No, from the client, I cannot ping the real server IP's. On the LD, the show bridge and show arp commands display the correct information for each interface. Could it be possible, since I don't have a default route set on the LD, (there is no router to point to), that this could be part of the problem?

I wish I had a protocol analyzer! We're just a small development shop, so I can't justify the cost of one of them. :-(

If you add the "ping allow" and "no secure" commands for both of the Local Director interfaces to your configuration, it should enable you to ping from your PC. no-secure will also allow you to telnet or browse directly to the servers.

This will verify that the bridging path to and from the servers is working and will verify that the PC and server configurations are working as expected.

If this works then the problem has to be with the virtual to real functionality somehow.

If this does not work, then there is some sort of L2 problem that needs to be addressed.

The default route should not be required in this scenario assuming that they are configured for the same subnet.

There is a free protocol analyzer available that works fine for this sort of thing. Check out Ethereal. It's an open-source linux program that has been ported to windows. I use it on my machine for simple things like this when I don't feel like getting out the SnifferPro laptop.

Thanks for the info! The ping-allow and no secure were already set on the interfaces, yet the PC cannot get, via ping or telnet, to the real servers. I'll start looking at the L2 information after I download the analyzer.

Any clues as to what to look at first for L2 problems?

Tanks again!

If the show ARP and show bridge info looks right, I guess I'm not sure what the problem would be. It seems that the LD just isn't bridging period.

I've switched most of our load balancing to the CSS's, so I haven't worked with LD's in awhile. I did look at my one remaining pair of LD's to see if anything stood out configuration-wise, but I didn't see anything too helpful.

Hopefully, a trace will shed some light.

Well, I've installed Ethereal. Cool tool, by the way. Capturing a telnet from the client to the virtual ip shows that the virt. ip, (with a MAC of the LD), is sending RST, ACK back to the client.

I've also downloaded the Unix version of Ethereal to run it on my webservers, but I don't think it's going to capture any info. I don't think the LD is actually bridging the requests from the client over to the real servers.

What does the trace show when you try to go directly to the reals from your PC?

Also, have you tried pinging your PC from the server(s)?

Just for grins, you might want to try plugging the PC and one of the servers directly into the LD interfaces. (via. a crossover cable). Probably won't make a difference, but at least you could rule out the hub and/or switch as the source of the problem.

Interesting. Can't ping in either direction to the actual IP's. Capture of a telnet from the client to the server shows the following:

Client asks Who has 10.1.10.140

Server responses with it's MAC address

Client sends 3 SYN's Seq # = , ACK=0, Win=16384

Then nothing more.

Interesting that pings are allowed thru the LD, but don't work, yet the request for the MAC does get a response from the correct system.

I'll be going to the store tomorrow to buy some cross-over cables. Don't want to make them, since that could just induce another possible problem area.