09-11-2009 03:24 AM
access-list oracle extended permit tcp host 10.7.40.124 host 10.7.40.245 eq 8060
access-list oracle extended permit tcp host 10.7.40.125 host 10.7.40.245 eq 8060
serverfarm host sfarm1_oracle_hostfile
description DB servers to preeb.mfl.co.u.uk
predictor leastconn
failaction purge
probe port-8060
rserver zhc1nora5 8060
inservice
rserver zhc1nora6 8060
inservice
class-map match-all sfarm1_oracle_hostfile_classmap
description host file issue
3 match access-list oracle_hostfile
4 match virtual-address 10.7.40.245 tcp eq 8060
policy-map type loadbalance first-match sfarm1_oracle_hostfile_pol
class class-default
sticky-serverfarm ORACLE-DB-STICKY-GP
policy-map multi-match Oracle-hostfile
class sfarm1_oracle_hostfile_classmap
loadbalance vip inservice
loadbalance policy sfarm1_oracle_hostfile_pol
loadbalance vip icmp-reply active
nat dynamic 1 vlan 740
Sticky ip-netmask 255.255.255.255 address source ORACLE-DB-STICKY-GP
timeout 60
replicate sticky
server-farm sfarm1_oracle_hostfile
nterface vlan 740
description interface facing Servers
bridge-group 2
access-group input BPDU
access-group input ALLOW_ALL
nat-pool 1 10.7.40.246 10.7.40.254 netmask 255.255.255.0 pat
service-policy input Oracle-hostfile
above is the config
looking to allow some servers hitting a vip on the same vlan. have enabled source nat and used access-list to match the conditions. i tried connecting to port via telnet 10.7.40.245 8060 and its connected with the below
service-policy: Oracle-hostfile
class: sfarm1_oracle_hostfile_classmap
nat:
nat dynamic 1 vlan 740
curr conns : 0 , hit count : 9
dropped conns : 0
client pkt count : 45 , client byte count: 1930
server pkt count : 45 , server byte count: 4192
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
loadbalance:
L7 loadbalance policy: sfarm1_oracle_hostfile_pol
VIP Route Metric : 77
VIP Route Advertise : DISABLED
VIP ICMP Reply : ENABLED-WHEN-ACTIVE
VIP State: INSERVICE
curr conns : 0 , hit count : 13
dropped conns : 4
client pkt count : 49 , client byte count: 2122
server pkt count : 45 , server byte count: 4192
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
but i can connect from any system in the subnet 10.7.40.x. the class map have a match-all statement. does match-all means both the conditions or any
if i want to achieve the above what is the best option
09-11-2009 06:06 AM
usually, you put the src ip match statement in a class-map and use the class-map under the policy.
ie:
class-map type http loadbalance match-any SERVERS
2 match source-address 192.168.30.27 255.255.255.255
3 match source-address 192.168.30.48 255.255.255.255
Then
policy-map type loadbalance first-match sfarm1_oracle_hostfile_pol
class SERVERS
sticky-serverfarm ORACLE-DB-STICKY-GP
nat dynamic 1 vlan 740
class class-default
sticky-serverfarm ORACLE-DB-STICKY-GP
Gilles.
09-11-2009 06:53 AM
in the same class-map
class-map type http loadbalance match-any SERVERS
how can i add the vip address?
both condition should match , traffic coming from a specific source address to a specific vip address. if both conditions match then apply the policy
09-15-2009 07:25 AM
any suggestions
also is it possible to get static nat instead of dynamic nat
thnx
09-15-2009 07:29 AM
you need to use separate class-map.
One to catch the vip traffic and used in the multimatch policy and another class-map as described in my previous post to catch traffic from the servers and used in the type loadbalance policy.
G.
09-17-2009 07:11 AM
Agreed, I'm also of the opinion that you need a class and a policy for loadbalancing and a class and policy for nat. Both policies receive the incoming traffic, then perform their seperate operations on it and meet up afterwards.
In it's simplest form...
NAT:
class-map match-any NAT_Class
2 match access-list NAT_ACL
policy-map multi-match NAT_Policy
class NAT_Class
nat dynamic 1 vlan 123
LB:
policy-map type loadbalance first-match L7_Policy
class class-default
sticky ServerfarmX
policy-map multi-match LB_Policy
class VIP_Class
loadbalance vip inservice
loadbalance policy L7_Policy
loadbalance vip icmp-reply active
loadbalance vip advertise active
In NAT_ACL you will specify your conditions as desired.
Cheers,
Claire
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide