Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
299
Views
0
Helpful
1
Replies

2 questions about CSS11503

shibindong
Level 1
Level 1

‎06-21-2009 06:56 AM

First I would like to understand of command “port” and “protocol” in CSS, for example, I have a few web servers need to be load balanced, what is the difference among these configuration:

Config1(protocol and port are configured in both service and content rule)

service Server1

ip address 10.1.1.1

protocol tcp

port 80

active

service Server2

ip address 10.1.1.2

protocol tcp

port 80

active

owner L3_Owner

content L3_Rule

add service Server1

add service Server2

vip address 10.1.1.3

protocol tcp

port 80

active

Config2(protocol and port are configured in service only)

service Server1

ip address 10.1.1.1

protocol tcp

port 80

active

service Server2

ip address 10.1.1.2

protocol tcp

port 80

active

owner L3_Owner

content L3_Rule

add service Server1

add service Server2

vip address 10.1.1.3

active

Config3(protocol and port are configured in content rule only)

service Server1

ip address 10.1.1.1

active

service Server2

ip address 10.1.1.2

active

owner L3_Owner

content L3_Rule

add service Server1

add service Server2

vip address 10.1.1.3

protocol tcp

port 80

active

Second, if our server need more than 1 port to be open, for example, out web server need to listen 80, 8080, and 443, how to configure that in CSS?

Labels:
0 Helpful
1 Reply 1

Gilles Dufour
Cisco Employee
Cisco Employee

‎06-21-2009 11:42 PM

The port and protocol commands inside the content rule act as filters.

So only traffic of protocol type ... and to port ... will match the content rule.

The port command inside the service, acts a a nat command. It tells the CSS to rewrite the destination to the one configured under the service.

The easiest solution is to not configure any port under the content rule and services.

Like this, the CSS will accept connection to ANY port and just LB without changing the destination port.

So port 80 traffic will be sent to port 80 and port 443 to port 443.

You can then limit traffic coming in with an ACL if you do not want to LB will ports (ie: 23).

But personally, I prefer to have a content rule for each port.

It gives you the possibility to easily adjust the config for a specific port if needed.

Gilles.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents