Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
506
Views
0
Helpful
4
Replies

6500 w/csm client talking with vip gets direct to real

mariolaniel
Level 1
Level 1

‎01-09-2005 10:19 PM

We got a small server farm with four real servers and one vserver. when the client initiate a connection with the vserv it opens up an RPC at a certain point and starts talking directly with one ofthe real servers totally bypassing the vserver and if we take down that real server, then the connection hangs and it does not get re-directed to another server. CSM is setup in bridge mode and the servers are being used for a document management application by Hummingbird. Has anyone seen that kind of behavior?

Any help would be welcomed has we are going live with this project at the end of the week.

Labels:
0 Helpful
4 Replies 4

Gilles Dufour
Cisco Employee
Cisco Employee

‎01-10-2005 12:08 AM

what is the concern ?

That the client goes directly to the real or that disconnecting the real does not redirect the connection ?

For the later, you should use the command 'failaction purge' under the serverfarm definition.

This will force the CSM to kill the connection if the real goes down.

For the other concern, your application is probably sending at some point its server ip address.

Each server will therefore send its own ip address and the client will go directly to it.

You should see if there is a way for your application to return a "configured" ip address that would be your vip.

You could also try to configure the vip as a loopback ip address on every real server and tell your application to advertise this address.

Hope this helps.

Gilles.

0 Helpful

mariolaniel
Level 1
Level 1
In response to Gilles Dufour

‎01-10-2005 07:07 AM

Thanks Gilles,

I was wondering, is ther a way to prevent the real servers to talk directly with the client? If I change my config from bridge to router would it then be possible to prevent the real servers to talk directly with the clients or would I need to do source nat to achieve that?

In my situation, the server guys are not to keen on making changes to their servers, so if there is another way to circonvent the communication between the real servers and the client, it would be best.

Regards,

Mario

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to mariolaniel

‎01-10-2005 07:49 AM

Mario,

with route mode, client traffic is only allowed to vip address.

So, traffic sent directly from a client to a real server should be dropped.

Regards,

Gilles.

0 Helpful

mariolaniel
Level 1
Level 1
In response to Gilles Dufour

‎01-10-2005 08:39 AM

Gilles,

In route mode, would a real server able to send traffic directly to a client, bypassing the vip?

I guess not, since the server vlan is totally hidden from the client, or is it?

Basically, what I'm trying to find out, is a way to prevent the client to talk directly to the reals and vice versa.

What I'm trying to achieve is:

client --> vserver --> real

real --> vserver --> client

Worst case, I would not mind this:

client --> vserver --> real

real --> client

client --> vserver --> real

Basically, I don't want the client to talk directly to the reals, always the vserver.

Thanks,

Mario

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card