Solved: CSS load balance on WAN

wasiimcisco · ‎06-01-2011

Hi,

I have CSS which is deployed in single arm mode and things are working fine. I have created the trunk and i am able to load balance multiple VLAN traffic successfully. Like VLAN 200 (192.168.200.x), VLAN 210 (192.168.210.x) etc.

Now There is a serverfarm which is located on Remote site which is connected through the MPLS cloud. The subnet of this site is 192.168.10.x. I wanted to know will CSS be able to do the load balance of servers which are located on subnet 192.168.10.x.

ENOCDC-CSS01# sh run
!Generated on 06/01/2011 16:10:40
!Active version: sg0730106

configure

!*************************** GLOBAL ***************************
username net des-password xxxxx superuser
no restrict web-mgmt
console authentication primary none
virtual authentication primary tacacs
virtual authentication secondary local
idle timeout 15
prelogin-banner "CSSBanner"

logging subsystem flowmgr level debug-7
logging disk log.log
logging subsystem security level debug-7
logging subsystem netman level info-6

host ENOCDC-CSS01 192.168.200.10

no tacacs-server send-full-command
tacacs-server account config
tacacs-server key egntosc
tacacs-server 192.168.10.9 49 5 egntosc

ftp-record enoc 192.168.210.125 bluecoat des-password system99$

ip route 0.0.0.0 0.0.0.0 192.168.200.1 1

!************************* INTERFACE *************************
interface e1
phy 100Mbits-FD
bridge port-fast enable
bridge vlan 2

interface e2
bridge vlan 2
bridge port-fast enable
phy 100Mbits-FD

interface e4
bridge port-fast enable
phy 100Mbits-FD

interface e7
trunk
description "CONNECTED TO CORE_2_PORT_2/7"

vlan 3

vlan 200

vlan 205

interface e8
bridge port-fast enable
phy 100Mbits-FD

!************************** CIRCUIT **************************
circuit VLAN3

ip address 192.168.210.10 255.255.255.0

circuit VLAN200

ip address 192.168.200.10 255.255.255.0

circuit VLAN205

ip address 192.168.205.9 255.255.255.0
====================================================

Please let me know if this is possible or not

Daniel Arrondo Ostiz · ‎06-02-2011

IF this is the case I can remove the VLAN 210 and VLAN 205. Because my 
gateway is 192.168.200.1 which is on VLAN 3. Correct me If I am wrong.

Yes, if you are using a one-arm topology, it's enough to have one single vlan. I didn't mention the other ones becaused I believed they were being used for other things

Secodly I have one more question. I have only one CSS in the single arm deployment and currently my CSS is connected to one Core switch with one network cable. I want to have redudency at the network level so that If core switch goes down I can have the reachablity through the Second Core.

How to achieve this. I have only one CSS but I wanted to have Dual connection so that I can somehow achieve the network level redundency.

This woud be as simple as connecting a second cable to the other switch. CSS runs spanning-tree by default, so, only one of the two ports will be active at the same time.

View solution in original post

Daniel Arrondo Ostiz · ‎06-01-2011

Good afternoon,

For the CSS, it doesn't matter if servers are in a directly connected network or a remote one. In case of using remote serverfarm, it will just send the traffic towards the default gateway.

The only limitation of remote serverfarms is that you cannot use any transparent services. For those, the destination IP of the request is not modified and only the MAC address is changed to the one of the server. Since it's a L2 redirection, you also need the servers to be L2 adjacent to the CSS

You also need to take into account that the reply from the servers has to go back through the CSS so that the VIP-server NAT is undone. To achieve this, the easiest is to configure source-nat for the load-balanced connections. I guess this is not a big surprise for you since it's also a requirement for one-arm setups.

If you need any further clarification, just let me know.

Regards

Daniel

wasiimcisco · ‎06-01-2011

Hi,

Thanks for the reply. I will follow the same. But If single arm dosent have such limitation then why we are creating Circut interface for each VLAN, like I have created for multiple VLAN as mention below.

!************************** CIRCUIT **************************
circuit VLAN3

ip address 192.168.210.10 255.255.255.0

circuit VLAN200

ip address 192.168.200.10 255.255.255.0

circuit VLAN205

ip address 192.168.205.9 255.255.255.0
========================================================================

IF this is the case I can remove the VLAN 210 and VLAN 205. Because my gateway is 192.168.200.1 which is on VLAN 3. Correct me If I am wrong.

===========================================================================================================

Secodly I have one more question. I have only one CSS in the single arm deployment and currently my CSS is connected to one Core switch with one network cable. I want to have redudency at the network level so that If core switch goes down I can have the reachablity through the Second Core.

How to achieve this. I have only one CSS but I wanted to have Dual connection so that I can somehow achieve the network level redundency.

Kindly guide.

Daniel Arrondo Ostiz · ‎06-02-2011

IF this is the case I can remove the VLAN 210 and VLAN 205. Because my 
gateway is 192.168.200.1 which is on VLAN 3. Correct me If I am wrong.

Yes, if you are using a one-arm topology, it's enough to have one single vlan. I didn't mention the other ones becaused I believed they were being used for other things

Secodly I have one more question. I have only one CSS in the single arm deployment and currently my CSS is connected to one Core switch with one network cable. I want to have redudency at the network level so that If core switch goes down I can have the reachablity through the Second Core.

How to achieve this. I have only one CSS but I wanted to have Dual connection so that I can somehow achieve the network level redundency.

This woud be as simple as connecting a second cable to the other switch. CSS runs spanning-tree by default, so, only one of the two ports will be active at the same time.