CSS VIP access

Unanswered Question
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Syed Iftekhar Ahmed Wed, 08/27/2008 - 11:35
User Badges:
  • Blue, 1500 points or more

Its Do-able.

You will need to use source group to NAT the client's source IP so that the end server doesn't respond directly back to the client but instead goes back to the CSS.

Issue is that when WEB1 sends request to VIP configured for DB servers the CSS will select either DAT1/DAT2 and will hand over the traffic to the DAT1/DAT2. Now from DAT1/DAT2 perspective the source-address of this request is from WEB1 and since both WEB & DAT servers share same L2 VLAN it will attempt to send the response back to WEB1 directly using ARP(bypassing CSS and making the connection Assymetric). Since WEB1 sent request to VIP not DAT1/DAT2 ip , WEB1 will drop the response.


Syed Iftekhar Ahmed


This Discussion