Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
652
Views
0
Helpful
3
Replies

IOS SLB or CSS?

cocampbell
Level 1
Level 1

‎01-17-2008 07:47 AM

Hi

I am revieiwing SLB options for my client - real server and client side access subnets terminate on common 6500s/Sup720s....intial requirement is small so IOS SLB looks like a possible fit as tactical (would require feature set upgrade)....any known issues?

If I go for CSS then I assume that I will need to use SLB-on-a-stick config and destination/source NAT given current access topology...right?...i.e. I do not weant to have to re-engineer/place layer 3 separation between client-side MSFC and server farms.

Labels:
0 Helpful
3 Replies 3

Gilles Dufour
Cisco Employee
Cisco Employee

‎01-18-2008 02:05 AM

the CSS would be a better solution.

More features, more performance, more scalable.

You don't need to have it on-a-stick.

The CSS can work in bridge mode.

So, you can keep your current addressing.

You would have to add a vlan, move the msfc interface to that vlan and connect the css to this new vlan and the old vlans with the servers and then have the css bridge both vlans.

Gilles.

0 Helpful

cocampbell
Level 1
Level 1
In response to Gilles Dufour

‎01-22-2008 03:47 AM

Gilles

Thanks for fast response....I assume this is 'dispatch mode' where dest IP remains constant/MAC is modified.

My deployement issue is further complicated as SLB may need to enconmpass real servers being in subnets on both local 6500/Sup720 access vlans and those on peer (OSPF) remote

6500/Sup720 access vlans.

It seems to me that to avoid re-IPing, the best approach is to use CSS on a stick and use source/dest NAT....side affect of this is all clients appearing to real servers on single source IP = SLB VIP. Do you agree?

Also, would above work if some of the real servers were on 'foreign' peer Sup720 access subnets L3 reachable to the local Sup720? On paper this would seem to be fine as long as L3 reachability exists between remote real server and the SLB VIP which will be the address by which all real servers recognise clients.

Cheers for your input.

Colin

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to cocampbell

‎01-23-2008 02:45 AM

Colin,

my example is not just for dispatched mode.

It works if you nat the dst ip as well.

The idea is to guarantee that the response from the server goes back through the CSS.

You can insert the CSS inline between gw and server or between 2 routers and have the servers distant. All it matters is that there is no other way for the servers to go to the client.

With one-armed you indeed need to do client nat.

You could also do PBR to avoid client nat and redirect the server response to the css.

Gilles.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents