Multiple VIPs per VR

Unanswered Question
May 26th, 2008
User Badges:

hello,


is it possible to configure multiple VIPs for the same virtual-router on a particular circuit configuration which uses the same redundant-interfaces instead of having to configure redundant-interfaces for each VIP that's added?


I want to do something along the lines of:


ip virtual-router 1 priority 200 preempt

ip redundant-interface 1 192.168.3.254

ip redundant-vip 1 192.168.3.100

ip redundant-vip 1 192.168.3.120

ip redundant-vip 1 192.168.3.140


and then do different things for traffic going to each of these VIPs in my content rules, i.e. have different content-rules for each VIP so different operations can be performed on them.


Currently, although the CSS lets me do this kind of thing, AND the newly created VIPs can be seen in the ARP tables of other network devices in that broadcast domain, I can't seem to ping these VIPs.


Thanks in advance

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Tue, 05/27/2008 - 11:30
User Badges:
  • Cisco Employee,

Yes, this config is valid.

If you can't ping the vip and they are layer 3, it means the server behing is not responding or sending the response via a different path


Gilles.

ranjtech74 Wed, 05/28/2008 - 00:43
User Badges:

Hi Gilles, thx for that. So basically what you're saying is that if I have a VIP configured but the content rule that uses this is inactive/suspended OR say the backend server is dead or unreachable for any reason, the ping to the VIP will not be replied to? For some reason I was under the impression that if I configure the VIP in the circuit, I will be able to ping it but now the other way makes more sense.


Now the other question is, if I have all these VIPs as in my original question, and they ALL need SSL termination on the CSS AND they all point to different sub-domains AND I have a wildcard SSL cert for that parent domain, then can I create multiple ssl-server entries in my ssl-proxy-list BUT use the same certificate for each ssl-server in the list?


Not sure if that's clear, let me know and I will provide more detail


Thanks in advance

Gilles Dufour Wed, 05/28/2008 - 01:13
User Badges:
  • Cisco Employee,

yes, you can reuse the same key/certificate inside your proxy-list.

And yes, the CSS will not answer ping if the vip is down or if the server is down.


Gilles.

Actions

This Discussion