cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2989
Views
5
Helpful
5
Replies

Cisco CSS Layer 3 Load Balancing query

danielng83
Level 1
Level 1

Hi all,

i have a query on layer 3 load balancing. Please refer to the following example and config,

service A

ip address 1.1.1.1

keepalive icmp

active

service B

ip address 1.1.1.2

keepalive icmp

active

content C

vip 10.10.10.10

add service A

add service B

Now for example if i launch on IE the following URL : 10.10.10.10 and it hits the CSS in this case. Will the CSS direct traffic to port 80 on service A and B?

So does that mean if i specify http://10.10.10.10:2222 on IE, then CSS will load balance traffic to port 2222 on service A and B? If not, is there anyway i can achieve this? Appreciate ur feedback.

Cheers!

1 Accepted Solution

Accepted Solutions

Pablo
Cisco Employee
Cisco Employee

Hi Daniel,

Yes you're right! The CSS by default passes the request using the same destination port the client used to open the request. Since there are no ports defined PAT is not considered.

Hope this helps.

__ __

Pablo

Cisco TAC

View solution in original post

5 Replies 5

Pablo
Cisco Employee
Cisco Employee

Hi Daniel,

Yes you're right! The CSS by default passes the request using the same destination port the client used to open the request. Since there are no ports defined PAT is not considered.

Hope this helps.

__ __

Pablo

Cisco TAC

Thanks for the clarification Pablo! I am also confused on port mapping and how it comes into play. Understand that port mapping is enabled by default. Will this feature in turn affect what i am trying to achieve?

Daniel,

Port mapping is a choice and usually something that you configure to protect your server resources. For example if your HTTP server is listening on port 8080 but the virtual address is configured to do port translation from port 80 to port 8080 then an attacker would have less chances to launch an attack against the server as there's no way to know the backend server port other than trying/guessing.

At the same time if you have this HTTP website on port 8080 you don't want the user to type http://mywebsite.com:8080/index.html as this can be a tedious task so in this case you have your VIP on port 80 and the CSS will do the port translation from 80-to-8080 which is totally transparent to the client.

If you don't define the ports in your configuration port translatation won't be used as the request will be sent to the server in the same destination port the CSS received it.

Hope this helps.

__ __

Pablo

Cisco TAC

Hi Pablo,

thanks alot for the response. It definitely helped!

arun.mohan
Level 1
Level 1

Hi Pablo,

Thanks for the confirmation. I need the same scenario, along with the port monitoring on the real servers. Is it possible?

Can monitor few required ports and load balance on the Layer 3?

merci,

arun

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: