Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
405
Views
0
Helpful
1
Replies

Transparent failover of CSS services

rhholmes
Level 1
Level 1

‎08-30-2005 12:07 PM

I need help understanding service failure and the action taken by the CSS to rebalance the traffic.

I am working on a project to replace a non-Cisco load balancer that works by receiving each packet and forwarding it to all of the web servers. The web servers are stateful at the application layer. This is an on-line brokerage application.

Currently, any server can be taken down hard and the user does not experience an outage since another server takes over and is already receiving the traffic (at least this is my understanding). I would like to try to replicate this functionality as closely as possible. Suspending a service is not desirable since a user can stay active for extended periods and the application team needs to fix the server/application and get it back in production quickly.

What is the recommended CSS implementation for this application?

Currently, SSL termination is performed by the server. We are also investigating the SSL module in the CSS.

Option 1: SSL on the server

- When one service fails, can the CSS initiate a TCP connection to another service and update the flow table without the client being affected?

Option 2: SSL Module in CSS

- Is there anything in the CSS that makes this easier or more difficult to implement?

Any help would be appreciated.

Thanks,

Rob

Labels:
0 Helpful
1 Reply 1

jfoerster
Level 4
Level 4

‎08-30-2005 10:03 PM

HI Rob,

first of all I do not know any possible implementation to do statefull SSL-Failover on any hardware box. I heard rumors that some servers should be able to do this but from my understanding this is quite hard to implement as the servers have to replicated all key pairs used in any SSL-Connection.

For taking servers out of service there is an easy way. Define a testing URL. As soon as this URL is no longer responding (i.e. by renaming the testing file) the server is taken out of the loadbalancing and the session are load balanced.

IN terms of the SSl-Module it will help you reducing the CPU-Usage of your servers (only true if they do not have a seperate HW in their servers for SSL) but be aware that you might have to configure backend-ssl as this is a banking environment. Another thing I'm quite sure is that the the two SSL-Modules are not able to do statefull failover but maybe this knowledge is out-dated and someone could shade some light on this.

Hope that helped.

Kind Regards,

Joerg

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card