CSM bridged vs secure routed mode

Unanswered Question
Aug 11th, 2009

Hi there,

I currently use CSS's in a combination of bridged and routed mode and I'm preparing to deploy 6500's with CSM's to replace them. I've been reading the CSM installation and config guide and I'm torn between keeping the same design or trying to change my design to be exclusively bridged or exclusively routed.

The problem I'm having is regarding the "cons" listed for bridged mode.

From the Guide:

"Bridge mode: The CSM does not bridge server to server traffic. This traffic is routed by the default gateway, and

flows through the CSM in both directions. Therefore, server to server traffic consumes significant

CSM resources in bridge mode."

I have two application types, one that is high-bandwidth server-server and high-bandwidth server to client, and one that is low bandwidth server-to-server, and low bandwidth server to client.

In my current deployment, I have the high-bandwidth application in routed mode, and the server-server communication is actually done through a separate subnet behind the server. (Each server is connected to the CSS backend vlan, and a separate "data" vlan.

My low bandwidth app servers are in the same subnet as the CSS and bridge the connections using groups and destination services.

Is there anything wrong with this setup or should I be trying to fit both application types into the CSM routed or CSM bridged mode?

Thanks in advance,

Brandon

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
iyde Wed, 08/12/2009 - 11:46

Hi Brandon.

Does the CSM have the option of multi-context mode?

Rgds, Ingolf

branfarm1 Wed, 08/12/2009 - 11:58

I don't think the CSM supports multiple contexts. I believe this is a feature of the ACE module. Unfortunately, I can't afford to make the jump to the ACE until more of them show up on the used/refurbed market.

Syed Iftekhar Ahmed Wed, 08/12/2009 - 12:27

Running both routed & bridged mode on the same CSM works and is supported.

You can even use the same client Vlan if needed.

For e.g in the following example Vlan30 is routed and Vlan10 & 20 are bridged.So traffic from Vlan 10 can be bridged to vlan20 servers & can be routed to Vlan30 Servers

module ContentSwitchingModule X

vlan 10 client

ip address 10.1.1.100 255.255.255.0

gateway 10.1.1.1

alias 10.1.1.101 255.255.255.0

!

vlan 20 server

ip address 10.1.1.100 255.255.255.0

!

vlan 30 server

ip address 10.10.10.100 255.255.255.0

alias 10.10.10.101 255.255.255.0

HTH

Syed Iftekhar Ahmed

Actions

This Discussion