There is no throughput problem if the CSS is bypassed, ie, the server is connected directly to the same switch as the firewall, and has it's default route set to the gateway ip address of the firewall. I can pull the full 100Mbit/s FD in this configuration, but the CSS doesn't see the traffic, so no load-balancing.
The network layout has changed slightly since my first posting, but I'm still seeing a throughput issue for the devices connected/routing out via the CSS.
I have now also raised this with Cisco TAC.
Outside LAN -- LAN1/28
usage: firewall public vip and Internet
Inside LAN -- LAN2/27
usage: firewall inside vip
CSS LAN2 vip (redundant-interface)
CSS content vips (redundant-vip)
CSS01 LAN2 interface address
CSS02 LAN2 interface address
Server LAN -- LAN3/28
usage: CSS LAN2 vip
CSS01 LAN3 interface address
CSS02 LAN3 interface address
The servers (services) are defined like this :
keepalive type tcp
keepalive port 80
ip address LAN3.35
keepalive type tcp
ip address LAN3.36
Load-balanced vips (content) are defined like this :
vip address LAN2.11
add service web01
add service web02
LAN1, LAN2, and LAN3 are all publicly accessible Internet addresses (subject to the firewall placed between LAN 1&2). NAT is not used.
Any thoughts about why a single connection (flow) is slowed down dramatically when talking to either the servers that are placed in LAN3, or the VIPs placed in LAN2.
Introduction This article will help you understand the steps on how to
download the UCS licenses from the Cisco Systems website and then
installing it on the UCS. The redacted (blue lines) just covers up
certain numbers for privacy please do not take them...
Introduction This article will help you understand and educate the
customer on how to clear their "expired licenses"
(license-graceperiod-expired) from their UCS-M. If a customer just
purchased a license and needs a step by step guide on how to download
Introduction Prepositioning is a powerful tools on the WAAS platform but
it is not always easy to figure out why your jobs are failing when
trying to retrieve the files.Here is a method that should help you to
figure out the reason why they are not succes...