CSM intervlan (server vlan - SVI vlan) communication.

Unanswered Question
May 26th, 2006
User Badges:

Hi,

Is it possible having cat6k with CSM module to configure them with SVI vlan for some hosts and server vlan for vserwer and real servers behind it to assure one to one communication between them?


I need to connect from SVI vlan hosts to every host that is in server vlan in server farm and the other way round.


Any hint or urls? Is it possible at all?


tia




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 1 (1 ratings)
Loading.
Gilles Dufour Tue, 06/06/2006 - 00:04
User Badges:
  • Cisco Employee,

Forget the link that was given to you.

It is for IOS slb - not CSM.


A sample config for what you want would look like this:


mod csm X

vlan x1 client

ip address x.x.x1.x /24

gateway x.x.x1.x

vlan x2 server

ip address x.x.x2.x /24


serverfarm route

no nat server

predictor forward

!

vserver to-vlanx2

vip x.x.x1.0 /24

serverfarm route

!


This is a vserver to catch traffic coming from client and going to servers directly.

The traffic will simply be forwarded.

This is required because the CSM does not route from a client vlan to a server vlan by default.


Regards,


Gilles.

marcin.mazurek Tue, 06/06/2006 - 01:00
User Badges:

Thank You for the hint, what I really want to achive is direct communication between real servers in different server farms (server vlans) - this is one problem.



And another question is, if it's possible to connect from real server in server vlan to a host which is in normal SVI vlan and in the other dircetion?



I'll take a look at "serverfarm route" command.


marcin.mazurek Tue, 06/06/2006 - 03:35
User Badges:

blah, to much work;) now I see this "serverfarm route" command is not a command:)


Gilles Dufour Tue, 06/06/2006 - 04:05
User Badges:
  • Cisco Employee,

from real to real, in different vlans, there is nothing to do.

The CSM will simply route this traffic by default.


Same from real, to any host.


The config I gave you is for host to real.


Gilles.

Gilles Dufour Thu, 06/08/2006 - 02:50
User Badges:
  • Cisco Employee,

Wim,


you can't prevent the routing from real to real.

You can try to rename the server vlan as client vlan. I think it may work. You will then need the config I gave you to permit the traffic that you want.


Gilles.

Gilles,


I did some testing:


I configure 1 transit vlan and 2 other client vlans + on each server vlan I connected a server:

vlan 150 = transit towards client networks

vlan 154 = server vlan #1

vlan 155 = server vlan #2


vlan 150 client

ip address 10.33.30.6 255.255.255.0 alt 10.33.30.5 255.255.255.0

route 0.0.0.0 0.0.0.0 gateway 10.33.30.1

alias 10.33.30.8 255.255.255.255

!

vlan 154 client

ip address 10.33.35.6 255.255.255.0 alt 10.33.35.5 255.255.255.0

alias 10.33.35.1 255.255.255.0

!

vlan 155 client

ip address 10.33.40.6 255.255.255.0 alt 10.33.40.5 255.255.255.0

alias 10.33.40.1 255.255.255.255


As you can see, I changed the vlan mode into CLIENT. But that didn't changed

anything about the routing between vlan 154 and vlan 155.


In above configuration server at vlan 154 is able to ping the csm-alias of

vlan 155, but not de server at vlan 155.

The moment I add the configs for real and serverfarm, then both servers

are able to ping eachother.


real T_154_SRV2

address 10.33.35.50

location POC

inservice

real T_155_SRV1

address 10.33.40.50

location POC

inservice

!

serverfarm P_154_SF_80

nat server

no nat client

real name T_154_SRV2 80

inservice

!

serverfarm P_155_SF_23

nat server

no nat client

real name T_155_SRV1 23

inservice


Is there any other option available to make sure no routing between 2 client vlan

is possible?


Thanks ...

Wim





UTVi-NetAdmin Wed, 08/29/2007 - 03:56
User Badges:

Gilles,


I know it's a reply to an aged port but I have a question.


If we were to try to IOS SLB without a CSM, what would happen to client traffic (SVI originated, on the MSFC) trying to reach real servers via the virtual IP?


Our IOS SLB is working from the outside (the net), but not from clients on the MSFC.


An added complication is that the server farm vlan is behind a FWSM in same chassis.


For example:

!

ip slb serverfarm WEB

nat server

real 192.168.3.11

weight 1

inservice

!

ip slb vserver WEB-WWW

virtual 192.168.16.250 tcp www

serverfarm WEB

inservice

!

interface Vlan-Client

description Local Clients

ip address 192.168.26.6 255.255.255.0

!

ip route 192.168.30.0 255.255.255.224 192.168.1.1 !!

!


Is there a way of achieving this?


Thanks,

Mark



Gilles Dufour Wed, 08/29/2007 - 07:19
User Badges:
  • Cisco Employee,

I would say, sniffer trace and the SYN from the client and then the SYN/ACK from the server.

See if they follow the same route or if there is any asymetri.


Gilles.

Actions

This Discussion