VIP & Interface Redundancy

subhash · ‎07-24-2003

1.We have two CSS11503 configured to operate in a VIP & Interface redundancy mode for two VIPs. One CSS is active for one VIP and standby for the other and vice versa. Origin servers are connected through two layer 2 switches to the contenet switches. When I switch off one of the CSS the other one takes over the VIP and interface but the operation there after is not proper. There are long dalays, sometime it does not work at all etc. etc. But every time I switch off one of the CSS the other one is taking over the VIP and Interface correctly. Can someone guide me with the probable reasons for this.

2. Can someone give me a url describing how to connect dual-homed servers on content switches, if there are issues using dual-homed servers.

Gilles Dufour · ‎07-25-2003

is that long delays for new connections or already open connections ?

The first thing to do is capture a sniffer trace front-end and back-end to see what is going on there.

Could be a spanning-tree convergence issue as well depending how you setup this.

Dual-homed, you mean 1 interface to each CSS ?

I don't think there is any such document available.

Gilles.

subhash · ‎07-25-2003

Hi Gilles,

Already existing connections will hang. If I start a new connection, it takes long time. This is an Oracle application (3 tier architecture) where the web servers will communicate to the DB servers at the begining. After VIP & Interface changeover both the web and database access experiencing long delays.

I have another reply indicating a problem with the GARP with some code version of CSS. I use version 7.2(sg0720003). Are you aware of any such problem with this code.

Also while I was debugging at the firewall connected to this CSS ( Totoplogy: INET--FireWall--CSS--Servers)I saw packets coming from the privare address of the servers to Internet and the DB servers place at another zone. Is this possible?. As per my understanding whenever a connection gets originate from the server having private address, it will get translated to the VIP address while going out as I have configured the group with this VIP address and the servers as follows:

!************************** SERVICE **************************

service PRDWEB1

ip address 10.21.11.11

protocol tcp

keepalive port 8050

keepalive type script gbm-keepalive "10.21.11.11 8050"

active

service PRDWEB2

ip address 10.21.11.12

protocol tcp

keepalive port 8050

keepalive type script gbm-keepalive "10.21.11.12 8050"

active

owner GBM

content Web

add service PRDWEB1

add service PRDWEB2

vip address 194.229.222.196

protocol tcp

port 8050

url "/*"

active

group PrAppServers

add service PRDWEB1

add service PRDWEB2

vip address 194.229.222.196

I saw packets with src-address 10.21.11.11 and 10.21.11.12 instead of 194.229.222.196

I appreciate your support.

d.parks · ‎07-25-2003

What code version are you running? I ran into a bug awhile back where the CSS was not sending gratuitous ARPs properly for VIP addresses.

The VIP appeared to transition properly, but the next hop router (firewall in my case) was not able to update it's ARP information. Inbound traffic was not able to reach the VIP untill the firewall's ARP cache timed out.

subhash · ‎07-25-2003

Hi Parks,

The code version is 7.2(sg0720003). The problem appeared to be similar to yours. How did you solve this? What vesion did you use?