04-13-2004 07:44 AM
What advantage is there to setting up my VIPs as redundant-vips on the circuit?
I would rather use a static route on the upstream router/firewall pointing the VIPs to the CSS virtual-interface. This makes the CSS circuit configuration simpler (i.e.: only one redundant-interface).
04-15-2004 06:02 AM
VIPs are usually used for providing services. Redundant interfaces are for network connectivity / routing.
You need redundant VIPs if you're doing ASR, or some type of failover for content rules.
04-15-2004 06:57 AM
I know failover for my content rules works without having the corresponding VIP defined as a "redundant-vip" under the client-facing VRRP group in the circuit configuration section. (failover works because my upstream gateway/firewall has a static route for my VIP via my CSS redundant interface IP).
The question is: will ASR work if my content rule VIPs are not within the IP subnets defined on my CSS circuits/VLANs?
For example, our gateway/firewall has a static route for my VIP (192.168.1.100) via 172.20.30.254 (VR on my CSS):
!********************* GLOBAL *********************
ip route 0.0.0.0 0.0.0.0 172.20.30.1 1
!******************* INTERFACE *******************
interface 1/1
isc-port-one
interface 3/1
description "client-facing VLAN"
bridge vlan 30
interface 3/2
description "www server VLAN"
bridge vlan 31
!******************** CIRCUIT ********************
circuit VLAN30
description "client-facing VLAN"
ip address 172.20.30.252 255.255.255.255
ip virtual-router 30 priority 220 preempt
ip redundant-interface 30 172.20.30.254
ip critical-service 30 www1
ip critical-service 30 www2
ip critical-service 30 Upstream-Router
circuit VLAN31
description "www server VLAN"
ip address 172.20.31.2 255.255.255.255
ip virtual-router 31 priority 220 preempt
ip redundant-interface 31 172.20.31.1
ip critical-service 31 www1
ip critical-service 31 www2
ip critical-service 31 Upstream-Router
!******************** SERVICE ********************
service Upstream-Router
ip address 172.20.30.1
type redundancy-up
active
service www1
ip address 172.20.31.65
redundant-index 1
active
service www2
ip address 172.20.31.66
redundant-index 2
active
!********************* OWNER *********************
owner web_site
content web_cluster1
add service www1
add service www2
vip address 192.168.1.100
redundant-index 3
active
!********************* GROUP *********************
group web_cluster1
vip address 192.168.1.100
add service www1
add service www2
redundant-index 4
active
Will ASR (statefull failover) work for client connections to my VIP?
04-23-2004 06:30 AM
your vip is not part of the configured vlan.
So anyway, you can't configure vip redundancy.
ie:
Pompon(config-circuit-ip[VLAN499-192.168.11.8])# ip redundant-vip 7 17.1.1.1
%% Address outside of allowed range.
So in your case you have no other choice than pointing a static route to the redundant-interface ip address.
I believe ASR should work with your VIP in this case.
But I was never tested.
Regards,
Gilles.
04-23-2004 09:04 AM
Thanks Gilles.
I'll test my ASR configuration in the lab next week.
I'm anxious to see what the "show rule" output will display for "IP Redundancy" (i.e.: Master/Backup or Not Redundant?).
10-27-2006 12:39 PM
Daniel,
Have you tested this in your lab? What I found out is:
This kind of set up (VIP is outside of client circuit) will work with redundancy, but not ASR, means not session failover. Since session failover needs redundant-index, which in terms needs vip been associated with a VRID, but you can't, since it is outside of client circuit subnet:
content web_test
protocol tcp
port 80
add service web1
add service web2
vip address 192.168.30.100
redundant-index 101
when I tried to active this rule:
css-lab1(config-owner-content[NASD-web_test])# active
%% VIP address needs to be associated with a virtual router.
When tried to associate this vip to a VR:
css-lab1(config-circuit-ip[VLAN902-150.123.148.178])# ip redundant-vip 102 192.168.30.100
%% Address outside of allowed range.
Gilles, any way to around this problem? or if you want to use ASR, vip must be on the client circuit?
Thanks,
Yatao
10-30-2006 01:55 PM
10-31-2006 07:55 AM
Thanks, Brad. That works.
05-10-2011 05:17 AM
the url doesn't seem to be available anymore - I have a similar problem & could do with some help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide