07-30-2002 10:27 AM
Just ran across something in the CSS documentation that has me somewhat concerned. Among other things, I'd like to configure CSS to handle our IDS traffic, which uses a proprietary port. I figured CSS would be able to handle this traffic if the content rule is simply layer 3 or layer 4, but reading about the "application" command has me wondering if my assumption was accurate, as it says something about CSS rejecting the data stream if it can't be interpreted.
Is it possible for CSS to do basic layer 4 forwarding of such traffic? If so, does it have to be configured for "application bypass", or will the default suffice?
Thanks for any help.
08-02-2002 10:17 PM
Hi,
No problem with load balancing non http traffic. You just configure the correct port under the content rule. Was I think is meant by the comment in the documentation is that we can not load balance stuff like ipsec etc etc because we can not build a flow for them. This is at the ip layer and a different protocol to TCP or UDP.
You do not need to config any application command under the content rule,.
Cheers
Phil
Cisco Systems
08-05-2002 04:09 AM
Thanks for the help... Very much appreciated.
08-05-2002 11:29 PM
It is question toPhil: (I just would like to clarify for myself). CSS can make LB of traffic based TCP or UDP transport, if the application uses pure IP packet, it is not possible to configure LB for such kind of traffic, is it correct?
08-06-2002 12:38 AM
What it comes down it is if we can not build a flow for the protocol we can not load balance it. The CSS can route it it just can load balance / nat the packet.
In the doco's there is a list of supported protocols.
http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/getstart/specs.htm#xtocid240399
Cheers
Phil
Cisco Systems
08-06-2002 04:58 AM
Yes it is possible to load balance custom applications.
For example, I am load balancing a gateway application that used TCP port 8598.
While you can't do L5-L7 aware load balancing, round robin, least conn and ACA can be used:
content CICS_Trans_GW_1
vip address 10.3.110.21
protocol tcp
port 8598
balance leastconn
add service SVR3007
add service SVR3027
add service SVR3039
active
I think that the previous post is just saying that if you cannot specify the protocol and port of an application then the CSS cannot recognize it as a flow and you cannot write a content rule. (Phil pls correct me if I misunderstood your comment)
Here is a link to a new tech tip on flows: http://www.cisco.com/warp/public/117/css_flows.html
David Russell
CCIE #5751
ThroughPoint
08-14-2002 11:29 PM
David is correct
08-20-2002 06:43 AM
David, Phil
I think that the question was whether or not we can loadbalance something that is not TCP or UDP. ie: ospf uses IP protocol 89.
So, this would be a layer 3 loadbalancing based on ip address only and this should be feasible.
Gilles.
CCIE #3878
Cisco Systems
08-26-2002 04:38 PM
The CSS can load balance 'any' ip protocol with a layer3 rule. The only caveat is that the services assigned to the content rule must only have an icmp keepalive. If you specify a tcp port number as the keepalive, the CSS will perform the outbound nat / port redirection to that tcp port, which will cause things to break - This is not in the documentation !
Darren Page
CCIE #1429.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: