02-29-2012 02:21 AM
Hi guys,
It has been a while since I used the CSM and I am getting a little confused with NAT
I am wanting to create a loadbalanced VIP so Servers on subnet A can access LB to 2 others servers on Subnet A. Now obviously i need to do some Source nat to ensure the servers dont just cut the LB out when they respond to the requests. Hence I configured the following; but I can't see any arp for the VIP address on the server VLAN.
natpool APP-SVR 172.30.x.28 172.30.x.28 netmask 255.255.255.0
probe TCP_8081 tcp
interval 10
failed 30
port 8081
real SVR02
address 172.30.x.11
inservice
real SVR03
address 172.30.x.10
inservice
serverfarm SVR_8081
no nat server
nat client SVR-SVR
predictor leastconns
real name SVR02 8081
health probe TCP_8081
inservice
real name SVR03 8081
health probe TCP_8081
inservice
sticky 12 cookie gascookie insert
policy STICKY
sticky-group 12
serverfarm SVR_8081
vserver SVR8081
virtual 172.30.x.28 tcp 8081
serverfarm SVR_8081
persistent rebalance
slb-policy STICKY
inservice
The VIP is a different range to the servers but resides on the server side interface.
Thanks in advance
Scott
02-29-2012 07:48 AM
Hi Scott,
Since the VIP is on a different range as the servers, then, not having an ARP entry for it is expected. The servers assume that the VIP is on a different subnet, so, in order to get to it, they send the traffic to their default gateway.
Your configuration looks fine, so, if you attempt a connection to the VIP from one of the servers, it should work properly
Regards
Daniel
03-02-2012 12:56 AM
Hi Daniel,
Thank for the reply, unfortunatley I see no connections to the VIP .
I cannot ping the VIP from the server vlan either, would it be possible to use an IP for the VIP on the same VLAN as the servers using the above config??
i.e LB to the server nic of the CSM then back out of the same NIC to the Real servers?
cheers
Scott
03-02-2012 02:36 AM
Hi Scott,
Yes, having the VIP on the server vlan is a perfectly valid option. In fact, it's better from from a design point of view than having it in a different one.
Regards
Daniel
03-11-2012 06:01 AM
Hi Daniel,
Still no joy, I can ping the VIP, I can telnet to the servers on port 8081 direct. I see the VIP taking traffic and it says it is forwarding out to a server i.e in the counters however I never see the packet arrive at the server???
Strangely when I do;
sh mod csm
prot vlan source destination state
----------------------------------------------------------------------
In TCP 895 172.30.60.41:34805 172.30.60.41:8081 ESTAB
Out TCP 895 172.30.60.41:8081 172.30.60.41:34806 ESTAB
In TCP 895 172.30.60.41:34761 172.30.60.41:8081 ESTAB
Out TCP 895 172.30.60.41:8081 172.30.60.41:34762 ESTAB
In TCP 895 172.30.60.41:34822 172.30.60.41:8081 ESTAB
Out TCP 895 172.30.60.41:8081 172.30.60.41:34823 ESTAB
I get the above, i.e I dont see the packet going to the actual servers??
However i get the following while trying to connect;
trposr02#sh mod contentSwitchingModule 13 vservers name GAS_8081 det
GAS_8081, type = SLB, state = OPERATIONAL, v_index = 45
virtual = 172.30.60.41/32:0 bidir, any, service = NONE, advertise = FALSE
idle = 3600, replicate csrp = none, vlan = 895, pending = 30, layer 4
max parse len = 2000, persist rebalance = TRUE
ssl sticky offset = 0, length = 32
conns = 2, total conns = 83991
Default policy:
server farm = GAS_8081, backup =
sticky: timer = 0, subnet = 0.0.0.0, group id = 0
Policy Tot matches Client pkts Server pkts
-----------------------------------------------------
(default) 82409 179422 20
Any ideas??
Scott
03-12-2012 03:09 AM
Hi Guys,
I have now sorted this
To get it working I had to enable nat server and also add the vlan id to the Vserver config.
So my final config is;
natpool SUM-SVR 172.30.60.x 172.30.60.x netmask 255.255.255.0
real svr1
address 172.30.63.x
no inservice
real svr2
address 172.30.63.x
inservice
serverfarm SVR_8081
nat server
nat client SUM-SVR
predictor leastconns
real name svr1 8081
health probe TCP_8081
inservice
real name svr2 8081
health probe TCP_8081
inservice
vserver SVR_8081
virtual 172.30.60.x tcp 8081
vlan 895
serverfarm SVR_8081
persistent rebalance
inservice
Hope this helps anyone else trying to get this working
Cheers
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide