10-05-2006 10:20 AM
Hi,
I'm configuring Redundant VIPs on a CSS 11503 pair. However when trying to add the redundant VIP config I keep getting an error:
CSS-PRI(config-circuit-ip[VLAN140-10.10.140.235])# ip redundant-vip 10 10.10.160.1
%% Address outside of allowed range.
Please note that I'm routing 10.10.160.0/24 to my CSS redundant-interface IP, however the CSS does not have any interfaces configured on that network. It's just answering for requests to IP's on that range which we plan to use for our VIPs.
My main question is - to use VIP redundancy, do my VIPs have to be on the same subnet as the "frontside" interface? If that is not a requirement - any ideas why I'm getting the error?
Thanks!
Brad
Below is some of my config on the CSS:
!************************* INTERFACE *************************
interface 1/1
bridge vlan 140
description "Frontside Interface - VIPs"
interface 1/2
description "Backside Interface - Server Reals"
trunk
vlan 1
default-vlan
vlan 162
interface 2/1
isc-port-one
!************************** CIRCUIT **************************
circuit VLAN140
description "APP Tier VIPs"
ip address 10.10.140.235 255.255.255.0
ip virtual-router 10 priority 200 preempt
ip redundant-interface 10 10.10.140.238
circuit VLAN162
description "APP Tier Server Reals"
ip address 10.10.162.245 255.255.255.0
ip virtual-router 2 priority 200 preempt
ip redundant-interface 2 10.10.162.248
!************************** SERVICE **************************
service entry-s1-443
port 443
keepalive port 443
keepalive type ssl
ip address 10.10.162.20
active
service entry-s2-443
port 443
keepalive port 443
keepalive type ssl
ip address 10.10.162.24
active
!*************************** OWNER ***************************
owner prd01
content entry.prd01
protocol tcp
port 443
advanced-balance ssl
application ssl
vip address 10.10.160.1
add service entry-s1-443
add service entry-s2-443
active
Solved! Go to Solution.
10-06-2006 01:35 AM
if the subnet used for the vip does not exist on any vlan, you most probably have a static route on the upfront gateway pointing to the CSS.
So, to achieve redundancy in this case, you need to configure a redundant-interface ip address and use this ip address in your static route.
VIP redundancy is only for vip address belonging to a css vlan.
Gilles.
10-06-2006 01:35 AM
if the subnet used for the vip does not exist on any vlan, you most probably have a static route on the upfront gateway pointing to the CSS.
So, to achieve redundancy in this case, you need to configure a redundant-interface ip address and use this ip address in your static route.
VIP redundancy is only for vip address belonging to a css vlan.
Gilles.
10-06-2006 06:41 AM
10-06-2006 09:56 AM
Brad,
seems to be ok.
I would suggest to use instead of the intefacecheck service a "reporter"
See the following link for more info:
Gilles.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide