Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
467
Views
0
Helpful
3
Replies

Multiple VIPs per VR

ranjtech74
Level 1
Level 1

‎05-26-2008 04:41 PM

hello,

is it possible to configure multiple VIPs for the same virtual-router on a particular circuit configuration which uses the same redundant-interfaces instead of having to configure redundant-interfaces for each VIP that's added?

I want to do something along the lines of:

ip virtual-router 1 priority 200 preempt

ip redundant-interface 1 192.168.3.254

ip redundant-vip 1 192.168.3.100

ip redundant-vip 1 192.168.3.120

ip redundant-vip 1 192.168.3.140

and then do different things for traffic going to each of these VIPs in my content rules, i.e. have different content-rules for each VIP so different operations can be performed on them.

Currently, although the CSS lets me do this kind of thing, AND the newly created VIPs can be seen in the ARP tables of other network devices in that broadcast domain, I can't seem to ping these VIPs.

Thanks in advance

Labels:
0 Helpful
3 Replies 3

Gilles Dufour
Cisco Employee
Cisco Employee

‎05-27-2008 11:30 AM

Yes, this config is valid.

If you can't ping the vip and they are layer 3, it means the server behing is not responding or sending the response via a different path

Gilles.

0 Helpful

ranjtech74
Level 1
Level 1
In response to Gilles Dufour

‎05-28-2008 12:43 AM

Hi Gilles, thx for that. So basically what you're saying is that if I have a VIP configured but the content rule that uses this is inactive/suspended OR say the backend server is dead or unreachable for any reason, the ping to the VIP will not be replied to? For some reason I was under the impression that if I configure the VIP in the circuit, I will be able to ping it but now the other way makes more sense.

Now the other question is, if I have all these VIPs as in my original question, and they ALL need SSL termination on the CSS AND they all point to different sub-domains AND I have a wildcard SSL cert for that parent domain, then can I create multiple ssl-server entries in my ssl-proxy-list BUT use the same certificate for each ssl-server in the list?

Not sure if that's clear, let me know and I will provide more detail

Thanks in advance

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to ranjtech74

‎05-28-2008 01:13 AM

yes, you can reuse the same key/certificate inside your proxy-list.

And yes, the CSS will not answer ping if the vip is down or if the server is down.

Gilles.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents