06-01-2007 06:00 AM
Hi,
Is the CSM able to be configure to work in this way with the client and server in the same VLAN. What is the implication?
06-01-2007 06:31 AM
yes, it is possible.
But since they are both in the same vlan you need to configure client-nat on the CSM to make sure the response from the server goes back through the CSM and does not go directly to the client as the client expects a response from the VIP, not the server.
Gilles.
06-25-2007 04:58 PM
Giles,
Can you go into a little more detail here. I have a situation where clients access a vitural pointing to webservers. Then I have app servers on the same VLAN as the webservers that also need to make calls to the same virtual pointing to the same webservers on 443. Heres a sample config. I cant seem to get it to work. Do I need another serverfarm or possibly another virtual allowing all vlans not just the client vlan? Thanks for your help.
vlan 2115 client
ip address 10.159.15.146 255.255.255.224
gateway 10.159.15.129
alias 10.159.15.145 255.255.255.224
!
vlan 115 server
ip address 10.159.15.146 255.255.255.224
!
vlan 933 server
ip address 10.17.133.2 255.255.255.0
alias 10.17.133.1 255.255.255.0
!
natpool PORTAL-NATPOOL 137.x.x.155 137.159.15.155 netmask 255.255.255.224
serverfarm PORTAL-SSLMOD
no nat server
no nat client
real 10.17.133.3
inservice
probe ICMP
serverfarm PORTAL-WEB
nat server
nat client PORTAL-NATPOOL
real 10.159.15.140 8001
inservice
real 10.159.15.141 8001
inservice
probe HTTP
sticky 1 cookie PORTALSIGNON insert timeout 30
vserver PORTAL-443
virtual 10.159.15.144 tcp https
serverfarm PORTAL-SSLMOD
no persistent rebalance
parse-length 4000
inservice
!
vserver PORTAL-DECRYPT
virtual 10.159.15.144 tcp 81
vlan 933
serverfarm PORTAL-WEB
sticky 30 group 1
persistent rebalance
parse-length 4000
inservice
06-26-2007 05:00 AM
is the config that you show the modified one you used in order to solve the problem ?
What was wrong with it ?
I would suggest to catpure a sniffer trace of the csm portchannel. The portchannel # is 256 + csm_slot.
Otherwise, here is how I would have done it myself to nat only requests from the servers.
serverfarm PORTAL-SSLMOD-CNAT
no nat server
nat client PORTAL-NATPOOL
real 10.17.133.3
inservice
probe ICMP
vserver PORTAL-443-from-server
virtual 10.159.15.144 tcp https
serverfarm PORTAL-SSLMOD-CNAT
vlan 115
no persistent rebalance
parse-length 4000
inservice
!
06-26-2007 08:11 AM
Hi Gilles,
I am trying to configure the CSM to load balance some netcache servers with the CSM configured are the proxy IP. PBR is used to divert all web traffic to the CSM.
I configure the proxy IP as a virtual server and the netcache as real in the serverfarm.
The user PC are configured to use the proxy (virtual server IP) when accessing the net.
With this setup, whether i do NAT for server or client or both, i can not get it to work. I do not have a client vlan as all client traffic are routed to this csm switch from using a routed interface.
With no NAT configure ---
Traffic at the netcache is registered with source as the client IP and destination as the proxy server IP. This cause a loop with the netcache and CSM sending traffic to each other.
With Server NAT configured only ---
The server will direct return to the client. This client will drop all the connections as it is expecting the virtual server reply and not the real server reply.
With Client NAT configured only ----
I cannot see the traffic at the netcache and CSM, dont know why... still founding out.
With both server and Client NAT ----
I cannot see the traffic at the netcache and CSM, dont know why... still founding out.
06-27-2007 12:18 AM
I wrote a document on how to configure the csm with transparent caches.
Try to follow this example.
If that does not work, provide your complete config, a network diagram and the ip of client, proxy address configured in the client.
Gilles.
06-27-2007 06:45 AM
Hi Gilles,
Yes, i read that document before and its good. It work fine for my transparent caching, just that i configure it in a direct server response mode.
Recently while trying to configure load balancing for proxy server, i am hit with problem due to CSM is unable to act in such a way that traffic from the client is to be terminated at the CSM and the CSM will in turn send out the packets using its virtual IP to the netcache for the real destination in the http traffic.
The scenario is as such,
1)user configure the proxy ip in the broswer.
2)The CSM is setup with a vserver with IP of the proxy server in the user broswer.
3)When user send a http traffic, the destination IP is the proxy server IP with the real http destination encap in the http header in the data segment of the packet.
4)In such case i need to configure the CSM to do NAT on the server and client so that i can control the traffic so as to get all the IP address right for all party. At this moment i still unable to get the vserver working with nat server and nat client.
Can i know what is the use of "nat client static" command, is it only 1 session is allow at any 1 time, and what is the source IP of the packet. Anyway to overload the nat like in router?
Thanks.
06-28-2007 11:47 AM
the CSM can't extract the destination in the http header. This is not a proxy.
All we can do is forward the traffic as such to a destination and perform nat if needed.
The csm will do pat all the time it's necessary.
The static nat feature is when the server open connection through the CSM and you need it to nat. This is a one-to-one mapping. 1 inside ip with 1 outside ip.
To do pat, just create a natpool and use client nat
This should be enough.
Capture a sniffer trace and verify that the CSM did nat client ip and destination ip.
Don't forget the destination will be the server ip as configured in the serverfarm or the vip if configured with no nat server.
Gilles.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide