Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSM-S and Servers On same 6500

Is it possible to have the servers you are trying to load balance connected directly into the same chasis as the csm-s is in? Or do I have to run policy routing or what is the best design for this? Thanks.

5 REPLIES
Cisco Employee

Re: CSM-S and Servers On same 6500

where they are connected does not matter.

So, it's ok to have the servers connected to the same chassis as the CSM-S.

What is very important is to guarantee that the response from the server goes through the CSM-S and not directly to the client.

By default the CSM-S does not nat the client ip address, so the server thinks it is connected directly with the client and will try to respond to the client directly.

This is why some people use policy routing, in order to intercept the server response and forward it to the CSM-S.

However, if your servers are using the CSMS as default gateway the traffic will go directly to the CSMS anyway and policy routing is not required.

Regards,

Gilles.

New Member

Re: CSM-S and Servers On same 6500

Oh yeah.

There are lots of design options.

CSM-S inline Router Mode:

client ---> MSFC ---> vlan10 (1.1.1.0) ---> CSM -S--> Vlan20 (2.2.2.0) --> Server

CSM-S inline Bridge Mode:

client ---> MSFC ---> vlan10 (1.1.1.0) ---> CSM -S--> Vlan10 (1.1.1.0) --> Server

You only need to configure policy routing, if CSM-S is not inline but rather in "one arm (aggregate) mode".

You can get more details at (csm-s topologies)

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/mod_icn/csm/csms/icn/netwcsm.htm

Thanks

Syed Iftekhar Ahmed

New Member

Re: CSM-S and Servers On same 6500

So how do I do the ssl offloading? Also, could you give a couple samples on the policy routing? Thanks.

New Member

Re: CSM-S and Servers On same 6500

As Gilles wrote earlier, it is very important is to guarantee that the response from the server goes through the CSM-S and not directly to the client. If you are using CSM-S in onearm mode then you can introduce PBR to make sure that the return traffic from servers passes through the CSM-s

client vlan10 (1.1.1.0)

|

|

V

MSFC-------------->CSM-S (vlan30 3.3.3.1)

|

|

V

Vlan20 (2.2.2.0)

|

|

V

Server (2.2.2.100)

For the above topology you will need to use following on MSFC.

route-map xyz permit 100

match ip address xyz-acl

set ip next-hop 3.x.3.x

ip access-list extended xyz-acl

permit tcp host 2.2.2.100 eq www any

interface Vlan20

ip policy route-map xyz

You need to create seperate vlan between CSM and SSL daughter card.

You can find details at

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/mod_icn/csm/csms/icn/ssl_srvc.htm

Thanks

Syed Iftekhar Ahmed

New Member

Re: CSM-S and Servers On same 6500

Thanks to both of you. It really makes sense to me now. Thanks again.

Lane

122
Views
15
Helpful
5
Replies
CreatePlease login to create content