CSM Deployment -Please Help

bravob · ‎08-26-2008

I hope someone can provide some help, I need to deploy a CSM module for the purpose of Disaster Recovery, the objective is to be able have a standby server in site B so when the server(s) in site A fails to have the CSM direct all traffic to the standby server is site B (please see diagram) the problem is that I've been reading on CSM and I'm supposed to create "client vlans" and "server vlans" and I'm not sure if this applies to my topology (diagram) or objective, the 6509 that have the CSM's is connected directly with a layer 3 10 Gb link to the 6509 is site B that hosts the standby servers, where does the "client vlan" fit? users are already spread over different networks across the WAN/LAN, and what about the server vlan? I appreciate any input...

Syed Iftekhar Ahmed · ‎08-26-2008

As the name suggest Client Vlan is the vlan where the client requests are expected for the Virtual IP addresses of the applications.

Server Vlans are the vlans where Real servers physically reside.

CSM can be deployed in different modes (routed/bridge/one arm)In routed mode the client & Server Vlans belong to different IP subnets.In bridge mode both vlans belong to same IP subnet and in one arm mode there is only one vlan connected to CSM that acts as both client & Server VLan.

As you suggested in your case there are multiple vlans where the client reside. Which means that application requests will come from different IP subnets. Even in this case the VIP associated with application will be listening on a single IP. The vlan to which this Application IP belong is defined as client vlan.

In routed mode usually an SVI is created on MSFC for client vlans. This ensures that resquests from intrantet/internet will be able to reach VIP of application and the responses are routed back to the internet/intranet.

There are no SVI created for Server vlans to ensure that Servers response do not bypass the CSM.

In your diagram if we suppose that vlan 10 is the client vlan & vlan 100 is the server vlan then you will need to create a portchannel between the Cat that will carry traffic for these two vlans. Each CSM will probe both servers to check the availability or load of the application servers.

You will also need another portchanel between two switches for fault tolerance traffic.Inter chassis vlan will ensure that if any CSM module goes offline then the Application will be served by the other CSM module.

Syed Iftekhar Ahmed

bravob · ‎08-28-2008

Syed,

Thanks for your response, in my case the standby server will be located on a different subnet 2 hops away from the active real servers, can this still be done? so the real server IP is for instance:

10.20.30.10

The standby server real IP address is 10.40.50.10

Can clients still access both servers using the same VIP?

Syed Iftekhar Ahmed · ‎08-28-2008

Reals can be in different vlans and also few hops away. As long as following conditions are met

1. Both CSMs know how to reach them (routes/ARPs)

2. Return traffic from servers do not bypass CSM

3. Probe traffic is permitted from both CSMs to Real server by intermediate security devices.

Syed

bravob · ‎09-02-2008

Syed,

One last question, would the Cisco GSS be the most appropriate enterprise solution for this type of deployment then? Thanks.

Syed Iftekhar Ahmed · ‎09-02-2008

GSS and CSM are used for two diffrent purposes.

CSM provides the local server loadbalancing, where you define a virtual IP for an application and this VIP act as the front end for Application serverfarm. CSM selects the local servers based on load/availability from the APP's Serverfarm.

GSS is part of the DNS infrastructure. You can call it an intelligent DNS server. Unlike traditional DNS servers, before handing out the A-records for Name request it polls the VIPs configured on CSM or any LB to check the availabilty & Load. It can serve the A-record for the VIP configured in a particular datacenter using different logics.

for example if your APPs url is http://www.xyz.com and APPs vip on CSM at DC1 is using ip 1.1.1.1 and VIP on DC2 for the same app is configured at 2.2.2.2 then you can define logics such as

For name requests for http://www.xyz.com respond with DC1 ip 1.1.1.1 and if 1.1.1.1 is dead then respond with DC2 ip 2.2.2.2

OR

For 1st name requests for http://www.xyz.com respond with DC1 ip 1.1.1.1 and 2nd response respond with DC2 ip 2.2.2.2 and so on.. (round robin)

OR

For name requests for http://www.xyz.com respond with DC1 ip 1.1.1.1 and if load on DC1 VIP is 70% then respond with DC2 ip 2.2.2.2

In fact GSS & CSM complement each other.

Syed Iftekhar Ahmed

bravob · ‎09-02-2008

Understood, so can the GSS be used externally/internally as well, for clients inside and outside the network, correct?

Syed Iftekhar Ahmed · ‎09-02-2008

Normally a separate GSS network is deployed for Split DNS scenario.One network serving public IPs and another Network serving Private Ips.

GSS Network is a collection of GSSs (upto 8 GSS in a Network) that share the same DNS rules/logic.

Syed