09-19-2012 10:35 PM
•Hi all,
•I am studying the topic: ´Configuring the Source NAT for Server-Originated Connections to the VIP ´.
•In Cisco Documentation I got the following output from the command
•show module csm 1 conn detail
• prot vlan source destination state
•----------------------------------------------------------------------
•In TCP 220 10.20.220.10:32858 10.20.221.100:23 ESTAB
•Out TCP 220 10.20.220.20:23 10.20.220.99:8193 ESTAB
• vs = FROM-SERVERS, ftp = No, csrp = False
•Following futher details:
• -10.20.220.10 rserver A
• -10.20.220.100 vip
•
•
• -10.20.220.20 rserver B
• -10.20.220.99 nat pool
•
• -220 vlan server
•
•
•The output means:
•The rserver A (10.20.220.10) wants to communicate with the rserver B (10.20.220.20). In order to have this communication/connection the process is for me
•not clear. Could you please cvomment the line IN and OUT of the above command´s output?
•Thanks.
Solved! Go to Solution.
09-20-2012 05:33 AM
Hi Fabio
fabio.marino wrote:
•show module csm 1 conn detail
• prot vlan source destination state
•----------------------------------------------------------------------
•In TCP 220 10.20.220.10:32858 10.20.221.100:23 ESTAB
•Out TCP 220 10.20.220.20:23 10.20.220.99:8193 ESTAB
• vs = FROM-SERVERS, ftp = No, csrp = False
Could you please cvomment the line IN and OUT of the above command´s output?•Thanks.
Basically you described a meaning of these 2 lines above.
Let's imagine that we have one "big" session from client to real server. However in the middle we have loadbalancer which sees everything a bit differently - and this output is how it sees life:
IN - means - incoming session from loadbalancer point of view, part of "big" session which lies between Client and Loadbalancer. in this case vlan - is a vlan number from what this session came from, source - is IP address of client initiated this session, and destination is IP address to which your client initiated this session - usually it's a VIP address which belongs to Loadbalancer itself (as client sees this service behind one VIP). Port numbers are the same as in reall TCP session from client
OUT - this is part of "big" session which lies between Loadbalancer and Real server. Here Source and Destination IP has to be read in opposite way - in field source you have IP address of real server to which connection went to and in field Destination - IP address which was used after Loadbalancer as a source IP. If you don't have NAT - you will see here the same IP address as you saw in field "source" in "IN" line.
The same situation is with ports , as you have PAT - source ports are not preserved , and you see a different port in Destination field in OUT line then in source field in IN line.
Hope I clarified situation a bit. Feel free to ask additional question if I missed something.
09-20-2012 05:33 AM
Hi Fabio
fabio.marino wrote:
•show module csm 1 conn detail
• prot vlan source destination state
•----------------------------------------------------------------------
•In TCP 220 10.20.220.10:32858 10.20.221.100:23 ESTAB
•Out TCP 220 10.20.220.20:23 10.20.220.99:8193 ESTAB
• vs = FROM-SERVERS, ftp = No, csrp = False
Could you please cvomment the line IN and OUT of the above command´s output?•Thanks.
Basically you described a meaning of these 2 lines above.
Let's imagine that we have one "big" session from client to real server. However in the middle we have loadbalancer which sees everything a bit differently - and this output is how it sees life:
IN - means - incoming session from loadbalancer point of view, part of "big" session which lies between Client and Loadbalancer. in this case vlan - is a vlan number from what this session came from, source - is IP address of client initiated this session, and destination is IP address to which your client initiated this session - usually it's a VIP address which belongs to Loadbalancer itself (as client sees this service behind one VIP). Port numbers are the same as in reall TCP session from client
OUT - this is part of "big" session which lies between Loadbalancer and Real server. Here Source and Destination IP has to be read in opposite way - in field source you have IP address of real server to which connection went to and in field Destination - IP address which was used after Loadbalancer as a source IP. If you don't have NAT - you will see here the same IP address as you saw in field "source" in "IN" line.
The same situation is with ports , as you have PAT - source ports are not preserved , and you see a different port in Destination field in OUT line then in source field in IN line.
Hope I clarified situation a bit. Feel free to ask additional question if I missed something.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide