I have a CSS 11503 that we use to balance SIP calls(UDP) among our SIP servers.
We have a content rule that balances the incoming traffic and a source group to NAT the outbound traffic. Both the content rule and the source group use the same IP address.
When a SIP call arrives at one of our servers through the VIP an entry is created in the sticky table based on the sip-call-id as expected. But when we initiate a call from one of our SIP servers an entry is not created in the sticky table. When the remote SIP server responds the CSS sees a new sip-call-id and load balances the call instead of sending it back to the originating server.
Is there a way to add an entry to the sticky table for the sip-call-id when a source group is used?
Here is the pertinent config:
ip address 10.10.1.3 255.255.255.0
ip virtual-router 25
ip redundant-interface 25 10.10.1.1
ip redundant-vip 25 10.10.1.233
ip address 10.10.2.3 255.255.255.0
ip virtual-router 52
ip redundant-interface 52 10.10.2.1
ip address 10.10.2.233
ip address 10.10.2.238
vip address 10.10.1.233
add service TalkingSIP03 weight 1
add service TalkingSIP08 weight 1
!*************************** GROUP ***************************
vip address 10.10.1.233
add service SIP03
add service SIP08
A call comes into 10.10.1.233 on udp 5060, is load balanced to 10.10.2.233(SIP03), and an entry is added to the sticky-table for the sip-call-id.
When SIP03 starts a call to remote server 22.214.171.124 using source group IP 10.10.1.233 a sticky-table entry is not added for the sip-call-id and when 126.96.36.199 sends a response it is load balanced to either SIP03 or SIP08.
How can I keep the call that was initiated on SIP03 on SIP03?
The "vip address" on your content rule is what matches the inbound traffic. Your outbound traffic is initiated to 188.8.131.52 which is not a vip ip, hence, it doesn't match the content rule. On the reverse - the response is mapping to a vip ip since the source was the natpool. I would assume that 184.108.40.206 server already had a connection through the vip and/or something changed slightly about the flow that classified it as a new inbound connection instead of re-mapping back through the sourcenat pool.
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...
Cisco Documents are usually accurate, but when it came to the document
on Cisco APIC Signature-Based Transactions it was slightly off the mark.
This document is for those novices to API like me who cant seem to
figure out how to go about performing signat...