Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
483
Views
0
Helpful
3
Replies

I want CSS to like RADWARE,F5 ,OneArm,To See Source IP

QING LIU ZHU
Level 1
Level 1

‎04-16-2003 04:13 PM

In the CSS11050 document,Cisco sugest customer not use OneArm.

But other LB products(RADWARE,F5,FOUNDRY)can make it and can see client source ip. make it in three ways;

1)SOURCE NAT

2)DEFAULT GATEWAY

3)TRIANGULAR

Labels:
0 Helpful
3 Replies 3

jfoerster
Level 4
Level 4

‎04-17-2003 12:03 AM

Hi,

from my point of view you can get around SRC-Natting if you force the routing to send the packets which are balanced from the CSS to the servers back to the CSS(egress and ingress ports are the same). If the servers reside in the same Subnet as the VIP you can get this by moving the Default-Gateway of the servers towards the CSS. But take care that this causes no other traffic from the servers to be affected by this. Second possibility if the VIP is not in the Same VLAN: Create a second circuit which resided in the VLAN of the servers and do the steps described above.

3rd possibility try to do policy routing to force the way back through the CSS but this will not be very easy to Troubleshoot in case of a failure.

Again the warning: Make sure that the unbalanced connections to the balanced servers do not get affected by changing the DG, doing policy routing or something else.

Hope that helps and that I din't have ignored a smal thingy.

Regards,

Joerg

PS

Let me know about the outcome and how you implemended it.

0 Helpful

QING LIU ZHU
Level 1
Level 1
In response to jfoerster

‎04-17-2003 12:53 AM

F5,RADWARE inplement it like:

1)Default Gateway.

LB(Load Balncer),Server in the same Vlan and subnet.

LB change the DIP(Destinatin Ip address)of the packet from Client,Server Respone the pakcet to LB. LB change the SIP(Source ip address) of the packet from server . In the server,Gateway must be set to th IP of LB.

2)Triangular.

LB,Server in the same Vlan and subnet.

LB don't change ip packet from client,but change the destination MAC(to itself :LB) from switch(like cata6509)to server's mac address. server respone the packet direct to client(not to LB).server must configure Loopback address with VIP Address.

other LB product like Foundry can also implemnet it. but why not css.

0 Helpful

mingchieh
Level 1
Level 1
In response to QING LIU ZHU

‎04-20-2003 08:45 PM

Hello

Can the CSS do the Multi -isp like F5 and linkproof ?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents