Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
773
Views
0
Helpful
1
Replies

CSS One Arm Configuration with VIP(non-shared)/IP Interface Redundancy

joonyong-chua
Community Member

‎02-17-2003 07:03 PM

With Reference to the following CCO documentation;

1). "How to Configure the CSS to Load Balance Using 1 Interface"

In this example, the Real Server's (10.10.10.2 etc) gateway are pointed to the router's gateway(10.10.10.1) and used the 'add destination service' command to NAT the RealServer's IP address back to the VIP (10.10.10.6).

2). "Understanding and Configuring VIP and Interface Redundancy on the CSS11000".

In the interface redundancy configuration, the gateway of the Real Server are configured as the CSS11000's Interface Redundancy Address (192.168.1.1), not the Router's gateway.

Can anyone help to advise on the preferred one arm configuration with VIP/IP redundancy?

(i). Is the reason for configuring the gateway of the Real Server to CSS11000's Interface Redundancy Address in 2) same as using 'add destination service' command in 1)? That is to make sure that the return path from Real Server back to Client passes through the CSS and is NAT back to the VIP.

(ii). To configure VIP(non-shared)/IP Interface redundancy(Active/Backup Mode) in a one arm configuration, my understanding is that there are 2 methods of configuration. Is it correct? Which method is preferred?

Method a)

1.Configure the Real Server's gateway to Router's Gateway

2.Configure 'add destination service' command on the CSS to NAT the RealServer's IP address back to the VIP

3.Configure VIP(non-shared) redundancy for the VIP on the CSS

4.IP Interface Redundancy on the CSS is not required as the Real Server's gateway is already pointing to the Router's gateway. (Assuming that HSRP redundancy is already running on the Router)

Method b)

1. Configure the Real Server's gateway to the CSS's IP Interface Redundancy IP Address

2. Configure IP Interface Redundancy on the CSS (as the Real Server's gateway)

3. Configure VIP(non-shared) redundancy for the VIP on the CSS

Labels:
0 Helpful
1 Reply 1

Gilles Dufour
Cisco Employee
Cisco Employee

‎02-18-2003 06:00 AM

if you use method a) (server gateway is the router) you need the CSS to nat

the source ip address of the client in order to force the server to send traffic back to the CSS.

The issue then is that the server does not see the IP address of real client.

The server only see connections with source IP address = CSS ip address.

With method b) you don't have the above problem, but connection initiated by the servers are sent to the CSS that will then send it to the router.

You have a performance issue because the traffic will cross 2 times the one-armed interface.

If this is a new design, it is strongly recommended not to use one-armed setup.

Regards,

Gilles.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card