Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
562
Views
0
Helpful
2
Replies

Need help with the below config

skkghello1
Level 1
Level 1

‎05-17-2011 10:52 AM

Can you please have a look at the below config :

service test-1-6273   --à I understand this part

  ip address 10.10.14.17

  protocol tcp

  port 6273

  redundant-index 33

  keepalive frequency 2

  keepalive maxfailure 2

  keepalive retryperiod 2

  keepalive port 6273

  keepalive type tcp

  active

service test-2-6273 --à I understand this part

  ip address 10.10.30.18

  protocol tcp

  port 6273

  redundant-index 36

  keepalive frequency 2

  keepalive maxfailure 2

  keepalive retryperiod 2

  keepalive port 6273

  keepalive type tcp

  active

--------------------------------------------------

content test1-content-6273 --à I understand this part

    vip address 10.10.10.232

    port 6273

    protocol tcp

    redundant-index 53

    balance weightedrr

    advanced-balance sticky-srcip

    flow-timeout-multiplier 451

    add service test-1-6273weight 10

    add service test-2-6273weight 1

    active

content test2-content-6273 –Why 2 vips ? (R they for load balacing)

    vip address 10.10.10.233

    port 6273

    protocol tcp

    redundant-index 60

    balance weightedrr

    advanced-balance sticky-srcip

    flow-timeout-multiplier 451

    add service test-2-6273weight 10

    add service test-1-6273weight 1

    active

-------------------------------------------------------

group nat-group-test

  vip address 10.10.10.205 ----------> what is this rule for (To nat client ip to css ip --snat)

  redundant-index 54

  flow-timeout-multiplier 451

  add destination service test-1-6273

  add destination service test-2-6273

  active

circuit VLAN20

  description " Upstream "

  ip address 10.10.173.209 255.255.254.0

 

  ip redundant-vip 10 10.10.10.205

  ip redundant-vip 10 10.10.10.232

  ip redundant-vip 10 10.10.10.233

=========================================================================

content map-edge-443

    vip address 10.10.10.205 --------> why are they using the same ip as of group

    port 443

    protocol tcp

   redundant-index 41

    flow-timeout-multiplier 25

    advanced-balance sticky-srcip

    add service star-1-9443

    add service map-edge-002-beta-9443

    active

----------------------------------------------------------------------

service star-1-9443

  ip address 10.10.45.17

  protocol tcp

  port 9443

  redundant-index 21

  keepalive frequency 2

  keepalive maxfailure 2

  keepalive retryperiod 2

  keepalive type tcp

  keepalive port 8080 --why diff port number , shouldn’t be 9443

  active

service star-2-9443

  ip address 10.10.41.17

  protocol tcp

  port 9443

  redundant-index 1

  keepalive maxfailure 2

  keepalive frequency 4

  keepalive retryperiod 2

  keepalive port 8004 ----why diff port number , shouldn’t be 9443

  keepalive type tcp

  active

group snat-star –what does this group do

  vip address 10.10.40.100

  add destination service star-1-9443

  add destination service star-2-9443

  redundant-index 56

  active

circuit VLAN645

  ip address 10.10.33.2 255.255.240.0

    ip virtual-router 11 priority 200 preempt

    ip virtual-router 21

    ip redundant-interface 11 10.10.33.1

    ip redundant-interface 21 10.10.33.4

    ip redundant-vip 11 10.10.40.100 ----why

    ip critical-service 11 upstream-downstream-ping

    ip critical-service 21 upstream-downstream-ping

 

Is the above config correct. thanks

Labels:
0 Helpful
2 Replies 2

skkghello1
Level 1
Level 1

‎05-18-2011 07:54 AM

Any help will be appticated.

0 Helpful

Marko Leopold
Level 1
Level 1

‎05-19-2011 02:55 AM

content test2-content-6273 –Why 2 vips ? (R they for load balacing)

    vip address 10.10.10.233

    port 6273

    protocol tcp

    redundant-index 60

    balance weightedrr

    advanced-balance sticky-srcip

    flow-timeout-multiplier 451

    add service test-2-6273weight 10

    add service test-1-6273weight 1

    active 

Why? Because you use the same tcp port. How shall the CSS know which content you want to use? And yes they are loadbalancing, but i guess it is made with DNS-loadbalancing.
group nat-group-test 
  vip address 10.10.10.205 ----------> what is this rule for (To nat client ip to css ip --snat)
  redundant-index 54 
  flow-timeout-multiplier 451 
  add destination service test-1-6273
  add destination service test-2-6273
active
Yes it is Source-NAT. It is the address that the CSS will use to reach the added services.
content map-edge-443 
    vip address 10.10.10.205 --------> why are they using the same ip as of group
    port 443 
    protocol tcp 
    redundant-index 41 
    flow-timeout-multiplier 25 
    advanced-balance sticky-srcip 
    add service star-1-9443
 Because they can! The address isn't used on the CSS yet.
service star-1-9443
  ip address 10.10.45.17 
  protocol tcp 
  port 9443 
  redundant-index 21 
  keepalive frequency 2 
  keepalive maxfailure 2 
  keepalive retryperiod 2 
  keepalive type tcp 
  keepalive port 8080 --why diff port number , shouldn’t be 9443
  active 
Why not? If you think it is useful, you can change the tcp port of your keepalive.
group snat-star –what does this group do 
  vip address 10.10.40.100 
  add destination service star-1-9443
  add destination service star-2-9443
  redundant-index 56 
  active 
It's the SNAT for the two services above (star-1-9443, star-2-9443)
circuit VLAN645
  ip address 10.10.33.2 255.255.240.0 
    ip virtual-router 11 priority 200 preempt 
    ip virtual-router 21 
    ip redundant-interface 11 10.10.33.1 
    ip redundant-interface 21 10.10.33.4 
    ip redundant-vip 11 10.10.40.100 ----why
    ip critical-service 11 upstream-downstream-ping 
    ip critical-service 21 upstream-downstream-ping 
To tell the CSS that this vip should be redundant in VRRP. 

					
				
			
			
				
			
			
				
			
			
			
			
			
			
		

		
		
	

	
	


	
				
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
		
			
		
	
				
		
			
					
		
	
				
		
			
					
				
		
			
		
			
					
			
		
				
		
	
	


		

	

		

			

	
		
			
					

	
			

				
		
			
		
			
				

					
						
	
			0
		

	Helpful

					
				

			
			
		

	
		
    	
		

			
				
					
				
				
			
		

	
    
			

		

	

	

	

    

	

	


				
		
	
	


		

			

	
		
			
					
				
		
			
		
			
		
	
	


		

	

		

			

	
		
			
					
				
		
			
					
				
		
			
					
		
	
				
		
			
					
		
	
				
		
	
	


		

	



		

	

	

	




			
		
    
            

                

            

        

	
		

		
	

	

	



	
                

                
				
            
        
    

    
        


	
			
				

					
						

							
		

			

	
			
				
					
				
				
			
		


		

	
							

								
								
							

							

								

	
									
								


							

						

					
				

			
		
	


    
    
        
        
            
        
        
	
    

	

	

	

	

	



				
			
		
		
	
	


		

			

	
		
			        

		
				

        

	


		
			
 
 

		
			
		
			

		
			



  

    

      

        

          
Customers Also Viewed These Support Documents

        

        

          

            

              

                

                  
                

              

            

          

        

      

    

    

      
 

    

  




		
			
		
			    

Review Cisco Networking for a $25 gift card