Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
553
Views
0
Helpful
1
Replies

Load balancing Problem

Ahmede
Level 1
Level 1

‎06-07-2005 08:28 AM

We have 2 web servers connected to Cisco 11506 contenet switch.. Then the content switch is connected to 2 firewalls, and the 2 firewalls are connected to to a router and the router is connected to different ISPs. We are load balance between the 2 ISPs. In order to do that we divided the address into two /28 addresses. We also created 2 virtual addresses on the content switch.. The config looks fine but the conentnt switch balance doesn't work when we have 2 VIPs, however it works fine if we have a single VIP..

IP subnet ISP1 10.10.80.32/28

ip subnet ISP2 10.10.80.48/28

Content switch connection with web server subnet 10.10.80.32/27

here's the config..

ip route 0.0.0.0 0.0.0.0 10.10.80.35 1

!************************** CIRCUIT **************************

circuit VLAN1

ip address 10.10.80.39 255.255.255.224

!*********************** SSL PROXY LIST ***********************

!************************** SERVICE **************************

service ssl-serv1

type ssl-accel

slot 5

keepalive type none

add ssl-proxy-list ssl-list1

active

service svr-sun-new-modawala

ip address 10.10.80.43

string test3

active

service svr1

ip address 10.10.80.41

string test

keepalive type http

service svr2

ip address 10.10.80.42

string test1

keepalive type http

keepalive port 80

active

service svr3

string test3

ip address 10.10.80.46

active

service svr5

ip address 10.10.80.45

keepalive type http

keepalive port 80

active

service svr6

ip address 10.10.80.38

keepalive type http

keepalive port 80

active

!*************************** OWNER ***************************

owner ssl-owner

content ssl-rule-2VIP

add service ssl-serv1

application ssl

vip address 10.10.80.50

protocol tcp

port 443

advanced-balance ssl

content ssl-rule1

add service ssl-serv1

application ssl

protocol tcp

vip address 10.10.80.40

port 443

advanced-balance ssl

active

content sticky-test

vip address 10.10.80.40

protocol tcp

port 80

url "/*"

advanced-balance arrowpoint-cookie

add service svr1

add service svr2

add service svr3

add service svr5

add service svr6

active

content sticky-test-2VIP

vip address 10.10.80.50

port 80

protocol tcp

url "/*"

advanced-balance arrowpoint-cookie

add service svr1

add service svr2

add service svr3

add service svr5

add service svr6

content sun-modawala

protocol tcp

port 80

url "/newmudawala/*"

vip address 10.10.80.40

advanced-balance arrowpoint-cookie

add service svr-sun-new-modawala

active

content sun-modawala-2VIP

protocol tcp

port 80

url "/newmodawala/*"

vip address 10.10.80.50

advanced-balance arrowpoint-cookie

add service svr-sun-new-modawala

CSS11506#

Labels:
0 Helpful
1 Reply 1

Gilles Dufour
Cisco Employee
Cisco Employee

‎06-08-2005 06:18 AM

could you explain what is not working when you have 2 vips ?

Are both vip not working or just one ?

Do you see hits for your content rule if you do a 'show summary' ?

did you sniff the traffic in front of the CSS to see what is going on ?

I see you have only 1 vlan.

Are the servers using the CSS as default gateway ?

If not, how do you guarantee the server responses come back to the CSS ?

Thanks,

Gilles.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card