Question regarding load balancing UDP traffic, one armed mode on CSS

Answered Question
Nov 13th, 2008

Hi, I'm trying to set up a CSS so it will forward SNMP traps (UDP 162) to a back end service. The config for this should be very simple, I shouldn't have any requirement for source groups as there is no return traffic, the only doubt in my head, is whether or not this will work if the traffic comes in on one vlan and goes back out of the same interface on a different vlan.

For my test, the source address is 10.0.0.254, and the trap destination is 1.1.200.21 (the VIP).

Our HTTP rule works fine, but this SNMP rule doesn't. If I sniff the CSS port, I can see the trap going to the CSS, but if I do sh summary on the CSS, I dont see any hits on the SNMP rule. The service is up.

Can anyone offer any advice on this?

I'll paste the config below.

Many Thanks in advance

Dom

CSS11503# sh run

!Generated on 11/13/2008 09:23:00

!Active version: sg0710102

configure

!*************************** GLOBAL ***************************

ip route 0.0.0.0 0.0.0.0 1.1.200.251 1

ip route 1.1.10.1 255.255.255.255 1.1.6.251 1

!************************* INTERFACE *************************

interface 1/1

description "trunk port to EH_4507"

trunk

vlan 6

vlan 7

vlan 200

!************************** CIRCUIT **************************

circuit VLAN1

ip address 192.168.10.1 255.255.255.0

circuit VLAN6

description "MGT interface"

ip address 1.1.6.250 255.255.255.0

circuit VLAN7

ip address 1.1.7.250 255.255.255.0

circuit VLAN200

description "VIP VLAN"

ip address 1.1.200.250 255.255.252.0

!************************** SERVICE **************************

service CUSA_TRAPS

ip address 1.1.10.1

protocol udp

port 162

keepalive type none

active

service WEB

ip address 1.1.7.1

keepalive type none

active

!*************************** OWNER ***************************

owner CUSA

content TEST

vip address 1.1.200.20

add service WEB

protocol tcp

port 80

url "/test/*"

active

content TRAPS

vip address 1.1.200.21

protocol udp

port 162

add service CUSA_TRAPS

active

I have this problem too.
0 votes
Correct Answer by Syed Iftekhar Ahmed about 8 years 2 months ago

By default CSS doesnt setup flows for SNMP traffic.

Please read the following for details

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v7.40/configuration/content_lb/guide/flow.html#wp1038255

You need to apply the following command

flow-state 162 udp flow-enable

Syed Iftekhar Ahmed

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.

Actions

This Discussion