How to get reals to always use CSM (VIP)

mariolaniel · ‎01-11-2005

We have a CSM in 6500, and the way the application works on the reals, when the client innitiate a request it then start a new connexion to the client. That connexion gets innitiated from the real directly to the client. I'm trying to find a way to get the reals to go threw the vip when it orriginate a connexion but I don't quite get it. I'm using a bridged configuration with both the server and the client VLAN on the same subnet.

Any help would be appreciated, we got three days left before we go live with this roll-out.

Regards,

Mario

Gilles Dufour · ‎01-12-2005

Mario,

are you saying you would like the server ip address to be nated to the vip address when the server opens a connection with the client ?

If so, you could use the command "static nat virtual"

and then define the real server to be nated under that command.

You could also capture the traffic with a vserver 0.0.0.0/0 and use a serverfarm with 'nat client'.

I would recommend the first solution.

Regards,

Gilles.

mariolaniel · ‎01-12-2005

Yes, this is what I want to do and I already have that command in my config which I'm joining with this message.

When we do a sniffer trace, we see the real server IP address going to the client there doesn't seem to be any nating happening.

btw the servers are configured like this

IP 10.4.4.21

Subnet 255.255.255.0

gateway 10.4.4.1

Gilles Dufour · ‎01-13-2005

Mario,

ok - this command does not work in bridge mode as the traffic is not intercepted by the CSM in this case.

You can try to create the following vserver

serverfarm forward

no nat server

predictor forward

!

vserver catchall

virt 0.0.0.0/0 any

serverfarm forward

vlan 310

inservice

!

If that does not work, you have to add the following to the config above and this will work.

natpool server 10.4.4.20 10.4.4.20 netmask /31

serverfarm forward

nat client server

Regards,

Gilles.

mariolaniel · ‎01-13-2005

Gilles,

Basically you want me to replace the existing vserver with what you mention above and add the "predictor forward" in the serverfarm.

remove the "static nat virtual"

and if that doesn't work, add a nat pool.

or do you just want me to add this to the existing config.

Thanks

Gilles Dufour · ‎01-13-2005

do not remove the existing config.

Just add the new lines.

Gilles.

mariolaniel · ‎01-13-2005

Gilles,

tried your config and it didn't work. The client couldn't connect to the reals at all.

Any clew as to why it failed?

I'm kind of running out of ideas and time as well.

P.S. Thanks for everything you've done so far, it is much appreciated.

Regards,

Mario

Gilles Dufour · ‎01-14-2005

do 'sho mod csm X vserver' and see if you have any hits on the new vserver.

Also do a 'sho mod csm X conn detail' at the time a connection is open by the server and see if the ip address of the server is nated.

If you can provide access to your setup, I can have a look.

Contact me by email at gdufour@cisco.com

Thanks,

Gilles.

mariolaniel · ‎01-14-2005

Gilles,

We did get a lot of hit on the new vserver and I also saw a lot of connections, but most of them were going to some Sequal server and the clients wern't able to connect to the application.

I'll send you the commands outpus and a copy of the config the minute I get in the office.

Regards,

Mario