cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
523
Views
4
Helpful
4
Replies

CSS deployment topology

shibindong
Level 1
Level 1

please see the attached 2 topology about the CSS deployment, can someone tell me what is the different of these 2 approach? And what is the disadvantage of advantage?

thanks

2 Accepted Solutions

Accepted Solutions

One arm mode is ideal in situations where there is an existing Infrastructure and you do not want to make any changes to the network. Another

advantage is that Non-LB traffic (Which could be huge like backups) doesnt passes through CSS thus leaving high throughput for LB traffic. One disadvantage is that if your real servers will see all traffic sourced from CSS ip (If you are using source NAt).

In routed mode all traffic to reals (Non LB & Load balanced) traffic passes through the CSS.

It can provide extra security as you can hide the Reals behind the CSS.

View solution in original post

i would like to add one more mode that might be useful which is relate to the left one

in addition to be in a routed-mode it can be configured in brige-mode

in this case the server default gateway will be the router not the CSS

To configure your CSS in bridge mode, you simply configure your client and server VLANs with the same VLAN number. You must also configure the client and server subnets as the same

also this note from cisco press very helpful:

Because the CSS handles bridged packets in software, unless absolutely necessary, you should avoid configuring your CSS in bridge mode. Instead, you should configure your CSS in router mode, where packets are processed in hardware. Alternatively, the CSM handles both bridge- and router-mode traffic in hardware

thanks

please if helpful Rate

View solution in original post

4 Replies 4

Its "One Arm-- rightside" Vs "Inline Routed mode -- left side".

In One Arm you need to make sure that return traffic from servers passes through the CSS. Source NAT & PBR are used in these cases.

Default gateway of servers in One ARM mode is the upstream router.VIPs and Real servers can share the same subnet.

In Inline routed mode, CSS is defined as default gateway for the real servers. Vips and Real Servers are on diff subnets.

Syed Iftekhar Ahmed

thanks for your explaination! Can you give me know information about: in which circumstance, we should choose "one armed" or "in-line " mode?

One arm mode is ideal in situations where there is an existing Infrastructure and you do not want to make any changes to the network. Another

advantage is that Non-LB traffic (Which could be huge like backups) doesnt passes through CSS thus leaving high throughput for LB traffic. One disadvantage is that if your real servers will see all traffic sourced from CSS ip (If you are using source NAt).

In routed mode all traffic to reals (Non LB & Load balanced) traffic passes through the CSS.

It can provide extra security as you can hide the Reals behind the CSS.

i would like to add one more mode that might be useful which is relate to the left one

in addition to be in a routed-mode it can be configured in brige-mode

in this case the server default gateway will be the router not the CSS

To configure your CSS in bridge mode, you simply configure your client and server VLANs with the same VLAN number. You must also configure the client and server subnets as the same

also this note from cisco press very helpful:

Because the CSS handles bridged packets in software, unless absolutely necessary, you should avoid configuring your CSS in bridge mode. Instead, you should configure your CSS in router mode, where packets are processed in hardware. Alternatively, the CSM handles both bridge- and router-mode traffic in hardware

thanks

please if helpful Rate

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: