CSS load balance 2 seperate connections to same server
I am trying to configure load balancing for a client who has a more complicated traffic flow than normal and I am trying to determine the best method to configure the CSS to control the load.
The traffic flow works as follows
They have 2 web servers. The web servers run a standard web page on port 80. The client makes the initial connection to the server on port 80 (which is easy to load balance), the server then checks to see if the java applet is running on itself and the other web server. The web server then instructs the client to make a secure connection on port 6111 (TLS) to the web server that is running the TLS applet. I am not 100% sure how the backend connection works because apparently it connects to the server that is running the java app using it's private IP address, so I assume that it connects to the same web server on port 80 which then forwards the TLS connection to the server running th java applet. The 1 problem is that the inbound connection on port 80 is normally done via a clients proxy server. The connection on port 6111 comes directly from the client (not via the proxy) so this will probably be the public ip address of the firewall or what ever is performing the NAT for outbound connections from the client.
My thoughts are that I could create a content rule and not specify the inbound port number. I could also create the services without using the port command and just get the CSS to forward all requests. The only problem is that I need the connections to remain on the same server for both port 80 and 6111. I can't use sticky src-ip as the connections may be comming from different SRC IP add's for those behind a proxy server (the 6111 connection bypasses the proxy as it is a straight TLS java connection)
That said the complexity is increased because of the use of TLS. I don't need to load balance the TLS connections but I need the 6111 connection to be sent to the same internal web server as the initial port 80 request.
Has anyone run into this situation? Any assistance or advise would be greatly apreciated!
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...
Cisco Documents are usually accurate, but when it came to the document
on Cisco APIC Signature-Based Transactions it was slightly off the mark.
This document is for those novices to API like me who cant seem to
figure out how to go about performing signat...