RTSP in a FW loadbalancing environment with CSM

delvauxra · ‎07-31-2007

Hi,

We use Regular Firewall Configuration with Dual CSMs for loadbalancing.

We try to loadbalance RTSP/UDP (/TCP no problem).

The RTSP Client send a SETUP(TCP 554) to the server requesting respond using UDP port alpha

When the UDP flow come back(using port alpha) , how can i be sure that it use the same FW as the TCP flow??

Thanks in advance.

Raphael

Gilles Dufour · ‎08-01-2007

if you use sticky with reverse sticky, you can guarantee exactly that.

Here is an example I wrote some a while ago:

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a008020927a.shtml

Another solution is to play with predictor hash.

Gilles.

pkovilic · ‎08-01-2007

Gilles,

can't we have the same behavior by using the 'service RTSP' ?

vserver

virtual ip [tcp|udp] rtsp service rtsp

Regards,

Pascal

Gilles Dufour · ‎08-01-2007

you can, but you will dramatically reduce the performance.

I always prefer to avoid the 'service' command every time I can.

Gilles.

pkovilic · ‎08-02-2007

I read the example with sticky & reverse sticky.

Q1 : what does it occurs if there are 2 simultaneous connections from the client (Vlan499) towards the LAN server (Vlan500) and that these 2 connections pass each one by a different firewall?

Q2 : do you agree with me that this example supports only connections from customer = Vlan 499 towards server = Vlan 500 and not the server initiated traffic (= from Vlan 500) ?

Is it right to solve these issues as follow ?

CSM side Vlan499

Sticky 10 address source timeout 60

vserver SERV2FW

vlan499

sticky 60 group 10

vserver FW2SERV

vlan168

reverse-sticky 10

CSM side Vlan500

Sticky 10 address destination timeout 60

vserver SERV2FW

vlan500

sticky 60 group 10

vserver FW2SERV

vlan169

reverse-sticky 10

Regards,

Pascal.