Question regarding load balancing UDP traffic, one armed mode on CSS

Answered Question
Nov 13th, 2008
User Badges:

Hi, I'm trying to set up a CSS so it will forward SNMP traps (UDP 162) to a back end service. The config for this should be very simple, I shouldn't have any requirement for source groups as there is no return traffic, the only doubt in my head, is whether or not this will work if the traffic comes in on one vlan and goes back out of the same interface on a different vlan.

For my test, the source address is 10.0.0.254, and the trap destination is 1.1.200.21 (the VIP).

Our HTTP rule works fine, but this SNMP rule doesn't. If I sniff the CSS port, I can see the trap going to the CSS, but if I do sh summary on the CSS, I dont see any hits on the SNMP rule. The service is up.

Can anyone offer any advice on this?

I'll paste the config below.

Many Thanks in advance

Dom





CSS11503# sh run


!Generated on 11/13/2008 09:23:00


!Active version: sg0710102



configure




!*************************** GLOBAL ***************************


ip route 0.0.0.0 0.0.0.0 1.1.200.251 1


ip route 1.1.10.1 255.255.255.255 1.1.6.251 1



!************************* INTERFACE *************************


interface 1/1


description "trunk port to EH_4507"


trunk



vlan 6



vlan 7



vlan 200



!************************** CIRCUIT **************************


circuit VLAN1



ip address 192.168.10.1 255.255.255.0



circuit VLAN6


description "MGT interface"



ip address 1.1.6.250 255.255.255.0



circuit VLAN7



ip address 1.1.7.250 255.255.255.0



circuit VLAN200


description "VIP VLAN"



ip address 1.1.200.250 255.255.252.0



!************************** SERVICE **************************


service CUSA_TRAPS


ip address 1.1.10.1


protocol udp


port 162


keepalive type none


active



service WEB


ip address 1.1.7.1


keepalive type none


active



!*************************** OWNER ***************************


owner CUSA



content TEST


vip address 1.1.200.20


add service WEB


protocol tcp


port 80


url "/test/*"


active



content TRAPS


vip address 1.1.200.21


protocol udp


port 162


add service CUSA_TRAPS


active


Correct Answer by Syed Iftekhar Ahmed about 8 years 6 months ago

By default CSS doesnt setup flows for SNMP traffic.


Please read the following for details


http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v7.40/configuration/content_lb/guide/flow.html#wp1038255


You need to apply the following command

flow-state 162 udp flow-enable


Syed Iftekhar Ahmed

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Syed Iftekhar Ahmed Thu, 11/13/2008 - 10:28
User Badges:
  • Blue, 1500 points or more

By default CSS doesnt setup flows for SNMP traffic.


Please read the following for details


http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v7.40/configuration/content_lb/guide/flow.html#wp1038255


You need to apply the following command

flow-state 162 udp flow-enable


Syed Iftekhar Ahmed

Actions

This Discussion