Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2335
Views
0
Helpful
4
Replies

CSS11501 - UDP DNS Load balancing Monitoring the servers

fallegretti
Level 1
Level 1

‎03-04-2010 02:55 AM

Hi all,

I am having a problem with our monitoring tool getting replies from the servers behinf the LB.

The servers are monitored by a different team and they issue a dig command to the server to monitor it but this fails as the return traffic is seen from the vip.

The traffic is DNS / UDP, I am using Static Groups. Is there anyway the LB can just "bridge" the traffic when the request is made to the real ip address of a box.

Looking at the documentaion on line, I would say that my topology is InLine with an L2 in the middle. The servers use the LB as gateway.

thanks

Fulvio

Labels:
0 Helpful
4 Replies 4

Gilles Dufour
Cisco Employee
Cisco Employee

‎03-04-2010 05:14 AM

The problem is that the CSS consider UDP as unidirectional.

So when the response from the server comes, we don't try to match it to a known flow.

And with your "group" to perform nating of server traffic back to the vip address, all packets sent by the servers will be nated.

You could create an ACL to NOT NAT traffic sent to the monitoring station.

But then, those devices will not be able to monitor the vip ...since the response would not be nated.

Why don't they monitor the vip instead of the servers ?

The real servers should be hidden from the rest of the world.

Gilles.

0 Helpful

fallegretti
Level 1
Level 1
In response to Gilles Dufour

‎03-04-2010 06:33 AM

Thanks Giles.

They do monitor the VIP, but that's not enough for them, they want to be alerted if one of the boxes behind the VIP is not longer listening on that port.

Dees the device generate an SNMP trap if a probe fails and the servers is removed from the pull?

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to fallegretti

‎03-05-2010 12:26 AM

Yes, the CSS will generate log and traps when a service goes down :

For example:

JAN  1 00:00:56 5/1 189 NETMAN-2: Enterprise:Service  Transition:ded07-2(443) -> suspended
JAN  1 00:00:29 5/1 190 NETMAN-2: Enterprise:Service  Transition:ded07-2(443) -> down

Gilles.

0 Helpful

fallegretti
Level 1
Level 1
In response to Gilles Dufour

‎03-05-2010 04:53 AM

Thanks again Gilles.

I am assuming the information would be available by an snmp poll as well. Would you happen to know the oids I would need to get this information out?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents