Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSM: the Use of the Predictor forward serverfarm and associated vserver

Hi,

Just wanted to have clarified the use of the following serverfarm and vserver for "direct access":

# Configure serverfarm for direct-access.

Router(config-module-csm)#serverfarm SERVER-SUBNETS

Router(config-slb-sfarm)#predictor forward

Router(config-slb-sfarm)#exit

#

Configure vserver for direct-access.

Router(config-module-csm)#vserver DIRECT-ACCESS

Router(config-slb-vserver)#virtual 10.0.0.0 255.255.255.0 any

Router(config-slb-vserver)#serverfarm SERVER-SUBNETS

Router(config-slb-vserver)#inservice

Router(config-slb-vserver)#exit

Router(config-module-csm)#exit

as documented in this doc:

http://www.cisco.com/warp/public/117/csm/csm_slb_reals.html

I've noticed that this is standard config, however i just need clarification on the direction that access is allowed. That is does the above config:

1. Allow direct connections to the frontend network (i.e. user side) from the real servers (backend) , or

2. Does this allow direct connections to the real servers (backend) from the frontend network (i.e. user side)?

My assumption is the latter, i.e. the config allows connections to the reals servers (backend) directly from users - is this correct?

thanks

Sheldon

2 REPLIES
Bronze

Re: CSM: the Use of the Predictor forward serverfarm and associa

Yes, the config allows connections to the reals servers (backend) directly from users

the following URL will help you :

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00801a51ba.shtml

Cisco Employee

Re: CSM: the Use of the Predictor forward serverfarm and associa

to be correct it allows connection from anywhere to the subnet 10.0.0.0/24.

realservers are always routed.

They don't need anything special to allow their outbound connections.

Client on the other end are dropped by default until the traffic hits a vserver.

So, to allow direct access to your reals from the client, you need a vserver similar to what you showed.

Gilles.

291
Views
0
Helpful
2
Replies