Alteon 180E + WebOS 9.0: can't redirect port 80 to port 81

Alteon 180E + WebOS 9.0: can't redirect port 80 to port 81

Post by bchil » Wed, 22 Mar 2006 13:13:40


Hello,

I have a situation where I want to redirect traffic from port 80 on the
vip to port 81 on the 2 reals that are part of the group associated
with the vip. I thought this was a as simple as using rport under
/c/slb/virt/service. The alteon insists on a filter, so I put one on
port 1 that just does an action allow. The alteon doesn't complain
about the config since I added the filter, but it doesn't redirect the
traffic to port 81 - it just keeps sending vip:80 to reals:80.

What's going on? Is there more to redirecting a port?

Brian
 
 
 

Alteon 180E + WebOS 9.0: can't redirect port 80 to port 81

Post by Doph » Wed, 22 Mar 2006 14:45:54

The filter you describe should not effect SLB function at Alteon
platform unless there is a mis-configuraiton. Is the port 1 a server or
client port ?? Anything else at the filter? You can simply redirect the
real port by only using "rport" command. You can check wether the SLB
funtion works properly by using "/info/slb/dump" or
"info/slb/sess/dump" .This command will help you a lot.

 
 
 

Alteon 180E + WebOS 9.0: can't redirect port 80 to port 81

Post by bchil » Thu, 23 Mar 2006 05:26:01

I think it is just easier if I post the output from /info/slb/dump
(below):

Also, I am on Web)S 9.0.43.11. Does it have bugs that might affect
this?

Can you email off-line? bchill ^ bch.net

Thanks!

Brian

--------------------------------------------------------------------------------------------------------

Real server state:
50: my-real1 (10.10.10.50), xx:xx:xx:xx:xx:xx, vlan 1, port 1, health
3, up
51: my-real2 (10.10.10.51), xx:xx:xx:xx:xx:xx, vlan 1, port 1, health
3, up

Virtual server state:
11: 10.10.10.11, xx:xx:xx:xx:xx:xx
virtual ports:
http: rport 81, group 11, my-virt, backup none, pbind clientip
real servers:
50: my-real1, backup none, 1 ms, up
51: my-real2, backup none, 0 ms, up
https: rport 444, group 11, my-virt, backup none, pbind clientip
real servers:
50: my-real1, backup none, 1 ms, up
51: my-real2, backup none, 0 ms, up

Redirect filter state:
100: dport http, rport 81, group 11, health icmp, backup none,
slowstart
real servers:
50: my-real1, backup none, 1 ms, up
51: my-real2, backup none, 1 ms, up

Port state:
1: 0.0.0.0, client, server
filt enabled, filters: 100
2: 0.0.0.0
filt disabled, filters: empty
3: 0.0.0.0, client, server
filt disabled, filters: empty
4: 0.0.0.0, client, server
filt disabled, filters: empty
5: 0.0.0.0, client, server
filt disabled, filters: empty
 
 
 

Alteon 180E + WebOS 9.0: can't redirect port 80 to port 81

Post by bchil » Thu, 23 Mar 2006 05:28:54

I think it is just easier if I post the output from /info/slb/dump
(below):

Also, I am on WebOS 9.0.43.11. Does it have bugs that might affect
this?

Can you email off-line? bchill ^ bch.net

Thanks!

Brian

--------------------------------------------------------------------------------------------------------

Real server state:
50: my-real1 (10.10.10.50), xx:xx:xx:xx:xx:xx, vlan 1, port 1, health
3, up
51: my-real2 (10.10.10.51), xx:xx:xx:xx:xx:xx, vlan 1, port 1, health
3, up

Virtual server state:
11: 10.10.10.11, xx:xx:xx:xx:xx:xx
virtual ports:
http: rport 81, group 11, my-virt, backup none, pbind clientip
real servers:
50: my-real1, backup none, 1 ms, up
51: my-real2, backup none, 0 ms, up
https: rport 444, group 11, my-virt, backup none, pbind clientip
real servers:
50: my-real1, backup none, 1 ms, up
51: my-real2, backup none, 0 ms, up

Redirect filter state:
100: dport http, rport 81, group 11, health icmp, backup none,
slowstart
real servers:
50: my-real1, backup none, 1 ms, up
51: my-real2, backup none, 1 ms, up

Port state:
1: 0.0.0.0, client, server
filt enabled, filters: 100
2: 0.0.0.0
filt disabled, filters: empty
3: 0.0.0.0, client, server
filt disabled, filters: empty
4: 0.0.0.0, client, server
filt disabled, filters: empty
5: 0.0.0.0, client, server
filt disabled, filters: empty
 
 
 

Alteon 180E + WebOS 9.0: can't redirect port 80 to port 81

Post by Doph » Thu, 23 Mar 2006 12:31:57

As I know, the redirtion of WebOS 9.0.43.11 is good. From the dump,
your real server works well and port 1 is server port. There is a
concept of filter; A filter can be only triggered while the session or
packet is not responed to SLB. In other words, your filter is not
necessary for redirection. You can remove it.
 
 
 

Alteon 180E + WebOS 9.0: can't redirect port 80 to port 81

Post by Doph » Thu, 23 Mar 2006 12:38:46

BTW, the "rport" command at the filter is not used for SLB. It's is
used for Application Redirection, i.e. Proxy Server
 
 
 

Alteon 180E + WebOS 9.0: can't redirect port 80 to port 81

Post by bchil » Fri, 24 Mar 2006 11:26:45

The problem is that the configuration posted is not working - traffic
still hits the host on port 80.

Any suggestions?

Brian
 
 
 

Alteon 180E + WebOS 9.0: can't redirect port 80 to port 81

Post by Doph » Fri, 24 Mar 2006 14:39:01

Brian

My suggestion is removing the filter.

I guess there are two situation you might have.

1. The server connects to port 1: filter will not be triggered because
package is redirected by SLB function.
2. The client connects to port 1: filte will be triggered and hit port
80 of your server.

As I mentioned previous, there are 2 "rport" commands at different
level of command menu.

1. /cfg/slb/virt 11/service 80/rport : Defines the real server TCP or
UDP port assigned to this service. By default, this is the same as the
virtual port (service virtual port). If rport is configured to be
different than the virtual port defined in /cfg/slb/virt
<number>/service <virtual port>, the switch will map the virtual port
to this real port.

2. /cfg/slb/filt 100/rport :This option applies only when redir is
specified at the filter action. This defines the real
server TCP or UDP port to which redirected traffic will be sent.

So, I said the filter is not necessary.

I hope this can hlep you solve the issue. : )

BTW, I am out of U.S so I can't reply to you during your business time.
Sorry about that.