Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Configuring CSS11506 Content Switch

Should the virtual IPs be on a different subnet than the server IPs?

5 REPLIES
Bronze

Re: Configuring CSS11506 Content Switch

The answer is no, but the proper way to do it is yes.

Because virtuals are generally public ips, most people have a private network for their servers. However, with the CSS being used in alot of internal applications for internal users, we see many instances where the VIP and internal servers are on the same subnet (vlan)

Please keep in mind here that one major drawback to doing this is that client sessions need to see the return packet from the CSS come back with a source of the VIP, and if the backend servers (being on the same vlan as a client) respond back to the client thereby bypassing the CSS, the client session will reset as an asymetric flow. We see alot of this and find that people need to setup NATing on the CSS to NAT all server responses to that of the VIP address to guard against asymetric flows.

Pete Knoops

Cisco Systems

Community Member

Re: Configuring CSS11506 Content Switch

Thanks for your help. One more question, does the Content Switch forward MAC Addresses to Catalyst Switches so that users can still communicate with the individual servers? I'm trying to avoid having to change the server IPs or having to put static routes in my routers.

Bronze

Re: Configuring CSS11506 Content Switch

If the CAT, CSS and the servers are on the same local subnet or vlan, and the servers are connected to the CSS, the CAT will have ARP entries for the servers connected into the CSS.

Pete..

Community Member

Re: Configuring CSS11506 Content Switch

Pete,

I would like to email you a drawing to confirm my understanding. Can you please give me your email address.

Thanks

Tom

Bronze

Re: Configuring CSS11506 Content Switch

Here you go Tom:

pknoops@cisco.com

168
Views
0
Helpful
5
Replies
CreatePlease to create content