cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
597
Views
5
Helpful
7
Replies

CSM Issues - SLB not working

network_dude
Level 1
Level 1

Hello,

I'm having trouble moving my SLB configuration to the CSM. Please take a look at my very basic code below...why isn't this working?

module ContentSwitchingModule 4

vlan 101 server

ip address 10.101.1.20 255.255.255.0

vlan 102 client

ip address 10.102.1.10 255.255.255.0

gateway 10.102.1.1

serverfarm ACS

nat server

no nat client

real 10.101.1.30 8080

inservice

vserver TEST

virtual 10.101.1.40 tcp www

serverfarm ACS

persistent rebalance

inservice

Thank you,

Scott

1 Accepted Solution

Accepted Solutions

the problem is the server traffic not returning to the client through the CSM.

[see the server pkts counter being null].

Make sure the CSM is the default gateway for the server or configure a client natpool in the serverfarm to force the csm to nat the client ip.

Gilles.

View solution in original post

7 Replies 7

Gilles Dufour
Cisco Employee
Cisco Employee

this config is ok.

It should work.

What is not working exactly ?

Can you ping the csm vlan ip addresses ?

Can you ping the vserver ?

Do you see any hit on the vserver with the command 'sho mod csm 4 vser name test detail' ?

Gilles.

I thought the config was correct as well...Yes, I can ping both the CSM VLAN as well as the vserver. It almost appears that everything is working, but I'm not getting the content...the connection is timing out.

I ran a sniffer from my box, and I see my machine sending a SYN to the vserver, but I never receive a SYN/ACK...I eventually receive a FIN/ACK.

show mod csm 4 vser name test detail

TEST, type = SLB, state = OPERATIONAL, v_index = 30

virtual = 10.101.1.40/32:80 bidir, TCP, service = NONE, advertise = FALSE

idle = 3600, replicate csrp = none, vlan = ALL, pending = 30, layer 4

max parse len = 2000, persist rebalance = FALSE

ssl sticky offset = 0, length = 32

conns = 1, total conns = 3

Default policy:

server farm = ACS, backup =

sticky: timer = 0, subnet = 0.0.0.0, group id = 0

Policy Tot matches Client pkts Server pkts

-----------------------------------------------------

(default) 3 7 0

the problem is the server traffic not returning to the client through the CSM.

[see the server pkts counter being null].

Make sure the CSM is the default gateway for the server or configure a client natpool in the serverfarm to force the csm to nat the client ip.

Gilles.

I created a natpool...and the natting seems to be working, but my server pkts are still at 0.

show mod csm 4 conns detail

prot vlan source destination state

----------------------------------------------------------------------

In TCP 101 10.128.117.106:3455 10.101.1.40:80 ESTAB

Out TCP 101 10.101.1.30:8080 10.90.66.155:8205 ESTAB

vs = TEST, ftp = No, csrp = False

real = (n/a)

The 10.90.66.155 is my nat address.

show mod csm 4 vservers detail

TEST, type = SLB, state = OPERATIONAL, v_index = 30

virtual = 10.90.70.40/32:80 bidir, TCP, service = NONE, advertise = FALSE

idle = 3600, replicate csrp = none, vlan = ALL, pending = 30, layer 4

max parse len = 2000, persist rebalance = FALSE

ssl sticky offset = 0, length = 32

conns = 0, total conns = 9

Default policy:

server farm = ACS, backup =

sticky: timer = 0, subnet = 0.0.0.0, group id = 0

Policy Tot matches Client pkts Server pkts

-----------------------------------------------------

(default) 9 24 0

use a natpool with an address in the range 10.101.1.x to make sure the server gets directly to the csm.

If you use another address, the server will use its default gateway again which is not the csm apparently.

Gilles.

That seems to be working...thank you very much! I'm just a little confused as to why changing to natpool to the same network as the servers fixed the issue. Do you know why it didn't work using a different network configured on the same switch?

Thank you very much for all your help Gilles!

Scott

because when the natpool address is in the same subnet as the server, the server will arp directly for the address instead of using its default gateway.

The all problem here is the routing table of the server which is not correct to forward the traffic back to the csm.

Gilles.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: