css is it possible to use two VIPs with one source group?

djohns970 · ‎06-17-2004

I have separate VIPs defined for balancing dns and radius. Both services are being balanced behind the CSS between two servers running both services. Is there a way, using source groups, to have the outbound dns udp lookups go out the associated dns VIP and a client's returning radius udp traffic sourced from the associated radius VIP?

Just a note for clarity: both services defined for dns and radius have the same ip addresses. I can only define one of the services(i.e. dns) in a single source group which automatically associates the other service (i.e. radius) to that group.

Gilles Dufour · ‎06-17-2004

if this is the same ip address, why would you need different group/Vip ?

You said source from the associated vip.

A vip being an ip address, and this ip address being the same for radius and dns, 1 group should be enough.

Could you please clarify what you expect.

Thanks,

Gilles.

mvoight · ‎06-18-2004

If I understand your question correctly, you want to have the same real server respond with a different source address based on with VIP was used to get to it.

You can only put on instance of the server's ip address into a source group. That is you can't add the service name used for one rule into one group, and the service used in the other rule into another group, since the CSS only looks at the source address when it is determining to use the source group based on the service named in it. In order to have the same server use two different source groups, you would need ACL clause with the sourcegroup option, like

permit any 10.0.0.1 eq 53 dest any sourcegroup

permit any 10.0.0.1 dest any sourcegroup

Michael