06-04-2007 03:27 PM
I have a CSS with the config shown below.
We have two servers configured for failover to DR and we are going to add a mail server as well.
As a box to box failover to DR, it is working great, if the primary server is down, the CSS redirects web requests to the DR site thru our internal MPLS cloud.
If the Internet connectivity at the main site dies, so does our web connectivity.
We have a second CSS and want to set up a failover solution so that we can use the DR site Internet connection as a backup link to our web servers.
I would like to keep the existing config the way it is and add the necessary components to make this work.
Zone Based DNS seems to be the recommended solution.
Can I just add the DNS components to this config?
The idea would be to have the DR site point to the primary server at the Main site, and if that fails, go to the server local to the DR site.
This way, if the Main site Internet connection goes down, the users would still point to the primary server
!************************** CIRCUIT **************************
circuit VLAN1
ip address 2.1.1.75 255.255.255.0
!************************** SERVICE **************************
service MCI-MCW-backupredirect
type redirect
port 80
keepalive type none
redirect-string "www.p.com"
ip address 2.1.1.73
active
service MCI-MCW-dr
ip address 2.1.1.77
protocol tcp
keepalive type http
port 80
active
service MCI-MCW-dr-443
ip address 2.1.1.77
protocol tcp
port 443
active
service MCI-MCW
ip address 2.1.1.76
protocol tcp
keepalive type http
port 80
active
service MCI-MCW-443
ip address 2.1.1.76
protocol tcp
port 443
active
service MCI-p.com-backupredirect
type redirect
port 80
keepalive type none
redirect-string "web.p.com"
ip address 2.1.1.76
active
service MCI-p.com-dr
protocol tcp
port 80
keepalive type http
keepalive uri "/index.asp"
ip address 2.1.1.74
active
service MCI-p.com
protocol tcp
port 80
keepalive type http
keepalive uri "/index.asp"
keepalive retryperiod 15
keepalive frequency 15
ip address 2.1.1.73
active
!*************************** OWNER ***************************
owner MCI-MCW
content MCI-MCW-http-rule
add service MCI-MCW
primarySorryServer MCI-MCW-dr
balance aca
secondarySorryServer MCI-MCW-backupredirect
vip address 2.1.1.70
protocol tcp
port 80
url "/*"
active
owner MCI-MCW-443
content MCI-MCW-https-rule
add service MCI-MCW-lk-443
primarySorryServer MCI-MCW-dr-443
vip address 2.1.1.70
protocol tcp
port 443
active
owner MCI-p.com
content MCI-p.com-http-rule
add service MCI-p.com
balance aca
protocol tcp
port 80
url "/*"
primarySorryServer MCI-p.com-dr
secondarySorryServer MCI-p.com-backupredirect
vip address 2.1.1.71
active
!*************************** GROUP ***************************
group MCI-MCW-http-group
add destination service MCI-MCW
add destination service MCI-MCW-dr
vip address 2.1.1.70
add destination service MCI-MCW-443
add destination service MCI-MCW-dr-443
active
group MCI-p.com-http-group
add destination service MCI-p.com
add destination service MCI-p.com-dr
vip address 2.1.1.71
active
!**************************** ACL ****************************
06-05-2007 01:38 AM
yes, you can simply add the dns commands to your existing config.
The commands are explained at
You first need to configure a zone and then add the dns a-record.
Use a keepalive, so the CSS can detect that a site is down.
You will also need to modify your dns server to have it forward dns request to the CSS.
Once again, this is not the cisco recommended solution.
Currently, the best option is to use a GSS and not use DNS functionality on the CSS.
Also, be aware that if you did not purchase a DNS license already for your CSS, you will not be able to get one from us as we do not sell this functionality anymore.
Without the license, the DNS commands will not exist.
Gilles.
06-05-2007 04:44 AM
You don't sell the enhanced feature set anymore?
06-05-2007 06:02 AM
In the GSS solution, do I have to buy two of those also?
How is the failover set up in that scenario?
06-05-2007 06:55 AM
I spoke with the product manager for the CSS.
I have to correct my previous statement.
We still support the GSLB feature on the CSS and we still sell the enhanced license.
However, we do not plan to add more features to this solution or improve the current behavior/performances.
The GSS is still an active device with many engineers working to make this product a better solution.
Sorry for the initial confusion.
If you opt for the GSS, it offers the possibility to have a standby device.
Gilles.
06-05-2007 11:00 AM
Thanks for clarifying that.
How do I check to make sure I can use the DNS functionality?
If I cannot, what are the procedures to add it?
06-05-2007 11:34 AM
show ver would include
Licensed Cmd Set(s): Standard Feature Set
Enhanced Feature Set
or check for command "dns-server"
06-05-2007 11:56 AM
Ok,
I have the Standard Feature Set.
Do I need to purchase the upgrade IOS, or can I download it?
06-05-2007 12:35 PM
It's not an IOS, it is just a PAK # you enter an activation code in existing IOS and it's not cheap as I recall.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide