RE: [load balancing] direct access to server

From: David Remington <david.remington [izzat] milestonesystems.com>
Date: Fri Oct 06 2006 - 15:39:37 EDT

You can further constrain the traffic to the network virtual server using either a packet filter or an iRule.

-----Original Message-----
From: owner-lb-l@vegan.net on behalf of Deb Allen
Sent: Fri 10/6/2006 12:20 PM
To: lb-l@vegan.net
Cc:
Subject: RE: [load balancing] direct access to server

You can create a wildcard forwarding network virtual server of type
Forwarding(IP) with address of 0.0.0.0, mask of 0.0.0.0 and port
*/0/any.

If you want tighter control of the traffic being forwarded, I'd
recommend instead creating forwarding virtual servers specific to the
backend subnet and services you want to support, for example address of
192.168.1.0 and mask of 255.255.255.0.
Likewise if you only want to allow specific ports, you can create
specific network virtual server supporting the required ports.

In either case, select the protocols you need.
Set "VLAN traffic" to "all vlans", or enable only the client-side vlan
if you want to limit traffic to inbound requests only.

/deb

-----Original Message-----
From: owner-lb-l@vegan.net [mailto:owner-lb-l@vegan.net] On Behalf Of
Zafer Berber
Sent: Wednesday, October 04, 2006 10:38 PM
To: lb-l@vegan.net
Subject: Re: [load balancing] direct access to server

customer dont like nat!
is it secure create virtual server the ip range?

can u explain how can i do it detail, in the network 0.0.0.0 port
section is
"*" another settings ?

regards

zafer

On Wednesday 04 October 2006 21:52, Deb Allen wrote:
> You can create a forwarding virtual server the IP range of the
backend
> subnet (or wildcard) and enable it at least on the clientside vlan.
> You might want to make sure SNAT is disabled for this virtual server
if
> you want to see real client addresses in the server logs.
>
> Alternatively you can configure a NAT for each server to allow direct
> access. (less secure and more admin overhead)
>
> -----Original Message-----
> From: owner-lb-l@vegan.net [mailto:owner-lb-l@vegan.net] On Behalf Of
> Zafer Berber
> Sent: Wednesday, October 04, 2006 10:20 AM
> To: vegan
> Subject: [load balancing] direct access to server
>
>
> Hi,
>
> i can do on alteon direct access enable
>
> how can i connect direct to server over the bigip ?
>
> client ----- vlan 10-----bigip----vlan 20---- server
>
> i want connect direct access ther server from client side, updates and
> managment for the servers
>
>
> regards

-- 
------------------------- 
Zafer Berber
System Engineer
Prolink 
http://www.prolink.com.tr 
Office:+90 216 573 73 00
____________________
The Load Balancing Mailing List
Unsubscribe:    mailto:majordomo@vegan.net?body=unsubscribe%20lb-l
Archive:        http://vegan.net/lb/archive
LBDigest:       http://lbdigest.com
MRTG with SLB:  http://vegan.net/MRTG
Hosted by:	http://www.tokkisystems.com
____________________
The Load Balancing Mailing List
Unsubscribe:    mailto:majordomo@vegan.net?body=unsubscribe%20lb-l
Archive:        http://vegan.net/lb/archive
LBDigest:       http://lbdigest.com
MRTG with SLB:  http://vegan.net/MRTG
Hosted by:	http://www.tokkisystems.com

____________________
The Load Balancing Mailing List
Unsubscribe: mailto:majordomo@vegan.net?body=unsubscribe%20lb-l
Archive: http://vegan.net/lb/archive
LBDigest: http://lbdigest.com
MRTG with SLB: http://vegan.net/MRTG
Hosted by: http://www.tokkisystems.com

Received on Fri Oct 6 15:39:15 2006

This archive was generated by hypermail 2.1.8 : Fri Oct 06 2006 - 15:48:36 EDT