02-28-2010 06:17 AM
Hi folks,
I am trying to understand why my SLB configuration isn't working, and would really appreciate some advice on this.
I'm using dispatched mode, as the web servers are locally connected to the router via a switch. Here's a simple summary of my configuration.
interface GigabitEthernet0/0/0
ip address 172.16.11.11 255.255.255.252
description Internet
!
interface GigabitEthernet0/0/1
ip address 10.0.0.1 255.255.255.0
description Internal
!
ip slb serverfarm FARM
real 10.0.0.101
inservice
!
real 10.0.0.102
inservice
!
ip slb vserver VIP
virtual 10.0.0.100 tcp www
serverfarm FARM
inservice
r1#sh ip slb reals
real farm name weight state conns
-------------------------------------------------------------------
10.0.0.101 FARM 8 OPERATIONAL 0
10.0.0.102 FARM 8 OPERATIONAL 0
r1#sh ip slb vservers
slb vserver prot virtual state conns interface(s)
--------------------------------------------------------------------------------------
VIP TCP 10.0.0.100/32:80 OPERATIONAL 0 <any>
So everything seems to look OK - but when I telnet to port 80 of the virtual server, I get connection refused.
Please would someone advise me on how to debug this, and what could be going wrong?
Thanks,
Philip
02-28-2010 02:15 PM
Well this was on an ASR1002, running asr1000rp1-advipservicesk9.02.02.01.122-33.XNB1.bin. I thought maybe there was a software glitch so I updated the code to asr1000rp1-advipservicesk9.02.06.00.122-33.XNF.bin.
However the later version doesn't even support SLB, so maybe there was an issue there. Oh well. Goodbye SLB, hello temporary rotary NAT (shudder).
Philip
03-01-2010 02:15 AM
For the future, the way to debug this is to capture a sniffer trace and see if the SYN came to the router, and if it was forwarded to the server.
Then, you need to check where the server sent the SYN/ACK.
If it bypasses the router, we can't reverse nat server -> vip and the client gets a SYN/ACK from an unknown ip address.
Gilles.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: