Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1477
Views
5
Helpful
5
Replies

CSS1150x and Direct Server Return (DSR)

gbbromley
Level 1
Level 1

‎06-30-2004 03:50 AM

As subject:

Anyone ever configured this on a CSS and have a working config?

Reading the docs shows no useful information (or even clear support for it). Do we therefore suspect it doesnt support DSR and we should choose other platforms?

Labels:
0 Helpful
5 Replies 5

Gilles Dufour
Cisco Employee
Cisco Employee

‎06-30-2004 06:22 AM

indeed our documentation says there is support for DSR on the CSS11500.

However, I never saw any sample configs.

I don't even see how we could do it with the CSS.

The CSM can easily do DSR with the command 'no nat server' on the serverfarm and 'unidirectionnal' for the vserver [to avoid the CSM timing out the connection because no seeing the return traffic].

This is not the full config but an indication that may help you.

Regards,

Gilles.

0 Helpful

mvoight
Level 1
Level 1

‎07-05-2004 01:24 PM

Direct Server Return is supported, however CSCeb30818 cleared up a bug with the CSS reported this as a SYN attack. This was reported as a 7.20 issue only. In order for this to work, you would need a configuration that does not NAT the server. To do this, you would make the service "type transparent-cache". The CSS would have to be on the same subnet as the servers, and the servers would be configured to accept traffic for the virtual address without arping for it. This can be done on Microsoft servers using a loopback interface configured with the VIP address. So, the configuration on the CSS would be the same as a standard load balance configuration, except for the "transparent" servers.

If you want the CSS to look at rules, etc when traffic comes from those servers, then the service should be also configured as "no cache-bypass".

sbbaxter
Level 1
Level 1
In response to mvoight

‎07-06-2004 01:01 AM

Can you provide a working config for this DSR?

0 Helpful

gbbromley
Level 1
Level 1
In response to sbbaxter

‎07-08-2004 07:05 AM

I think this should do it (as yet untested)

service WEB1

ip address A.B.C.210

keepalive type http

keepalive uri "/"

type transparent-cache

active

service WEB2

ip address A.B.C.214

keepalive type http

keepalive uri "/"

type transparent-cache

active

owner MyCUSTOMER

content SomeWebService

vip address A.B.C.100

add service WEB1

add service WEB2

protocol tcp

port 80

flow-reset-reject

active

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to gbbromley

‎07-10-2004 01:07 AM

I got the confirmation from the product manager.

DSR is unsupported.

What was reference by Michael is DSR for traffic not hitting a VIP - so just routed by the CSS.

Traffic hitting a vip needs to go through the CSS in both direction.

Documentation will be corrected soon to reflect this.

Regards,

Gilles.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card