03-30-2016 11:53 AM
Brocade newb here.
I am trying to setup configuration based on what I've learnt in the ServerIron Load Balancing guide.
I have setup my servers (real and virtual). All are on the same subnet as the management interface.
But while I can easily reach the mgmt IP, I cannot ping or reach the VIP from any server on the subnet.
I'm sure there's something I am missing, but I have no clue.
I would be grateful for any assistance.
Here's my current configuration:
! server real prod-web01 192.168.72.11 port http port http keepalive port http url "GET /status.html" port ssl port ssl keepalive port ssl url "GET /status.html" ! server real prod-web02 192.168.72.12 port http port http keepalive port http url "GET /status.html" port ssl port ssl keepalive port ssl url "GET /status.html" ! ! server virtual prod-webVIP 192.168.72.13 predictor round-robin port http port ssl sticky bind http prod-web01 http prod-web02 http bind ssl prod-web01 ssl prod-web02 ssl ! vlan 1 name DEFAULT-VLAN by port ! aaa authentication web-server default local enable telnet authentication enable super-user-password ..... no enable aaa console hostname lb01 ip dns domain-name mng.dom ip dns server-address 22.214.171.124 192.168.71.3 192.168.71.4 192.168.71.5 ip route 0.0.0.0 0.0.0.0 192.168.72.1 ! no telnet server username admin password ..... no snmp-server enable traps locked-addr no web-management ui-history-collect ! interface management 1 ip address 192.168.72.253 255.255.255.0 ! interface ethernet 1 ip address 192.168.70.70 255.255.255.0 ! access-list 10 permit any
Solved! Go to Solution.
03-31-2016 03:25 AM
I should add that arpinging the IP yields responses but no results from regular ping.
Could this be a licensing issue?
ping 192.168.72.13 -c2
PING 192.168.72.13 (192.168.72.13) 56(84) bytes of data.
--- 192.168.72.13 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 999ms
arping -I br72 192.168.72.13 -b
ARPING 192.168.72.13 from 192.168.72.101 br72
Unicast reply from 192.168.72.13 [02:1B:ED:05:9E:E0] 0.715ms
Unicast reply from 192.168.72.13 [02:1B:ED:05:9E:E0] 0.731ms
Unicast reply from 192.168.72.13 [02:1B:ED:05:9E:E0] 0.691ms
Unicast reply from 192.168.72.13 [02:1B:ED:05:9E:E0] 0.726ms
Unicast reply from 192.168.72.13 [02:1B:ED:05:9E:E0] 0.754ms
^CSent 5 probes (5 broadcast(s))
03-31-2016 03:28 AM
Also from the "sh server virtual" view:
Name: ng-prod-webVIP State: Enabled IF UP IP:192.168.72.13: 1
Pred: round-robin ACL-Id: 0 TotalConn: 0
VIP state: Not healthy
Rx pkts: 0 Tx pkts: 0
Rx bytes: 0 Tx bytes: 0
Rx PPS: 0 Tx PPS: 0
Rx Throughput: 0 Kbps Tx Throughput: 0 Kbps
tcp-conn-rate: 0 udp-conn-rate: 0
CPS: 0 CurrConn: 0
Note: The above statistics lag by 1 second
Port State Sticky Concur Proxy DSR CurConn TotConn PeakConn
---- ----- ------ ------ ----- --- ------- ------- --------
default enabled NO NO NO NO 0 0 0
http enabled NO NO NO NO 0 0 0
ssl enabled YES NO NO NO 0 0 0
Port Rx-pkts Tx-pkts Rx-octet Tx-octet
---- ------- ------- -------- --------
default 0 0 0 0
http 0 0 0 0
ssl 0 0 0 0
03-31-2016 05:06 AM - edited 03-31-2016 05:10 AM
first at all, this is just my stupid imput, I'm not the most expert with such plattforms.
In any case, if I'm wrong please ingnore my post.
last time I work with any Load Balancer, is long time ago, as Intel acquired - Years 2000 ? - IPivot and Shiva, and they offer later as NetStructure Product Family
IPivot, was the Dino's on the Load Balancer Market
you wrote, and I'm really fighting to understand what you mean with
->>>But while I can easily reach the mgmt IP, I cannot ping or reach the VIP from any server on the subnet.
howsoever, if I understand you problem correct, in order to reach the VIP - I think !!! - the request must processed trough a NAT, otherwise you cannot Balance the traffic via the same IP, for this reason is the VIP not reachable.
03-31-2016 07:25 AM - edited 03-31-2016 07:26 AM
as I saied, I'm no big experienced with ADX Plattforms, and is probable I'm wrong.
->Where does the NAT come in?
For NAT settings, please consult the Load Balancing Guide.
04-02-2016 11:48 AM
I figured it out.
Apparently I had the mgmt1 interface in the same subnet as the VIP (which the diagrams seemed to indicate was the way to do it.)
I switched the mgmt1 interface to a different subnet, and added an IP and a cable to eth1. With eth1 and the VIP, and the real servers being in the same subnet.
I also had to use dsr mode and add loopback interfaces to the real servers before the ADX 1000 would agree to load balance, it wouldn't load balance with the simple case presented in the load balancing guide.
Well at least it's working now.