I have two server A and B. A connects to B via a Load Balancer. It is also possible for A to connect to B directly.
If A connects to B via the Load Balancer virtual IP (vip), which IP address will server B see ? Is it the VIP or ip address of server A ?
If the answer is the VIP, is it possible to configure an LB such that server B will see the incoming packet as coming from ip address A ?
first, could you mentione which loadbalancer you have.
Is it a CSS or CSM or something else ?
Then, the answer to your question is 'it depends'.
By default the loadbalancer reuses the client ip.
But you can configure it to use a VIP address or any other address.
Be aware so, that if A & B are in the same subnet, if B sees the connection coming from A, it will respond to A directly, bypassing the loadbalancer and thus breaking the connection as A expects a response from the VIP not B.
Thanks for rating this answer.
I use Cisco 11501. How can I configure the LB such that server B sees the packet coming from the VIP instead of server A ?
the default behavior is to use the client IP.
If you don't it means you have configured a group to perform the nating.
You can remove the group and the CSS will use the client ip.
However, be carefull that client nating is usually used to guarantee that the server response comes back to the CSS.
Removing the group could break your connectivity.
You first need to make sure that your server B knows that to reach A it must send the traffic to the CSS.
Verify routing table.
In doubt send us your config.
Thanks for rating this answer.
Yuo mentioned that 'this depends' on the HW. Does the CSM have a different default behaviour other than sending the client source IP ?
the default behavior for the CSM is the same as the CSS.
The config is different so which is why I always ask about the HW.
I checked the config and the client nat comes from your group config as I mentioned previously.
Remving the group is not an easy task as you apparently have a one-armed setup [everything in the same subnet].
You can remove the group only if you change the default gateway of your 2 servers and use the CSS as DFG.
Then, since A & B are in the same subnet, if you remove the group, they won't be able to communicate through the VIP anymore.
You will have to add a host route on each server for the other server and point the route at the CSS.
This means all your traffic will go through the CSS.
This is maybe not what you want.
Another solution would be to connect the server directly to the CSS in different ports.
This has also some drawbacks in terms of redundancy.
As you can see, this is not an easy task.
There are solutions but they all come with drawbacks.
So, before we investigate one that works for you, are you sure you really want to see the server real ip when they connect to each other through the CSS ?
so, let's start with the first solution.
Can you attach the server directly to the CSS ? Or do they need to be connected to another switch ?
If you do this, the problem is solved.
Just suspend the group and everything should be fine.
The rule is that the CSS MUST see all traffic in both direction.
So, if we attach the servers directly to the CSS we are ok.