06-01-2007 04:15 AM
Hi,
I need to know what happens when I suspend a group or a content rule (to modify it, ie: remove or add a service):
1. Does it affect existing flows making use of this group/content rule ?
2. Does it only affect new connections ?
3. In a ASR redundancy mode, would the backup CSS take over new connections while the group/content rule is suspended ?
I'm looking for a way of amending my configuration (ie: remove/add a service to existing content rule or group) without being disruptive to the service.
Thanks
Arno
06-01-2007 08:27 AM
Hello Arno,
What happens when I suspend a group or a content rule:
1. Does it affect existing flows making use of this group/content rule ?
R/ Yes, at the point that you suspend the content rule the CSS is going to stop doing arping for that VIP address, so the current connections are going to be lost. And the new ones are not going to be able to reach the vip address.
For the group, if you suspend the group the only thing that is going to happen is that the CSS wont nat the new connections.
2. Does it only affect new connections ?
R/ Nop, it will affect also connections already established. (Just if you suspend the content rule) the group works when the traffic match on the content rule, so, when the content rule choose the service to send the traffic the CSS is going to check that the service is linked to a group in order to do the nat.
3. In a ASR redundancy mode, would the backup CSS take over new connections while the group/content rule is suspended ?
R/ Nop, the CSS is going to be the master for all the vips, including the one that you suspend, if the critical services and the reporters are alive the backup CSS is going to be the backup until the Master change to down.
So, does not matter if you suspend all content rules on your Master CSS, because the critical services and the reporters are alive.
If you need to modify your content rule, you will need a down time, or a maintenance window, if you don't want to do a failover.
Hope this help.
- Rodrigo
06-04-2007 01:32 AM
Hi Rodrigo,
Thank you very much for this very clear explanation.
Rgds,
Arno
06-04-2007 04:41 AM
I would think you could also turn down your outside interfaces (facing the client) and force the backup CSS to become the master. Make your changes on the initial CSS, turn your interfaces back up forcing traffic back, and then make changes on the second CSS.
I hope this helps,
Tom
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide