12-01-2008 02:35 AM
i configued layer2 CSS 11503 as the following:
2 servers (10.122.70.13 and 10.122.70.14 need to be balanced using VIP 10.122.70.15)
!************************* INTERFACE *************************
interface 1/1
vlan 70
interface 1/2
isc-port-one
interface 2/1
vlan 70
!************************** CIRCUIT **************************
circuit VLAN70
ip address 10.122.70.30 255.255.255.0
!************************** SERVICE **************************
service Server13
ip address 10.122.70.13
port 514
protocol udp
service Server14
ip address 10.122.70.14
port 514
protocol udp
active
!*************************** OWNER ***************************
owner L3_Owner
content L3_Rule_syslog
add service Server13
add service Server14
vip address 10.122.70.15
balance leastconn
protocol udp
port 514
advanced-balance sticky-srcip
active
!*************************** GROUP ***************************
group syslog
vip address 10.122.70.15
add service Server13
add service Server14
active
after that I suspended server13, and I can see:
CSS11503# sh keepalive-summary
Keepalives:
AUTO_Server13 State: Suspended 10.122.70.13
AUTO_Server14 State: Alive 10.122.70.14
but even that, CSS still direct the traffic to 10.122.70.13:
CSS11503# sh flows
--------------- ----- --------------- ----- --------------- --- ------- ------
Src Address SPort Dst Address DPort NAT Dst Address Prt InPort OutPort
--------------- ----- --------------- ----- --------------- --- ------- ------
10.122.70.2 2333 10.122.70.15 514 10.122.70.13 UDP 1/1-70 1/1-70
10.122.23.18 514 10.122.70.15 514 10.122.70.13 UDP 1/1-70 1/1-70
10.122.48.41 49 10.122.25.37 11593 0.0.0.0 TCP 2/1-25 Ipv4
10.122.23.13 2307 10.122.70.15 514 10.122.70.13 UDP 1/1-70 1/1-70
10.122.23.17 514 10.122.70.15 514 10.122.70.13 UDP 1/1-70 1/1-70
can someone show me where is the problem? thanks!
Solved! Go to Solution.
12-01-2008 06:01 AM
You should define your serives in your group as destination services. This way, the source IP of a flow originated from the client-side is NATed to the VIP, and the response from the server will go through the CSS.
The way you configured it, flows initiated from the servers are NATed.
it should look like this:
group syslog
vip address 10.122.70.15
add destination service Server13
add destination service Server14
active
regards,
Dario
12-01-2008 06:01 AM
You should define your serives in your group as destination services. This way, the source IP of a flow originated from the client-side is NATed to the VIP, and the response from the server will go through the CSS.
The way you configured it, flows initiated from the servers are NATed.
it should look like this:
group syslog
vip address 10.122.70.15
add destination service Server13
add destination service Server14
active
regards,
Dario
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide