Cisco CSS Layer 3 Load Balancing query

Answered Question

Hi all,

i have a query on layer 3 load balancing. Please refer to the following example and config,

service A

ip address 1.1.1.1

keepalive icmp

active

service B

ip address 1.1.1.2

keepalive icmp

active

content C

vip 10.10.10.10

add service A

add service B

Now for example if i launch on IE the following URL : 10.10.10.10 and it hits the CSS in this case. Will the CSS direct traffic to port 80 on service A and B?

So does that mean if i specify http://10.10.10.10:2222 on IE, then CSS will load balance traffic to port 2222 on service A and B? If not, is there anyway i can achieve this? Appreciate ur feedback.

Cheers!

I have this problem too.
0 votes
Correct Answer by Pablo about 6 years 5 months ago

Hi Daniel,

Yes you're right! The CSS by default passes the request using the same destination port the client used to open the request. Since there are no ports defined PAT is not considered.

Hope this helps.

__ __

Pablo

Cisco TAC

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Pablo Fri, 06/25/2010 - 17:33

Hi Daniel,

Yes you're right! The CSS by default passes the request using the same destination port the client used to open the request. Since there are no ports defined PAT is not considered.

Hope this helps.

__ __

Pablo

Cisco TAC

Pablo Mon, 06/28/2010 - 10:35

Daniel,

Port mapping is a choice and usually something that you configure to protect your server resources. For example if your HTTP server is listening on port 8080 but the virtual address is configured to do port translation from port 80 to port 8080 then an attacker would have less chances to launch an attack against the server as there's no way to know the backend server port other than trying/guessing.

At the same time if you have this HTTP website on port 8080 you don't want the user to type http://mywebsite.com:8080/index.html as this can be a tedious task so in this case you have your VIP on port 80 and the CSS will do the port translation from 80-to-8080 which is totally transparent to the client.

If you don't define the ports in your configuration port translatation won't be used as the request will be sent to the server in the same destination port the CSS received it.

Hope this helps.

__ __

Pablo

Cisco TAC

arun.mohan Mon, 04/02/2012 - 04:55

Hi Pablo,

Thanks for the confirmation. I need the same scenario, along with the port monitoring on the real servers. Is it possible?

Can monitor few required ports and load balance on the Layer 3?

merci,

arun

Actions

This Discussion

Related Content