Re: Implementing two cisco CSS 11154's in an ISP environment.
Please see my answers inline begining with >>>>
Please be aware I can only give you conceptual information due to the lack of specifics.
clientA has 3 webservers
clientB has 2 webservers
Both clients want to loadbalance http traffic on their webservers.
webserverA1 webserverA2 and webserverA3 are connected to switchA
webserverB1 and webserverB2 are connected to switchB
switchA is connected to ethernet port1 on a CSS11154
switchB is connected to ethernet port2 on a CSS11154
The CSS balances traffic addressed to VIP-A over IPADDR-A1, IPADDR-A2 and IPADDR-A3
The CSS balances traffic addressed to VIP-B over IPADDR-B1 and IPADDR-B2
this example is without the second CSS.
Then there is the with / without firewall part.:
I can create 2 vlans with the following config:
vlan1 ethernet port 1, 2, 3, 4, 5, 6 and 13
vlan2 ethernet port 7. 8. 9. 10. 11. 12 and 14
port 13 (Gigabit) is connected to our core-switch so clients connected to port 1 through 6 can loadbalance with an direct internet connection
port 14 (Gigabit) is connected to a switch behing a pix firewall..
This is all possible right?
>>>> Cant see any problem
The there is the redundancy part..
How do I get backup CSS to communicate with the active primary? is it possible through the management interface?
>>>>No not a good idea. From what you have here it is better to use vip and interface redundancy. This uses a vrrp protocol which runs across the uplinks and downlinks . The 2 CSS need to be on the same layer 2 segment and does not require a dedicated interface. It also give you the ability to run in an active active state. Client A can be active on CSS A and Client B can be active on CSS B. If one of the switches fail then the other switch will take over for all services. One downfall of this is that you need to make sure one CSS can handle all the load in case of a failure.
I will send you a doco seperately that you can have a look at the redundancy methods.
Could anyone tell me if this is a good setup, end if there are caveats in this plan.
Also maybe other things I must look at (software version etc)
Topology & Design:
Two ACI fabrics
Stretching VLANs using OTV
Both fabrics are advertising BD subnets into same routing domain
Some BDs(or say VLANs) are stretched, but some are not.
Endpoints can move betwee...
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
Topology &Design:Traffic flow within same fabric:Endpoint moves to Fabric-2Bounce Entry Times OutTraffic Black-holedSummarySolutionAppendix:
In the Previous articles of ACI Automation, we are using Postman/Newman a...