Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

CSS Validated design

Dear All,

I just want to validate the two attached CSS Design.

Which of the two designs is recommended?

What are the issues when having the CSS with 100Mbps uplinks and the servers with 1000Mbps? The L2 DMZ switch is 10/100/1000 supported.

Thanks & Regards,

Pierre

1 REPLY
Bronze

CSS Validated design

Hi Pierre,

The first design 1armed.jpg is standard one arm mode deployment, the only care to take is to SNAT the client request using source group (with adding dstination service) so that reply packet from servers is seen by CSS.

The second design 2armed.jpg is something which i never saw. Here you tried to put VLAN 10 as client VLAN between CSS and firewall and where VIP resides, but VLAN 11 where in server resides is what i am not clear about. Servers are in VLAN 11 but their segment is that of vlan 10 (172.16.10.20) and gateway is circuit vlan 10 of CSS. I beleive this design will not work with CSS. If instead we have ACE or CSM we can configured them in bridge mode where in we bridge vlan 10 and vlan 11 and assign IP 172.16.10.10 to BVI rather to any specific VLAN.

Regarding speed Q? the 100 mbps fasthethernet port as uplinks of CSS which have services connected on 1gig, will technically not posses any challenge, because these are L2 throughputs. Also there will always be difference between CSS uplink and actual service bandwidth as a single CSS can be configured with 100 of real servers so these L2 bandwidth shall not hamper untill  CSS is processing a lot of local traffic (like management or probes) and this difference will not posses any major congestion problem. Important is expected L4-L7 throughput.

372
Views
0
Helpful
1
Replies
CreatePlease to create content