CSS - Inbound (WebServer) request to Outbound content

b.petronio · ‎04-01-2009

Hi all,

Is there any simple way of using the Load Balancer (CSS) to accept Inbound Request's to a Content Rule from Server used by another Content Rule ?

For example:

I have Content Rule "WebServer", with Server1, Server2, and Server3.

Each one of this servers is getting information from one other server (ServerX). This information is taken inside the ServerLan.

Beside this ServerX has a Content Rule "XXX" for outside Requests, now that we want to add another Service (ServerY) for this content, we had thought that Server1, Server2 and Server3, should get the information by the Content Rule "XXX", instead the ServerX directly.

Is this achieved with Group's ?

Any simple example ?

Best Regards,

PetrÃ³nio

Gilles Dufour · ‎04-02-2009

how do they get the information ?

Do servers 1,2,3 open a connection to server x ?

Or is it server x opening a connection with server 1,2,3 ?

Are servers 1,2,3 and x,y in the same vlan ?

You need group only if you want to do source nating.

Also, just look at the device that opens the connection as a client (even if this is a server). For the CSS, the src is the client. Does not matter if you use them as server in a content rule.

So, if your servers 1,2,3 open connections to X,Y and you want to group X,Y behind a single virtual ip, just create a new content rule for x,y and have your servers query the new virtual ip.

gilles.

b.petronio · ‎04-02-2009

Tks Gilles, (once again)

I believe this could be so simple as u mention.

Do servers 1,2,3 open a connection to server x ?

Yes.

Are servers 1,2,3 and x,y in the same vlan ?

Yes.

So if i understand what u wrote, no mather from request is made (inside or outside), the CSS will always respond to the client (inside or outside).

If i want to Nat the source ip requests from Service's IP Address's then i must do configure a group, right ? but how it works ? What should it be the Natted Address ?

From the examples i've found i always see a Vip address configured, with Services or destination Services.

Many thanks for your time and patience.

Bruno PetrÃ³nio

jasmina27s · ‎04-02-2009

Hi,

There should be no limitations regarding this. Server initiating a connection should be seen as any other client for that XXX content rule.

As a first step, you shoud redirect Server1, Server2 and Server3, to access the VIP address of the Content Rule "XXX", instead the ServerX directly.

I think source groups are not necessary, unles for example, all servers reside in the same subnet. In that case you would have the problem to force return direction of the traffic form serverX to server1 to go trough the CSS. (CSS shoud see both traffic directions to work regularly)

I believe you can use source groups to perform source NAT of Server1 address in that case. (The goal is to make ServerX to return traffic to some address which is routed over CSS.)

If servers 1,2,3 and servers X,Y are by default in different subnets, routed over CSS, you should have no problem for server-to-server load-balancing, and do not need source groups (ServerX can safely see Server1 real address in that case).

Most simple example is:

group

vip address

add service server1

add service server2

add service server3

active

Details can be found in the documentation:

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.20/configuration/content_lb/guide/SGrp.html

Regards,

Jasmina