Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

CSS Redundant VIP: Address outside of allowed range.

Hi,

I'm configuring Redundant VIPs on a CSS 11503 pair. However when trying to add the redundant VIP config I keep getting an error:

CSS-PRI(config-circuit-ip[VLAN140-10.10.140.235])# ip redundant-vip 10 10.10.160.1

%% Address outside of allowed range.

Please note that I'm routing 10.10.160.0/24 to my CSS redundant-interface IP, however the CSS does not have any interfaces configured on that network. It's just answering for requests to IP's on that range which we plan to use for our VIPs.

My main question is - to use VIP redundancy, do my VIPs have to be on the same subnet as the "frontside" interface? If that is not a requirement - any ideas why I'm getting the error?

Thanks!

Brad

Below is some of my config on the CSS:

!************************* INTERFACE *************************

interface 1/1

bridge vlan 140

description "Frontside Interface - VIPs"

interface 1/2

description "Backside Interface - Server Reals"

trunk

vlan 1

default-vlan

vlan 162

interface 2/1

isc-port-one

!************************** CIRCUIT **************************

circuit VLAN140

description "APP Tier VIPs"

ip address 10.10.140.235 255.255.255.0

ip virtual-router 10 priority 200 preempt

ip redundant-interface 10 10.10.140.238

circuit VLAN162

description "APP Tier Server Reals"

ip address 10.10.162.245 255.255.255.0

ip virtual-router 2 priority 200 preempt

ip redundant-interface 2 10.10.162.248

!************************** SERVICE **************************

service entry-s1-443

port 443

keepalive port 443

keepalive type ssl

ip address 10.10.162.20

active

service entry-s2-443

port 443

keepalive port 443

keepalive type ssl

ip address 10.10.162.24

active

!*************************** OWNER ***************************

owner prd01

content entry.prd01

protocol tcp

port 443

advanced-balance ssl

application ssl

vip address 10.10.160.1

add service entry-s1-443

add service entry-s2-443

active

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: CSS Redundant VIP: Address outside of allowed range.

if the subnet used for the vip does not exist on any vlan, you most probably have a static route on the upfront gateway pointing to the CSS.

So, to achieve redundancy in this case, you need to configure a redundant-interface ip address and use this ip address in your static route.

VIP redundancy is only for vip address belonging to a css vlan.

Gilles.

3 REPLIES
Cisco Employee

Re: CSS Redundant VIP: Address outside of allowed range.

if the subnet used for the vip does not exist on any vlan, you most probably have a static route on the upfront gateway pointing to the CSS.

So, to achieve redundancy in this case, you need to configure a redundant-interface ip address and use this ip address in your static route.

VIP redundancy is only for vip address belonging to a css vlan.

Gilles.

New Member

Re: CSS Redundant VIP: Address outside of allowed range.

Hi Giles,

I'm going to include a quick/dirty drawing - plus my configs. Can you take a look and verify for me that this design will achieve redundancy (in the case of css failure)?

Thanks!

Brad

Cisco Employee

Re: CSS Redundant VIP: Address outside of allowed range.

Brad,

seems to be ok.

I would suggest to use instead of the intefacecheck service a "reporter"

See the following link for more info:

http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_command_reference_chapter09186a008028fe6c.html

Gilles.

246
Views
10
Helpful
3
Replies
CreatePlease to create content