Re: CSS Design Guides

emilyharris · ‎05-02-2005

We recently purchased a CSS 11503 and I am tearing my hair out looking for baseline design guides. Right now, we're not even sure that it will do what we WANT it to do, in the way we want to do it.

Basically, the CSS is going to sit between a 6509 and a server farm. Two of the servers are IMAP, two are webmail. The CSS will be handling load balancing for the IMAPs, and load balancing for the webmail. However, the webmail servers ALSO need to talk to the IMAP, and need the persistent connections offerred via the CSS.

We're trying to figure if the webmail server, when it needs to connect to the IMAPs, can go OUT the CSS, and connect to the IMAPs via the VIP. It seems to me we would need NAT configured, and my problem is I can't seem to find how to do that. I guess it's the same issue as needing a server behind the CSS to get out to the Internet for updates/patches and what-not - how does a server INSIDE the CSS talk to the oustide world directly, when it needs to?

I hope that made some sort of sense. Another way to look at it is the webmail servers need to be servers AND clients, but we want them behind the CSS.

The root is this: are there any good design guides for CSS that discuss these issues? Thus far I have been unable to find any.

Thank you!

skumar1969 · ‎05-02-2005

Hi,

I couldn't find a design guid for this sort of issues rather suggest to follows this thread as I think we discussed a similar sort of issue on this forum a while ago. If you do not get a hit on this below url, look for the subject "CSS Configuration Question" posted by rob.leugers.

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Emerging%20Technologies&topic=Content%20Networking&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1dd72fd0

Gilles Dufour · ‎05-03-2005

Since you're new to the CSS world, I would recommend reading the CSS basic configuration guide.

http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_book09186a0080157738.html

This one is for version 7.20 but the basic configuration is the same for all the versions so it should be ok whatever version you are running.

To perform nating the CSS uses "source group".

There is chapter talking about this in the guide mentioned previously.

If you need specific information for your setup do not hesitate to come back to this forum.

I usually respond within 24 hours.

Gilles.

emilyharris · ‎05-03-2005

I reviewed the basic config guide; I actually found the NAT info right after posting this!! Thanks for the replies; I appreciate it.

The NEW question is about the VLANing on the CSS. We're trying to figure out the best way to incorporate the management port (VLAN1, we hope) into our current VLAN architecture, which has a private network for management on VLAN1, which is trunked across the network for accessibility from multiple segments. The management port on the CSS doesn't support trunking - otherwise we'd treat it as any other box. Meanwhile, we want our VIPs in our server VLAN. We contemplated the VLAN "multi" option, but it doesn't look like we can implement it, given older version of IOS and the fact that we are already trunking.

We'll get there....I'm sure it isn't THAT hard to untangle. But it's frustrating that the separate management interface on this box doesn't support VLAN trunking.

EMILY

Gilles Dufour · ‎05-04-2005

Emily,

why do you need to trunk the management port ?

As you said, your management vlan is vlan 1.

So you only need 1 vlan for management.

How can you trunk vlan 1 ??

If you need access from different vlans, you'll need a default gateway and route traffic from css management port to other vlans.

Be carefull that the css management port does not support default route.

You will have to use static route using the command 'ip management route'.

Also, be careful that a network accessible by the management port is not accessible via the other ports.

Regards,

Gilles.