Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

ssh
New Member

CSM in Bridge mode and Server initiated connections

I know one can use Source NAT for server initiated connections back to VIP using CSM in routed mode. How do I achieve the same for bridge mode?

Thanks in advance,

Shahid

3 REPLIES
Cisco Employee

Re: CSM in Bridge mode and Server initiated connections

If you want to the server ip address, you just do it the same way as for routed mode.

There are 2 ways of doing it.

1- the static command.

2- a vserver to catch the server traffic and use predictor forward with client nat.

However, if you do not need to nat the server ip, since you are in bridge mode, the connection should be allowed through the CSM without doing anything.

Gilles.

ssh
New Member

Re: CSM in Bridge mode and Server initiated connections

Hi Giles,

Thanks for your reply but I am talking about server initiated connections back to the VIP and that doesnt work in bridge mode. I ended up creating a vserver for the VIP and added serverfarm with client nat pool.

Thanks,

Shahid

Cisco Employee

Re: CSM in Bridge mode and Server initiated connections

Shahid,

that's a well-known problem for all loadbalancer in the world.

With a sniffer trace, or just thinking about TCP/IP rules you can figure out why client nat is required.

If you go from a server to a vip, the CSM will forward the traffic to a random server.

The CSM forwards the traffic with the source ip unchanged by default.

The server receiving the traffic will forward the response back to the source that initiated the request.

If the source is also a server in the same subnet, the response does not need to be sent through a gateway. Since both source and destination are in the same subnet, the traffic is sent based on mac address and it bypasses the CSM which can't perform the nating.

The source receiving the response from the server directly will just ignore it.

Using client nat forces the response to go back to the CSM which can perform the nating before sending it to the client.

This has been discussed tons of times in this forum.

It's a classic question :-)

Gilles.

185
Views
0
Helpful
3
Replies
CreatePlease login to create content