Mailing List Archive: ServerIron XL configuration

Hi,

This is the current setup of our foundry ServerIron XL
(version 07.3.04T12)
---------------------------
server source-ip 192.168.101.1 255.255.255.0 0.0.0.0
server real web1 192.168.101.101
port 8080
server real web2 192.168.101.102
port 8080
server virtual www [real-ip.75]
port http sticky concurrent
bind http web1 8080 web2 8080

ip address [real-ip.76] 255.255.255.240
ip default-gateway [real-ip.65]
---------------------------

We have no other router beside the foundry.
- our ServerIron XL is handling SLB as expected
however we need one of the server to be able to send out mail
This setup obviously not doing any level 3 routing.
- i tried to redo the setup following the "ip forwarding"
from an example of the si-guide book but then the SLB is hosed.
- I tried configure for static NAT for one real ip to an internal server
Supposedly that would not affect SLB, but then I can't seem to
ssh from one of the server to another!

Question please:
- do i need to add a router/firewall?
I like the current setup is that the ServerIron XL
is hiding all of our servers without a need for a full router/firewall
- Can anyone point me to a good source of ServerIron examples?

Any help would be greatly appreciated.

John

Hi

I find running ServerIron's in Layer 3 mode (i.e. routing image) just
seams to make more sense (to me at least). Then you simply define a
vlan interface for the subnet with the reals, a vlan interface for the
client facing subnet and all just works. It behaves like a load
balancing router. Just point the default route of the real servers at
the server side ve interface and it's all good.

Something like

----
vlan 1 by port
untagged ethe 1
router-interface ve 1

vlan 2 by port
untagged ethe 2
router-interface ve 2

interface ve 1
ip address real-ip.254 255.255.255.0

interface ve 2
ip address 192.168.101.254 255.255.255.0

server real web1 92.168.101.101
port 8080

server real web2 192.168.101.102
port 8080

server virtual www real-ip.75
port http sticky concurrent
bind http web1 8080 web2 8080
----

David
...

On 22/02/2005, at 5:17 AM, D Dinh wrote:

> Hi,
>
> This is the current setup of our foundry ServerIron XL
> (version 07.3.04T12)
> ---------------------------
> server source-ip 192.168.101.1 255.255.255.0 0.0.0.0
> server real web1 192.168.101.101
> port 8080
> server real web2 192.168.101.102
> port 8080
> server virtual www [real-ip.75]
> port http sticky concurrent
> bind http web1 8080 web2 8080
>
> ip address [real-ip.76] 255.255.255.240
> ip default-gateway [real-ip.65]
> ---------------------------
>
> We have no other router beside the foundry.
> - our ServerIron XL is handling SLB as expected
> however we need one of the server to be able to send out mail
> This setup obviously not doing any level 3 routing.
> - i tried to redo the setup following the "ip forwarding"
> from an example of the si-guide book but then the SLB is hosed.
> - I tried configure for static NAT for one real ip to an internal
> server
> Supposedly that would not affect SLB, but then I can't seem to
> ssh from one of the server to another!
>
> Question please:
> - do i need to add a router/firewall?
> I like the current setup is that the ServerIron XL
> is hiding all of our servers without a need for a full
> router/firewall
> - Can anyone point me to a good source of ServerIron examples?
>
> Any help would be greatly appreciated.
>
> John
>
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>