Re: CSS 11501 Load Balancing Issue

Manjunatha Jayaram · ‎10-06-2010

Hi,

We are facing some issue in load balancing in cisco CSS 11501 as we are not able to access the application through virtual IP. Below is the ruuning configuration of the CSS:

CSS11501# sh running-config

!Generated on 10/06/2010 16:51:34

!Active version: sg0810106

configure

!*************************** GLOBAL ***************************

ip route 0.0.0.0 0.0.0.0 132.186.199.1 1

!************************** CIRCUIT **************************

circuit VLAN1

ip address 132.186.199.145 255.255.255.0

!************************** SERVICE **************************

service Server1

ip address 132.186.199.243

port 5001

protocol tcp

keepalive port 5001

active

service Server2

ip address 132.186.199.246

protocol tcp

port 5001

keepalive port 5001

active

!*************************** OWNER ***************************

owner L5_Owner

content L3_Rule

vip address 132.186.199.146

protocol tcp

port 5001

add service Server1

add service Server2
active

content L5_Rule

vip address 132.186.199.146

add service Server1

add service Server2

protocol tcp

port 5001

url "//132.186.199.146:5001/emi"

active

CSS11501#

Observation : We are able to telnet on VIP: 132.186.199.146 on port 5001, but not able to access the application.

In Actual scenarion customer access application by accessing URL: http://132.186.199.243:5001/emi and once he enter this URL in web browser the request redirects ( by server itself) to URL: https://132.186.199.44:6002/cas/login?service=http%3A%2F%2F132.186.199.243%3A5001%2Femi%2Findex.jsp&acceptStrength=BASIC on backend server for user authenticaton and once user is authenticated then it again redirect to main URL ( http://132.186.199.243:5001/emi ) to access the application but when we are trying to access the application through VIP ( URL: http://132.186.199.146:5001/emi) we are not getting the login page as the request is not gettting redirected to backend server for user authentication.

Please suggest a solution here.

Marko Leopold · ‎10-06-2010

Try it with this configuration please

content L5_Rule

vip address 132.186.199.146

add service Server1

add service Server2

protocol tcp

port 5001

url "/emi"

active

the URI means the request line in the http-header, which is without ip-address of the server.

Manjunatha Jayaram · ‎10-06-2010

Hi Marko,

Thanks for the reply but I have already tried this (/emi) option and also tried /* but no success.

Could anybody please suggest what is the problem here ??.

Gilles Dufour · ‎10-06-2010

The problem is that you are in one-armed mode.

So you need to configure client nat.

Without nating the client ip address, the server response goes back directly to the client and bypasses the CSS.

Therefore the client receives a response from an unknown server ip address (not the vip).

So configure a group.

For example

group Client

vip address 132.186.199.146

add destination service Server1

add destination service Server2

active

Also, remove the url command from your content rule.

It is useless in your case and will just make performance worst.

Gilles.

Manjunatha Jayaram · ‎10-07-2010

Hi Gilles,

Thanks for the reponse and your suggestion as after configuring the clinet NAT we are able to access the application through CSS and its working fine.

Thanks again for your help.