I got a Foundry ServerIronGT load balancer and I'm trying to setup SLB on it. I have found multiple examples online on how to proceed, but I'm running into a weird issue.
Here's my setup:
Internet Gateway ----> Dell Switch ----> Server 1 (50.50.50.210)
----> Server 2 (50.50.50.211)
----> Server 3 (50.50.50.212)
----> ServerIronGT (50.50.50.220)
I have setup my ServerIron's IP address to fit within my public IP range and I can ping it just fine from anywhere inside or outside my network. I can also ping all individual servers from inside or outside my network as well.
At this point, when I'm connected to the ServerIron's console, I can ping my gateway just fine and I can even ping IPs from outside my network, like Google's DNS server.
The problem I'm having is that my servers connected to the Dell switch can ping my ServerIron just fine, but the ServerIron can't ping any of the servers. So, when I setup my virtual server, it always shows as not healthy because it can't reach my real servers.
Here's my config:
!Building configuration...
!Current configuration : 512 bytes
!
ver 10.2.01eTD2
!
module 1 bi-0-port-wsm6-management-module
module 2 bi-jc-16-port-gig-copper-module
module 3 bi-jc-8-port-gig-module
!
context default
!
aaa authentication web-server default local
enable super-user-password .....
no enable aaa console
hostname SI-GT
ip address 50.50.50.220 255.255.255.240
ip default-gateway 50.50.50.222
ip dns server-address 8.8.8.8
no telnet server
username admin password .....
no snmp-server
!
end
Here are my results from the ServerIron:
Sending 1, 16-byte ICMP Echo to 50.50.50.222, timeout 5000 msec, TTL 64
Type Control-c to abort
Reply from 50.50.50.222 : bytes=16 time=5ms TTL=64
Success rate is 100 percent (1/1), round-trip min/avg/max=5/5/5 ms.
Sending 1, 16-byte ICMP Echo to 50.50.50.210, timeout 5000 msec, TTL 64
Type Control-c to abort
Request timed out.
No reply from remote host.
Sending 1, 16-byte ICMP Echo to 8.8.8.8, timeout 5000 msec, TTL 64
Type Control-c to abort
Reply from 8.8.8.8 : bytes=16 time=24ms TTL=46
Success rate is 100 percent (1/1), round-trip min/avg/max=24/24/24 ms.
Here are my results from my server:
PING 50.50.50.220 (50.50.50.220) 56(84) bytes of data.
64 bytes from 50.50.50.220: icmp_seq=1 ttl=64 time=0.039 ms
64 bytes from 50.50.50.220: icmp_seq=2 ttl=64 time=0.044 ms
64 bytes from 50.50.50.220: icmp_seq=3 ttl=64 time=0.048 ms
64 bytes from 50.50.50.220: icmp_seq=4 ttl=64 time=0.045 ms
^C
--- 50.50.50.220 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.039/0.044/0.048/0.003 ms
What am I missing? Thanks.
It turns out that my firewall rules were blocking ICMP echo requests and echo replies, which prevented my load balancer from seeing my servers as being alive. All is well now.
It's actually even more stupid than that. When I added the VIP's IP as a loopback alias to my servers, I mistakenly set the subnet mask to include the whole subnet, making the server respond to ping request to itself instead of returning them back to the load balancer. You have to make sure that when you setup your loopback alias, you set a subnet mask of /32 (255.255.255.255) so that it only responds to that specific IP.