10-23-2008 10:19 AM
Hey guys,
I configured my companies 2 CSS's as load balancers for a bunch of web servers and they work great except for a minor issue that I cant seem to resolve. When a web daemon on a server crashes, or is shutdown for one reason or another, the CSS removes that service from the pool, which is good, but that server looses connection to the outside world. We can still SSH into the server and push data onto it, but the route to the outside world is dead.
This is a problem since our servers often need to connect to outside resources on startup.
We are currently set up with a 2-Tier network layout where the CSS is connected to our public network (say 198.202.0.0/24) and our servers sit on a private network(192.168.0.0/24) and use the CSS as their gateway.
I tried a number of fixes to rectify the situation, but nothing has worked so far. The servers have another NIC connected directly to the public network, but since the default GW is the CSS, it does not help. I tried changing the default GW on the servers to point to our public GW, but then access through the CSS VIP does not work. Static routes don't do the trick either.
Is there any configuration option that I can change so that the CSS does not kill the GW for a server whose service is down?
Either that, or do you know of a better way to lay out the configuration so we avoid the problem?
If needed I can post the configuration of our CSS and the network setup on our servers.
Any help is greatly appreciated.
Boki
10-23-2008 11:03 PM
CSS by default acts as a router but you need to translate the Real server's ip for server originated traffic.
To have the CSS nat traffic initiated by the server side you need to add a "source group" into the CSS config. Here is what you need:
group
vip address
add service
add service
etc...
active
This will force the CSS to NAT server initiated traffic.
Syed Iftekhar Ahmed
10-24-2008 09:13 AM
Thanks for the response Syed.
We already have groups set up for the servers. I have attached our config file (slightly edited for security reasons) to see our setup.
Here are some more details on our setup.
General:
Public Network: 198.202.0.0/24
Private Network: 192.168.0.0/24
Public Gateway: 198.202.0.13
CSS IP: 198.202.0.1
CSS Gateway: 192.168.0.1
Server Network Setup:
Default Gateway -> CSS Gateway (192.168.0.1)
Eth0 198.202.0.10#
Eth1 192.168.0.10#
As I said, while the Tomcat daemon is running, the server can ping to the outside world through the CSS, but as soon as the daemon is stopped, the keepalive detects it as down, removes it from the pool and drops all outgoing packets from that server.
Boki
10-24-2008 03:24 PM
Can you try using a different IP (other than 198.202.0.51 )in group configuration.
group webservers
add service http2
add service http3
add service http1
vip address 198.202.0.x
active
Syed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide