CSS - Backend server with Multiple interfaces

Unanswered Question
Feb 24th, 2010

Hi,

I am having setup with a single server with multiple interfaces common routing table configured in the same vlans behind the CSS.

CSS front end - 10.2.1.0/24

CSS back-end - 10.3.1.0/25

The server interfaces are in diferent vlan (10.5.1.0/24) to that of the  CSS and configured as the services in the CSS and defined group definition

for performing SNAT.

How does the CSS behave if the traffic to and from the server is comming from the different interfaces.

Thanks

Raj

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
busterswt Fri, 02/26/2010 - 05:30

If I'm understanding your configuration correctly, traffic destined to a VIP on the CSS that contains services in the 10.5.1.0/24 VLAN would likely be routed back out the front-side of the CSS (or wherever the default route goes) if the CSS is not IP'd from the 10.5.1.0/24 subnet. Or, you can have a static route to the 10.5.1.0/24 subnet on the CSS to go out the backend interface.

Are you using 'add destination service' in your source group rule? If so, the CSS will NAT the client's address as whatever address you have specified in the group rule, and then send traffic to the service chosen for load balancing. The return traffic would then come back to the CSS, the NAT reverted, and then sent back to the client. Because of this, you'll never see the true client source IP on your server. Only the IP specified in the group rule.

If I am misunderstanding your config let me know.

James

Actions

This Discussion