CSM and VRF (or: multiple client VLANs)

Unanswered Question
Syed Iftekhar Ahmed Mon, 03/19/2007 - 17:20

There are no issues in mapping the VRF's to the CSM via regular VLANs.

The only exception is if you are using RHI (route health Injection).If you are using RHI, CSM can not injects routes in VRF routing table. RHI only injects routes in MSFC routing table.

Syed Iftekhar Ahmed

The problem is, I want a second client VLAN. But it does not seem that there is any mechanism to tell the CSM to route between 1 client VLAN to another based on any criteria.

I would like to have 'vlan 1 client, gateway 10.0.0.1' and 'vlan 2 client, gateway 20.0.0.1' where traffic from 20.0.0.0/8 might come in on VLAN 2, and should leave on VLAN 2. Other traffic (10.0.0.0/8) may come in on VLAN 1, but leave on VLAN 1.

Syed Iftekhar Ahmed Mon, 03/19/2007 - 23:20

for each flow that hits a vserver, the CSM does remember the MAC address where that flow came in first and sends the return traffic back there.So return traffic for established flows is not an issue.

If you need to handle non-established conns like server initiated connections, then you'll have to add some configuration.

vserver Outbond

virtual 0.0.0.0 0.0.0.0 any

vlan 100 <------- Server vlan

serverfarm outserver

inservice

serverfarm outserver

no nat server <----- Very important

real 10.0.0.1

ins

where 10.0.0.1 is the gateway that you want to use to go out (of course that also means that you're selecting which vlans to use to send that connection out).

One more caveat here: every flow in the CSM contains also VLAN information, so once you send a flow out of a certain vlan, the return traffic will have to come back from that same vlan, otherwise the connection breaks. In some cases, you'll have to source NAT those connections to specific IPs in order to get them back to the correct vlan.

Actions

This Discussion