Solved: CSM Load Balancer - Add Internet Real to sfarm

Zarahelll · ‎10-28-2010

Good afternoon to you all

I need some help.

I have a CSM load balancer configured in bridge mode. I have a Server-Client Vlan Architecture, configured with several server farms.

Now I needed to add a real to a serverfarm that´s not on my local network; how can I do this withouth changing the CSM Architecture to Layer 3 mode? (and without using a VPN connection).

Basically I want to add a machine that´s on the Internet to a local serverfarm and be able to load balance traffic to it without changing the whole Architecture of my CSM solution.

Is this possible to do so in bridge mode? And if not, is there any hybrid l2-l3 mode to do so?

What are the necessary configurations?

Any help is much apreciated.

Diego Vargas · ‎10-28-2010

You say you can telnet from the switch to the remote server on port 80, but does the CSM itself know how to route the traffic to the server? Do you have a single client VLAN?

You can use something similar to the "route" command in the following example in order to route to those servers:

Add a route statement on a server VLAN pointing to the network where your remote servers are located, the gateway does not need to be on that
server VLAN, it would most likely be on the a client VLAN connecting to the MSFC.
 

 vlan 150 server
   ip address 123.46.50.6 255.255.255.0
   alias 123.46.50.7 255.255.255.0
   route 123.50.0.0 255.255.0.0 gateway 123.44.50.1
   exit

You will need to configure a client nat. This will force all connections that are directed to the servers from the CSM, back to the CSM. You will need to create a nat pool, then associate it to a serverfarm. Configuring Client NAT Pools When you configure client Network Address Translation (NAT) pools, NAT converts the source IP address of the client requests into an IP address on the server-side VLAN. Use the NAT pool name in the serverfarm submode of the nat command to specify which connections need to be configured for client NAT pools.

View solution in original post

Diego Vargas · ‎10-28-2010

Hi,

If I understand you well, all you want to do is load balance traffic to a remote server. You can do that without changing the client-server VLAN setup you currently have, actually the server does not need to be layer 2 adjacent to the CSM (not part of a server VLAN).

The only important consideration I can think of is that you need to source NAT the traffic from the CSM to the real server so that the return traffic will not bypass the CSM, otherwise you will run into assymetic flows cause the remote server will reply to the original's client IP.

Zarahelll · ‎10-28-2010

Diego

Thank you for your reply.

But I´ve tried before to just add the remote server to the sfarm, but I got Probe Failed for the port 80 I was trying to balance traffic (even though I was able to telnet the port 80 from the switch successfuly).

As I understood from Cisco Manuals, each real has to be present in the CSM´s ARP Table for it to be able to load balance traffic; now, when I added the remote server to the sfarm I checked my ARP Table and I saw the entry of the remote server as , but like I said, the probe had failed.

Do you do any addicional configurations on the CSM to add the remote server in bridge mode?

Diego Vargas · ‎10-28-2010

You say you can telnet from the switch to the remote server on port 80, but does the CSM itself know how to route the traffic to the server? Do you have a single client VLAN?

You can use something similar to the "route" command in the following example in order to route to those servers:

Add a route statement on a server VLAN pointing to the network where your remote servers are located, the gateway does not need to be on that
server VLAN, it would most likely be on the a client VLAN connecting to the MSFC.
 

 vlan 150 server
   ip address 123.46.50.6 255.255.255.0
   alias 123.46.50.7 255.255.255.0
   route 123.50.0.0 255.255.0.0 gateway 123.44.50.1
   exit

You will need to configure a client nat. This will force all connections that are directed to the servers from the CSM, back to the CSM. You will need to create a nat pool, then associate it to a serverfarm. Configuring Client NAT Pools When you configure client Network Address Translation (NAT) pools, NAT converts the source IP address of the client requests into an IP address on the server-side VLAN. Use the NAT pool name in the serverfarm submode of the nat command to specify which connections need to be configured for client NAT pools.

Zarahelll · ‎10-28-2010

Diego

Thank you for your reply.

I´ll try it tomorrow. As soon as possible I will give feedback

Zarahelll · ‎10-29-2010

Diego

No luck

I´ve tried to add the route on the server vlan, but i got this error:

Switch(config-slb-vlan-server)#route 10.134.133.41 255.255.255.255 gateway 10.135.65.129
% vlan gateway 10.135.65.129 already exists in vlan 1614.

My current configurations are as follows:

vlan 614 server
ip address 10.135.65.132 255.255.255.224
!
vlan 1614 client
ip address 10.135.65.132 255.255.255.224
gateway 10.135.65.129

real TEST-LB <---- remote server
address 10.134.133.41
inservice

real TST1
address 10.135.65.141
inservice

serverfarm TEST-80
nat server
no nat client
real name TST1
   health probe PROBE_TCP80
   inservice
real name TESTE-LB
   health probe PROBE_TCP80
   inservice

vserver TEST-80

virtual 10.135.65.140 tcp www
serverfarm TEST-80
idle 30
persistent rebalance
inservice

My CSM ARP TABLE:

Switch#show module contentSwitchingModule 4 arp | include 10.134.133.41
10.134.133.41 -->10.135.67.161 0 REAL routed

My Probe Error:

TESTE-LB, ADWTST-80, state = PROBE_FAILED
address = 10.134.133.41, location =
probe = PROBE_TCP80
conns = 0, maxconns = 4294967295, minconns = 0
weight = 8, weight(admin) = 8, metric = 0, remainder = 0
total conns established = 0, total conn failures = 0

Zarahelll · ‎10-29-2010

Diego

I got it to work.

The probe issues I had were because of problems of the server.

As soon as I created the source NAT to force symmetric traffic, everything worked fine.

Thank you for your help.