css balance on remote lan

csiracusa · ‎12-28-2009

Hi all,

can a css 11503 balance on services that are not directly connected but are on remote routed lan?!

Thanks

busterswt · ‎12-28-2009

Yes, it can. Treat the remote server like you would any other server sitting behind the CSS when you create the service. However, you will need to create a source group rule, and make use of the 'add destination service' statement to source traffic from the CSS -> server. Whatever IP address is specified within the source group will be the one the CSS uses when source NAT'ing the load balanced traffic on its way to the backend server. This ensures that the remote1 server will respond back to the CSS, which sends the response to the client (after NAT'ing it again) instead of the remote1 server responding directly to the client, which would likely reject the traffic.

Example:

service local1

ip address 192.168.100.1

active

service local2

ip address 192.168.100.2

active

service remote1

ip address 67.192.20.20

active

------

owner vip

content 192.168.100.200-80

ip address 192.168.100.200

port 80

add service local1

add service local2

add service remote1

active

------

group 192.168.100.200-80

ip address 192.168.100.200

add destination service local1

add destination service local2

add destination service remote1

active