> It appears as though the ServerIron XL does not support Virtual Routing
> Interfaces?
>
> I am running ver 07.4.00T12

Do you have a VE defined for your server side vlan - something
like the following?

vlan 178 by port
tagged ethe 1 to 2
router-interface ve 3

I'm on 07.4.00bT12. I'd get off the base 00 release if you
can. Not sure how bad it is on the XL's but on the SI-100's
I think there are 10 bug fix releases since the base
release that cover some huge problems. The "sub" releases
are not made available via the web site. You'll have to ask
the TAC for an image.

Off topic - is it just me or does everyone hate the way sub releases
are not made visible to support customers on the web site? Having
to ring up and ask if there's been any recent bug fix releases is
plain daft imho.


David
...

Yah. No VE's on the XL series. You need to use server source-ip and
ip-subnet vlans like so:

server source-ip 192.168.5.253 255.255.255.0 192.168.5.1
server source-ip 10.0.16.8 255.255.252.0 10.0.16.1

vlan 110 by port
tagged ethe 9 to 10
ip-subnet 192.168.4.0 255.255.255.0
!
vlan 111 by port
tagged ethe 9 to 10
ip-subnet 192.168.5.0 255.255.255.0
!
vlan 112 by port
tagged ethe 9 to 10
ip-subnet 10.0.16.0 255.255.252.0

Vlan 111 has no source-ip as the management ip interface is in that
subnet. You can only have a max of 8 source-ips defined. Basically you
are just giving the SI an ip interface from which to send it's
health-checks. You will also need to configure ip forwarding and
"router interfaces" depending on your topology. I use DSR so do not
need to use the SI as a default router. This has it's own disadvantages
however. I believe I've posted this a little more clearly here before:

http://marc.theaimsgroup.com/?l=foundry-nsp&m=108570138613104&w=2

-----Original Message-----
From: foundry-nsp-bounces@puck.nether.net
[mailto:foundry-nsp-bounces@puck.nether.net] On Behalf Of Michael
Bellears
Sent: Monday, October 11, 2004 8:00 PM
To: David J. Hughes
Cc: foundry-nsp@puck.nether.net
Subject: RE: [f-nsp] Serveriron xl - Def GW for real servers?

Hi David,

>
> Just point the real server's default at the layer 3 vlan
> interface address (the VE interface). Route the real
> server vlan prefix at the serveriron from your core
> router(s) and you'll be able to talk to the reals directly for
> management etc.

Thanks for the info.

I'm getting the following when attempting to configure the VE Int:

Telnet@ServerIron(config)#int ve 1
Please configure the ve before proceeding further

telnet@ServerIron(config)#ve
ASCII string
telnet@ServerIron(config)#ve 2
telnet@ServerIron(config)#

It appears as though the ServerIron XL does not support Virtual Routing
Interfaces?

I am running ver 07.4.00T12

Regards,
MB

_______________________________________________
foundry-nsp mailing list
foundry-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp

On 13/10/2004, at 3:22 AM, Cliff Fogle wrote:

> Yah. No VE's on the XL series. You need to use server source-ip and
> ip-subnet vlans like so:
>

Well, maybe my XL's are special :)
We run FSRP with VE's etc etc etc on all our XL's under
07.4.00bT12. You running a layer 2 only image or
something?



David
...

>
> Yah. No VE's on the XL series. You need to use server
> source-ip and ip-subnet vlans like so:

I thought so too, but David's suggestion works like a charm:

vlan 178 by port
tagged ethe 1 to 2
router-interface ve 3

Following this example, I just setup a test vlan3:

!
vlan 3 by port
untagged ethe 2
router-interface ve 3
!

Then could assign IP address to the ve int:

telnet@ServerIron(config)#in ve 3
telnet@ServerIron(config-vif-3)#ip ad
A.B.C.D IP address

Thanks again David!

Regards,
MB

>
> Thanks again David!
>

Not a prob. Always happy to help out another aussie :)

I've only just joined this list but have had a fair
amount of serveriron experience. I'll certainly chime
in on the list from now on.


David
...

In order to use VE interfaces, you have to turn on IP forwarding. I have
done this on many XLs.

Also, keep in mind when source-nat'ing, you will need to add more than 1
server source-ip if you have more than 65K connections. The XLs only
support 8 server source-ip (major gripe of mine). You can configure
more than 8, but only 8 will work.

Cheers

-Rob



Cliff Fogle wrote:
> Yah. No VE's on the XL series. You need to use server source-ip and
> ip-subnet vlans like so:
>
> server source-ip 192.168.5.253 255.255.255.0 192.168.5.1
> server source-ip 10.0.16.8 255.255.252.0 10.0.16.1
>
> vlan 110 by port
> tagged ethe 9 to 10
> ip-subnet 192.168.4.0 255.255.255.0
> !
> vlan 111 by port
> tagged ethe 9 to 10
> ip-subnet 192.168.5.0 255.255.255.0
> !
> vlan 112 by port
> tagged ethe 9 to 10
> ip-subnet 10.0.16.0 255.255.252.0
>
> Vlan 111 has no source-ip as the management ip interface is in that
> subnet. You can only have a max of 8 source-ips defined. Basically you
> are just giving the SI an ip interface from which to send it's
> health-checks. You will also need to configure ip forwarding and
> "router interfaces" depending on your topology. I use DSR so do not
> need to use the SI as a default router. This has it's own disadvantages
> however. I believe I've posted this a little more clearly here before:
>
> http://marc.theaimsgroup.com/?l=foundry-nsp&m=108570138613104&w=2
>
> -----Original Message-----
> From: foundry-nsp-bounces@puck.nether.net
> [mailto:foundry-nsp-bounces@puck.nether.net] On Behalf Of Michael
> Bellears
> Sent: Monday, October 11, 2004 8:00 PM
> To: David J. Hughes
> Cc: foundry-nsp@puck.nether.net
> Subject: RE: [f-nsp] Serveriron xl - Def GW for real servers?
>
> Hi David,
>
>
>>Just point the real server's default at the layer 3 vlan
>>interface address (the VE interface). Route the real
>>server vlan prefix at the serveriron from your core
>>router(s) and you'll be able to talk to the reals directly for
>>management etc.
>
>
> Thanks for the info.
>
> I'm getting the following when attempting to configure the VE Int:
>
> Telnet@ServerIron(config)#int ve 1
> Please configure the ve before proceeding further
>
> telnet@ServerIron(config)#ve
> ASCII string
> telnet@ServerIron(config)#ve 2
> telnet@ServerIron(config)#
>
> It appears as though the ServerIron XL does not support Virtual Routing
> Interfaces?
>
> I am running ver 07.4.00T12
>
> Regards,
> MB
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>
>
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>

--
This message has been scanned for viruses and
dangerous content, and is believed to be clean.