CSS group and ACE NAT

danilodicesare · ‎11-11-2008

Hi all,

may you help me to understand those commands:

content foo

add service bar01_11111

add service bar02_11111

balance aca

protocol tcp

port 11111

vip address 10.0.0.1

active

group foo_group

vip address 10.0.0.1

add destination service bar01_11111

add destination service bar02_11111

active

flows: src1.1.1.1(A) dst10.0.0.1(B,CSS_VIP), service(C,D)

from ClientToCss: src A dst B(VIP) -- from CSStoServerBalanced src B(srcNAT) dst C,D -- from ServerToCSS src C,D dst B -- from CssToClient src B dst A

is the above example right?

If a flows begin from servers will they be SRC natted with 10.0.0.1

and if i put also this stuff what's happend?

group foo_group_int

vip address 11.0.0.2

add service bar01_11111

add service bar02_11111

active

could be ok this configuration if i have to hit, with servers bar01 and bar02 content foo(10.0.0.1, same servers balancing)?

So in this way server will hit the VIP but CSS will nat src and put 10.0.0.2 as address so that return traffic will pass to CSS

with ACE i have just to put nat commands on right interface?

thx a lot

Das

Gilles Dufour · ‎11-12-2008

You can't configure both 'add service' and 'add destination service' with the same vip.

You could do it using ACL, but it is more complex.

add destination service will nat src ip when traffic is forwarded to the destination service.

add service will nat the src ip when traffic is coming from the service.

More info @

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.20/configuration/content_lb/guide/SGrp.html

Gilles.