Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

CSS site redundancy questions

I have found out that BGP is configured to advertise the HQ subnet of out of the DR site during a failover of the HQ Internet connectivity, or an entire site failover.

Since this is the case, I do not need the DNS solution, but I will still need to put the second CSS in the DR site.

This brings up this problem:

I have the one CSS configured in the HQ site with services and VIP's in

the subnet and is is working.

If the primary server is down, the CSS points to the DR server NAT configured

in the HQ PIX, and the traffic is routed tthrough the HQ PIX through our

internal MPLS cloud to the DR server.

The DR site has it's Internet in the subnet.

The DR pix had it's outside Interface configured in the

subnet, but has static NATs for the servers in HQ AND DR the same as HQ, in the subnet.

This way, when a failover happens, DNS does not need to be changed.

So what this means is I will have to configure the CSS services and VIPs pretty much the same as the CSS in the HQ site.

What I am not sure about are these three things:

1. What IP Address subnet do I put the CSS interface and server services in? I will put the VIPs

in the HQ subnet, due to the fact that BGP will route to this subnet, but how do I set up the CSS interface itself?

2. Do I need to set up communication between the HQ CSS and the DR CSS through an App service?

What would I gain in my scenario? I am not sure it will help me much in this


3. Can I set up the DR site services with the same addresses as the HQ site services?


Re: CSS site redundancy questions

Using the CSS switches DNS capability, a higher level DNS server (in this example, the one authoritative for will be configured to use both CSS' circuit VLAN address as NS records for a sub-domain called Whichever CSS is referred to by the higher level DNS server will then resolve that a record request with the IP address of the DNS content rule on the CSS.

The primary site will be preferred through a combination of using an ACL on the secondary CSS, an application session between the two CSS switches, and configuring the above mentioned NS records on the higher-level DNS server


Re: CSS site redundancy questions

DNS based GSLB does not use bgp.

CreatePlease to create content