CSM: need help to understand "no unidirectional"

pweichmann · ‎10-05-2011

On the CSM we have for certain configuration "no unidirectional" specified, especially for ftp services, but I don't understand why (as this was done by someone before me).

I read the documentation and saw that unidirectional might be required under certain circumstances for asymmetrical configurations and that for udp the csm will automatically use unidirectional.

But I checked with show mod csm 4 vserver name xxx detail and it always says bidir.

What are the use cases for no unidirectional? Need help to understand it.

chrhiggi · ‎10-10-2011

Hello-

By default, the CSM is going to expect that it sends a loadbalanced conneciton to a real server and recieves a response back from that real. However - with a configuration like direct server return - the responsed from the server go back directly to the client, so the CSM only sees half the flow. In that case, you would need unidirectional under the VIP to handle the flow correctly.

When would you use it? I have only personally seen 1 customer use it in the past 8 years I have been supporting the CSM, its rare. 95% of customers use a standard design that doesn't involve 1 way flows, so it is unnecissary to have this configuration.

Regards,

Chris

pweichmann · ‎10-17-2011

I found the no unidirectional on some of our configs in regards to ftp transfers, but we have server and client nat, i.e. all traffic always goes through the load balancer.

And I made a check and saw that the application ftp does not automatically change it to no unidirectional.

I don't understand why this was added. Maybe we had some strange asynchronous traffic somewhen in the past. Do some others have some experience with this?