Hi all,
I'm new to the ServerIron XL boxes and was hoping someone could help me
troubleshoot the following configuration. I've been looking through the
archives on this list but couldn't really find the specifics I need.
Basically, we'd like to use a pair of ServerIrons to load balance a a
pair of lightweight apache reverse proxy boxes (proxy01, proxy02) that
will be shared across our ~5 clients. These proxy machines will handle
SSL, connection buffering, serve static content, and run mod_proxy.
Additionally, we'd like to use the same ServerIrons to load balance (at
least) a pair of application servers per client.
Instead of running a NAT device with IPSec, we'd like the application
servers to also be publicly accessible for management, sending email,
etc. The web traffic should be handled on a private network by the
ServerIrons so we don't eat up too many IPs.
Essentially, I believe the problem I'm having is figuring out which of
the multinet configurations (virtual router, server source-nat, server
source-nat-ip, or ip forwarding) to use, and what the configuration
directives are to make it work.
Any help is much appreciated! The details of the configuration are below.
Thanks,
Matthew
==========
Each of the servers have 4 interfaces (bge0, bge1, em0, em1):
- bge0 will be connected to a switch, then to a firewall, then to the
ISP's router
- bge1 will remain unused
- em0 will be connected to the first ServerIron
- em1 will be connected to the second ServerIron
I was planning on using the following IPs with a 10.x.x.x/8 network:
shared-proxy01-bge0 64.real.ip.19
shared-proxy01-em0 10.1.client#.11
shared-proxy01-em1 10.2.client#.11
shared-proxy02-bge0 64.real.ip.123
shared-proxy02-em0 10.1.client#.12
shared-proxy02-em1 10.2.client#.12
client01-app01-bge0 64.real.ip.149
client01-app01-em0 10.1.client#.101
client01-app01-em1 10.2.client#.101
client01-app02-bge0 64.real.ip.179
client01-app02-em0 10.1.client#.102
client01-app02-em1 10.2.client#.102
Port 1 of each load balancer is connected to the ISP's router.
I have been trying to test this setup with the first ServerIron (and
have been ignoring the SSL configuration):
hostname lb01
ip address 64.real.ip.202 255.255.255.0
ip default-gateway 64.real.ip.1
vlan 2 name public by port
untagged ethernet 1 to 2
vlan 3 name private by port
untagged ethernet 3 to 23
vlan 4 name session by port
untagged ethernet 24
no spanning-tree
server real client01-shared-proxy01 10.1.4.11
port http
server real client01-shared-proxy02 10.1.4.12
port http
server virtual client01 64.real.ip.212
port http
bind http client01-proxy01 http
bind http client01-proxy02 http
server real client01-app01 10.1.4.101
port http
server real client01-app02 10.1.4.102
port http
server virtual client01-app 10.1.4.100
port http
bind http client01-app01 http
bind http client01-app02 http
I'm new to the ServerIron XL boxes and was hoping someone could help me
troubleshoot the following configuration. I've been looking through the
archives on this list but couldn't really find the specifics I need.
Basically, we'd like to use a pair of ServerIrons to load balance a a
pair of lightweight apache reverse proxy boxes (proxy01, proxy02) that
will be shared across our ~5 clients. These proxy machines will handle
SSL, connection buffering, serve static content, and run mod_proxy.
Additionally, we'd like to use the same ServerIrons to load balance (at
least) a pair of application servers per client.
Instead of running a NAT device with IPSec, we'd like the application
servers to also be publicly accessible for management, sending email,
etc. The web traffic should be handled on a private network by the
ServerIrons so we don't eat up too many IPs.
Essentially, I believe the problem I'm having is figuring out which of
the multinet configurations (virtual router, server source-nat, server
source-nat-ip, or ip forwarding) to use, and what the configuration
directives are to make it work.
Any help is much appreciated! The details of the configuration are below.
Thanks,
Matthew
==========
Each of the servers have 4 interfaces (bge0, bge1, em0, em1):
- bge0 will be connected to a switch, then to a firewall, then to the
ISP's router
- bge1 will remain unused
- em0 will be connected to the first ServerIron
- em1 will be connected to the second ServerIron
I was planning on using the following IPs with a 10.x.x.x/8 network:
shared-proxy01-bge0 64.real.ip.19
shared-proxy01-em0 10.1.client#.11
shared-proxy01-em1 10.2.client#.11
shared-proxy02-bge0 64.real.ip.123
shared-proxy02-em0 10.1.client#.12
shared-proxy02-em1 10.2.client#.12
client01-app01-bge0 64.real.ip.149
client01-app01-em0 10.1.client#.101
client01-app01-em1 10.2.client#.101
client01-app02-bge0 64.real.ip.179
client01-app02-em0 10.1.client#.102
client01-app02-em1 10.2.client#.102
Port 1 of each load balancer is connected to the ISP's router.
I have been trying to test this setup with the first ServerIron (and
have been ignoring the SSL configuration):
hostname lb01
ip address 64.real.ip.202 255.255.255.0
ip default-gateway 64.real.ip.1
vlan 2 name public by port
untagged ethernet 1 to 2
vlan 3 name private by port
untagged ethernet 3 to 23
vlan 4 name session by port
untagged ethernet 24
no spanning-tree
server real client01-shared-proxy01 10.1.4.11
port http
server real client01-shared-proxy02 10.1.4.12
port http
server virtual client01 64.real.ip.212
port http
bind http client01-proxy01 http
bind http client01-proxy02 http
server real client01-app01 10.1.4.101
port http
server real client01-app02 10.1.4.102
port http
server virtual client01-app 10.1.4.100
port http
bind http client01-app01 http
bind http client01-app02 http