Forum Discussion

jnantel's avatar
jnantel
Icon for Nimbostratus rankNimbostratus
Jan 05, 2009

Scalability with multiple networks for Virtual Servers

Ok, I've got a small issue and its really affecting my ability to scale.

 

 

I've got 2 class C address spaces. 1 Class C we'll say 1.1.1.0 is setup as the typical "external" network and resides between the load balancer and an internet facing firewall. I can assign IPs to virtual servers from this network range no problem.

 

 

Along comes my second Class C, lets call it 2.2.2.0 . I would like to create Virtual servers on this network by routing this traffic from my firewall to the self IP on 1.1.1.0 and just define the Virtual Server for 2.2.2.10(as an example).

 

 

I set this up as described above, I can ping 2.2.2.10 from the the load balancer, but not from the directly attached firewall(verified route here.

 

 

Even if I create a new VLAN and create a self IP of 2.2.2.1 I still can't hit the 2.2.2.0 network from the firewall (routing verified again).

 

 

Is what I am doing possible, I know it is with just about any device cable of Nating. What am I missing to get this working?
config
design
  • dennypayne's avatar
    dennypayne
    Icon for Employee rankEmployee
    Jan 05, 2009
    This should work fine, are you setting up the 2.2.2.x virtual servers as Enabled on all VLANS? ARP should be enabled by default but that's worth double-checking. You might also make sure that the self IP on the 1.1.1.0 network is set to allow all traffic.

     

     

    Denny
  • jnantel's avatar
    jnantel
    Icon for Nimbostratus rankNimbostratus
    Jan 06, 2009
    I think that may be the ticket right there. I'd like to avoid having to define another interface/vlan for 2.2.2.0. So my next question is how to I allow all traffic?Are we talking packet filter rule ? or that wildcard virtual server I hear mentioned a lot?
  • dennypayne's avatar
    dennypayne
    Icon for Employee rankEmployee
    Jan 06, 2009
    No just look at the self-ip definition, there's a dropdown box that shows what traffic is allowed (it defaults to "Allow Default"). Packet filters are disabled by default but if you have enabled them you would need to also make sure that there isn't one blocking the traffic.

     

     

    I'm pretty sure I've done this without a wildcard virtual before, but if you have to set one up just create a virtual server, Network type instead of Host, and use 0.0.0.0, mask 0.0.0.0, port 0. Change the type from Standard to Forwarding(IP) and All Protocols. Or you could use 2.2.2.0 specifically as the network in this case.

     

     

    Denny
  • jnantel's avatar
    jnantel
    Icon for Nimbostratus rankNimbostratus
    Jan 06, 2009
    Setting the external interface to "Allow All" gave me exactly what I needed. Thanks a bunch Denny

     

     

    Jonathan
Related Content