Cisco Support Community
Community Member

CSS 11500- Source Groupe


when using a Sourcegroupe for Changing the Source-Adress of loadbalanced Traffic, it is possible to configure a VIP Address with a range.

How is this Range used, and is the number of Sourceports then greater?

We did some troubleshooting, and found out, that our Solaris machines, get some problems when many requests come, in a short timeperiod, from the same Sourceport.

So the Server will send a RST with an old Sequence Number from a previous TCP Connection which has been closes for a few seconds.

Changing the Time Wait State on the Server is no solution to us.

Best Regards

Cisco Employee

Re: CSS 11500- Source Groupe

you can use a range but it will not do what you expect.

For the range to work, you need a range of ip addresses for the service and for the content rule.

Maybe you should find a solution with no source group.

Are you in one-armed mode ?


Community Member

Re: CSS 11500- Source Groupe


ist some more complex. Its no really one-armed-config, but its possible that we need some server to server Farms on CSS, which normally not need to pass the css.

Because the Subnets need to be secured by one firewall, there is no way to get the css in the normal path flow.

Also we have some Server to server connections we have in the same subnet. So on css is no direct Server Return possible i think my idea was to increase the possible sourceports.

Best Regards

CreatePlease to create content