Misunderstanding in group config (service / destination service)

Answered Question
Jun 11th, 2007

Hi,

I'm trying to understand group configuration on a CSS, particularly the difference between a service and destination service.

If we take the basic example of a client PC and a CSS load-balancing over 3 web servers, all of them being on the same VLAN (hence the need for NATing to ensure return traffic goes through the CSS):

- Upon reception of a request, the CSS looks for a matching content-rule

- Upon matching of the content-rule, an available service is picked-up (based on load-balancing method) from the pool

At that stage, I can imagine two cases:

1. If the service belongs to an active group as a destination service:

- The packet will be source NATed with the VIP specified in the group

In other words, the client PC never sees web-servers real IPs, it only sees the content-rule VIP, and the web-servers are

seeing all requests coming from the group VIP.

2. If the service belongs to an active group as a service (not destination):

- well what happens ?? I don't see the point.

Thanks and Regards,

Arno

I have this problem too.
0 votes
Correct Answer by Gilles Dufour about 9 years 7 months ago

the 2nd point is if the server opens a connection to the PC or anywhere else, and you want it's ip to be nated so it appears as coming from the vip.

Gilles.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Gilles Dufour Mon, 06/11/2007 - 03:48

the 2nd point is if the server opens a connection to the PC or anywhere else, and you want it's ip to be nated so it appears as coming from the vip.

Gilles.

arnaud.chiaberge Mon, 06/11/2007 - 04:00

Merci Gilles,

Ok, I get it know.

So appart from FTP active mode, this quite rare that a server initiate a connection to a client (in terms of client/server paradigm), that's probably why this wasn't obvious to me.

Actions

This Discussion