Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSS load balance 2 seperate connections to same server

I am trying to configure load balancing for a client who has a more complicated traffic flow than normal and I am trying to determine the best method to configure the CSS to control the load.

The traffic flow works as follows

They have 2 web servers. The web servers run a standard web page on port 80. The client makes the initial connection to the server on port 80 (which is easy to load balance), the server then checks to see if the java applet is running on itself and the other web server. The web server then instructs the client to make a secure connection on port 6111 (TLS) to the web server that is running the TLS applet. I am not 100% sure how the backend connection works because apparently it connects to the server that is running the java app using it's private IP address, so I assume that it connects to the same web server on port 80 which then forwards the TLS connection to the server running th java applet. The 1 problem is that the inbound connection on port 80 is normally done via a clients proxy server. The connection on port 6111 comes directly from the client (not via the proxy) so this will probably be the public ip address of the firewall or what ever is performing the NAT for outbound connections from the client.

My thoughts are that I could create a content rule and not specify the inbound port number. I could also create the services without using the port command and just get the CSS to forward all requests. The only problem is that I need the connections to remain on the same server for both port 80 and 6111. I can't use sticky src-ip as the connections may be comming from different SRC IP add's for those behind a proxy server (the 6111 connection bypasses the proxy as it is a straight TLS java connection)

That said the complexity is increased because of the use of TLS. I don't need to load balance the TLS connections but I need the 6111 connection to be sent to the same internal web server as the initial port 80 request.

Has anyone run into this situation? Any assistance or advise would be greatly apreciated!



Re: CSS load balance 2 seperate connections to same server

Yes, your thoughts are right in this regard that you could create a content rule and not specify the inbound port number

CreatePlease to create content