Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
617
Views
0
Helpful
5
Replies

Configuring CSS11506 Content Switch

hunsickert
Level 1
Level 1

‎10-07-2002 09:03 AM

Should the virtual IPs be on a different subnet than the server IPs?

Labels:
0 Helpful
5 Replies 5

pknoops
Level 3
Level 3

‎10-07-2002 09:12 AM

The answer is no, but the proper way to do it is yes.

Because virtuals are generally public ips, most people have a private network for their servers. However, with the CSS being used in alot of internal applications for internal users, we see many instances where the VIP and internal servers are on the same subnet (vlan)

Please keep in mind here that one major drawback to doing this is that client sessions need to see the return packet from the CSS come back with a source of the VIP, and if the backend servers (being on the same vlan as a client) respond back to the client thereby bypassing the CSS, the client session will reset as an asymetric flow. We see alot of this and find that people need to setup NATing on the CSS to NAT all server responses to that of the VIP address to guard against asymetric flows.

Pete Knoops

Cisco Systems

0 Helpful

hunsickert
Level 1
Level 1
In response to pknoops

‎10-07-2002 10:25 AM

Thanks for your help. One more question, does the Content Switch forward MAC Addresses to Catalyst Switches so that users can still communicate with the individual servers? I'm trying to avoid having to change the server IPs or having to put static routes in my routers.

0 Helpful

pknoops
Level 3
Level 3
In response to hunsickert

‎10-07-2002 10:30 AM

If the CAT, CSS and the servers are on the same local subnet or vlan, and the servers are connected to the CSS, the CAT will have ARP entries for the servers connected into the CSS.

Pete..

0 Helpful

hunsickert
Level 1
Level 1
In response to pknoops

‎10-07-2002 11:08 AM

Pete,

I would like to email you a drawing to confirm my understanding. Can you please give me your email address.

Thanks

Tom

0 Helpful

pknoops
Level 3
Level 3
In response to hunsickert

‎10-07-2002 11:32 AM

Here you go Tom:

pknoops@cisco.com

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents