My question is about configuring the CSS 11151 for server load balancing including some provision for communication with each of the servers (services), independent of the load balancing method. Here are the details.
We are building a test IDC for dedicated web hosting. We will use one Cisco CSS 11151 and several servers (as well as a firewall, etc). Web requests will be processed by the CSS using round robin. However, in addition to the need for servicing web requests, there are situations in which the web owner or the IDC administrator needs to communicate with a specific server.
That need exists for doing administrative functions like troubleshooting. It also exists for the web owner to deliver content and configure the web server. I understand that there are several different ways to configure the CSS to support this kind of access (see below) but I don't know what the trade-offs are, nor do I know what the commons practices are. So I am not sure which configuration(s) to use. Any experience to share? What is being done in the real world?
Configuration Alternatives I Am Aware Of:
1) In the (web) owner's rule add an additional individual pass-through VIP for each service. That VIP (or its NATed IP) is exposed only to the web owner.
2) Use an additional content rule for each service (L5 content rule) so that particular types of requests, e.g. FTP, are directed to particular servers.
There are a lot of solutions here. In our network we use pcanywhere to access our servers. Every server has two network cards. One network card is connected to css, another one is connected to internal network segment. Internal network segment has no route to internet. We use vpn solution to access that network. So, there are only web/ftp/commercial traffic are going through CSS. Configuration of CSS is more simple and you have ability to implement out of band management for your servers.
Also, you can just create L5 content rules for each server and open some ports for your administrative applications.
Here is another way to hack this where you can use your domain name and port number to differentiate which server where you would like to connect.
If you are limited on public IP addresses and need to administrate your back-end servers remotely, then you can create a layer4 content rule for each single server you would like to access.
This means you can create a content rule using the same IP address as your main load balancing VIP, and then you can assign a different port number each one of these new rules. Per rule, the one service on the backend can map to whichever port you like, like 23.
So the end result of this method can be telnetting to www.yourdomain.com on port 1010, and having that request map to port 23 on your backend servers.
Introduction This article will help you understand the steps on how to
download the UCS licenses from the Cisco Systems website and then
installing it on the UCS. The redacted (blue lines) just covers up
certain numbers for privacy please do not take them...
Introduction This article will help you understand and educate the
customer on how to clear their "expired licenses"
(license-graceperiod-expired) from their UCS-M. If a customer just
purchased a license and needs a step by step guide on how to download
==================== VIC FNIC driver does not support Virtual Volumes (
second level LUN ID ) An enhancement request has been created to track
this feature - CSCux64473 UPDATE - 12-14-2016 We made some traction on
the enhancement request - The Fix is in t...