Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSS services running on remote switches.

Is it possible to get a CSS switch to load balance servers that are not directly connected. I have tried to do this for Web servers but without success. If the servers are directly connected it works fine, but if they are connected to a layer 2 switch, the CSS sees the services as alive, but no connection is established.

Is there something I am over looking?

Cisco Employee

Re: CSS services running on remote switches.

Yes, it is possible to have the servers not connected to the CSS itself. The important thing here is that depending on your desing this may cause an asymetric floe, since the server response will bypass the CSS.

If you are not doing source NATing on the CSS, then the server is seeing the real client?s IP as the source IP, so it will try to respond directly to the client and will do it thru the layer 2 switch.

Since the client sent a request to the VIP on the CSS, when sees the response from the server will drop the packets.

You can configure source NATing on the CSS to prevent this issue.

Configure a group and use add destination service to add the servers, like this

group test

vip address

add destination service server1

add destiantion service server2


If you do not want the source NATing option, you can configure the servers to point to the CSS as their default gateway, that should prevent the asymmetric flow as well.

Hope it helps!!

CreatePlease to create content