10-03-2006 11:21 AM
Hi there. First, I'm brand new to the world of CSS, trying to move up from a pair of old localdirectors.
I'm attempting to setup two CSS 11501's in a HA configuration, and I want to have a load balanced address (VIP address?) in the same subnet as the servers that will be load-balanced.
I also want the CSS's to be redundant, but I'm not sure which method-- box2box, or ASR, or VIP reduncancy -- is right for my desired setup.
Can anyone out there give some advice for this setup?
Thanks in advance,
--Brandon
Solved! Go to Solution.
10-05-2006 10:22 PM
1 virtual-router can be used for multiple VIP.
So, you can get rid of virtual router 2.
You have configured a one-armed setup.
So, you have to make sure all traffic goes back to the CSS.
One-armed seems easy to deploy because it does not require readdressing servers/routers.
However, it requires a lot of attention to make sure the traffic goes back to the CSS and that there is no asymetric routing.
If you can, you should consider a different solution with a client vlan and a server vlan.
Gilles.
10-04-2006 06:05 AM
I would not chose box-to-box redundancy because the failover time is around 40sec compare to the 4 sec for vip redundancy.
ASR is something you add on top of vip redundancy if you want to have stateful failover. This is not mandatory.
Your config seem to be pretty basic, so you should be able to find a lot of sample configs on this website.
Gilles.
10-04-2006 11:45 AM
Thanks for your respone Gilles. I have a follow up question:
Is it standard practice to have both incoming and returning traffic routed through the CSS? In my current setup, the default gateway on the load-balanced servers is the same as the non-load-balanced machines.
The reason I ask is because I don't see how to configure the redundant IP for the Content groups. I can see how to configure redundancy for the VLAN circuit, but I don't think that's what I necessarily want. I only need redundancy in the content group ip.
Also, should the servers be plugged direclty in to the CSS or can they be be plugged into the main distribution switch?
Thanks again,
--Brandon
10-04-2006 10:28 PM
Brandon,
the servers can be attached to a switch.
As long as there is a path between servers and CSS it is fine.
For redundancy, you do vip redundancy on the client side, where traffic is coming in and you do interface redundancy on the server side.
You use the redundant interface ip address as the default gateway for the servers. This works like HSRP in the router world.
The CSS MUST see the response from the server to perform the reverse-nating server -> vip.
Regarding the traffic going through the CSS, it is recommended to avoid sending useless traffic through the CSS.
If you can move unecessary servers to a different vlan or simply configure them to use a different gateway, that would be best.
Gilles.
10-05-2006 12:18 PM
Thanks again for all your help. I think I've got a config ready that will work and provide the HA that we require.
I've included the non-descrip version of the config below. Can you let me know if you see anything that will cause any major problems?
Non-descrip version
!*************************** GLOBAL ***************************
app
app session 192.168.0.2
ip route 0.0.0.0 0.0.0.0 10.0.0.1 1
!************************* INTERFACE *************************
interface e8
bridge vlan 2
!************************** CIRCUIT **************************
circuit VLAN1
ip address 10.0.0.10 255.255.255.0
ip virtual-router 1 priority 101 preempt
ip virtual-router 2 priority 101 preempt
ip redundant-interface 1 10.0.0.12
ip redundant-vip 1 10.0.0.201
ip redundant-vip 2 10.0.0.203
ip critical-service 1 upstream_switch
ip critical-service 2 upstream_switch
circuit VLAN2
description "CSS-CSS Link"
ip address 192.168.0.1 255.255.255.0
!************************** REPORTER **************************
reporter r1
type vrid-peering
vrid 10.0.0.10 1
vrid 10.0.0.10 2
active
!************************** SERVICE **************************
service server1
ip address 10.0.0.40
port 9999
active
service server2
ip address 10.0.0.41
port 9999
active
service server3
ip address 10.0.0.42
port 9999
active
service server4
ip address 10.0.0.43
port 9999
active
service upstream_switch
ip address 10.0.0.2
active
!*************************** OWNER ***************************
owner Owner1
content Group_1
protocol tcp
port 9999
add service server1
add service server2
vip address 10.0.0.201
balance weightedrr
active
owner Owner2
content Group_2
protocol tcp
port 9999
add service server3
add service server4
vip address 10.0.0.203
balance weightedrr
active
10-05-2006 10:22 PM
1 virtual-router can be used for multiple VIP.
So, you can get rid of virtual router 2.
You have configured a one-armed setup.
So, you have to make sure all traffic goes back to the CSS.
One-armed seems easy to deploy because it does not require readdressing servers/routers.
However, it requires a lot of attention to make sure the traffic goes back to the CSS and that there is no asymetric routing.
If you can, you should consider a different solution with a client vlan and a server vlan.
Gilles.
10-04-2006 11:31 PM
Brandon,
Here's a sample CSS config:
Here's a document that describes the migration from LD to CSS:
Regarding the redundancy portion it really depends on your requirements.
1) Box-to-box is similar to the LocalDirector's failover mechanism in that only one box is actually recieving traffic at a time
2) ASR is useful if you need to replicate connections to the backup box (LocalDirector had similar behavior with the 'replicate' option)
3) vip and interface redundancy can be useful if you have a more complex setup where you might want to perform an active-active
You can read more about these different types here:
http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_750/redundgd/index.htm
Good luck.
-Chip
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide