Re: CMS modes pro's and con's

r.panus · ‎03-11-2005

Hello,

I am tasked with writing a paper that explains the three modes (bride, route, one-armed) of the CMS. I have accomplished this task. I have also been tasked with explaining, in detail, why one mode is better than the other modes, when they are appropriate to use, and so on. I have never touched or had any experience with the CMS. I have searched for a week now but can not find any document that explains when the various modes are appropriate to use. If anyone can post a link, or links that can give me a start, I would be forever grateful.

Thank you.

Ron.

Gilles Dufour · ‎03-14-2005

one-armed is the easiest to install - less disruptive as you can keep your current network unchanged.

However, it requires special configuration to guarantee that the return traffic from the server goes back to the CSM.

This is done by doing client nat which will prevent the servers to see the client ip address and therefore to create statistic based on client ip.

There is a way to inser the client ip in the HTTP header, but it only works for HTTP.

Router-mode is easier to understand and troubleshoot.

The CSM is just like a router with vlans and routing between each of these.

It requires a minimum of configuration.

However, it is important to design correctly.

For example I would recommend not to have client accessing the CSM directly.

They should go through the MSFC first.

Then I would recommend to have only 1 vlan between CSM and MSFC- this is because the CSM only uses 1 default gateway even if you can configure many.

You never know which is active.

The CSM also expect the traffic to come back on the vlan it went out. If you have multiple vlan it is difficult to control on which vlan the response will come back.

Finally 'bridge mode' is good if you want to insert the CSM between the servers and their current default gateway without having to reconfigure the servers.

This is a good solution.

Disadvantage is that all traffic from servers will go through the CSM and it is more difficult to avoid in case you really need it.

A little more complex to troubleshoot as well.

Conclusion: bridge or routing mode is ok - avoid at all cost one-armed.

Regards,

Gilles

r.panus · ‎03-14-2005

Gilles,

Thank you for your response, and your time.

Ron.

savyer · ‎03-14-2005

Gilles,

Can you elobrate more on how CSS can insert client ip in the HTTP header in one-armed mode?

Thanks

robert.breen.hbp2 · ‎03-23-2005

Some additional notes on the advantages of Bridge mode. The CSM doesn't support DHCP helpers nor Multicast. We run our CSM in bridge mode so that our servers can be DHCP clients (mostly during the server base operating system loading process) and so that Multicast sources and clients will work.

Bottom line: Bridge mode also is a DHCP and Multicast enabler. To the best of my knowledge neither will work in routed mode (at least in the 3.2.x days they wouldn't....).

savyer · ‎03-23-2005

Guys,

Can somebody point me to a link where I can find info on how to inser the client ip in the HTTP header on CSS to preserv original client IP in one-armed mode.

Thanks

Gilles Dufour · ‎03-24-2005

the CSS Can't insert the client ip in the HTTP header.

Only the CSM can do this.

For the CSM look at :

http://www.cisco.com/en/US/products/hw/switches/ps708/products_module_configuration_guide_chapter09186a00803e008d.html#wp1047132

savyer · ‎03-24-2005

Are there any plans to backport this feature to WebNS?

Gilles Dufour · ‎03-25-2005

we are currently building 7.50 which will not have this feature.

The roadmap for 7.60 has not been decided yet.

If you need this feature, I would recommend you to contact your Cisco sales representative and ask him to introduce a request to the CSS product manager.

The product manager is attentive the requests coming directly from customers.

Regards,

Gilles.

drussell · ‎03-25-2005

One option for getting around the DHCP problem is configuring a router interface on the server vlan with a /30 mask. Client traffic to the servers would follow the route for the whole server vlan to the CSM so there wouldn't be an issue with asymetric routing.

j.docio · ‎03-28-2005

Hi Gilles,

first of all, thank you for this clear post.

I have one cuestion about one-armed mode.

Reading some presentations of Networkers I found that this mode can be used if you use PBR on the MSFC.

Is this configuration used on real clients, or it is one a "pretty .ppt".

It has limitations?

Thank you very much.