CSS 11503 as Gateway Problem

Unanswered Question

Hey guys,

I configured my companies 2 CSS's as load balancers for a bunch of web servers and they work great except for a minor issue that I cant seem to resolve. When a web daemon on a server crashes, or is shutdown for one reason or another, the CSS removes that service from the pool, which is good, but that server looses connection to the outside world. We can still SSH into the server and push data onto it, but the route to the outside world is dead.

This is a problem since our servers often need to connect to outside resources on startup.

We are currently set up with a 2-Tier network layout where the CSS is connected to our public network (say 198.202.0.0/24) and our servers sit on a private network(192.168.0.0/24) and use the CSS as their gateway.

I tried a number of fixes to rectify the situation, but nothing has worked so far. The servers have another NIC connected directly to the public network, but since the default GW is the CSS, it does not help. I tried changing the default GW on the servers to point to our public GW, but then access through the CSS VIP does not work. Static routes don't do the trick either.

Is there any configuration option that I can change so that the CSS does not kill the GW for a server whose service is down?

Either that, or do you know of a better way to lay out the configuration so we avoid the problem?

If needed I can post the configuration of our CSS and the network setup on our servers.

Any help is greatly appreciated.

Boki

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Syed Iftekhar Ahmed Thu, 10/23/2008 - 23:03

CSS by default acts as a router but you need to translate the Real server's ip for server originated traffic.

To have the CSS nat traffic initiated by the server side you need to add a "source group" into the CSS config. Here is what you need:

group

vip address

add service

add service

etc...

active

This will force the CSS to NAT server initiated traffic.

Syed Iftekhar Ahmed

Thanks for the response Syed.

We already have groups set up for the servers. I have attached our config file (slightly edited for security reasons) to see our setup.

Here are some more details on our setup.

General:

Public Network: 198.202.0.0/24

Private Network: 192.168.0.0/24

Public Gateway: 198.202.0.13

CSS IP: 198.202.0.1

CSS Gateway: 192.168.0.1

Server Network Setup:

Default Gateway -> CSS Gateway (192.168.0.1)

Eth0 198.202.0.10#

Eth1 192.168.0.10#

As I said, while the Tomcat daemon is running, the server can ping to the outside world through the CSS, but as soon as the daemon is stopped, the keepalive detects it as down, removes it from the pool and drops all outgoing packets from that server.

Boki

Syed Iftekhar Ahmed Fri, 10/24/2008 - 15:24

Can you try using a different IP (other than 198.202.0.51 )in group configuration.

group webservers

add service http2

add service http3

add service http1

vip address 198.202.0.x

active

Syed

Actions

This Discussion