Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Bronze

CSS 11050 and non-web traffic.

Just ran across something in the CSS documentation that has me somewhat concerned. Among other things, I'd like to configure CSS to handle our IDS traffic, which uses a proprietary port. I figured CSS would be able to handle this traffic if the content rule is simply layer 3 or layer 4, but reading about the "application" command has me wondering if my assumption was accurate, as it says something about CSS rejecting the data stream if it can't be interpreted.

Is it possible for CSS to do basic layer 4 forwarding of such traffic? If so, does it have to be configured for "application bypass", or will the default suffice?

Thanks for any help.

8 REPLIES
New Member

Re: CSS 11050 and non-web traffic.

Hi,

No problem with load balancing non http traffic. You just configure the correct port under the content rule. Was I think is meant by the comment in the documentation is that we can not load balance stuff like ipsec etc etc because we can not build a flow for them. This is at the ip layer and a different protocol to TCP or UDP.

You do not need to config any application command under the content rule,.

Cheers

Phil

Cisco Systems

Bronze

Re: CSS 11050 and non-web traffic.

Thanks for the help... Very much appreciated.

New Member

Re: CSS 11050 and non-web traffic.

It is question toPhil: (I just would like to clarify for myself). CSS can make LB of traffic based TCP or UDP transport, if the application uses pure IP packet, it is not possible to configure LB for such kind of traffic, is it correct?

New Member

Re: CSS 11050 and non-web traffic.

What it comes down it is if we can not build a flow for the protocol we can not load balance it. The CSS can route it it just can load balance / nat the packet.

In the doco's there is a list of supported protocols.

http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/getstart/specs.htm#xtocid240399

Cheers

Phil

Cisco Systems

New Member

Re: CSS 11050 and non-web traffic.

Yes it is possible to load balance custom applications.

For example, I am load balancing a gateway application that used TCP port 8598.

While you can't do L5-L7 aware load balancing, round robin, least conn and ACA can be used:

content CICS_Trans_GW_1

vip address 10.3.110.21

protocol tcp

port 8598

balance leastconn

add service SVR3007

add service SVR3027

add service SVR3039

active

I think that the previous post is just saying that if you cannot specify the protocol and port of an application then the CSS cannot recognize it as a flow and you cannot write a content rule. (Phil pls correct me if I misunderstood your comment)

Here is a link to a new tech tip on flows: http://www.cisco.com/warp/public/117/css_flows.html

David Russell

CCIE #5751

ThroughPoint

New Member

Re: CSS 11050 and non-web traffic.

David is correct

Cisco Employee

Re: CSS 11050 and non-web traffic.

David, Phil

I think that the question was whether or not we can loadbalance something that is not TCP or UDP. ie: ospf uses IP protocol 89.

So, this would be a layer 3 loadbalancing based on ip address only and this should be feasible.

Gilles.

CCIE #3878

Cisco Systems

New Member

Re: CSS 11050 and non-web traffic.

The CSS can load balance 'any' ip protocol with a layer3 rule. The only caveat is that the services assigned to the content rule must only have an icmp keepalive. If you specify a tcp port number as the keepalive, the CSS will perform the outbound nat / port redirection to that tcp port, which will cause things to break - This is not in the documentation !

Darren Page

CCIE #1429.

213
Views
0
Helpful
8
Replies
CreatePlease login to create content