« Previous Next »

• 03-13-2008, 1:30 PM

  sarikan Joined on 06-28-2007, 11:35 AM Posts 3

  Virtual Ip in nlb Reply Contact Hi, I have a challenging scenario for nlb. I'm refactoring a web based app for a client, and IIS layer with a single machine needs to be converted into a nlb layer. The problem is, this is not a traditional web based app scenario, and the web application needs to be able to directly connect to various sql servers which are over 200 in number. Due to security reasons, these sql servers are configured so that they only accept connections from a certain ip, which makes sense. The virtual ip in the cluster is not used when any of the servers in the web farm tries to make a connection to another location. if virtual ip is X and dedicated ip (dip) is Y for a server, the server connects to a third machine over Y, not over X. This is my main problem. Is it possible to use virtual ip of a nlb solution both for input and output for all the ports and for all the servers? the scenario is: Request from client for a web page comes to virtual ip X, Server A is assigned by nlb to answer request, and server A needs to connect to another web service/db whatever to serve the request. Server A uses the dedicated ip Y to connect to other resource, and I wonder if It can be configured so that it will use virtual ip X instead. I hope I can explain the problem, and I'd really appreciate any ideas or comments about this issue All the best Seref

• 03-14-2008, 8:56 AM

  In reply to

  tomkmvp Joined on 03-20-2003, 10:27 AM Lawrenceville, NJ Posts 5,406

  Re: Virtual Ip in nlb Reply Contact sarikan: Is it possible to use virtual ip of a nlb solution both for input and output for all the ports and for all the servers? No.  It simply won't work because the SQL connection is initiated from the web server (from "inside" the NLB), whereas web requests are initiated from "outside" the NLB. Tom Kaminski IIS MVP http://mvp.support.microsoft.com/ http://blogs.iis.net/tomkmvp/ http://www.linkedin.com/pub/8/690/408 http://www.bluesrepublic.org/

• 03-14-2008, 9:42 AM

  In reply to

  sarikan Joined on 06-28-2007, 11:35 AM Posts 3

  Re: Virtual Ip in nlb Reply Contact Thanks, actually I did not have high hopes for this one :) I guess the correct term for my wish would be to be able to perform NAT on VIP. My current solution is to create a subnet that contains dedicated ips of all web farm servers' public nics, and all servers also have a second nic, which have the same default gateway, which is bound to another internet ip. This way, request to other web services or sql servers by web farm members always leaves the farm over same ip. All this is to avoid configuration task in secure targets like sql servers. when a new machine is added to the farm, no one outside has to change their configuration under this approach. Would you have any other advices to satisfy this requirement? All the best Seref

• 03-14-2008, 3:45 PM

  In reply to

  tomkmvp Joined on 03-20-2003, 10:27 AM Lawrenceville, NJ Posts 5,406	Re: Virtual Ip in nlb Reply Contact Put all of the NLB servers behind a proxy, like Microsoft's ISA - then all of the requests would come from that one IP, or just allow the range of server addresses instead of just allowing one address. Tom Kaminski IIS MVP http://mvp.support.microsoft.com/ http://blogs.iis.net/tomkmvp/ http://www.linkedin.com/pub/8/690/408 http://www.bluesrepublic.org/

• 03-15-2008, 5:54 AM

  In reply to

  sarikan Joined on 06-28-2007, 11:35 AM Posts 3

  Re: Virtual Ip in nlb Reply Contact Ok, this is a very interesting idea, but I'm a little bit confused here. the public nic on servers need to have a virtual ip, which in my case will be an internet ip. You're suggesting that I insert a proxy in front of all servers, but how do I do that when the virtual ip is defined on the nic which is on the server? Sorry, this is not my usual area of work, I guess I could not picture it in my mind. Could you give me a very brief explanation? like set vip on here, define this on isa then define that on servers etc. Even the simplest explanation would do the  trick. Thanks a lot for you help Seref

• 03-17-2008, 7:58 AM

  In reply to

  tomkmvp Joined on 03-20-2003, 10:27 AM Lawrenceville, NJ Posts 5,406

  Re: Virtual Ip in nlb Reply Contact ... a more refined thought, just use a Router.  Setup your NLB using all internal NAT 192.168.x.x IP addresses, which will be assigned by the Router.  Give the router the original virtual IP used for web and SQL traffic, and setup the router to forward all port 80 requests to the internal NLB virtual IP.  You should be aware though that the router represents a single point of failure (as well as allowing just 1 IP to talk to SQL). Tom Kaminski IIS MVP http://mvp.support.microsoft.com/ http://blogs.iis.net/tomkmvp/ http://www.linkedin.com/pub/8/690/408 http://www.bluesrepublic.org/