Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
481
Views
0
Helpful
3
Replies

CSM in Bridge mode and Server initiated connections

ssh
Level 1
Level 1

‎11-27-2005 05:34 PM

I know one can use Source NAT for server initiated connections back to VIP using CSM in routed mode. How do I achieve the same for bridge mode?

Thanks in advance,

Shahid

Labels:
0 Helpful
3 Replies 3

Gilles Dufour
Cisco Employee
Cisco Employee

‎11-27-2005 11:59 PM

If you want to the server ip address, you just do it the same way as for routed mode.

There are 2 ways of doing it.

1- the static command.

2- a vserver to catch the server traffic and use predictor forward with client nat.

However, if you do not need to nat the server ip, since you are in bridge mode, the connection should be allowed through the CSM without doing anything.

Gilles.

0 Helpful

ssh
Level 1
Level 1
In response to Gilles Dufour

‎11-28-2005 09:48 AM

Hi Giles,

Thanks for your reply but I am talking about server initiated connections back to the VIP and that doesnt work in bridge mode. I ended up creating a vserver for the VIP and added serverfarm with client nat pool.

Thanks,

Shahid

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to ssh

‎11-28-2005 11:27 AM

Shahid,

that's a well-known problem for all loadbalancer in the world.

With a sniffer trace, or just thinking about TCP/IP rules you can figure out why client nat is required.

If you go from a server to a vip, the CSM will forward the traffic to a random server.

The CSM forwards the traffic with the source ip unchanged by default.

The server receiving the traffic will forward the response back to the source that initiated the request.

If the source is also a server in the same subnet, the response does not need to be sent through a gateway. Since both source and destination are in the same subnet, the traffic is sent based on mac address and it bypasses the CSM which can't perform the nating.

The source receiving the response from the server directly will just ignore it.

Using client nat forces the response to go back to the CSM which can perform the nating before sending it to the client.

This has been discussed tons of times in this forum.

It's a classic question :-)

Gilles.

0 Helpful
Customers Also Viewed These Support Documents