Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

CSS11503: Do I need redundant-vips?

Unanswered Question
Apr 13th, 2004
User Badges:

What advantage is there to setting up my VIPs as redundant-vips on the circuit?

I would rather use a static route on the upstream router/firewall pointing the VIPs to the CSS virtual-interface. This makes the CSS circuit configuration simpler (i.e.: only one redundant-interface).

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
aolabisi Thu, 04/15/2004 - 06:02
User Badges:

VIPs are usually used for providing services. Redundant interfaces are for network connectivity / routing.

You need redundant VIPs if you're doing ASR, or some type of failover for content rules.

dcayer Thu, 04/15/2004 - 06:57
User Badges:

I know failover for my content rules works without having the corresponding VIP defined as a "redundant-vip" under the client-facing VRRP group in the circuit configuration section. (failover works because my upstream gateway/firewall has a static route for my VIP via my CSS redundant interface IP).

The question is: will ASR work if my content rule VIPs are not within the IP subnets defined on my CSS circuits/VLANs?

For example, our gateway/firewall has a static route for my VIP ( via (VR on my CSS):

!********************* GLOBAL *********************

ip route 1

!******************* INTERFACE *******************

interface 1/1


interface 3/1

description "client-facing VLAN"

bridge vlan 30

interface 3/2

description "www server VLAN"

bridge vlan 31

!******************** CIRCUIT ********************

circuit VLAN30

description "client-facing VLAN"

ip address

ip virtual-router 30 priority 220 preempt

ip redundant-interface 30

ip critical-service 30 www1

ip critical-service 30 www2

ip critical-service 30 Upstream-Router

circuit VLAN31

description "www server VLAN"

ip address

ip virtual-router 31 priority 220 preempt

ip redundant-interface 31

ip critical-service 31 www1

ip critical-service 31 www2

ip critical-service 31 Upstream-Router

!******************** SERVICE ********************

service Upstream-Router

ip address

type redundancy-up


service www1

ip address

redundant-index 1


service www2

ip address

redundant-index 2


!********************* OWNER *********************

owner web_site

content web_cluster1

add service www1

add service www2

vip address

redundant-index 3


!********************* GROUP *********************

group web_cluster1

vip address

add service www1

add service www2

redundant-index 4


Will ASR (statefull failover) work for client connections to my VIP?

Gilles Dufour Fri, 04/23/2004 - 06:30
User Badges:
  • Cisco Employee,

your vip is not part of the configured vlan.

So anyway, you can't configure vip redundancy.


Pompon(config-circuit-ip[VLAN499-])# ip redundant-vip 7

%% Address outside of allowed range.

So in your case you have no other choice than pointing a static route to the redundant-interface ip address.

I believe ASR should work with your VIP in this case.

But I was never tested.



dcayer Fri, 04/23/2004 - 09:04
User Badges:

Thanks Gilles.

I'll test my ASR configuration in the lab next week.

I'm anxious to see what the "show rule" output will display for "IP Redundancy" (i.e.: Master/Backup or Not Redundant?).

yatao Fri, 10/27/2006 - 12:39
User Badges:


Have you tested this in your lab? What I found out is:

This kind of set up (VIP is outside of client circuit) will work with redundancy, but not ASR, means not session failover. Since session failover needs redundant-index, which in terms needs vip been associated with a VRID, but you can't, since it is outside of client circuit subnet:

content web_test

protocol tcp

port 80

add service web1

add service web2

vip address

redundant-index 101

when I tried to active this rule:

css-lab1(config-owner-content[NASD-web_test])# active

%% VIP address needs to be associated with a virtual router.

When tried to associate this vip to a VR:

css-lab1(config-circuit-ip[VLAN902-])# ip redundant-vip 102

%% Address outside of allowed range.

Gilles, any way to around this problem? or if you want to use ASR, vip must be on the client circuit?



martin-webster Tue, 05/10/2011 - 05:17
User Badges:

the url doesn't seem to be available anymore - I have a similar problem & could do with some help.


This Discussion