Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

redirect traffic to a DR site

I have a situation where DNS is being used to direct traffic to either a live or a DR site. As DNS may take time to kick in due to TTL's not being observed and caches etc.... I need to find a solution that can be "quick" for testing purposes... Can the CSS perform a source NAT of traffic (using an ACL) then this traffic would hit a content rule with services (public IPs) of the remote site. Can this all work in one arm mode. (the CSS only has a single front-end connection.

Alternativly, could a sorry server (of the remote site) be added to the existing content rules of the live site? source NATing would still be needed to ensure the Live CSS is not bypassed for return traffic. What would ne the best way to achieve this?

any other ideas?

This is not just HTTP traffic, there are multiple content rules.

Thanks in advance for any assistance.

Jon

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: redirect traffic to a DR site

you actually do everything in one-shot.

You hit the content-rule and the CSS nat source and destination.

This works with a single interface.

This can be done with the sorry-server

Here is an example.

service backup

ip x.x.x.x

owner MyCompany

Content www

vip addr x.x.x.x

add service ...

primarysorryserver backup

active

group SrcNat

vip x.x.x.x

add destination service backup

active

Regards,

Gilles.

Thanks for rating.

4 REPLIES
Cisco Employee

Re: redirect traffic to a DR site

Jon,

the solution that you describe is what we use in this case when non-http traffic is involved.

This works fine.

As you said, the requirement is to use source-nating to guarantee that the response comes back to the CSS.

Regards,

Gilles.

Thanks for rating.

New Member

Re: redirect traffic to a DR site

Hi Jilles, Thanks for your response.

Will this work through a single interface? ie, internet traffic hits the CSS, gets SRC NATed, then hits a content rule, gets DAT NATed, and is routed out of the same interface that it entered the CSS on?

Should I SRC NAT it before or after it hits the content rule?

What about the sorry server option? Can that work?

Jon

Cisco Employee

Re: redirect traffic to a DR site

you actually do everything in one-shot.

You hit the content-rule and the CSS nat source and destination.

This works with a single interface.

This can be done with the sorry-server

Here is an example.

service backup

ip x.x.x.x

owner MyCompany

Content www

vip addr x.x.x.x

add service ...

primarysorryserver backup

active

group SrcNat

vip x.x.x.x

add destination service backup

active

Regards,

Gilles.

Thanks for rating.

New Member

Re: redirect traffic to a DR site

Fantastic...

Thanks for your help.

Jon

183
Views
0
Helpful
4
Replies
CreatePlease login to create content