CSS - Backend server with Multiple interfaces

Unanswered Question
Feb 24th, 2010
User Badges:


I am having setup with a single server with multiple interfaces common routing table configured in the same vlans behind the CSS.

CSS front end -

CSS back-end -

The server interfaces are in diferent vlan ( to that of the  CSS and configured as the services in the CSS and defined group definition

for performing SNAT.

How does the CSS behave if the traffic to and from the server is comming from the different interfaces.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
busterswt Fri, 02/26/2010 - 05:30
User Badges:
  • Bronze, 100 points or more

If I'm understanding your configuration correctly, traffic destined to a VIP on the CSS that contains services in the VLAN would likely be routed back out the front-side of the CSS (or wherever the default route goes) if the CSS is not IP'd from the subnet. Or, you can have a static route to the subnet on the CSS to go out the backend interface.

Are you using 'add destination service' in your source group rule? If so, the CSS will NAT the client's address as whatever address you have specified in the group rule, and then send traffic to the service chosen for load balancing. The return traffic would then come back to the CSS, the NAT reverted, and then sent back to the client. Because of this, you'll never see the true client source IP on your server. Only the IP specified in the group rule.

If I am misunderstanding your config let me know.



This Discussion