Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: nsp: foundry

One more ServerIron XL refresher question

  

 
nsp foundry RSS feed   Index | Next | Previous | View Threaded


drew.weaver at thenap

May 5, 2010, 5:40 AM

Post #1 of 5 (1026 views)
Permalink
One more ServerIron XL refresher question
Hey all,

It's been awhile since i've had to dabble with a SI XL and I am running into a snag.

We have a SI XL that has 3 servers connected to it, port 1 is a 'uplink' connection for the servers and port 16 is a connection for the management port and VIPs.

The 3 servers and the uplink are all in VLAN 2, and the 'management' is in the default VLAN (1).

Virtual Server Name: app, IP: 10.1.74.35
http -------> server1: 192.168.94.34, http (Active)
server2: 192.168.94.35, http (Active)

I can get to HTTP if i go directly to http://192.168.94.34 or http://192.168.94.35, I am seeing keepalive requests hit the log on both of the real servers from the load balancer, but if I go to 10.1.74.35 it just hangs forever.

I can also ping 10.1.74.35 from clients.

Any clue?

thanks,
-Drew


hidden at xmission

May 5, 2010, 6:16 AM

Post #2 of 5 (992 views)
Permalink
Re: One more ServerIron XL refresher question [In reply to]
What is your client PC ip address and default gateway when you are
doing these tests?

Thanks,

Jared Valentine, CISSP
Systems Engineer
Brocade
jvalenti [at] brocade
801-208-5459 (o)
801-815-2700 (c)


On May 5, 2010, at 6:40 AM, Drew Weaver <drew.weaver [at] thenap> wrote:

> Hey all,
>
>
>
> It's been awhile since i've had to dabble with a SI XL and I am
> running into a snag.
>
>
>
> We have a SI XL that has 3 servers connected to it, port 1 is a
> 'uplink' connection for the servers and port 16 is a connection for
> the management port and VIPs.
>
>
>
> The 3 servers and the uplink are all in VLAN 2, and the 'management'
> is in the default VLAN (1).
>
>
>
> Virtual Server Name: app, IP: 10.1.74.35
>
> http -------> server1: 192.168.94.34, http (Active)
>
> server2: 192.168.94.35, http (Active)
>
>
>
> I can get to HTTP if i go directly to http://192.168.94.34 or http://192.168.94.35
> , I am seeing keepalive requests hit the log on both of the real
> servers from the load balancer, but if I go to 10.1.74.35 it just
> hangs forever.
>
>
>
> I can also ping 10.1.74.35 from clients.
>
>
>
> Any clue?
>
>
>
> thanks,
>
> -Drew
>
>
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp [at] puck
> http://puck.nether.net/mailman/listinfo/foundry-nsp
_______________________________________________
foundry-nsp mailing list
foundry-nsp [at] puck
http://puck.nether.net/mailman/listinfo/foundry-nsp


jamied at meatball

May 5, 2010, 6:45 AM

Post #3 of 5 (986 views)
Permalink
Re: One more ServerIron XL refresher question [In reply to]
Is the VIP inline or DSR?

Are the servers connected behind the LB or one-arm/next to the LB?

do both Vlans/subnets exist on the LB?


Jamie Dahl
---
"Thousands of tired, nerve-shaken, over-civilized people are beginning
to find out that going to the mountains is going home; that wilderness
is a necessity; and that mountain parks and reservations are useful
not only as fountains of timber and irrigating rivers, but as
fountains of life." --John Muir





On May 5, 2010, at 9:16 AM, Jared Valentine wrote:

> What is your client PC ip address and default gateway when you are
> doing these tests?
>
> Thanks,
>
> Jared Valentine, CISSP
> Systems Engineer
> Brocade
> jvalenti [at] brocade
> 801-208-5459 (o)
> 801-815-2700 (c)
>
>
> On May 5, 2010, at 6:40 AM, Drew Weaver <drew.weaver [at] thenap>
> wrote:
>
>> Hey all,
>>
>>
>>
>> It's been awhile since i've had to dabble with a SI XL and I am
>> running into a snag.
>>
>>
>>
>> We have a SI XL that has 3 servers connected to it, port 1 is a
>> 'uplink' connection for the servers and port 16 is a connection for
>> the management port and VIPs.
>>
>>
>>
>> The 3 servers and the uplink are all in VLAN 2, and the
>> 'management' is in the default VLAN (1).
>>
>>
>>
>> Virtual Server Name: app, IP: 10.1.74.35
>>
>> http -------> server1: 192.168.94.34, http (Active)
>>
>> server2: 192.168.94.35, http (Active)
>>
>>
>>
>> I can get to HTTP if i go directly to http://192.168.94.34 or http://192.168.94.35
>> , I am seeing keepalive requests hit the log on both of the real
>> servers from the load balancer, but if I go to 10.1.74.35 it just
>> hangs forever.
>>
>>
>>
>> I can also ping 10.1.74.35 from clients.
>>
>>
>>
>> Any clue?
>>
>>
>>
>> thanks,
>>
>> -Drew
>>
>>
>>
>> _______________________________________________
>> foundry-nsp mailing list
>> foundry-nsp [at] puck
>> http://puck.nether.net/mailman/listinfo/foundry-nsp
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp [at] puck
> http://puck.nether.net/mailman/listinfo/foundry-nsp

_______________________________________________
foundry-nsp mailing list
foundry-nsp [at] puck
http://puck.nether.net/mailman/listinfo/foundry-nsp


mkallen at gmail

May 5, 2010, 12:06 PM

Post #4 of 5 (986 views)
Permalink
Re: One more ServerIron XL refresher question [In reply to]
Drew, from the description, it sounds like the traffic is bypassing the SI
on the return. A quick easy way to test this would be to turn on Source-Nat
for the real servers, and configure a Source-Ip address. If it works with
the source-nat, then your return traffic from the servers is going directly
to the default gateway and the SI is never seeing it to perform the
reverse-nat (real to vip) on the outbound. Hope that helps.

Mike

On Wed, May 5, 2010 at 6:45 AM, Jamie Dahl <jamied [at] meatball> wrote:

> Is the VIP inline or DSR?
>
> Are the servers connected behind the LB or one-arm/next to the LB?
>
> do both Vlans/subnets exist on the LB?
>
>
> Jamie Dahl
> ---
> "Thousands of tired, nerve-shaken, over-civilized people are beginning to
> find out that going to the mountains is going home; that wilderness is a
> necessity; and that mountain parks and reservations are useful not only as
> fountains of timber and irrigating rivers, but as fountains of life." --John
> Muir
>
>
>
>
>
>
> On May 5, 2010, at 9:16 AM, Jared Valentine wrote:
>
> What is your client PC ip address and default gateway when you are doing
>> these tests?
>>
>> Thanks,
>>
>> Jared Valentine, CISSP
>> Systems Engineer
>> Brocade
>> jvalenti [at] brocade
>> 801-208-5459 (o)
>> 801-815-2700 (c)
>>
>>
>> On May 5, 2010, at 6:40 AM, Drew Weaver <drew.weaver [at] thenap> wrote:
>>
>> Hey all,
>>>
>>>
>>>
>>> It's been awhile since i've had to dabble with a SI XL and I am running
>>> into a snag.
>>>
>>>
>>>
>>> We have a SI XL that has 3 servers connected to it, port 1 is a 'uplink'
>>> connection for the servers and port 16 is a connection for the management
>>> port and VIPs.
>>>
>>>
>>>
>>> The 3 servers and the uplink are all in VLAN 2, and the 'management' is
>>> in the default VLAN (1).
>>>
>>>
>>>
>>> Virtual Server Name: app, IP: 10.1.74.35
>>>
>>> http -------> server1: 192.168.94.34, http (Active)
>>>
>>> server2: 192.168.94.35, http (Active)
>>>
>>>
>>>
>>> I can get to HTTP if i go directly to http://192.168.94.34 or
>>> http://192.168.94.35, I am seeing keepalive requests hit the log on both
>>> of the real servers from the load balancer, but if I go to 10.1.74.35 it
>>> just hangs forever.
>>>
>>>
>>>
>>> I can also ping 10.1.74.35 from clients.
>>>
>>>
>>>
>>> Any clue?
>>>
>>>
>>>
>>> thanks,
>>>
>>> -Drew
>>>
>>>
>>>
>>> _______________________________________________
>>> foundry-nsp mailing list
>>> foundry-nsp [at] puck
>>> http://puck.nether.net/mailman/listinfo/foundry-nsp
>>>
>> _______________________________________________
>> foundry-nsp mailing list
>> foundry-nsp [at] puck
>> http://puck.nether.net/mailman/listinfo/foundry-nsp
>>
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp [at] puck
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>


wcooper02 at gmail

May 5, 2010, 12:13 PM

Post #5 of 5 (978 views)
Permalink
Re: One more ServerIron XL refresher question [In reply to]
The XL also requires server router-ports to be configured, no?
otherwise traffic will hit the floor.

You can run the inline sniffer to see what is happening with the traffic as well
(re: debug filter).

Hope this helps,

-Tony

On 5/5/10, Mike Allen <mkallen [at] gmail> wrote:
> Drew, from the description, it sounds like the traffic is bypassing the SI
> on the return. A quick easy way to test this would be to turn on Source-Nat
> for the real servers, and configure a Source-Ip address. If it works with
> the source-nat, then your return traffic from the servers is going directly
> to the default gateway and the SI is never seeing it to perform the
> reverse-nat (real to vip) on the outbound. Hope that helps.
>
> Mike
>
> On Wed, May 5, 2010 at 6:45 AM, Jamie Dahl <jamied [at] meatball> wrote:
>
>> Is the VIP inline or DSR?
>>
>> Are the servers connected behind the LB or one-arm/next to the LB?
>>
>> do both Vlans/subnets exist on the LB?
>>
>>
>> Jamie Dahl
>> ---
>> "Thousands of tired, nerve-shaken, over-civilized people are beginning to
>> find out that going to the mountains is going home; that wilderness is a
>> necessity; and that mountain parks and reservations are useful not only as
>> fountains of timber and irrigating rivers, but as fountains of life."
>> --John
>> Muir
>>
>>
>>
>>
>>
>>
>> On May 5, 2010, at 9:16 AM, Jared Valentine wrote:
>>
>> What is your client PC ip address and default gateway when you are doing
>>> these tests?
>>>
>>> Thanks,
>>>
>>> Jared Valentine, CISSP
>>> Systems Engineer
>>> Brocade
>>> jvalenti [at] brocade
>>> 801-208-5459 (o)
>>> 801-815-2700 (c)
>>>
>>>
>>> On May 5, 2010, at 6:40 AM, Drew Weaver <drew.weaver [at] thenap> wrote:
>>>
>>> Hey all,
>>>>
>>>>
>>>>
>>>> It's been awhile since i've had to dabble with a SI XL and I am running
>>>> into a snag.
>>>>
>>>>
>>>>
>>>> We have a SI XL that has 3 servers connected to it, port 1 is a 'uplink'
>>>> connection for the servers and port 16 is a connection for the
>>>> management
>>>> port and VIPs.
>>>>
>>>>
>>>>
>>>> The 3 servers and the uplink are all in VLAN 2, and the 'management' is
>>>> in the default VLAN (1).
>>>>
>>>>
>>>>
>>>> Virtual Server Name: app, IP: 10.1.74.35
>>>>
>>>> http -------> server1: 192.168.94.34, http (Active)
>>>>
>>>> server2: 192.168.94.35, http (Active)
>>>>
>>>>
>>>>
>>>> I can get to HTTP if i go directly to http://192.168.94.34 or
>>>> http://192.168.94.35, I am seeing keepalive requests hit the log on both
>>>> of the real servers from the load balancer, but if I go to 10.1.74.35 it
>>>> just hangs forever.
>>>>
>>>>
>>>>
>>>> I can also ping 10.1.74.35 from clients.
>>>>
>>>>
>>>>
>>>> Any clue?
>>>>
>>>>
>>>>
>>>> thanks,
>>>>
>>>> -Drew
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> foundry-nsp mailing list
>>>> foundry-nsp [at] puck
>>>> http://puck.nether.net/mailman/listinfo/foundry-nsp
>>>>
>>> _______________________________________________
>>> foundry-nsp mailing list
>>> foundry-nsp [at] puck
>>> http://puck.nether.net/mailman/listinfo/foundry-nsp
>>>
>>
>> _______________________________________________
>> foundry-nsp mailing list
>> foundry-nsp [at] puck
>> http://puck.nether.net/mailman/listinfo/foundry-nsp
>>
>
_______________________________________________
foundry-nsp mailing list
foundry-nsp [at] puck
http://puck.nether.net/mailman/listinfo/foundry-nsp

nsp foundry RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.