Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2091
Views
0
Helpful
7
Replies

Cisco CSS 11501 Content Services Switch Configuration

M.Alnouri
Level 1
Level 1

‎02-05-2008 01:29 AM - edited ‎03-05-2019 08:56 PM

Hi all,

I have a Cisco CSS 11501 Content Services Switch with the bellow configurations.

!************************** SERVICE **************************

service service1

ip address 10.122.193.100

active

service service2

ip address 10.122.193.101

active

!*************************** OWNER ***************************

owner erefill_service1

content L3_Rule

protocol tcp

add service service1

add service service2

balance aca

advanced-balance sticky-srcip

port 8080

vip address 10.122.193.97

active

the two services are connected to a switch, and the 11501 content switch is connected to the same switch, and my laptop is connected to the same switch also.

when I try to request the "L3_Rule" from my laptop by doing "http://10.122.193.97:8080" nothing is returned.

I can ping the two services from the content switch and I can ping the content rule virtual IP from my laptop also, but I can't get any thing in return when request the service... Except when I connect the services directly to the content switch, but this is not the way I want to work...

My configurations looks fine to me... but why it's not working...

Please help and advice.

Regards,

Moz.

Labels:
0 Helpful
7 Replies 7

sg37868
Level 1
Level 1

‎02-05-2008 08:23 AM

Hi,

please find a brief presentation of the problem and an easy solution in the attachment (PowerPoint).

It sounds like the requests are passing the CSS while the responses are directly switched from service to your laptop (bypassing the CSS).

As the CSS performs NAT on the request, the client is unable to classify those direct responses from the services.

To solve this behaviour, just make sure the traffic is always passing the CSS in both directions. The CSS will then be able to revert the NAT on the responses.

I hope this helps.

9574-CSS-flow.ppt
Preview file
84 KB
0 Helpful

M.Alnouri
Level 1
Level 1
In response to sg37868

‎02-05-2008 08:58 AM

sorry but I couldn't download the attachment... "Access Denied"...

I understand from your replay that the traffic goes from the CSS to the servers but not from the servers back to it...

I'll be greatful if you emailed me the attached file to eng.moz@gmail.com

0 Helpful

sg37868
Level 1
Level 1
In response to M.Alnouri

‎02-05-2008 09:13 AM

Your understanding of my reply is correct.

eMail is under way with Topic: CSS-Issue.

0 Helpful

M.Alnouri
Level 1
Level 1
In response to sg37868

‎02-05-2008 10:46 AM

OK,

Many thanks for your response...

I think that it doesn't differ if the laptop is connected to the switch also... In this case the request will pass the switch to the CSS, and the CSS will send the request to the server... and the server will replay back through the CSS, then the switch to my laptop...

I really appreciate your patient with me.. but this is very important for me...

If the above is totally correct, can you please help me in troubleshooting why I can't get back the date to my laptop...

Thanks again...

Moz.

0 Helpful

M.Alnouri
Level 1
Level 1
In response to M.Alnouri

‎02-06-2008 01:47 AM

Mt friend you are right...

Once I connect the laptop to the CSS and request for http://10.122.193.97:8080 it works fine...

If I connect it to the switch and requested the same no replay is back...

Please note that I've checked the vlans and all the ports are in the same one.

Please advice,

Thanks in advance,

Moz.

0 Helpful

sg37868
Level 1
Level 1
In response to M.Alnouri

‎02-07-2008 07:57 AM

Hi.

This behaviour is because the server does not send back the response to the CSS by default!

The Layer 3 functionality, the CSS uses to forward requests to the servers, is NAT (Network Address Translation - or Port Address Translation if configured).

Unfortunately by default, only the server-IP is translated, so a real server always answers to the original client-IP.

If now the CSS is used in so called "one armed" mode (clients and servers are connected through the same interface to the CSS), by default the responses will bypass the CSS and the NAT won't be reverted.

The infrastructure-design you described is "one armed".

To also perform a NAT for the client IP and thereby force all responses to always pass the CSS, you may use so called source groups.

In your example following additional config should work (unfortunately i never used it in production myself):

group Servers

vip address 10.122.193.97

add destination service1

add destination service2

active

Here's an additional CCO-Link describing the problem and its solution very detailed:

http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_configuration_example09186a0080093dff.shtml

0 Helpful

M.Alnouri
Level 1
Level 1
In response to sg37868

‎02-09-2008 11:09 PM

Thank you very much... actually it's a very useful document.

I'll get back to this conversation and finish it...

0 Helpful
li.common.scroll-to.top