cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
596
Views
0
Helpful
2
Replies

Redundancy and Load-balancing using one interface

cocolema
Level 1
Level 1

Is it possible to both perform load-balancing and redundancy using one interface? I have the load-balancing portion working, but the redundancy portion is failing.

Cosby Coleman

TCCSI

2 Replies 2

Gilles Dufour
Cisco Employee
Cisco Employee

could you provide us more information on what is the topology, what you did and what is not working.

Thanks,

Gilles.

This is our current network diagram and it works.

outside

[router]

|

| dmz (10.10.10.x/24)

[ pix ]-----------------------[L2switch]-----[L2switch]

| | | | | |

| | | | | |

| | | ---- | ------

[router] [CSS] | | | |

| [wWW1] | [WWW2] |

| | |

| [APP1] [APP2]

--------

| |

inside

PIX: 10.10.10.1

CSS: 10.10.10.3

WWW VIP: 10.10.10.30

WWW1: 10.10.10.31

WWW2: 10.10.10.32

App VIP: 10.10.10.36

APP1: 10.10.10.37

APP2: 10.10.10.38

This is what we would like to achieve, with CSS1 being the master and CSS being redundant.

outside

[router]

|

| dmz (10.10.10.x/24)

[ pix ]-----------------------[L2switch]-----[L2switch]

|10.10.10.1 | | | | | |

| | | | | ---- |

| | | ---- | | ------

[router] [CSS1] | | [CSS2] | |

| [wWW1] | [WWW2] [APP2]

| |

| [APP1]

--------

| |

inside

This is our current config, which is also working just fine.

!Generated on 07/12/2002 13:57:59

!*************************** GLOBAL ***************************

bridge priority 65535

ip redundancy

app session 21.1.1.1

app

ip route 0.0.0.0 0.0.0.0 10.10.10.1 1

!************************* INTERFACE *************************

interface e7

bridge vlan 2

interface e9

bridge vlan 2

!************************** CIRCUIT **************************

circuit VLAN1

ip address 21.1.1.2 255.255.255.0

redundancy-protocol

circuit VLAN2

redundancy

ip address 10.10.10.3 255.255.255.0

!************************** SERVICE **************************

service DownstreamSwitch

ip address 10.10.10.16

type redundancy-up

active

service dummy

ip address 10.10.10.100

keepalive type none

active

service pcuservice1

ip address 10.10.10.37

keepalive type tcp

keepalive frequency 15

keepalive retryperiod 60

active

service pcuservice2

ip address 10.10.10.38

keepalive type tcp

keepalive frequency 15

keepalive retryperiod 60

active

service webservice1

ip address 10.10.10.31

keepalive type http non-persistent

keepalive frequency 15

keepalive port 80

keepalive retryperiod 60

active

service webservice2

ip address 10.10.10.32

keepalive type http non-persistent

keepalive frequency 15

keepalive port 80

keepalive retryperiod 60

active

!********************* HEADER FIELD GROUP *********************

header-field-group .ida

header-field .ida request-line contain ".ida"

header-field-group cmd.exe

header-field cmd.exe request-line contain "cmd.exe"

header-field-group default.ida

header-field default.ida request-line contain "root.exe"

header-field-group x.ida

header-field x.ida request-line contain "x.ida"

!*************************** OWNER ***************************

owner TDECU

content block_.ida

header-field-rule .ida weight 0

add service dummy

protocol tcp

port 80

url "/*"

active

content block_cmd.exe

protocol tcp

port 80

url "/*"

header-field-rule cmd.exe weight 0

add service dummy

active

content block_default.ida

protocol tcp

port 80

url "/*"

header-field-rule default.ida weight 0

add service dummy

active

content block_x.ida

protocol tcp

port 80

url "/*"

header-field-rule x.ida weight 0

add service dummy

active

content pcuserver

vip address 10.10.10.36

add service pcuservice1

add service pcuservice2

balance destip

protocol tcp

port 443

url "/*"

advanced-balance ssl

application ssl

active

content webserver443

add service webservice1

add service webservice2

balance destip

protocol tcp

port 443

vip address 10.10.10.30

active

content webserver80

add service webservice1

add service webservice2

balance destip

protocol tcp

port 80

vip address 10.10.10.30

active

!*************************** GROUP ***************************

group PCUServers

vip address 10.10.10.36

add destination service pcuservice1

add destination service pcuservice2

active

group WebServers

vip address 10.10.10.30

add destination service webservice1

add destination service webservice2

active

The problem occurs when I add the second CSS box. The synchronization works properly, but when I unplug the connection between CSS1 and the L2switch, CSS2 becomes master, but it's gigabit port does not become active.

I tried a work around of using the gigabit port and a fastethernet port, which did help some, but failover time was in the order of 1 minute or more.

What I have not tried is using a virtual router or a virtual interface, though that will probably be my next attempt.

Thank you,

Cosby A. Coleman

TCCSI

Review Cisco Networking for a $25 gift card