CSS11500- services configuratio

Unanswered Question
Nov 19th, 2007


We plan to use CSS11500 series load balancer. We are having two identical servers which we need to load balance for client request. We are having only one client which will use these two servers. If we use only one server, we are facing some delay at client. So plan to use load balancer. Our connectivity is like this, single client makes two TCP connections with this server continously. ( one on 9530 port and another 9531 port ). That it is a single session established with server from client. We checked it using netstat command and from the PIX firewall.so far so good. ( One client one server working ok but with delay ).

Now if we add loan balancer in between with VIP, cleint will make request to this VIP . Then these packets will undergo IP address translation ( source will be that of CSS ip address and destination will be indivisual server ip address ). Servers will replay to this packet, this packet will be received by CSS , it will put the VIP as source address and will replace the destinatin address as client address will sent the packet back to client. This is at layer 3 working fine. But as our client is making only one session with VIP ( earlier with only one server with two ports). After adding load balancer , it will send packets to two different servers in a round robin algorith. But will the second server work properly as packets received on this may have been processed by another server in the existing session. so what is the application prerequisite so support load balancer ( which send packets to each server in round robin algorithm ). How application will need to support the layer three load balancing. If application is just a static pages on webserver , I think it will work. As each packet contents will be checked by each indivisual server and the corresponding page will be sent to client. But for complex application like what we have , ( database , user authentication, accounting and lots more ). how will application or CSS.

In a nut-shell if only one client makes a continuous connection with server, can loand balancer ( layer three load balanceing ) be made to work ?

Thankx in advance.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Diego Vargas Mon, 11/19/2007 - 07:05


Based on your description it seems like you need to configure stickiness. If my understanding of the issue is clear you have flows on one port going to one server and then the other connection gets balanced to the other server which is not aware of the client session since that was sent to the first server.

You can configure the CSS to keep one client going to the same server for the whole session by using stickiness.

In this case you will need to use stickiness by source ip. Configure it with this command under the content rule.

advance-balance sticky-srcip

You will need to have a single layer 3 content rule to get both flows on port 9530 and 9531 since the stickiness on the CSS is not global but per content rule.

Hope it helps!!

bapatsubodh Mon, 11/19/2007 - 08:09


Definitely i will try stick configuration.

But still i am not clear about configuration any sample configuration on cisco.com ?

Or secondly what is the application requirement to support packet based load balancing. ( 50 % packets to server 1 and 50 % packets to server 2 ). So that we need to test our application first , if it supports packet based load balancing.

Any link onc cisco.com is highly appreciable.



Diego Vargas Mon, 11/19/2007 - 08:25


The configuration would look like this:

content test

vip address

add service test1

add service test2

advance-balance sticky-srcip


**Notice there is no port specified so the rule will match traffic on any port for that VIP.

service test1

ip address


service test2

ip address


**You can add the keepalive of your preference for the services

With regards to your second question. The CSS and I believe any load balancer will not balance packets but flows. The Load balancer needs to decide which server will get a flow and send the traffic to that server, therefore that flow will be mapped all the packets within the same flow will go to the same server.

You cannot expect a flow to get split and balance packets of the same flow between the servers.

Keep in mind that the way TCP works would not allow that.

So round robin works by sending one flow (connection) to one server and other flow to the second server. That actually is going to show as even load balancing after some time.

Also be aware than when configuring stickiness the even load balancing of flows will be affected since you are asking the CSS to keep all of the flows from an specific source mapped to a server.

The CSS will include a line on its sticky table for that source with the server selected.


This Discussion