×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

CSS11503: Do I need redundant-vips?

Unanswered Question
Apr 13th, 2004
User Badges:

What advantage is there to setting up my VIPs as redundant-vips on the circuit?

I would rather use a static route on the upstream router/firewall pointing the VIPs to the CSS virtual-interface. This makes the CSS circuit configuration simpler (i.e.: only one redundant-interface).


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
aolabisi Thu, 04/15/2004 - 06:02
User Badges:

VIPs are usually used for providing services. Redundant interfaces are for network connectivity / routing.


You need redundant VIPs if you're doing ASR, or some type of failover for content rules.

dcayer Thu, 04/15/2004 - 06:57
User Badges:

I know failover for my content rules works without having the corresponding VIP defined as a "redundant-vip" under the client-facing VRRP group in the circuit configuration section. (failover works because my upstream gateway/firewall has a static route for my VIP via my CSS redundant interface IP).


The question is: will ASR work if my content rule VIPs are not within the IP subnets defined on my CSS circuits/VLANs?


For example, our gateway/firewall has a static route for my VIP (192.168.1.100) via 172.20.30.254 (VR on my CSS):


!********************* GLOBAL *********************

ip route 0.0.0.0 0.0.0.0 172.20.30.1 1


!******************* INTERFACE *******************

interface 1/1

isc-port-one


interface 3/1

description "client-facing VLAN"

bridge vlan 30


interface 3/2

description "www server VLAN"

bridge vlan 31


!******************** CIRCUIT ********************

circuit VLAN30

description "client-facing VLAN"

ip address 172.20.30.252 255.255.255.255

ip virtual-router 30 priority 220 preempt

ip redundant-interface 30 172.20.30.254

ip critical-service 30 www1

ip critical-service 30 www2

ip critical-service 30 Upstream-Router


circuit VLAN31

description "www server VLAN"

ip address 172.20.31.2 255.255.255.255

ip virtual-router 31 priority 220 preempt

ip redundant-interface 31 172.20.31.1

ip critical-service 31 www1

ip critical-service 31 www2

ip critical-service 31 Upstream-Router


!******************** SERVICE ********************

service Upstream-Router

ip address 172.20.30.1

type redundancy-up

active


service www1

ip address 172.20.31.65

redundant-index 1

active


service www2

ip address 172.20.31.66

redundant-index 2

active


!********************* OWNER *********************

owner web_site


content web_cluster1

add service www1

add service www2

vip address 192.168.1.100

redundant-index 3

active


!********************* GROUP *********************

group web_cluster1

vip address 192.168.1.100

add service www1

add service www2

redundant-index 4

active



Will ASR (statefull failover) work for client connections to my VIP?

Gilles Dufour Fri, 04/23/2004 - 06:30
User Badges:
  • Cisco Employee,

your vip is not part of the configured vlan.

So anyway, you can't configure vip redundancy.


ie:


Pompon(config-circuit-ip[VLAN499-192.168.11.8])# ip redundant-vip 7 17.1.1.1

%% Address outside of allowed range.



So in your case you have no other choice than pointing a static route to the redundant-interface ip address.


I believe ASR should work with your VIP in this case.

But I was never tested.


Regards,


Gilles.

dcayer Fri, 04/23/2004 - 09:04
User Badges:

Thanks Gilles.

I'll test my ASR configuration in the lab next week.

I'm anxious to see what the "show rule" output will display for "IP Redundancy" (i.e.: Master/Backup or Not Redundant?).

yatao Fri, 10/27/2006 - 12:39
User Badges:

Daniel,

Have you tested this in your lab? What I found out is:

This kind of set up (VIP is outside of client circuit) will work with redundancy, but not ASR, means not session failover. Since session failover needs redundant-index, which in terms needs vip been associated with a VRID, but you can't, since it is outside of client circuit subnet:

content web_test

protocol tcp

port 80

add service web1

add service web2

vip address 192.168.30.100

redundant-index 101


when I tried to active this rule:

css-lab1(config-owner-content[NASD-web_test])# active

%% VIP address needs to be associated with a virtual router.


When tried to associate this vip to a VR:

css-lab1(config-circuit-ip[VLAN902-150.123.148.178])# ip redundant-vip 102 192.168.30.100

%% Address outside of allowed range.


Gilles, any way to around this problem? or if you want to use ASR, vip must be on the client circuit?


Thanks,


Yatao

martin-webster Tue, 05/10/2011 - 05:17
User Badges:

the url doesn't seem to be available anymore - I have a similar problem & could do with some help.

Actions

This Discussion