Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
641
Views
0
Helpful
2
Replies

Router SLB configuration problem, fast responses appreciated

philipplant
Level 1
Level 1

‎02-28-2010 06:17 AM

Hi folks,

I am trying to understand why my SLB configuration isn't working, and would really appreciate some advice on this.

I'm using dispatched mode, as the web servers are locally connected to the router via a switch.  Here's a simple summary of my configuration.

interface GigabitEthernet0/0/0

ip address 172.16.11.11 255.255.255.252

description Internet

!

interface GigabitEthernet0/0/1

ip address 10.0.0.1 255.255.255.0

description Internal

!

ip slb serverfarm FARM

real 10.0.0.101

  inservice

!

real 10.0.0.102

  inservice

!        

ip slb vserver VIP

virtual 10.0.0.100 tcp www

serverfarm FARM

inservice

r1#sh ip slb reals

real                  farm name        weight  state          conns

-------------------------------------------------------------------

10.0.0.101       FARM             8       OPERATIONAL    0       

10.0.0.102       FARM             8       OPERATIONAL    0     

r1#sh ip slb vservers

slb vserver      prot  virtual                  state         conns    interface(s)

--------------------------------------------------------------------------------------

VIP             TCP   10.0.0.100/32:80     OPERATIONAL   0        <any>

So everything seems to look OK - but when I telnet to port 80 of the virtual server, I get connection refused.

Please would someone advise me on how to debug this, and what could be going wrong?

Thanks,

Philip

Labels:
0 Helpful
2 Replies 2

philipplant
Level 1
Level 1

‎02-28-2010 02:15 PM

Well this was on an ASR1002, running asr1000rp1-advipservicesk9.02.02.01.122-33.XNB1.bin.  I thought maybe there was a software glitch so I updated the code to asr1000rp1-advipservicesk9.02.06.00.122-33.XNF.bin.

However the later version doesn't even support SLB, so maybe there was an issue there.  Oh well.  Goodbye SLB, hello temporary rotary NAT (shudder).

Philip

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee

‎03-01-2010 02:15 AM

For the future, the way to debug this is to capture a sniffer trace and see if the SYN came to the router, and if it was forwarded to the server.

Then, you need to check where the server sent the SYN/ACK.

If it bypasses the router, we can't reverse nat server -> vip and the client gets a SYN/ACK from an unknown ip address.

Gilles.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents