Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
845
Views
0
Helpful
5
Replies

CSM loadbalance server to server same VLAN

scott-goodwin
Level 1
Level 1

‎02-29-2012 02:21 AM

Hi guys,

It has been a while since I used the CSM and I am getting a little confused with NAT

I am wanting to create a loadbalanced VIP so Servers on subnet A can access LB to 2 others servers on Subnet A. Now obviously i need to do some Source nat to ensure the servers dont just cut the LB out when they respond to the requests. Hence I configured the following; but I can't see any arp for the VIP address on the server VLAN.

natpool APP-SVR 172.30.x.28 172.30.x.28 netmask 255.255.255.0

probe TCP_8081 tcp
  interval 10
  failed 30
  port 8081


real SVR02
  address 172.30.x.11
  inservice
real SVR03
  address 172.30.x.10
  inservice

serverfarm SVR_8081
  no nat server
  nat client SVR-SVR
   predictor leastconns
  real name SVR02 8081
   health probe TCP_8081
   inservice
  real name SVR03 8081
   health probe TCP_8081
   inservice



sticky 12 cookie gascookie insert

policy STICKY

  sticky-group 12
  serverfarm SVR_8081


vserver SVR8081
  virtual 172.30.x.28  tcp 8081
  serverfarm SVR_8081

  persistent rebalance
  slb-policy STICKY
  inservice

The VIP is a different range to the servers but resides on the server side interface.

Thanks in advance

Scott

Labels:
0 Helpful
5 Replies 5

Daniel Arrondo Ostiz
Cisco Employee
Cisco Employee

‎02-29-2012 07:48 AM

Hi Scott,

Since the VIP is on a different range as the servers, then, not having an ARP entry for it is expected. The servers assume that the VIP is on a different subnet, so, in order to get to it, they send the traffic to their default gateway.

Your configuration looks fine, so, if you attempt a connection to the VIP from one of the servers, it should work properly

Regards

Daniel

0 Helpful

scott-goodwin
Level 1
Level 1
In response to Daniel Arrondo Ostiz

‎03-02-2012 12:56 AM

Hi Daniel,

Thank for the reply, unfortunatley I see no connections to the VIP .

I cannot ping the VIP from the server vlan either, would it be possible to use an IP for the VIP on the same VLAN as the servers using the above config??

i.e LB to the server nic of the CSM then back out of the same NIC to the Real servers?

cheers

Scott

0 Helpful

Daniel Arrondo Ostiz
Cisco Employee
Cisco Employee
In response to scott-goodwin

‎03-02-2012 02:36 AM

Hi Scott,

Yes, having the VIP on the server vlan is a perfectly valid option. In fact, it's better from from a design point of view than having it in a different one.

Regards

Daniel

0 Helpful

scott-goodwin
Level 1
Level 1
In response to Daniel Arrondo Ostiz

‎03-11-2012 06:01 AM

Hi Daniel,

Still no joy, I can ping the VIP, I can telnet to the servers on port 8081 direct.  I see the VIP taking traffic and it says it is forwarding out to a server i.e in the counters however I never see the packet arrive at the server???

Strangely when I do;

sh mod csm conn vserver GAS_8081

   prot vlan source                destination           state
----------------------------------------------------------------------
In  TCP  895  172.30.60.41:34805    172.30.60.41:8081     ESTAB
Out TCP  895  172.30.60.41:8081     172.30.60.41:34806    ESTAB

In  TCP  895  172.30.60.41:34761    172.30.60.41:8081     ESTAB
Out TCP  895  172.30.60.41:8081     172.30.60.41:34762    ESTAB

In  TCP  895  172.30.60.41:34822    172.30.60.41:8081     ESTAB
Out TCP  895  172.30.60.41:8081     172.30.60.41:34823    ESTAB

I get the above, i.e I dont see the packet going to the actual servers??

However i get the following while trying to connect;

trposr02#sh mod contentSwitchingModule 13 vservers name GAS_8081 det

GAS_8081, type = SLB, state = OPERATIONAL, v_index = 45

  virtual = 172.30.60.41/32:0 bidir, any, service = NONE, advertise = FALSE

  idle = 3600, replicate csrp = none, vlan = 895, pending = 30, layer 4

  max parse len = 2000, persist rebalance = TRUE

  ssl sticky offset = 0, length = 32

  conns = 2, total conns = 83991

  Default policy:

    server farm = GAS_8081, backup =

    sticky: timer = 0, subnet = 0.0.0.0, group id = 0

  Policy          Tot matches  Client pkts  Server pkts

  -----------------------------------------------------

  (default)       82409        179422       20

Any ideas??

Scott

0 Helpful

scott-goodwin
Level 1
Level 1

‎03-12-2012 03:09 AM

Hi Guys,

I have now sorted this

To get it working I had to enable nat server and also add the vlan id to the Vserver config.

So my final config is;

natpool SUM-SVR 172.30.60.x 172.30.60.x netmask 255.255.255.0

real svr1

  address 172.30.63.x

  no inservice
real svr2

  address 172.30.63.x

  inservice


serverfarm SVR_8081

  nat server

  nat client SUM-SVR

  predictor leastconns

  real name svr1 8081

   health probe TCP_8081

   inservice

  real name svr2 8081

   health probe TCP_8081

   inservice

vserver SVR_8081

  virtual 172.30.60.x tcp 8081

  vlan 895

  serverfarm SVR_8081

  persistent rebalance

  inservice

Hope this helps anyone else trying to get this working

Cheers

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents