Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
586
Views
9
Helpful
3
Replies

css 11501 - some basic help please

Go to solution
aoshea
Level 1
Level 1

‎02-15-2006 09:24 AM

Dear support,

I am new to content networking and still trying to read through the several hundred pages of the manuals.

just wonder if anyone could help me out with finalising my config on a 11501 that i've purchased to act as a ssl proxy / load balancer.

I think the config, though basic does what I need to, but now i've been told by the web site designers that I now need to keep all session sticky to which ever server the remote user connects to.

Also, I seem to have some latency in the test lab (have two laptops with IIS installed to simulate the real environment).

The problem seem to be that the initial https connection seems to take a long time before the security box is displayed then even longer for the actual page to be produced.

Please can some one help me with the latency issue and the sticky session.

(also not sure if i've setup the load balancing correctly if sticky is used).

thanks in advance.

regards,

Adrian.

Please find attached config.

Labels:
Preview file
2 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
b.hsu
Level 5
Level 5

‎02-21-2006 08:34 AM

This document will be very useful to you. This document explains the different features that the CSS supports and how to configure those features.

http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_configuration_guide_chapter09186a00800dc5dd.html

View solution in original post

0 Helpful
3 Replies 3

Go to solution
b.hsu
Level 5
Level 5

‎02-21-2006 08:34 AM

This document will be very useful to you. This document explains the different features that the CSS supports and how to configure those features.

http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_configuration_guide_chapter09186a00800dc5dd.html

0 Helpful

Go to solution
paul.matthews
Level 5
Level 5

‎02-22-2006 02:12 AM

On your content rules you will need to configure sticky. This is done using the advanced balance commands under the rule, and there are lots to puck from!

As for the latency, there does not look to be much wrong, though I note you are not using any routing, so how is the return traffic passing through the CSS? Are the servers configured with 192.168.68.171 as theit default gateway? If not you may need to add a source group to translate source addresses of users to an address that will force traffic back through the CSS.

Go to solution
kbiemer
Level 1
Level 1

‎03-01-2006 01:56 PM

Where are your interface settings? See example.

!************ INTERFACE *******************

interface e1

redundancy-phy

phy 100Mbits-FD

interface e3

bridge vlan 3

redundancy-phy

phy 100Mbits-FD

interface e8

bridge vlan 99

phy 100Mbits-FD

!*************** CIRCUIT *********************

circuit VLAN1

description "service net"

redundancy

ip address 10.67.10.10 255.255.255.0

circuit VLAN3

description "firewall net"

redundancy

ip address 10.67.3.10 255.255.255.0

circuit VLAN99

description "css-primary vrrp net"

ip address 10.67.8.10 255.255.255.0

redundancy-protocol

!************** SERVICE *****************

service web3_webapp443

keepalive type tcp

protocol tcp

port 443

ip address 10.67.10.216

keepalive frequency 20

active

service web4_webapp443

keepalive type tcp

protocol tcp

port 443

ip address 10.67.10.236

keepalive frequency 20

active

service web5_webapp443

keepalive type tcp

protocol tcp

port 443

ip address 10.67.10.206

keepalive frequency 20

active

service web20_webapp443

keepalive type tcp

protocol tcp

port 443

ip address 10.67.10.236

keepalive frequency 20

active

!**************** OWNER *******************

content webapp_balance443

add service web3_webapp

add service web4_webapp

add service web5_webapp

add service web20_webapp

protocol tcp

port 81

vip address 10.67.3.34

advanced-balance arrowpoint-cookie

arrowpoint-cookie browser-expire

active

We use the advanced-balance arrowpoint-cookie to address the megaproxy issue. Any will work depending on your requirements/application. This will not work if you do not set a cookie in the user browser session used to track sticky in this mode.

If your application is SSL you will not be able to see the cookie as it will be encrypted. In this case you will need to do the SSL decryption/encryption on the CSS itself

The rest looks pretty good. You may have latency if the interface settings are in conflict.

I am no guru with the CSS but this may help

Keith.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents