Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

I want CSS to like RADWARE,F5 ,OneArm,To See Source IP

In the CSS11050 document,Cisco sugest customer not use OneArm.

But other LB products(RADWARE,F5,FOUNDRY)can make it and can see client source ip. make it in three ways;

1)SOURCE NAT

2)DEFAULT GATEWAY

3)TRIANGULAR

3 REPLIES
Bronze

Re: I want CSS to like RADWARE,F5 ,OneArm,To See Source IP

Hi,

from my point of view you can get around SRC-Natting if you force the routing to send the packets which are balanced from the CSS to the servers back to the CSS(egress and ingress ports are the same). If the servers reside in the same Subnet as the VIP you can get this by moving the Default-Gateway of the servers towards the CSS. But take care that this causes no other traffic from the servers to be affected by this. Second possibility if the VIP is not in the Same VLAN: Create a second circuit which resided in the VLAN of the servers and do the steps described above.

3rd possibility try to do policy routing to force the way back through the CSS but this will not be very easy to Troubleshoot in case of a failure.

Again the warning: Make sure that the unbalanced connections to the balanced servers do not get affected by changing the DG, doing policy routing or something else.

Hope that helps and that I din't have ignored a smal thingy.

Regards,

Joerg

PS

Let me know about the outcome and how you implemended it.

New Member

Re: I want CSS to like RADWARE,F5 ,OneArm,To See Source IP

F5,RADWARE inplement it like:

1)Default Gateway.

LB(Load Balncer),Server in the same Vlan and subnet.

LB change the DIP(Destinatin Ip address)of the packet from Client,Server Respone the pakcet to LB. LB change the SIP(Source ip address) of the packet from server . In the server,Gateway must be set to th IP of LB.

2)Triangular.

LB,Server in the same Vlan and subnet.

LB don't change ip packet from client,but change the destination MAC(to itself :LB) from switch(like cata6509)to server's mac address. server respone the packet direct to client(not to LB).server must configure Loopback address with VIP Address.

other LB product like Foundry can also implemnet it. but why not css.

New Member

Re: I want CSS to like RADWARE,F5 ,OneArm,To See Source IP

Hello

Can the CSS do the Multi -isp like F5 and linkproof ?

200
Views
0
Helpful
3
Replies
CreatePlease login to create content