CSS11503 load balancing virtual server IP's

Answered Question
Jul 9th, 2007
User Badges:

Hi CSS experts,


We have a Cisco Content Services Switch 11503 Load Balancer which seems to require Real Server NICs to be plugged in. When I plug a cable from our Cisco 3560 switch into the Cisco Load Balancer, it can't see the 2 web server IP's that I'm trying to load balance for HTTP/HTTPS. The virtual IP does not display the webpage of either web servers.


On the otherhand, when I use two physically separate 1U web servers and physically plug 2 cables (1 for each server) into the CSS 8 port switch, the virtual IP is able to redirect the traffic to both web servers.


How do I configure the CSS to load balance and actually see 2 IP's on the network which isn't plugged in physically per server into the CSS 8 port switch.


Internet->CSS->1 cable plugged into Cisco switch which host 2 web servers.


Thanks,

Mike


Configuration:


circuit VLAN1

ip address 192.168.1.10 255.255.255.0


service Websrv1

ip address 192.168.1.104

protocol tcp

port 80

keepalive type http non-persistent

active



service Websrv1SSL

ip address 192.168.1.104

protocol tcp

port 443

keepalive type ssl

active


service Websrv2

ip address 192.168.1.101

protocol tcp

port 80

keepalive type http non-persistent

active


service Websrv2SSL

ip address 192.168.1.101

protocol tcp

port 443

keepalive type ssl

active


owner Web

content NG

add service Websrv1

add service Websrv2

vip address 192.168.1.7

port 80

protocol tcp

advanced-balance arrowpoint-cookie

url "/*"

active


content NGSSL

add service Websrv1SSL

add service Websrv2SSL

vip address 192.168.1.7

port 443

protocol tcp

advanced-balance sticky-srcip

sticky-inact-timeout 60

active

Correct Answer by rich_harris about 9 years 11 months ago

Hi


Does the server have a direct route to the client i.e. not via the CSS. If so try making the CSS the default gateway for the server.


The CSS will need a route to the client network.


Cheers

Rich

Correct Answer by Gilles Dufour about 9 years 11 months ago

The CSS does not care if the servers are locally attached or not.

But it needs to be able to communicate with them.

So make sure you can ping the servers.

Check arp table.

See if the servers show up in the 'sho service-summary'.


If all look good, make sure the server response to the client goes back through the CSS and is not routed by another device. The CSS is stateful so it requires to see all traffic.


Gilles.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
5dtsoperation Thu, 07/05/2007 - 07:20
User Badges:

I checked the connectivity to the servers form the CSS and it was good. I was able to ping, and the connection status in sh service summary incremented by 1 each time I tried to connect. From the server, I was able to ping back to the IP of the CSS and the VIP address as well. I have tried using only 1 server for 1 VIP. I have tried changing the default gateway on the server to the IP of the CSS and the VIP IP as well. It still doesn't seem to help. Anymore suggestions for me to try?


Thanks

Mike

mathews.baby Tue, 07/10/2007 - 23:18
User Badges:

hi,


Please check whether both the servers are into same vlan ports.


Mat

Gilles Dufour Wed, 07/11/2007 - 03:01
User Badges:
  • Cisco Employee,

Mike,


a sniffer trace would be useful.

Try to sniff frontend and backend of CSS to see the client traffic and server traffic at the same time.

You can also configure client nat on the css to see if it helps - that would guarantee this is not a routing issue.

Also, if you have configured acl, try 'acl disable' to see if it makes any difference.


Gilles.

Correct Answer
rich_harris Wed, 07/11/2007 - 06:06
User Badges:

Hi


Does the server have a direct route to the client i.e. not via the CSS. If so try making the CSS the default gateway for the server.


The CSS will need a route to the client network.


Cheers

Rich

5dtsoperation Wed, 07/11/2007 - 10:38
User Badges:

Thanks, that idea reminded me of the static route I had to add on the web server to properly route back to CSS of my test machine on the same network.

Correct Answer
Gilles Dufour Mon, 07/09/2007 - 23:56
User Badges:
  • Cisco Employee,

The CSS does not care if the servers are locally attached or not.

But it needs to be able to communicate with them.

So make sure you can ping the servers.

Check arp table.

See if the servers show up in the 'sho service-summary'.


If all look good, make sure the server response to the client goes back through the CSS and is not routed by another device. The CSS is stateful so it requires to see all traffic.


Gilles.

5dtsoperation Wed, 07/11/2007 - 10:39
User Badges:

Thanks for answering my original question gdufour. That helped alot.

Actions

This Discussion