cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
798
Views
0
Helpful
3
Replies

CSS 11503 - server-to-server load balancing

ryankogel1
Level 1
Level 1

Hi everyone,

I'm trying to design a CSS configuration that allows servers in the same vlan to be the source and destination of load-balanced traffic. My thought is to add two new vlans, one for the VIPs and one for the servers, then NAT the source IPs going from the LB to the servers.

Is this the right way to do it?

I've never NATted using CSSs, so I wanted to verify what I'm thinking.

Our current config trunks the vlans -

interface 1/1

   trunk

   vlan 1

    default-vlan

  vlan 555

interface 1/2

  trunk

  vlan 1

    default-vlan

  vlan 555

circuit vlan555

  redundancy

  ip address ...

So I would add the new vlans -

interface 1/1

   trunk

   vlan 1

    default-vlan

  vlan 555

  vlan 771

  vlan 772

interface 1/2

  trunk

  vlan 1

    default-vlan

  vlan 555

  vlan 771

  vlan 772

circuit vlan555

  redundancy

  ip address ...

circuit vlan771

  ip address ...

circuit vlan772

  ip address ...

Then I'd create my service, owner and content -

service vlan772-server1

  protocol tcp

  port 443

  keepalive port 443

  keepalive type tcp

  ip address ..

  active

service vlan772-server2

  protocol tcp

  port 443

  keepalive port 443

  keepalive type tcp

  ip address ...

  active

owner mywebserver

  content vlan771-vip1

    vip address ...

    protocol tcp

    port 443

    add service vlan772-server1

    add service vlan772-server2

    active

Then I'd add a source group?

source group mysourcegroup

  vip address <vlan771 ip> <range>

  add destination vlan772-server1

  add destination vlan772-server2

Is that it? Am I even close?

Cheers,

Ryan

3 Replies 3

pablo.nxh
Level 3
Level 3

Hi Ryan,

The config looks in good shape, the only thing is that since you'll be doing LB from/to a server that is already defined as a service within the CSS your source group should use "add service" instead of add destination service,. also depending on your servers' default gateway it would be better if you use a NAT IP address from the 772 VLAN so that both hosts will think they're L2 adjacent to it and L3 routed won't be required.

source group mysourcegroup
vip address
add service vlan772-server1
add service vlan772-server2

HTH

__ __

Pablo

source group mysourcegroup

  vip address

  add service vlan772-server1

  add service vlan772-server2

Hi Ryan,

Rather than applying source nat to the server-initated connections when they come out of the server vlan and into the VIPs one (which I'm not sure even if it would work), you should just go for a one-arm design, with the VIPs in the same vlan as the servers and with source NAT applied to the connections.

I would recommend you to have a look at the link below. It shows a configuration example for the same topology you are trying to use.

http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_configuration_example09186a0080093dff.shtml

I hope this helps

Daniel

ryankogel1
Level 1
Level 1

Thank you both for your answers. I will update this discussion as soon as I have implemented. :-)

Review Cisco Networking for a $25 gift card