Application Delivery (ADX)

Reply
Occasional Contributor
Posts: 12
Registered: ‎07-16-2009

source-nat doesn't work

Hi

I've a problem with source-nat.

See the picture for scenario:

Source-Nat.jpg

All works fine with external requests (csw-policy, health-check, real/alias-Ports). Only the client in the same subnet can't connect any Server via VIP.

Client-IP = 10.10.10.50

cli: telnet 10.10.10.10 80

Here ist the Config:

server source-nat

server source-nat-ip 10.10.10.100 255.255.255.0 10.10.10.254 port-range 2

server real frontend01 10.10.10.1

source-nat

port http

port http keepalive

port http url "HEAD /"

port http l4-check-only

port http group-id  1 1

port 881

port 881 healthck p881-194

port 881 keepalive

port 8101

port 8101 keepalive

port 8101 l4-check-only

!

server real frontend02 10.10.10.2

source-nat

port 881

port 881 healthck p881-195

port 881 keepalive

port http

port http keepalive

port http url "HEAD /"

port http l4-check-only

port http group-id  2 2

port 8201

port 8201 keepalive

port 8201 l4-check-only

!

!

server virtual frontend-VIP 10.10.10.10

sym-priority 100

sym-active

predictor response-time

port http sticky

port http csw-policy "insert-ip"

port http csw

port http keep-alive

port 81 sticky

port 81 csw-policy "insert-ip"

port 81 csw

port 81 keep-alive

port 82 sticky

port 82 csw-policy "insert-ip"

port 82 csw

port 82 keep-alive

port 801 sticky

port 801 csw-policy "insert-ip"

port 801 csw

port 801 keep-alive

port 802 sticky

port 802 csw-policy "insert-ip"

port 802 csw

port 802 keep-alive

bind http frontend01 http frontend02 http

bind 81 frontend01 881

bind 82 frontend02 881

bind 801 frontend01 8101 real-port http

bind 802 frontend02 8201 real-port http

Have anybody an idea?

Thanks a lot for all tips

Sven

Occasional Contributor
Posts: 9
Registered: ‎01-05-2010

Re: source-nat doesn't work

Your configuration looks fine to me. you should run debug filter on the ADX to capture traffic for your internal client and see where the traffic fails.

debug filter

b 1024

pa 100

spec 1

reset

ip src 10.10.10.50

exit

spec 2

reset

ip dest 10.10.10.50

exit

spec 3

reset

ip src 10.10.10.100

exit

spec 4

reset

ip dest 10.10.10.100

exit

app 1or2or3or4

start

<send traffic>

stop

view bp all

summary

This should give you a rough idea where the traffic is failing.

Occasional Contributor
Posts: 12
Registered: ‎07-16-2009

Re: source-nat doesn't work

Hi Arun,

thank you for your answer.

I think I've resolved this problem.

We use for administration only the management-interface. So I don't give the Loadbalance an own IP-Adress. The LB has only the VIPs. After I "install" the own IP-Adresse the source-Nat works fine. I really don't know if this is the reason, but it works :-)

Here is the part of the config:

ip address 10.10.10.254 255.255.255.0

Kind Regards

Sven

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

Download FREE NVMe eBook