CSS deployment topology

Answered Question
Jul 30th, 2008
User Badges:

please see the attached 2 topology about the CSS deployment, can someone tell me what is the different of these 2 approach? And what is the disadvantage of advantage?

thanks



Attachment: 
Correct Answer by Marwan ALshawi about 8 years 11 months ago

i would like to add one more mode that might be useful which is relate to the left one

in addition to be in a routed-mode it can be configured in brige-mode

in this case the server default gateway will be the router not the CSS

To configure your CSS in bridge mode, you simply configure your client and server VLANs with the same VLAN number. You must also configure the client and server subnets as the same


also this note from cisco press very helpful:


Because the CSS handles bridged packets in software, unless absolutely necessary, you should avoid configuring your CSS in bridge mode. Instead, you should configure your CSS in router mode, where packets are processed in hardware. Alternatively, the CSM handles both bridge- and router-mode traffic in hardware


thanks


please if helpful Rate

Correct Answer by Syed Iftekhar Ahmed about 8 years 11 months ago

One arm mode is ideal in situations where there is an existing Infrastructure and you do not want to make any changes to the network. Another

advantage is that Non-LB traffic (Which could be huge like backups) doesnt passes through CSS thus leaving high throughput for LB traffic. One disadvantage is that if your real servers will see all traffic sourced from CSS ip (If you are using source NAt).



In routed mode all traffic to reals (Non LB & Load balanced) traffic passes through the CSS.

It can provide extra security as you can hide the Reals behind the CSS.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.7 (3 ratings)
Loading.
Syed Iftekhar Ahmed Wed, 07/30/2008 - 20:24
User Badges:
  • Blue, 1500 points or more

Its "One Arm-- rightside" Vs "Inline Routed mode -- left side".


In One Arm you need to make sure that return traffic from servers passes through the CSS. Source NAT & PBR are used in these cases.

Default gateway of servers in One ARM mode is the upstream router.VIPs and Real servers can share the same subnet.


In Inline routed mode, CSS is defined as default gateway for the real servers. Vips and Real Servers are on diff subnets.


Syed Iftekhar Ahmed

shibindong Thu, 07/31/2008 - 00:29
User Badges:

thanks for your explaination! Can you give me know information about: in which circumstance, we should choose "one armed" or "in-line " mode?


Correct Answer
Syed Iftekhar Ahmed Thu, 07/31/2008 - 00:40
User Badges:
  • Blue, 1500 points or more

One arm mode is ideal in situations where there is an existing Infrastructure and you do not want to make any changes to the network. Another

advantage is that Non-LB traffic (Which could be huge like backups) doesnt passes through CSS thus leaving high throughput for LB traffic. One disadvantage is that if your real servers will see all traffic sourced from CSS ip (If you are using source NAt).



In routed mode all traffic to reals (Non LB & Load balanced) traffic passes through the CSS.

It can provide extra security as you can hide the Reals behind the CSS.

Correct Answer
Marwan ALshawi Thu, 07/31/2008 - 04:32
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

i would like to add one more mode that might be useful which is relate to the left one

in addition to be in a routed-mode it can be configured in brige-mode

in this case the server default gateway will be the router not the CSS

To configure your CSS in bridge mode, you simply configure your client and server VLANs with the same VLAN number. You must also configure the client and server subnets as the same


also this note from cisco press very helpful:


Because the CSS handles bridged packets in software, unless absolutely necessary, you should avoid configuring your CSS in bridge mode. Instead, you should configure your CSS in router mode, where packets are processed in hardware. Alternatively, the CSM handles both bridge- and router-mode traffic in hardware


thanks


please if helpful Rate

Actions

This Discussion