Solved: Re: Setting up a Layer 3 balance with server ip's to vip ip on d

trevorj · ‎02-17-2004

Hello,

I have two servers setup on ip addresses 10.10.0.1/10.10.0.2 and want to setup a layer 3 balance using VIP of 192.168.0.100, is this possible or do the server ip's and vip have to be on the same subnet?? (The 192.168.0.100 is only for internal testing at the moment).

- Trevor

seilsz · ‎02-17-2004

Oh! Now I understand the question. The "circuit VLAN" for the servers can't be on a different subnet, but that's a IP issue, not a CSS issue. For the configuration you provided above, you need to put the servers in a different VLAN. You can also configure a second IP address on circuit VLAN1, but I've never tested that scenario before. Your config using different VLANs would look something like this:

css# sh run

!Generated on 02/17/2004 15:27:48

!Active version: ap0610203

configure

!************************* INTERFACE *************************

interface e1

description "*** physical connection to 192.168.0.0/24 ***"

interface e2

bridge vlan 2

description "*** physical connection to 10.10.0.0/24 ***"

interface e3

bridge vlan 2

description "*** physical connection to 10.10.0.0/24 ***"

!************************** CIRCUIT **************************

circuit VLAN1

ip address 192.168.0.100 255.255.255.0

circuit VLAN2

ip address 10.10.10.5 255.255.255.0

!************************** SERVICE **************************

service HPServer1

ip address 10.10.0.1

active

service HPServer2

ip address 10.10.0.2

active

!*************************** OWNER ***************************

owner L3_Owner

content L3_Rule

add service HPServer1

add service HPServer2

vip address 192.168.0.101

balance aca

active

css#

Using two (2) IP addresses on the same circuit VLAN would look like this (again, I've never tested this):

css# sh run

!Generated on 02/17/2004 15:32:02

!Active version: ap0610203

configure

!************************** CIRCUIT **************************

circuit VLAN1

ip address 192.168.0.100 255.255.255.0

ip address 10.10.0.5 255.255.255.0

!************************** SERVICE **************************

service HPServer1

ip address 10.10.0.1

active

service HPServer2

ip address 10.10.0.2

active

!*************************** OWNER ***************************

owner L3_Owner

content L3_Rule

add service HPServer1

add service HPServer2

vip address 192.168.0.101

balance aca

active

css#

View solution in original post

seilsz · ‎02-17-2004

Trevor,

The servers and the VIP can be on different subnets. The CSS will perform the address translation.

~Zach

trevorj · ‎02-17-2004

Thats what I kinda figured but for some reason it doesnt like that. Here is the config for what I have setup:-

The CSS can ping the VIP, but it cannot ping the two servers.

circuit VLAN1

ip address 192.168.0.100 255.255.255.0

!************************** SERVICE **************************

service HPServer1

ip address 10.10.0.1

active

service HPServer2

ip address 10.10.0.2

active

!*************************** OWNER ***************************

owner L3_Owner

content L3_Rule

add service HPServer1

add service HPServer2

vip address 192.168.0.101

balance aca

active

seilsz · ‎02-17-2004

Oh! Now I understand the question. The "circuit VLAN" for the servers can't be on a different subnet, but that's a IP issue, not a CSS issue. For the configuration you provided above, you need to put the servers in a different VLAN. You can also configure a second IP address on circuit VLAN1, but I've never tested that scenario before. Your config using different VLANs would look something like this:

css# sh run

!Generated on 02/17/2004 15:27:48

!Active version: ap0610203

configure

!************************* INTERFACE *************************

interface e1

description "*** physical connection to 192.168.0.0/24 ***"

interface e2

bridge vlan 2

description "*** physical connection to 10.10.0.0/24 ***"

interface e3

bridge vlan 2

description "*** physical connection to 10.10.0.0/24 ***"

!************************** CIRCUIT **************************

circuit VLAN1

ip address 192.168.0.100 255.255.255.0

circuit VLAN2

ip address 10.10.10.5 255.255.255.0

!************************** SERVICE **************************

service HPServer1

ip address 10.10.0.1

active

service HPServer2

ip address 10.10.0.2

active

!*************************** OWNER ***************************

owner L3_Owner

content L3_Rule

add service HPServer1

add service HPServer2

vip address 192.168.0.101

balance aca

active

css#

Using two (2) IP addresses on the same circuit VLAN would look like this (again, I've never tested this):

css# sh run

!Generated on 02/17/2004 15:32:02

!Active version: ap0610203

configure

!************************** CIRCUIT **************************

circuit VLAN1

ip address 192.168.0.100 255.255.255.0

ip address 10.10.0.5 255.255.255.0

!************************** SERVICE **************************

service HPServer1

ip address 10.10.0.1

active

service HPServer2

ip address 10.10.0.2

active

!*************************** OWNER ***************************

owner L3_Owner

content L3_Rule

add service HPServer1

add service HPServer2

vip address 192.168.0.101

balance aca

active

css#

trevorj · ‎02-18-2004

Hi,

Thanks once again for your help on this. I did try adding the ip 10.10.0.3 to the existing VLAN1 circuit earlier but although I could ping from the 192.168.0.0/24 subnet I could not access the servers. I tried your suggestion of the two circuits above and same thing. Turned out that the problem was the two servers had a subnet of 192.168.0.0/24 on a seperate interface to another switch.

I shutoff those extra interfaces on the servers and everything now works as it should :) Thanks again, muchly appreciated!

- Trevor

Setting up a Layer 3 balance with server ip's to vip ip on different subnet