Can I configure csm as one arm and routing mode at the same time?

Unanswered Question
Apr 6th, 2008

My csm currently is configured as the routing mode and bridge mode, resently I have a service requirement which I think the one arm mode should be the best resolution. Can anybody let me know if there will be any affect if I add the one arm mode to the currently production environment?

Thanks in advance.

Jason

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Gilles Dufour Mon, 04/07/2008 - 01:38

Jason,

no problem to add one-arm to this design.

However, one-arm is NEVER the best solution.

This is always the EASIEST to deploy but you will very quickly see the limit of it.

You need to guarantee that the server response goes through the CSM when going to the client.

In one-arm, the server usually bypasses the CSM so client nat is required which prevent the server to know the client ip ....

One-arm looks easy but it's not.

Gilles.

csco10046fen Mon, 04/07/2008 - 06:02

Gille,

Thanks for your quick response. I notice you have same opinion about the one arm mode in your other post, but I think in the multi-tire data center design with fw in bridge mode and csm in one arm mode with RHI, do give us a lot of flexibilty. If I use policy routing instead of source nat, can I overcome these limit you metioned?

Do you know who csm could handle the TFTP traffic? I may have too much question, I am realy looking for your suggestion.

Thanks

Jason

Gilles Dufour Mon, 04/07/2008 - 06:19

you can use policy routing to avoid client-nat.

One-armed is usually a good idea when you have a lot of traffic to/from the servers that do not need to be loadbalanced and therefore do not need to go through the CSM.

About FW and CSM design, the best option I see is CSM in bridge mode with the FW being the default gateway for the servers.

Gilles.

Actions

This Discussion