You can configure the AX device to use some servers as backups in a DSR deployment. The backup servers are not required to be connected to the AX device at Layer 2 or in the same IP subnet. Figure 29 shows an example that uses a backup server in a different subnet.
Note: The deployment described in this section is useful for deploying backup servers to use only if primary servers are unavailable.
FIGURE 29 Backup Server in DSR Configuration
In this example, two real servers are used as the primary servers for VIP 10.10.10.99:80. They are in the same IP subnet as the AX device. Each of them is configured for DSR: destination NAT is disabled on the virtual port.
Another server, 192.168.2.10, is configured as a backup, to be used only if both primary servers are unavailable. Since the backup server is a valuable network resource, serving as a server farm backup is only one of its func-tions. It also used by other applications elsewhere in the network. The AX device can be configured to use the server as a backup to a DSR server farm, without changing the network topology.
To deploy the backup server:
• In the service group, assign a higher priority to the members for the pri-mary servers, so that the member for the backup server has the lower priority. By default, the AX device will not use the lower-priority server (the backup server) unless all the primary servers are down. Use the same priority for all the primary servers.
• Enable destination NAT on the backup server. By default, destination NAT is unset on real ports, and is set by the virtual port. Normally, desti-nation NAT is disabled on virtual ports used for DSR. However, destina-tion NAT needs to be enabled on the real port on the backup server.
Enabling destination NAT for the backup server allows the server to remain on a different subnet from the AX device, and still be used for the VIP that normally is served by DSR. The backup server does not need to be moved to a Layer 2 connection to the AX device and the server’s IP address does not need to be changed. It can remain on a dif-ferent subnet from the AX device and the primary servers.
Destination NAT can not be set directly on an individual real port. To enable destination NAT on a real port, create a real port template and enable destination NAT in the template. You can bind the template to the real port itself, or to the service group member for the port.
• If you bind the template to the port itself, the template applies to the port in all service groups that use the port.
• If you bind the template to the service group member instead, the template applies to the port only within the service group. The tem-plate does not apply to the same port when used in other service groups.
Note: VIP redistribution is not supported for VIPs that are configured for Direct Server Return (DSR).
U
SINGTHEGUI
Configure a port template to enable destination NAT on the backup server’s port
1. Select Config > Service > SLB.
2. On the menu bar, select Template > Server Port.
3. Click Add.
4. Enter a name for the template in the Name field.
5. Select Disabled next to Direct Server Return.
6. Click OK.
Configure the service group 1. Select Config > Service > SLB.
2. On the menu bar, select Service Group.
3. Click on the service group name or click Add to create a new one.
4. If this is a new service group, enter the name.
5. Add the primary servers to the service group:
a. Select a primary server from the Server drop-down list.
Note: If you are modifying a member that is already in the list, click the check-box in the row containing the member information, select the priority, then click Update.
b. Enter the protocol port number in the Port field.
c. Select 16 from the Priority drop-down list.
d. Click Add.
e. Repeat for the other primary server.
6. Add the backup server to the service group:
a. Select the backup server from the Server drop-down list.
b. Enter the protocol port number in the Port field.
c. Select the port template for the backup server from the Server Port Template drop-down list. This is the template configured in “Con-figure a port template to enable destination NAT on the backup server’s port” on page 100.
d. Leave 1 selected in the Priority drop-down list.
e. Click Add.
7. Click OK.
FIGURE 30 Config > Service > SLB > Template > Server Port
FIGURE 31 Config > Service > SLB > Service Group
To set the priority values of the primary servers to a higher value than the backup server, re-add the members for the primary servers’ ports, and use the priority option. Set the priority to a value higher than 1 (the default).
Use the same priority value on each of the primary server’s member ports.
To enable destination NAT on a service port within a service group, use the dest-nat option in a server port template, then bind that template to the server port in the service group.
CLI Example
The following commands configure a server port template for the backup server:
AX(config)#slb template port dsrbackup AX(config-rport)#dest-nat
AX(config-rport)#exit
The following commands add the members to the service group:
AX(config)#slb service-group sg-dsr tcp
AX(config-slb service group)#member primarys1:80 priority 16 AX(config-slb service group)#member primarys2:80 priority 16
AX(config-slb service group)#member secondarys1:80 template port dsrbackup