Hopefully I am not repeating a thread but am trying to clarify something.
We are trying to come up with a network design template that we can reuse later down the line.
Have been looking for best practices on the setting up of a CSS 11500 and have found some but nothing that quite matches what I have in mind. It there is one please point it out to me.
We are trying to use the CSS to load balance to some web servers, these web servers also have to be accessed
and managed remotely, the initial plan was the network diagram below. The web servers have two interfaces a public VLAN X and a private VLAN Y. The LB sends the traffic to the public VIP to the private interface. I have gotten it working
with the client nat but the config seems overly complex and we lose visibility. Not a deal breaker if this is what is commonly done, just feel that there is a better way. Instincts could be wrong.
I have read that you can just go straight thru the load balancer to the servers but also saw a thread where it was mentioned not to send all traffic thru the CSS since it was mainly designed to deal with http type traffic and had issues with long persistent flows, maybe I read it wrong but it would make sense to me only to send the traffic to the servers that need to be load balanced thru the CSS and everything else go direct.
What do most designers have their servers do? Should I send out a pair of router to do route mapping? Redunancy and the VPN router is not managed by us. Remove the public interface and put a static route entry pointing to the CSS for the web servers network? Or leave it the way it is? Any insight would be great, than you for your time.
It would be nice to be able to say that one is the best option, but unfortunately this is not the case.
It all depends on your traffic and application.
Do you expect long lived persistent connections going directly to the server ?
If yes, do you know the destination port or is it random ?
You can always adjust the timeout for long lived connection if you know the destination port. You can do this with the 'flow permanent' command.
One thing you can do is create a vip for each server separately [use private ip addresse for the servers and a public ip for the vip].
Then you can catch the traffic for each server and use the 'flow-timeout-multiplier' to set the idle timeout.
I think if you can do this it is the best option.
I only recommend to bypass the CSS if you use protocols that are not supported by the CSS like IPSEC or if the level of traffic that you sent directly to the servers is so high that it could potentially kill or slow down the CSS.
In this case client nat is required or a router doing policy routing.
Introduction This article will help you understand the steps on how to
download the UCS licenses from the Cisco Systems website and then
installing it on the UCS. The redacted (blue lines) just covers up
certain numbers for privacy please do not take them...
Introduction This article will help you understand and educate the
customer on how to clear their "expired licenses"
(license-graceperiod-expired) from their UCS-M. If a customer just
purchased a license and needs a step by step guide on how to download
==================== VIC FNIC driver does not support Virtual Volumes (
second level LUN ID ) An enhancement request has been created to track
this feature - CSCux64473 UPDATE - 12-14-2016 We made some traction on
the enhancement request - The Fix is in t...