10-07-2002 09:03 AM
Should the virtual IPs be on a different subnet than the server IPs?
10-07-2002 09:12 AM
The answer is no, but the proper way to do it is yes.
Because virtuals are generally public ips, most people have a private network for their servers. However, with the CSS being used in alot of internal applications for internal users, we see many instances where the VIP and internal servers are on the same subnet (vlan)
Please keep in mind here that one major drawback to doing this is that client sessions need to see the return packet from the CSS come back with a source of the VIP, and if the backend servers (being on the same vlan as a client) respond back to the client thereby bypassing the CSS, the client session will reset as an asymetric flow. We see alot of this and find that people need to setup NATing on the CSS to NAT all server responses to that of the VIP address to guard against asymetric flows.
Pete Knoops
Cisco Systems
10-07-2002 10:25 AM
Thanks for your help. One more question, does the Content Switch forward MAC Addresses to Catalyst Switches so that users can still communicate with the individual servers? I'm trying to avoid having to change the server IPs or having to put static routes in my routers.
10-07-2002 10:30 AM
If the CAT, CSS and the servers are on the same local subnet or vlan, and the servers are connected to the CSS, the CAT will have ARP entries for the servers connected into the CSS.
Pete..
10-07-2002 11:08 AM
Pete,
I would like to email you a drawing to confirm my understanding. Can you please give me your email address.
Thanks
Tom
10-07-2002 11:32 AM
Here you go Tom:
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: