CSS services running on remote switches.

Unanswered Question

Is it possible to get a CSS switch to load balance servers that are not directly connected. I have tried to do this for Web servers but without success. If the servers are directly connected it works fine, but if they are connected to a layer 2 switch, the CSS sees the services as alive, but no connection is established.

Is there something I am over looking?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Diego Vargas Sun, 08/05/2007 - 11:19

Yes, it is possible to have the servers not connected to the CSS itself. The important thing here is that depending on your desing this may cause an asymetric floe, since the server response will bypass the CSS.

If you are not doing source NATing on the CSS, then the server is seeing the real client?s IP as the source IP, so it will try to respond directly to the client and will do it thru the layer 2 switch.

Since the client sent a request to the VIP on the CSS, when sees the response from the server will drop the packets.

You can configure source NATing on the CSS to prevent this issue.

Configure a group and use add destination service to add the servers, like this

group test

vip address

add destination service server1

add destiantion service server2


If you do not want the source NATing option, you can configure the servers to point to the CSS as their default gateway, that should prevent the asymmetric flow as well.

Hope it helps!!


This Discussion