Re: CSS11500 Server Pool Interaction

ifullerton · ‎07-21-2005

Hi

I have a CSS configuration that advertises static outside addresses for several server pools that reside off the inside vlan of the CSS. This works fine.

Can I set up a server pool with an inside vip rather than an outside one to allow a server on the inside vlan of the CSS to communicate with a fellow server pool still on the inside interface of the CSS?

If not, what else could I try ?

Thanks

thomas.chen · ‎07-27-2005

Yes, it is possible to setup a server pool with and inside VIP to allow a server on the inside VLAN of the CSS to communicate to a server on the inside interface. This will work.

ifullerton · ‎07-27-2005

Hi Thomas

Thanks for your reply.

I recently set up a test pool with an inside VIP but couldn't get it to respond when I initiated a call to it (test device was the same IP subnet as the server pool).

The test pool is of the following format:

owner Test_Pool

content Test_Pool

add service Server1

balance aca

vip address 10.2.1.3

port 80

protocol tcp

active

service Server1

ip address 10.2.1.1

active

Only 1 server was used as it was a test pool and a initiating device was given 10.2.1.4

If I do a 'show owner Test_Pool' there are no hits recorded.

Any ideas ?

Thanks

Gilles Dufour · ‎07-28-2005

if both source and destination are in the same vlan, when the destination servers receives the SYN, it sees the source ip of the source-server/client.

So it will forwards a SYN/ACK directly to the source since it is in the same vlan without going through the CSS.

However, the source is communicating with the vip and will reject the syn/ack from the destination server.

This a common problem of loadbalancers.

The solution is the nat the source ip address before forwarding the traffic to the destination.

On a CSS this is done using a group.

ie:

group clientant

vip x.x.x.x

add destination service

active

Regards,

Gilles.