Jay, I might be wrong, but I don't think it is directly Zen's problem as they use iptables program for netfilter (http://www.netfilter.org/). So, you are trying to do IP NAT from a network A to the same network A (while it should be from network A to network B). That is what probably confuses netfilter and probably it is by design. Just accept it like it is. Btw, same stuff happens on another load balancers I tried (as majority of them are running on Linux).
Basically the best setup is: set up ZLB with 2 network cards: one looking into router/internet, another one into your back end servers on a separate network. Dima -----Original Message----- From: Jay A. Rossignol [mailto:[email protected]] Sent: Monday, December 23, 2013 12:01 PM To: [email protected] Subject: Re: [Zenloadbalancer-support] How to log request activity for troubleshooting l4txnat farms Hi Dima and Laura, Thank you so much for your replies! While I understand that a l4txnat farm does not work properly if the real servers are on the same subnet as the farm and when the request comes from an IP also on the same subnet, I am not understanding how that is related to this situation. All requests to this farm come from external addresses and all requests to the real servers come from the DNAT farm and are configured to respond through the load balancer's IP as its gateway. If there is some unknown bug that surfaces when l4txnat farms are on the same subnet as their real servers, then that is a different matter and I'll certainly reconfigure my environment. Otherwise, I don't see how it applies. Especially since the customers who are having problems are demonstrably coming from external IPs. Could you explain? Thank you! - Jay ---------------------------------------------------------------------- Message: 1 Date: Thu, 19 Dec 2013 11:26:11 -0500 From: "Dima Polyakov" <[email protected]> Subject: Re: [Zenloadbalancer-support] How to log request activity for troubleshooting To: <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset="us-ascii" Jay, If you look on mailing list there was a similar question when l4 farm worked and sometimes it did not - the reason for that was that backend servers were set up on the same subnet as VIP for the farm (your case). I believe it was Laura who said for l4 farm you should have different subnet for backend servers, so NAT will work properly. I can confirm, that when I changed to different subnet, my farm star working fine. Then I added extra adapters to each server to have a direct local network connection from/to other servers (outside of farm) in our network. You can also google "iptables" and its logs. Dima Message: 4 Date: Sun, 22 Dec 2013 22:34:15 +0100 From: Laura Garcia <[email protected]> Subject: Re: [Zenloadbalancer-support] How to log request activity for troubleshooting To: "[email protected]" <[email protected]> Message-ID: <CAF90-Wiij-98dkM8QzxQvAiKH6tB6GX_8pHxiQ1=ff4ar0c...@mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1" Hi, exactly. As the NAT mode work properly, you're missing something with the DNAT configuration. The best way to know what is happening in your network is through tcpdump or similar. Regards. ---------------------------------------------------------------------------- -- Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk _______________________________________________ Zenloadbalancer-support mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk _______________________________________________ Zenloadbalancer-support mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
