Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
348
Views
10
Helpful
2
Replies

CSM with PBR and 2 client VLANs

its-networking
Level 1
Level 1

‎04-09-2007 07:34 AM

Hi all,

I have a query on whether the following is possible or not, and how we should approach this.

What we currently have is CSM client VLAN 100, with PBR setting the next-hop of matching back-end reply traffic to 10.10.100.1, eg:

vlan 100 client

ip address 10.10.100.2 255.255.255.0 alt 10.10.100.3 255.255.255.0

gateway 10.10.100.254

alias 10.10.100.1 255.255.255.0

And have "set ip policy next-hop 10.10.100.1" in a route-map for the back-end VLAN interface (say VLAN 150).

This works fine.

What we have been trying to do is:

vlan 100 client

ip address 10.10.100.2 255.255.255.0 alt 10.10.100.3 255.255.255.0

gateway 10.10.100.254

alias 10.10.100.1 255.255.255.0

!

vlan 101 client

ip address 10.10.101.2 255.255.255.0 alt 10.10.101.3 255.255.255.0

gateway 10.10.101.254

alias 10.10.101.1 255.255.255.0

And have back-end traffic on VLAN 150 go to 10.10.100.1 (using PBR) and have VLAN 151 reply traffic go to 10.10.101.1 (using PBR as well).

We have found that the CSM doesn't deal with traffic from VLAN 151 (next-hop 10.10.101.1), however setting the next-hop to 10.10.100.1 works for both 150 and 151 (and any vservers configured on VLAN 100 and 101 work properly too).

Also, all of the CSM probes seem to come from the first client VLAN that was configured.

It seems that the CSM will only "talk" to the MSFC via one VLAN (VLAN 100 - which was configured first).

Is this how it should work, and is it reasonable to leave it this way (ie. use two client VLANs and send all PBR-matched traffic to the first)?

Apologies if this is unclear or confusing. :)

Cheers.

Labels:
0 Helpful
2 Replies 2

Syed Iftekhar Ahmed
Level 8
Level 8

‎04-09-2007 10:45 AM

The purpose of setting PBR is to make sure that the return traffic from different Server VLANs should not bypass CSM. The return traffic from Real Servers hits the MSFC and instead of routing it to the clinets, MSFC forwards the traffic to the CSM. You dont need to define two different CSMs IP addresses to achieve that.

You just need one set ip next hop statement with any number of client vlans.

Thanks

Syed Iftekhar Ahmed

Gilles Dufour
Cisco Employee
Cisco Employee

‎04-10-2007 04:31 AM

the CSM only uses 1 gateway [even if more are configured].

This is the first one configured or the first one that comes alive [mac resolved].

Since the servers are not directly connected to the CSM, all traffic to be sent to those servers will go through the active gateway. In this case gateway in vlan 100.

Since traffic is sent out through vlan 100, the CSM expects the response to come back through vlan 100. If you set PBR to have the response sent over vlan 101, the CSM will drop it.

You should probably not configure a 2nd gateway and have all your servers traffic go back through vlan 100.

[in case of a reload, the active gateway may change and you would have to reconfigure PBR, this is why it is not interesting to have a 2nd gateway in your case].

Gilles.

Customers Also Viewed These Support Documents