Re: Implementing two cisco CSS 11154's in an ISP environment.

becobaf · ‎08-09-2002

Hi All,

My boss has asked me to implement CSS11154's as redundant loadbalancers in our network. We are an ISP that hosts client machines.

My initial plan is as follows:

A quick example:

clientA has 3 webservers

clientB has 2 webservers

Both clients want to loadbalance http traffic on their webservers.

webserverA1 webserverA2 and webserverA3 are connected to switchA

webserverB1 and webserverB2 are connected to switchB

switchA is connected to ethernet port1 on a CSS11154

switchB is connected to ethernet port2 on a CSS11154

The CSS balances traffic addressed to VIP-A over IPADDR-A1, IPADDR-A2 and IPADDR-A3

The CSS balances traffic addressed to VIP-B over IPADDR-B1 and IPADDR-B2

this example is without the second CSS.

Then there is the with / without firewall part.:

I can create 2 vlans with the following config:

vlan1 ethernet port 1, 2, 3, 4, 5, 6 and 13

vlan2 ethernet port 7. 8. 9. 10. 11. 12 and 14

port 13 (Gigabit) is connected to our core-switch so clients connected to port 1 through 6 can loadbalance with an direct internet connection

port 14 (Gigabit) is connected to a switch behing a pix firewall..

This is all possible right?

The there is the redundancy part..

How do I get backup CSS to communicate with the active primary? is it possible through the management interface?

Could anyone tell me if this is a good setup, end if there are caveats in this plan.

Also maybe other things I must look at (software version etc)

Thanks in advance...

Bastiaan

ps I know I have to read more of the documentation before I start this, but this idesign plan is for presentation to my boss.

lynchp · ‎08-09-2002

Hi,

Please see my answers inline begining with >>>>

Please be aware I can only give you conceptual information due to the lack of specifics.

clientA has 3 webservers

clientB has 2 webservers

Both clients want to loadbalance http traffic on their webservers.

webserverA1 webserverA2 and webserverA3 are connected to switchA

webserverB1 and webserverB2 are connected to switchB

switchA is connected to ethernet port1 on a CSS11154

switchB is connected to ethernet port2 on a CSS11154

>>>>No Problem

The CSS balances traffic addressed to VIP-A over IPADDR-A1, IPADDR-A2 and IPADDR-A3

The CSS balances traffic addressed to VIP-B over IPADDR-B1 and IPADDR-B2

this example is without the second CSS.

>>>>No Problem

Then there is the with / without firewall part.:

I can create 2 vlans with the following config:

vlan1 ethernet port 1, 2, 3, 4, 5, 6 and 13

vlan2 ethernet port 7. 8. 9. 10. 11. 12 and 14

port 13 (Gigabit) is connected to our core-switch so clients connected to port 1 through 6 can loadbalance with an direct internet connection

port 14 (Gigabit) is connected to a switch behing a pix firewall..

This is all possible right?

>>>> Cant see any problem

The there is the redundancy part..

How do I get backup CSS to communicate with the active primary? is it possible through the management interface?

>>>>No not a good idea. From what you have here it is better to use vip and interface redundancy. This uses a vrrp protocol which runs across the uplinks and downlinks . The 2 CSS need to be on the same layer 2 segment and does not require a dedicated interface. It also give you the ability to run in an active active state. Client A can be active on CSS A and Client B can be active on CSS B. If one of the switches fail then the other switch will take over for all services. One downfall of this is that you need to make sure one CSS can handle all the load in case of a failure.

I will send you a doco seperately that you can have a look at the redundancy methods.

Could anyone tell me if this is a good setup, end if there are caveats in this plan.

Also maybe other things I must look at (software version etc)

>>>Latest 5.00 train on CCO is a good choice.

Cheers

Phil

Cisco Systems