Mailing List Archive

On 01/12/2004, at 9:34 PM, Timothy Arnold wrote:

> I have one Serveriron XL but I need it to provide load balancing
> functions for multiple VLANs - i.e. multiple logical Serveriron's in
> one
> physical unit - will it work?
>
> Also, all the Serveriron's that I have deployed, I typically have an
> 'outside' network where incoming clients connect from and a 'webserver'
> network where all the physical servers sit. Is it possible to have a
> one-arm configuration where clients will connect to 10.0.0.10 for
> example, which load balances web servers running on IPs 10.0.0.30 and
> 10.0.0.40 ?


Hi.

If you run your ServerIrons in layer 3 mode (i.e. "ip forward") you can
do exactly what you've outlined above. Setup a vlan for your client
side and multiple vlans as server networks. For each vlan configure a
VE and allocate a layer 3 segment. Have all your VIPs live in the
"client vlan" address block.

For direct access to the real servers, have static routes for the
"server vlan" address blocks on your core router pointing to the SI's
"client vlan" VE address. And, as I mentioned, make sure "ip forward"
is turned on - just went through this with a mate and it worked much
better when the box was told to route :-) [Hi Michael ;-]


David
...

>And, as I mentioned,
> make sure "ip forward"
> is turned on - just went through this with a mate and it worked much
> better when the box was told to route :-) [Hi Michael ;-]

Haha!! - DEFINITELY make sure you have "ip forward" enabled!! (Spent
nearly 2 days trying to work out why traffic would get to the SI, but
not "forward!" to my reals!

Thanks again David!

MB

Is it possible to do this in L2 mode at all?


em


-----Original Message-----
From: foundry-nsp-bounces@puck.nether.net
[mailto:foundry-nsp-bounces@puck.nether.net] On Behalf Of Michael
Bellears
Sent: Thursday, 2 December 2004 12:29 PM
To: David J. Hughes; Timothy Arnold
Cc: foundry-nsp@puck.nether.net
Subject: RE: [f-nsp] One Serveriron XL, multiple VLANs

>And, as I mentioned,
> make sure "ip forward"
> is turned on - just went through this with a mate and it worked much
> better when the box was told to route :-) [Hi Michael ;-]

Haha!! - DEFINITELY make sure you have "ip forward" enabled!! (Spent
nearly 2 days trying to work out why traffic would get to the SI, but
not "forward!" to my reals!

Thanks again David!

MB

_______________________________________________
foundry-nsp mailing list
foundry-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp

This e-mail has been scanned for viruses by Hostworks Message Scanning
Services - powered by MessageLabs. For further information contact
Hostworks on 1300 30 4848.

Sorry, all my SI experience is in layer 3 configurations. Guess I'm a
routing kinda guy ;-)


David
...


On 02/12/2004, at 1:34 PM, Emilia Lambros wrote:

> Is it possible to do this in L2 mode at all?
>
>
> em
>
>
> -----Original Message-----
> From: foundry-nsp-bounces@puck.nether.net
> [mailto:foundry-nsp-bounces@puck.nether.net] On Behalf Of Michael
> Bellears
> Sent: Thursday, 2 December 2004 12:29 PM
> To: David J. Hughes; Timothy Arnold
> Cc: foundry-nsp@puck.nether.net
> Subject: RE: [f-nsp] One Serveriron XL, multiple VLANs
>
>> And, as I mentioned,
>> make sure "ip forward"
>> is turned on - just went through this with a mate and it worked much
>> better when the box was told to route :-) [Hi Michael ;-]
>
> Haha!! - DEFINITELY make sure you have "ip forward" enabled!! (Spent
> nearly 2 days trying to work out why traffic would get to the SI, but
> not "forward!" to my reals!
>
> Thanks again David!
>
> MB
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>
> This e-mail has been scanned for viruses by Hostworks Message Scanning
> Services - powered by MessageLabs. For further information contact
> Hostworks on 1300 30 4848.
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>

This will work as L2 as well, but you would need to multinet the
upstream router or use a source-ip as the def-gw. This gets tricky in
a HA config, so multinetting is usually the easiest


On Thu, 2 Dec 2004 15:04:35 +1000, David J. Hughes <bambi@hughes.com.au> wrote:
>
> Sorry, all my SI experience is in layer 3 configurations. Guess I'm a
> routing kinda guy ;-)
>
> David
> ...
>
>
>
>
> On 02/12/2004, at 1:34 PM, Emilia Lambros wrote:
>
> > Is it possible to do this in L2 mode at all?
> >
> >
> > em
> >
> >
> > -----Original Message-----
> > From: foundry-nsp-bounces@puck.nether.net
> > [mailto:foundry-nsp-bounces@puck.nether.net] On Behalf Of Michael
> > Bellears
> > Sent: Thursday, 2 December 2004 12:29 PM
> > To: David J. Hughes; Timothy Arnold
> > Cc: foundry-nsp@puck.nether.net
> > Subject: RE: [f-nsp] One Serveriron XL, multiple VLANs
> >
> >> And, as I mentioned,
> >> make sure "ip forward"
> >> is turned on - just went through this with a mate and it worked much
> >> better when the box was told to route :-) [Hi Michael ;-]
> >
> > Haha!! - DEFINITELY make sure you have "ip forward" enabled!! (Spent
> > nearly 2 days trying to work out why traffic would get to the SI, but
> > not "forward!" to my reals!
> >
> > Thanks again David!
> >
> > MB
> >
> > _______________________________________________
> > foundry-nsp mailing list
> > foundry-nsp@puck.nether.net
> > http://puck.nether.net/mailman/listinfo/foundry-nsp
> >
> > This e-mail has been scanned for viruses by Hostworks Message Scanning
> > Services - powered by MessageLabs. For further information contact
> > Hostworks on 1300 30 4848.
> >
> > _______________________________________________
> > foundry-nsp mailing list
> > foundry-nsp@puck.nether.net
> > http://puck.nether.net/mailman/listinfo/foundry-nsp
> >
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


You can do this at L2 as well.
given the SIXL is in subnet 10.10.100.0/24
to add a second subnet add the following to global config.

server source-ip <network address> <subnet mask> <gateway address>

There is more information about this at:

http://www.foundrynet.com/services/documentation/siug/ServerIron_Server_Load_Balancing.html
Source IP Address

In addition to the ServerIron?s management IP address, you can add up to
eight additional IP addresses and gateways to the ServerIron. The
additional IP addresses allow you to deploy the ServerIron in multinetted
environments, including the following examples:

Hope this helps.

(and it does work in HA mode).

> Hi Foundry Guru's!
>
> I know the Serveriron's is the kitchen sink and I am sure it can do this
> but I just want to check! :)
>
> I have one Serveriron XL but I need it to provide load balancing
> functions for multiple VLANs - i.e. multiple logical Serveriron's in one
> physical unit - will it work?
>
> Also, all the Serveriron's that I have deployed, I typically have an
> 'outside' network where incoming clients connect from and a 'webserver'
> network where all the physical servers sit. Is it possible to have a
> one-arm configuration where clients will connect to 10.0.0.10 for
> example, which load balances web servers running on IPs 10.0.0.30 and
> 10.0.0.40 ?
>
> Any suggestions are welcomed!
>
> Cheers
> Tim
>
> PS: Does anyone know of a unix dictionary that actually contains
> technical words so I don't have to keep clicking 'learn word' :)
>
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>


- --
Jamie Dahl

"Thousands of tired, nerve-shaken, over-civilized people are beginning to
find out that going to the mountains is going home; that wilderness is a
necessity; and that mountain parks and reservations are useful not only as
fountains of timber and irrigating rivers, but as fountains of life."
- --John Muir


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBrucfaIZV5vH5ONURAuokAKCn6D7VtX7DJL04CbpN1gH4m8gkHQCfTz39
+P7W6M3Y+bGbeLV9W2YRCLE=
=+VDl
-----END PGP SIGNATURE-----

Thanks to everyone who has replied. I think I might need to describe the
configuration a little better as it is a little more complicated!

At present, I have two Cisco PIX firewalls, on ethernet1 (the inside
interface) I have:

PIX1 - 10.0.10.1/24
PIX2 - 10.0.20.1/24

These PIXs connect into a 3COM switch and I tag up the ports with VLAN10
and VLAN20 respectively.

On each network, I have a number of servers. In VLAN10 I would like to
use the ServerIron to load balance my mail servers. These have the IP
addresses 10.0.10.100 and 10.0.10.101

The load balanced IP address should be 10.0.10.10

In VLAN20 I have my web servers and would like to load balance. These
have the IP addresses 10.0.20.200 and 10.0.20.201

The load balanced IP should be 10.0.20.20

There is no requirement for the two VLANs to see each other. However, I
want to use the ServerIron to do both load balancing. I.e. a physical
ServerIron split into two logical ServerIrons.

I am unsure how this would work! Two questions:

1. If a client request hits, 10.0.10.10, it will send the request to
10.0.10.100 for example - does it send the client IP or will I need to
do some kind of NAT to ensure the reply is sent back to the ServerIron?

2. How does the default route work if I try to separate the ServerIron
into two VLANs? If a request is made for 10.0.20.20, I need it to be
sent back via 10.0.20.1 (even if it is an external IP address!). I guess
I need some source based routing?

I hope I have made myself clear! Feel free to give any comments (good or
bad!)

Thanks
Tim














On Wed, 2004-12-01 at 21:12 -0800, Mike Allen wrote:
> This will work as L2 as well, but you would need to multinet the
> upstream router or use a source-ip as the def-gw. This gets tricky in
> a HA config, so multinetting is usually the easiest
>
>
> On Thu, 2 Dec 2004 15:04:35 +1000, David J. Hughes <bambi@hughes.com.au> wrote:
> >
> > Sorry, all my SI experience is in layer 3 configurations. Guess I'm a
> > routing kinda guy ;-)
> >
> > David
> > ...
> >
> >
> >
> >
> > On 02/12/2004, at 1:34 PM, Emilia Lambros wrote:
> >
> > > Is it possible to do this in L2 mode at all?
> > >
> > >
> > > em
> > >
> > >
> > > -----Original Message-----
> > > From: foundry-nsp-bounces@puck.nether.net
> > > [mailto:foundry-nsp-bounces@puck.nether.net] On Behalf Of Michael
> > > Bellears
> > > Sent: Thursday, 2 December 2004 12:29 PM
> > > To: David J. Hughes; Timothy Arnold
> > > Cc: foundry-nsp@puck.nether.net
> > > Subject: RE: [f-nsp] One Serveriron XL, multiple VLANs
> > >
> > >> And, as I mentioned,
> > >> make sure "ip forward"
> > >> is turned on - just went through this with a mate and it worked much
> > >> better when the box was told to route :-) [Hi Michael ;-]
> > >
> > > Haha!! - DEFINITELY make sure you have "ip forward" enabled!! (Spent
> > > nearly 2 days trying to work out why traffic would get to the SI, but
> > > not "forward!" to my reals!
> > >
> > > Thanks again David!
> > >
> > > MB
> > >
> > > _______________________________________________
> > > foundry-nsp mailing list
> > > foundry-nsp@puck.nether.net
> > > http://puck.nether.net/mailman/listinfo/foundry-nsp
> > >
> > > This e-mail has been scanned for viruses by Hostworks Message Scanning
> > > Services - powered by MessageLabs. For further information contact
> > > Hostworks on 1300 30 4848.
> > >
> > > _______________________________________________
> > > foundry-nsp mailing list
> > > foundry-nsp@puck.nether.net
> > > http://puck.nether.net/mailman/listinfo/foundry-nsp
> > >
> >
> > _______________________________________________
> > foundry-nsp mailing list
> > foundry-nsp@puck.nether.net
> > http://puck.nether.net/mailman/listinfo/foundry-nsp
> >
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp