Solved: Misunderstanding in group config (service / destination service)

arnaud.chiaberge · ‎06-11-2007

Hi,

I'm trying to understand group configuration on a CSS, particularly the difference between a service and destination service.

If we take the basic example of a client PC and a CSS load-balancing over 3 web servers, all of them being on the same VLAN (hence the need for NATing to ensure return traffic goes through the CSS):

- Upon reception of a request, the CSS looks for a matching content-rule

- Upon matching of the content-rule, an available service is picked-up (based on load-balancing method) from the pool

At that stage, I can imagine two cases:

1. If the service belongs to an active group as a destination service:

- The packet will be source NATed with the VIP specified in the group

In other words, the client PC never sees web-servers real IPs, it only sees the content-rule VIP, and the web-servers are

seeing all requests coming from the group VIP.

2. If the service belongs to an active group as a service (not destination):

- well what happens ?? I don't see the point.

Thanks and Regards,

Arno

Gilles Dufour · ‎06-11-2007

the 2nd point is if the server opens a connection to the PC or anywhere else, and you want it's ip to be nated so it appears as coming from the vip.

Gilles.

View solution in original post

Gilles Dufour · ‎06-11-2007

the 2nd point is if the server opens a connection to the PC or anywhere else, and you want it's ip to be nated so it appears as coming from the vip.

Gilles.

arnaud.chiaberge · ‎06-11-2007

Merci Gilles,

Ok, I get it know.

So appart from FTP active mode, this quite rare that a server initiate a connection to a client (in terms of client/server paradigm), that's probably why this wasn't obvious to me.