Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
599
Views
15
Helpful
5
Replies

CSM-S and Servers On same 6500

laneclark
Level 1
Level 1

‎08-24-2006 01:13 AM

Is it possible to have the servers you are trying to load balance connected directly into the same chasis as the csm-s is in? Or do I have to run policy routing or what is the best design for this? Thanks.

Labels:
0 Helpful
5 Replies 5

Gilles Dufour
Cisco Employee
Cisco Employee

‎08-24-2006 02:02 AM

where they are connected does not matter.

So, it's ok to have the servers connected to the same chassis as the CSM-S.

What is very important is to guarantee that the response from the server goes through the CSM-S and not directly to the client.

By default the CSM-S does not nat the client ip address, so the server thinks it is connected directly with the client and will try to respond to the client directly.

This is why some people use policy routing, in order to intercept the server response and forward it to the CSM-S.

However, if your servers are using the CSMS as default gateway the traffic will go directly to the CSMS anyway and policy routing is not required.

Regards,

Gilles.

syediahm
Level 1
Level 1

‎08-24-2006 02:09 AM

Oh yeah.

There are lots of design options.

CSM-S inline Router Mode:

client ---> MSFC ---> vlan10 (1.1.1.0) ---> CSM -S--> Vlan20 (2.2.2.0) --> Server

CSM-S inline Bridge Mode:

client ---> MSFC ---> vlan10 (1.1.1.0) ---> CSM -S--> Vlan10 (1.1.1.0) --> Server

You only need to configure policy routing, if CSM-S is not inline but rather in "one arm (aggregate) mode".

You can get more details at (csm-s topologies)

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/mod_icn/csm/csms/icn/netwcsm.htm

Thanks

Syed Iftekhar Ahmed

0 Helpful

laneclark
Level 1
Level 1
In response to syediahm

‎08-24-2006 02:25 PM

So how do I do the ssl offloading? Also, could you give a couple samples on the policy routing? Thanks.

0 Helpful

syediahm
Level 1
Level 1
In response to laneclark

‎08-24-2006 03:02 PM

As Gilles wrote earlier, it is very important is to guarantee that the response from the server goes through the CSM-S and not directly to the client. If you are using CSM-S in onearm mode then you can introduce PBR to make sure that the return traffic from servers passes through the CSM-s

client vlan10 (1.1.1.0)

|

|

V

MSFC-------------->CSM-S (vlan30 3.3.3.1)

|

|

V

Vlan20 (2.2.2.0)

|

|

V

Server (2.2.2.100)

For the above topology you will need to use following on MSFC.

route-map xyz permit 100

match ip address xyz-acl

set ip next-hop 3.x.3.x

ip access-list extended xyz-acl

permit tcp host 2.2.2.100 eq www any

interface Vlan20

ip policy route-map xyz

You need to create seperate vlan between CSM and SSL daughter card.

You can find details at

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/mod_icn/csm/csms/icn/ssl_srvc.htm

Thanks

Syed Iftekhar Ahmed

laneclark
Level 1
Level 1
In response to syediahm

‎08-24-2006 03:15 PM

Thanks to both of you. It really makes sense to me now. Thanks again.

Lane

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card