06-21-2009 06:56 AM
First I would like to understand of command âportâ and âprotocolâ in CSS, for example, I have a few web servers need to be load balanced, what is the difference among these configuration:
Config1(protocol and port are configured in both service and content rule)
service Server1
ip address 10.1.1.1
protocol tcp
port 80
active
service Server2
ip address 10.1.1.2
protocol tcp
port 80
active
owner L3_Owner
content L3_Rule
add service Server1
add service Server2
vip address 10.1.1.3
protocol tcp
port 80
active
Config2(protocol and port are configured in service only)
service Server1
ip address 10.1.1.1
protocol tcp
port 80
active
service Server2
ip address 10.1.1.2
protocol tcp
port 80
active
owner L3_Owner
content L3_Rule
add service Server1
add service Server2
vip address 10.1.1.3
active
Config3(protocol and port are configured in content rule only)
service Server1
ip address 10.1.1.1
active
service Server2
ip address 10.1.1.2
active
owner L3_Owner
content L3_Rule
add service Server1
add service Server2
vip address 10.1.1.3
protocol tcp
port 80
active
Second, if our server need more than 1 port to be open, for example, out web server need to listen 80, 8080, and 443, how to configure that in CSS?
06-21-2009 11:42 PM
The port and protocol commands inside the content rule act as filters.
So only traffic of protocol type ... and to port ... will match the content rule.
The port command inside the service, acts a a nat command. It tells the CSS to rewrite the destination to the one configured under the service.
The easiest solution is to not configure any port under the content rule and services.
Like this, the CSS will accept connection to ANY port and just LB without changing the destination port.
So port 80 traffic will be sent to port 80 and port 443 to port 443.
You can then limit traffic coming in with an ACL if you do not want to LB will ports (ie: 23).
But personally, I prefer to have a content rule for each port.
It gives you the possibility to easily adjust the config for a specific port if needed.
Gilles.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide