Would traffic generated from client A always coming thru firewall A and traffic generated from client B always coming from firewall B?
If so, ECMP (enabled by default) should handle client traffic destined to VIPs with no issues since the default behavior is to send traffic back thru the same path that came from.
The issue would be with server initiated traffic which I understand is what you want to specify.
So if you need customer A servers to use an specific route and customer B servers to use the other, it gets a little difficult.
Is there a way to differentiate the server initiated traffic (for example, uses a different port). If so, you could configure a service that points out the VLAN the traffic should go to), and use an ACL that
prefers this service for specific server traffic.
Honestly even when I something like this might be possible, I always recommend to avoid this kind of setups, even more important is that this design should be tested on a separate testing environment before moving to production since implementing on production could cause many issues and many things need to be consider depending of your specific network setup.
The servers do have their own ports on the CSS and they are in their own vlans.
The problem isn't separating their traffic from each other.
The problem that I have is one default route that points to customers A's firewall. I would like Customer B's traffic to flow out through a port on the CSS up to it's own firewall while Customer A contiunes to go out through the A-Firewall.
Just for clarification here, this is traffic from the customers servers sat behind the CSS wanting to talk to servers on the internet and not the internet talking to a set of load balanced servers.
Cust-A-srv1 needs to make a connection via SSL to a server somewhere on the internet.
This is currently fine as the default route is for Customer A's Firewall.
Now Cust-B-Srv1 needs to make an SSL connection to a server on the internet. As it stands at the moment the traffic takes the default route from the CSS to Customer A's firewall.
This causes me a problem as I don't want any config on Customer A's firewall relating to servers or services for Customer B.
If I user ECMP will this load balance the upstream firewalls???
If so then I would need to configure both cutomers firewalls to know about the other customers servers which I really don't want to do.
I hope this makes sense.
Looking at your 1st response you mentioned VLANs and ACLs. Is it possible to manipulate these in such a way that I can define all the traffic comming in on one VLAN to go out to the router on another vlan and then do the same for a different set of VLans.
If so can you point me in to right direction to some examples?
Introduction This article will help you understand the steps on how to
download the UCS licenses from the Cisco Systems website and then
installing it on the UCS. The redacted (blue lines) just covers up
certain numbers for privacy please do not take them...
Introduction This article will help you understand and educate the
customer on how to clear their "expired licenses"
(license-graceperiod-expired) from their UCS-M. If a customer just
purchased a license and needs a step by step guide on how to download
==================== VIC FNIC driver does not support Virtual Volumes (
second level LUN ID ) An enhancement request has been created to track
this feature - CSCux64473 UPDATE - 12-14-2016 We made some traction on
the enhancement request - The Fix is in t...