cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1298
Views
0
Helpful
8
Replies

CSS11503 load balancing virtual server IP's

5dtsoperation
Level 1
Level 1

Hi CSS experts,

We have a Cisco Content Services Switch 11503 Load Balancer which seems to require Real Server NICs to be plugged in. When I plug a cable from our Cisco 3560 switch into the Cisco Load Balancer, it can't see the 2 web server IP's that I'm trying to load balance for HTTP/HTTPS. The virtual IP does not display the webpage of either web servers.

On the otherhand, when I use two physically separate 1U web servers and physically plug 2 cables (1 for each server) into the CSS 8 port switch, the virtual IP is able to redirect the traffic to both web servers.

How do I configure the CSS to load balance and actually see 2 IP's on the network which isn't plugged in physically per server into the CSS 8 port switch.

Internet->CSS->1 cable plugged into Cisco switch which host 2 web servers.

Thanks,

Mike

Configuration:

circuit VLAN1

ip address 192.168.1.10 255.255.255.0

service Websrv1

ip address 192.168.1.104

protocol tcp

port 80

keepalive type http non-persistent

active

service Websrv1SSL

ip address 192.168.1.104

protocol tcp

port 443

keepalive type ssl

active

service Websrv2

ip address 192.168.1.101

protocol tcp

port 80

keepalive type http non-persistent

active

service Websrv2SSL

ip address 192.168.1.101

protocol tcp

port 443

keepalive type ssl

active

owner Web

content NG

add service Websrv1

add service Websrv2

vip address 192.168.1.7

port 80

protocol tcp

advanced-balance arrowpoint-cookie

url "/*"

active

content NGSSL

add service Websrv1SSL

add service Websrv2SSL

vip address 192.168.1.7

port 443

protocol tcp

advanced-balance sticky-srcip

sticky-inact-timeout 60

active

2 Accepted Solutions

Accepted Solutions

Gilles Dufour
Cisco Employee
Cisco Employee

The CSS does not care if the servers are locally attached or not.

But it needs to be able to communicate with them.

So make sure you can ping the servers.

Check arp table.

See if the servers show up in the 'sho service-summary'.

If all look good, make sure the server response to the client goes back through the CSS and is not routed by another device. The CSS is stateful so it requires to see all traffic.

Gilles.

View solution in original post

Hi

Does the server have a direct route to the client i.e. not via the CSS. If so try making the CSS the default gateway for the server.

The CSS will need a route to the client network.

Cheers

Rich

View solution in original post

8 Replies 8

5dtsoperation
Level 1
Level 1

I checked the connectivity to the servers form the CSS and it was good. I was able to ping, and the connection status in sh service summary incremented by 1 each time I tried to connect. From the server, I was able to ping back to the IP of the CSS and the VIP address as well. I have tried using only 1 server for 1 VIP. I have tried changing the default gateway on the server to the IP of the CSS and the VIP IP as well. It still doesn't seem to help. Anymore suggestions for me to try?

Thanks

Mike

hi,

Please check whether both the servers are into same vlan ports.

Mat

Hi,

All of the traffic on the switch are on vlan1.

Thanks

Mike

Mike,

a sniffer trace would be useful.

Try to sniff frontend and backend of CSS to see the client traffic and server traffic at the same time.

You can also configure client nat on the css to see if it helps - that would guarantee this is not a routing issue.

Also, if you have configured acl, try 'acl disable' to see if it makes any difference.

Gilles.

Hi

Does the server have a direct route to the client i.e. not via the CSS. If so try making the CSS the default gateway for the server.

The CSS will need a route to the client network.

Cheers

Rich

Thanks, that idea reminded me of the static route I had to add on the web server to properly route back to CSS of my test machine on the same network.

Gilles Dufour
Cisco Employee
Cisco Employee

The CSS does not care if the servers are locally attached or not.

But it needs to be able to communicate with them.

So make sure you can ping the servers.

Check arp table.

See if the servers show up in the 'sho service-summary'.

If all look good, make sure the server response to the client goes back through the CSS and is not routed by another device. The CSS is stateful so it requires to see all traffic.

Gilles.

Thanks for answering my original question gdufour. That helped alot.

Review Cisco Networking for a $25 gift card