Hi Jay you are in a misunderstood:
YOu wrote:
I don't understand why clients on the same subnet cannot access the l4txnat
farm w/DNAT, here's why:
Given the network config I sent previously, if client1 (192.168.11.70)
sends a request to the farm (192.168.11.20) then the load balancer forwards
the request to backend web server site1 (192.168.11.21)
YES, it's right
using client1's IP address (DNAT).
YES, it's right
Site1 would then simply reply to client1 directly because they are on the
same subnet,
YES, it is right
bypassing the load balancer, and all would be well. However, the backend
server never receives the request from the load balancer.
YES, it is right, the Server1 and client1 are in the same subnet then
Server1 will reply directly to the backend without go through the load
balancer, it is said, with this you are reproducing asymetric routing and
the reply to the client1 of Server1 will be rejected by Client1 because the
response is expected through load balancer (192.168.11.20) not
192.168.11.21.
The configuration that Joey wote you is a good option, and Laura wrote in
some past mail days ago that backends have to be isolated fora similar
reason.
Why not? Is this a bug or am I misunderstanding the process?
2013/10/24 <[email protected]>
> Hi Jay,
>
> To make this work I have setup the following:
>
> 2 NIC's in loadbalancer, one with NIC in DMZ network and one in LAN
> network.
> Our DMZ network is in our external IP Range and LAN network is in IP range
> where the clients and realservers are.
>
> For external clients:
> I have setup l4txnat farm on DMZ VIP with the realservers on the LAN side
> (make sure the LAN realservers have their default gateway's set to the VIP
> of the LAN side)
>
> For internal clients :
> I have setup normal TCP farm on the LAN VIP with the same realservers on
> LAN side.
>
> Also to get internet access on realservers you have to set an extra
> netfilter entry on each loadbalancer in the cluster, you can read the
> necessary config in my previous question to the mailinglist.
>
> That should get you setup properly.
>
> Kind regards,
>
> Joey
>
> *Van:* Jay A. Rossignol
> *Verzonden:* woensdag 23 oktober 2013 20:09
> *Aan:* [email protected]
>
> Hi Laura,
>
> I don't understand why clients on the same subnet cannot access the
> l4txnat farm w/DNAT, here's why:
> Given the network config I sent previously, if client1 (192.168.11.70)
> sends a request to the farm (192.168.11.20) then the load balancer forwards
> the request to backend web server site1 (192.168.11.21) using client1's IP
> address (DNAT). Site1 would then simply reply to client1 directly because
> they are on the same subnet, bypassing the load balancer, and all would be
> well. However, the backend server never receives the request from the load
> balancer. Why not? Is this a bug or am I misunderstanding the process?
>
> Thanks!
>
> - Jay
>
> > zenlb: 192.168.11.10/24 gw: 192.168.11.3
> > l4txnat farm 'Site' ports 80,443 DNAT: 192.168.11.20/24
> > site1, real backend server: 192.168.11.21/24 gw: 192.168.11.10
> > client1: 192.168.11.70/24
> > client2: 192.168.1.71/24
> >
> > Client1 cannot connect to farm 'Site' with either port 80 or port 443.
> > (tested via browser, curl, wget, telnet 80)
> > Client2 can connect to farm 'Site' on both ports 80 and 443
> >
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 22 Oct 2013 08:34:04 +0200
> From: Laura Garcia <[email protected]>
> Subject: Re: [Zenloadbalancer-support] l4txnat multiple problems
> (Laura Garcia)
> To: "[email protected]"
> <[email protected]>
> Message-ID:
> <caf90-wgqycm-ztgxaj1ppdzoy59nqfqj_sfkgqc_yvfz8kg...@mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi, you've to reinstall from the ISO in order to get the 3.03.
>
> Regarding to your network design, DNAT requires to isolate the backends
> network from the clients network, note that if they're in the same subnet,
> they're not going to communicate never through the gateway (load balancer
> in this case).
>
> Regards.
>
>
> On Mon, Oct 21, 2013 at 8:57 PM, Jay A. Rossignol <[email protected]
> >wrote:
>
> >
> > Today's Topics:
> >
> > 1. l4txnat multiple problems (Jay A. Rossignol)
> > 2. actions from the command line (Jay A. Rossignol)
> > 3. Re: Combined Loadbalancing methods (Laura Garcia)
> > 4. Re: actions from the command line (Emilio Campos)
> > 5. Re: l4txnat multiple problems (Laura Garcia)
> >
> > -----------------------------
> >
> > Hi Laura,
> >
> > Re Stats and graphs, I have version 3.02 installed. Is there a guide for
> > applying the patch? Can it be done with minimal downtime?
> >
> > Re network/load balancer setup:
> > zenlb: 192.168.11.10/24 gw: 192.168.11.3
> > l4txnat farm 'Site' ports 80,443 DNAT: 192.168.11.20/24
> > site1, real backend server: 192.168.11.21/24 gw: 192.168.11.10
> > client1: 192.168.11.70/24
> > client2: 192.168.1.71/24
> >
> > Client1 cannot connect to farm 'Site' with either port 80 or port 443.
> > (tested via browser, curl, wget, telnet 80)
> > Client2 can connect to farm 'Site' on both ports 80 and 443
> >
> > Thank you!
> >
> > - Jay
> >
> > Message: 5
> > Date: Mon, 21 Oct 2013 18:57:35 +0200
> > From: Laura Garcia <[email protected]>
> > Subject: Re: [Zenloadbalancer-support] l4txnat multiple problems
> > To: "[email protected]"
> > <[email protected]>
> > Message-ID:
> > <CAF90-WjLNLYh1VrbDpfPk=ULz=xF27d+y=
> > [email protected]>
> > Content-Type: text/plain; charset="iso-8859-1"
> >
> > Hi, the l4 graphs are available since the new version 3.03.
> >
> > Please, write down your network design for the load balancer: network
> > interfaces, IP for each one, backends IPs, etc.
> >
> > Regards.
> >
> >
> >
> > On Mon, Oct 21, 2013 at 5:58 PM, Jay A. Rossignol <[email protected]
> > >wrote:
> >
> > > Hi there,
> > >
> > > I am new to Zen lb. I am having multiple problems with l4txnat farms.
> > > Please let me know if you'd like me to send these one at a time.
> > >
> > > 1. I have an l4txnat farm servicing ports 80 and 443 using DNAT. The
> web
> > > servers use the load balancer's IP as their gateway. Clients on the
> same
> > > subnet as the load balancer cannot connect to the farm over ports 80
> and
> > > 443. Clients on the same subnet CAN reach the load balancer and farm's
> > vip
> > > otherwise (ssh, ping) Clients from other subnets are able to connect to
> > > ports 80 and 443 of the farm perfectly.
> > >
> > > 2. My l4txnat farms do not provide any statistics or graphs while my
> tcp
> > > farms do.
> > >
> > > 3. Ubuntu 10.04 servers cannot connect to 14txnat farms on ports 80
> and
> > > 443 regardless of subnet. Ubuntu 11.04 and up can. nmap of the farm's
> > vip
> > > show's the ports 80 and 443 as 'filtered' when done from a 10.04 server
> > > while from a newer version of Ubuntu the ports are 'open'. Regardless
> of
> > > the Ubuntu version, tcp farms show up as 'open'.
> > >
> > > Thank you!
> > >
> > > - Jay
> > >
> > >
>
>
>
>
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most
> from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
> _______________________________________________
> Zenloadbalancer-support mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
>
>
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most
> from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
> _______________________________________________
> Zenloadbalancer-support mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
>
>
--
Load balancer distribution - Open Source Project
http://www.zenloadbalancer.com
Distribution list (subscribe): [email protected]
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
_______________________________________________
Zenloadbalancer-support mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
