12-03-2010 10:28 AM
Hi,
I am working on CSM module on 6509 distribution level switches in a data center.
I came up with a unusual requirement (unusual in a sense as I never dealt with such configuration before), so I thought to have a discussion over here. I have one VIP1 that is load balancing real servers REAL1, REAL2 and REAL3. All these servers and the VIP1 are on the same subnet. Now I have to add REAL 4, REAL5 and REAL6 which are on different VLANs (and hence different subnet) in the existing VIP1 serverfarm configuration.
In other words is it possible to load balance across various real servers which resides on different subnets? Any sort of help in this matter is appreciated.
Thanks in advance.
Mahi.
Solved! Go to Solution.
12-06-2010 10:45 AM
Mahi,
Yes this is possible and configurable. Load balancing to the servers is not the issue. The issue is to ensure that the server's response goes back to the load balancer (CSM). If the CSM is not the default gateway of the servers, the server will respond directly to the client breaking the connection flow.
There are multiple ways to get around this: source NAT, policy based routing (PBR), direct server return (DSR). Source NAT is by far the most common and recommended way to ensure the return path goes back to the CSM. PBR can become cumbersome to manage and DSR has to many limitations.
Regards
Kris
12-07-2010 09:28 AM
Mahi,
Here are two basic examples of a CSM in routed mode and a hybrid routing mode using SRC-NAT. Furher configuration for probes or specific applicatin tuning may be needed in your case.
Example 1:
In this example, the servers are on VLAN 101 and 102 and their default gateway is the CSM. It is not necessary to SNAT the connection back to the CSM.
module ContentSwitchingModule 7
vlan 101 server
ip address 10.1.1.10 255.255.255.0
!
vlan 102 server
ip address 10.2.2.10 255.255.255.0
!
vlan 100 server
ip address 10.0.0.10 255.255.255.0
gateway 10.0.0.1
!
natpool SRCNAT 10.1.1.200 10.1.1.200 netmask 255.255.255.0
!
serverfarm TESTWEB
nat server
no nat client
real 10.1.1.11 80
inservice
real 10.2.2.21 80
inservice
!
vserver TESTWEB80
virtual 10.0.0.100 tcp www
serverfarm TESTWEB
persistent rebalance
inservice
Example 2:
In this example the server's gateway is not the CSM. Therefore, we need to SNAT the connection to ensure the return traffic goes back to the CSM.
module ContentSwitchingModule 7
vlan 101 server
ip address 10.1.1.10 255.255.255.0
!
vlan 102 server
ip address 10.2.2.10 255.255.255.0
!
vlan 100 server
ip address 10.0.0.10 255.255.255.0
gateway 10.0.0.1
!
natpool SRCNAT 10.1.1.200 10.1.1.200 netmask 255.255.255.0
!
serverfarm TESTWEB
nat server
nat client SRCNAT
real 10.1.1.10 80
inservice
real 10.2.2.20 80
inservice
!
vserver TESTWEB80
virtual 10.0.0.100 tcp www
serverfarm TESTWEB
persistent rebalance
inservice
Let me know if you have any questions.
Kris
12-06-2010 10:45 AM
Mahi,
Yes this is possible and configurable. Load balancing to the servers is not the issue. The issue is to ensure that the server's response goes back to the load balancer (CSM). If the CSM is not the default gateway of the servers, the server will respond directly to the client breaking the connection flow.
There are multiple ways to get around this: source NAT, policy based routing (PBR), direct server return (DSR). Source NAT is by far the most common and recommended way to ensure the return path goes back to the CSM. PBR can become cumbersome to manage and DSR has to many limitations.
Regards
Kris
12-07-2010 06:22 AM
Thanks a lot Kris, it definitely gave me an idea to begin with. Anyways, it will be great if you can write me a small config example that best suits our problem. Please do it if you can, else let me know if any of the above example is found online that you came across before.
Thanks and Regards.
Mahi.
12-07-2010 09:28 AM
Mahi,
Here are two basic examples of a CSM in routed mode and a hybrid routing mode using SRC-NAT. Furher configuration for probes or specific applicatin tuning may be needed in your case.
Example 1:
In this example, the servers are on VLAN 101 and 102 and their default gateway is the CSM. It is not necessary to SNAT the connection back to the CSM.
module ContentSwitchingModule 7
vlan 101 server
ip address 10.1.1.10 255.255.255.0
!
vlan 102 server
ip address 10.2.2.10 255.255.255.0
!
vlan 100 server
ip address 10.0.0.10 255.255.255.0
gateway 10.0.0.1
!
natpool SRCNAT 10.1.1.200 10.1.1.200 netmask 255.255.255.0
!
serverfarm TESTWEB
nat server
no nat client
real 10.1.1.11 80
inservice
real 10.2.2.21 80
inservice
!
vserver TESTWEB80
virtual 10.0.0.100 tcp www
serverfarm TESTWEB
persistent rebalance
inservice
Example 2:
In this example the server's gateway is not the CSM. Therefore, we need to SNAT the connection to ensure the return traffic goes back to the CSM.
module ContentSwitchingModule 7
vlan 101 server
ip address 10.1.1.10 255.255.255.0
!
vlan 102 server
ip address 10.2.2.10 255.255.255.0
!
vlan 100 server
ip address 10.0.0.10 255.255.255.0
gateway 10.0.0.1
!
natpool SRCNAT 10.1.1.200 10.1.1.200 netmask 255.255.255.0
!
serverfarm TESTWEB
nat server
nat client SRCNAT
real 10.1.1.10 80
inservice
real 10.2.2.20 80
inservice
!
vserver TESTWEB80
virtual 10.0.0.100 tcp www
serverfarm TESTWEB
persistent rebalance
inservice
Let me know if you have any questions.
Kris
12-07-2010 11:40 AM
This looks great! the concept is pretty clear to me now, its a great help. Thank you very much. I will figure out the rest of the configuration as there is no issue with them.
12-14-2010 05:19 AM
Hello,
I would like to ask if CSS 11500 supports connection load balancing. I have a Japanese partner that wants to use CSS 11500 to support connection Load balancing.
I found this configuration guide:
it was mentioned there that it has a maximum connection of 7. The Japanese partner wants to know what is the meaning of '
'maximum connections"
Hope you can help me on this case..
Regards,
Mark
World Wide Partner Helpline Escalations Team
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: