Good day!
There is scheme
uplink uplink
| |
CSS1------CSS2
| |
|--Server--|
Server is directly connect by two interfaces to CSSes in hot reserv mode (active one interface only).
CSSes is configured in active-standby mode.To each other they connected through isc and trunk link.
This is part of config:
!************************* INTERFACE *************************
interface 2/7
bridge vlan 100
interface 2/15
isc-port-one
interface 2/16
trunk
vlan 100
!************************** CIRCUIT **************************
circuit VLAN100
ip address 192.168.33.253 255.255.255.224
ip virtual-router 3 priority 110 preempt
ip redundant-interface 3 192.168.33.254
!************************** SERVICE **************************
service Test
ip address 192.168.33.247
redundant-index 45
port 80
protocol tcp
keepalive type http
active
!*************************** OWNER ***************************
content Test
add service Test
vip address 192.168.32.7
protocol tcp
port 80
redundant-index 105
active
When server communicate via interface connected to active CSS - all is OK!
But when something happen and server switch to second interface (traffic must go across standby CSS via trunk to active CSS)...to client come not NATed packets (with real server source ip, but not VIP), and application not see response.
I was try to create group for destination service with the same vip 192.168.32.7 and its work. But server need real ip of clients for correct working and groups is not decision.
All master and slave virtual-router and redundant-interfaces on CSSes are all right.
In ACL on vlan 100 on CSS1 i'm not see any hitcounts from ip server to ip client.On CSS2 there are hitcounts on content hits value.
How else i can to see is response packets come from server to CSS1?
Why does it happen? and how correct problem?
Thanks!
