cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
545
Views
10
Helpful
3
Replies

CSS Redundant VIP: Address outside of allowed range.

melchib
Level 1
Level 1

Hi,

I'm configuring Redundant VIPs on a CSS 11503 pair. However when trying to add the redundant VIP config I keep getting an error:

CSS-PRI(config-circuit-ip[VLAN140-10.10.140.235])# ip redundant-vip 10 10.10.160.1

%% Address outside of allowed range.

Please note that I'm routing 10.10.160.0/24 to my CSS redundant-interface IP, however the CSS does not have any interfaces configured on that network. It's just answering for requests to IP's on that range which we plan to use for our VIPs.

My main question is - to use VIP redundancy, do my VIPs have to be on the same subnet as the "frontside" interface? If that is not a requirement - any ideas why I'm getting the error?

Thanks!

Brad

Below is some of my config on the CSS:

!************************* INTERFACE *************************

interface 1/1

bridge vlan 140

description "Frontside Interface - VIPs"

interface 1/2

description "Backside Interface - Server Reals"

trunk

vlan 1

default-vlan

vlan 162

interface 2/1

isc-port-one

!************************** CIRCUIT **************************

circuit VLAN140

description "APP Tier VIPs"

ip address 10.10.140.235 255.255.255.0

ip virtual-router 10 priority 200 preempt

ip redundant-interface 10 10.10.140.238

circuit VLAN162

description "APP Tier Server Reals"

ip address 10.10.162.245 255.255.255.0

ip virtual-router 2 priority 200 preempt

ip redundant-interface 2 10.10.162.248

!************************** SERVICE **************************

service entry-s1-443

port 443

keepalive port 443

keepalive type ssl

ip address 10.10.162.20

active

service entry-s2-443

port 443

keepalive port 443

keepalive type ssl

ip address 10.10.162.24

active

!*************************** OWNER ***************************

owner prd01

content entry.prd01

protocol tcp

port 443

advanced-balance ssl

application ssl

vip address 10.10.160.1

add service entry-s1-443

add service entry-s2-443

active

1 Accepted Solution

Accepted Solutions

Gilles Dufour
Cisco Employee
Cisco Employee

if the subnet used for the vip does not exist on any vlan, you most probably have a static route on the upfront gateway pointing to the CSS.

So, to achieve redundancy in this case, you need to configure a redundant-interface ip address and use this ip address in your static route.

VIP redundancy is only for vip address belonging to a css vlan.

Gilles.

View solution in original post

3 Replies 3

Gilles Dufour
Cisco Employee
Cisco Employee

if the subnet used for the vip does not exist on any vlan, you most probably have a static route on the upfront gateway pointing to the CSS.

So, to achieve redundancy in this case, you need to configure a redundant-interface ip address and use this ip address in your static route.

VIP redundancy is only for vip address belonging to a css vlan.

Gilles.

Hi Giles,

I'm going to include a quick/dirty drawing - plus my configs. Can you take a look and verify for me that this design will achieve redundancy (in the case of css failure)?

Thanks!

Brad

Brad,

seems to be ok.

I would suggest to use instead of the intefacecheck service a "reporter"

See the following link for more info:

http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_command_reference_chapter09186a008028fe6c.html

Gilles.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: