Application Delivery (ADX)

Reply
New Contributor
Posts: 3
Registered: ‎03-22-2010

ServerIron won't direct traffic to physical server 'above' loadbalencer

We have a Foundry ServerIron which we use to balance web traffic to two servers.

Until recently these two servers have been directly connected to one of the ports on the SI. A recent move to virtual machines means that one of the servers is no longer directly connected to the SI.

We tried connecting the servers thus:

------

But in doing so lost all access (ping etc) to the Real Servers

So we currently have this arrangement

  |      |

 

         |

      

The SI can ping and traceroute to the IP's of the RealServers. The RealServers MAC address is shown as connected to port 1 (the uplink to Switch1) of the SI from a 'sho mac' command yet the SI will not forward any traffic to the Real Servers

How can we get the SI to route traffic back out on port 1 and to the RealServers?

Relevant snippet of the current conf below

New real server is 'rp1' currently set up with port 99 for test purposes. Server rp0 and rp2 are directly connect to the SI and recieve traffic correctly

Current configuration:
!
ver 07.3.06T12
global-protocol-vlan
!
!
server source-ip 10.42.2.20 255.255.255.0 10.42.2.1
server router-ports 1

!
server real rp0 10.42.2.21
port ssl
port http
port http url "HEAD /"
!
server real rp2 10.42.2.22
port ssl
port http
port http url "HEAD /"
!

server real rp1 10.42.2.15
port 99

!
server virtual v1 10.42.2.20
port 99
port ssl sticky
port http sticky
bind 99 rp1 99
bind ssl rp0 ssl rp2 ssl
bind http rp0 http rp2 http
!
vlan 1 name DEFAULT-VLAN by port
ip-subnet 192.168.10.0 255.255.255.0

!
ip address 10.42.2.34 255.255.255.0
!
end

Occasional Contributor
Posts: 17
Registered: ‎08-19-2008

Re: ServerIron won't direct traffic to physical server 'above' loadbalencer

------ I would troubleshoot this configuration and the ping issue

Are the real servers in the same VLAN as configured on ServerIron ?

Occasional Contributor
Posts: 12
Registered: ‎07-16-2009

Re: ServerIron won't direct traffic to physical server 'above' loadbalencer

hi it10,

we used this scenario with source-nat. Our real-server are connected dircet at the Server-Iron.

web01 and db01 on the same physical-Server

web02 and db02 on the same physical-Server

and so on

I hope, this tip is useful (sorry for my poor english):

server real web01 1.1.1.1

source-nat access-list 1
max-conn 4096
port http
port http keepalive
port http url "HEAD /"
port http l4-check-only
port ssl
port ssl keepalive
port ssl l4-check-only
!
server real web02 1.1.1.2
source-nat access-list 1
max-conn 4096
port http
port http keepalive
port http url "HEAD /"
port http l4-check-only
port ssl
port ssl keepalive
port ssl l4-check-only
!
server real web03 1.1.1.3
source-nat access-list 1
max-conn 4096
port http
port http keepalive
port http url "HEAD /"
port http l4-check-only
port ssl
port ssl keepalive
port ssl l4-check-only
!
server real web04 1.1.1.4
port default disable
disable
max-conn 4096
port http disable
port http keepalive
port http url "HEAD /"
port http l4-check-only
port ssl disable
port ssl keepalive
port ssl l4-check-only
!
server real db01 1.1.1.5
source-nat access-list 1
max-conn 512
port 3306
port 3306 keepalive
port 3306 l4-check-only
!
server real db02 1.1.1.6
source-nat access-list 1
max-conn 512
port 3306
port 3306 keepalive
port 3306 l4-check-only
!
server real db03 1.1.1.7
source-nat access-list 1
max-conn 512
port 3306
port 3306 keepalive
port 3306 l4-check-only
!
server real db04 1.1.1.8
port default disable
disable
source-nat access-list 1
max-conn 512
port 3306 disable
port 3306 keepalive
port 3306 l4-check-only

server virtual www 1.1.1.9

sym-priority 100
sym-active
track source-ip
predictor round-robin
port http sticky concurrent
port ssl sticky concurrent
bind http web01 http web02 http web03 http web04 http
bind ssl web01 ssl web02 ssl web03 ssl web04 ssl
!
server virtual db 1.1.1.10

sym-priority 100
sym-active
predictor round-robin
port 3306
bind 3306 db01 3306 db02 3306 db03 3306 db04 3306

access-list 1 permit 1.1.1.0 0.0.0.255

New Contributor
Posts: 3
Registered: ‎03-22-2010

Re: ServerIron won't direct traffic to physical server 'above' loadbalencer

Hi,

Working on the ---- issue requires me to go back to the DC, something I was hoping to avoid.

We dont have any VLAN's configured. All servers are on the same subnet.

I have been trying several things including defining test remote servers and the SI will not send any traffic to those either.

Current configuration have been playing around and removing some settings to try and simplify it:
!
ver 07.3.06T12
global-protocol-vlan -- Can anyone tell me what this is for? can't find any reference to this setting
!
!
server sticky-age 20

server port 25
tcp keepalive 20 2

server port 80
tcp keepalive 20 2

server port 143
tcp keepalive 20 2

server port 21
tcp keepalive 20 2

server port 26
tcp keepalive 20 2

server port 110
tcp keepalive 20 2
server source-ip 10.42.2.20 255.255.255.0 10.42.2.1
!
!

server real rp0 10.42.2.21 -- the non directly connected server
port 99
port ssl disable
port http disable
port http url "HEAD /"
!
server real rp2 10.42.2.22
port ssl
port http
port http url "HEAD /"

!
server virtual vs1 10.42.2.20
port ssl sticky
port http sticky

port 99
bind ssl rp0 ssl rp2 ssl
bind http rp0 http rp2 http

bind 99 rp0 99 -- the test port that is receiveing no traffic
!
!
enable telnet password .....
enable super-user-password .....
ip address 10.42.2.34 255.255.255.0
ip default-gateway 10.42.2.1
telnet access-group 10
snmp-server community ..... rw
clock timezone us Pacific
web-management enable ethe 1 ethe 3
interface ve 1
!
!
!
!
!
access-list 10 permit 10.42.0.0 0.0.255.255
access-list 10 deny any
!
!
end

Contributor
Posts: 39
Registered: ‎05-04-2009

Re: ServerIron won't direct traffic to physical server 'above' loadbalencer

Per sven, using server source-nat is one way to guarantee that traffic from real servers return to ServerIron. Have you tried that ? Do real servers have other routes beside passing through ServerIron

Occasional Contributor
Posts: 12
Registered: ‎07-16-2009

Re: ServerIron won't direct traffic to physical server 'above' loadbalencer

Hello obrien,

yes, I´ve tried this config. We need this constellation, when real-Server Web01 need connection at db01 (both on same physical-server; the destination address for the db ist the "server virtual db 1.1.1.10").

The default-gateway for the real-server ist the vrrp-Interface at the Server-Iron.

If yo need a drawing, send me a pm (sven.schulze (at) gmx.net)

Contributor
Posts: 24
Registered: ‎11-13-2009

Re: ServerIron won't direct traffic to physical server 'above' loadbalencer

Hi , This might sound stupid but i need to know did you configured the link between the si and switch as an trunk link or just plugged the ethernet between them on default configuration ? It could simply be that si is behaving as a normal switch that would not send an arp request to the port where it recieved the data from.

Let me know if enabling a trunk between the si and switch help resolve the problem.

Thanks

New Contributor
Posts: 3
Registered: ‎03-22-2010

Re: ServerIron won't direct traffic to physical server 'above' loadbalencer

Hi maroa,

Sorry for the slow reply, I have been on vacation. Your sugestion is not at all 'stupid' and could be just the answer I am looking for. it is indeed just plugged in on default configuration.

The manual seems to refer to trunks when deling with backup servers. The link is connected to eth 1 however 'trunk server' commands seem to need a port range. Can you please provide an example of the command I need?

Thanks

Brocadian
Posts: 70
Registered: ‎03-14-2009

Re: ServerIron won't direct traffic to physical server 'above' loadbalencer

Hallo,

just use the command "show trunk" on the ServerIron. There also have to be at least one "trunk" command.

what kind of switch are you using? Maybe there is a trunk (802.1q VLAN tagging, Port aggregation, Etherchannel, ... to name a few for the same) configured.

Super Contributor
Posts: 1,087
Registered: ‎12-13-2009

Re: ServerIron won't direct traffic to physical server 'above' loadbalencer

Looking at the ver no in the config - I would say it is a ServerIron XL

Below is an example of the show trunk command (Trunk = port aggr, TAG = VLAN tagging)

ServerIron(config-if)# show trunk

Trunk Group Ports

1 1 2 3

Operational trunks:

Trunk Group Ports Duplex Speed Tag Priority

1  1     2     3  Full   100M  No  High

--- Show vlan command ---

SLB-chassis#

show vlan

Total PORT-VLAN entries: 1

Maximum PORT-VLAN entries: 32

legend:

PORT-VLAN 1, Name DEFAULT-VLAN, Priority level0, Spanning tree On

Untagged Ports: (S2) 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

Untagged Ports: (S2) 17 18 19 20 21 22 23 24

Tagged Ports: None

Uplink Ports: None







Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

Click to Register
Download FREE NVMe eBook