cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
895
Views
5
Helpful
10
Replies

I am not able to telnet my content rule VIP address

wyu
Level 1
Level 1

I am not able to telnet my content rule VIP address and port number. But I am able to direct to telnet to service servers, which are added into the content rule set. Can anyone tell me why. I have update the latest WEBOS 5.00 Build 69. The content switch model is 11050. thank you very much .

10 Replies 10

d.parks
Level 1
Level 1

Is your CSS physically or logically in-line between the server and client for the return traffic path? If not, sessions will not work via. the VIP.

If you are not in-line, you may need to NAT with a source group to force the return traffic path.

(A symptom of this is that your connection counter increments on the CSS, but the session does not get through.)

Is any site or example I can look at ? But, thanks very much for return my message.

Yes, it works, thanks. But how can I retain the original source IP address ? When I telnet to the VIP address with specification port number .

thanks

d.parks

Do you have any solution ?

you can also make the CSS the default gateway for your servers.

So, you can keep the one-armed solution and still see the client ip address.

But, if you can get rid of the one-armed design, I would go for the inline setup that will give you better performance.

Gilles.

Gilles

I have several servers for this content rule. Which one I should go for ? Please advise. Thanks

WYU

That's one of the main issues with the "one-armed" configuration.

The source address is not visible to the server after the address translation has occured.

You can see the source address information in real-time on the css by using the "show flow" command.

If the server(s) absolutely need to see the IP information, then the CSS will need to be placed in-line between the clients and servers from a bridging or routing point of view.

Is possible one armed and in line in the same content switch ?

Currently I have some content rule are using one armed solution, there is only one rule I need to make the server see the original IP. I guess my question is , can I have this rule use in -line solution only, so I will not have to impact other rules set.

The other question since this content rule's service sever have only one interface only, Can I have this in-line solution go in the content switch and come out content switch in the same server farm switch ? Thank you for all the help.

The short answer is yes.

It comes down to IP routing or L2 bridging path. You just need to set the network up so that the traffic for the non one-armed server passes through the CSS.

The two most common ways to accomplish this is to either plug the server directly into the CSS or have the CSS setup as the next hop or default gateway router for that server.

Review Cisco Networking for a $25 gift card