One arm design

mattlarimore · ‎04-18-2005

What design/configuration considerations must be made to order to use the CSS in the "one armed" mode?

Gilles Dufour · ‎04-19-2005

keep in mind the CSS needs to see both side of the traffic.

That is client to server but also server to client.

The client to server traffic will always come to the CSS since the client is talking to the vip that is on the CSS.

However, the server is not aware that there is a CSS and may send responses back to client directly which will break the process.

The solution is to

1. set the CSS as default gateway for the server

2. use policy routing to forward server traffic to css

3. use client nat on CSS

If you use the 3rd option, your server will not see the client ip address. All traffic will come from the CSS ip - so problem if you do statistics based on client ip.

In general it is not a good idea to use one-armed.

Too much trouble with the return traffic and most of time not so good performance compare to other solutions.

Gilles.

mattlarimore · ‎04-19-2005

Gilles, thanks. Where can I find design/configuration data?

Gilles Dufour · ‎04-20-2005

You can find a lot of config example on this website.

However, most of the time the examples are for very specific and complex scenarii.

If you need generic information, you will have to read the release-notes and the configuration guide.

Search for 'css basic configuration guide'.

Gilles.

- please take a moment to rate my answers.

branfarm1 · ‎10-04-2006

wrong forum....