07-31-2007 08:25 AM
Hi,
We use Regular Firewall Configuration with Dual CSMs for loadbalancing.
We try to loadbalance RTSP/UDP (/TCP no problem).
The RTSP Client send a SETUP(TCP 554) to the server requesting respond using UDP port alpha
When the UDP flow come back(using port alpha) , how can i be sure that it use the same FW as the TCP flow??
Thanks in advance.
Raphael
08-01-2007 04:20 AM
if you use sticky with reverse sticky, you can guarantee exactly that.
Here is an example I wrote some a while ago:
Another solution is to play with predictor hash.
Gilles.
08-01-2007 04:52 AM
Gilles,
can't we have the same behavior by using the 'service RTSP' ?
vserver
virtual ip
Regards,
Pascal
08-01-2007 06:17 AM
you can, but you will dramatically reduce the performance.
I always prefer to avoid the 'service' command every time I can.
Gilles.
08-02-2007 10:46 PM
I read the example with sticky & reverse sticky.
Q1 : what does it occurs if there are 2 simultaneous connections from the client (Vlan499) towards the LAN server (Vlan500) and that these 2 connections pass each one by a different firewall?
Q2 : do you agree with me that this example supports only connections from customer = Vlan 499 towards server = Vlan 500 and not the server initiated traffic (= from Vlan 500) ?
Is it right to solve these issues as follow ?
CSM side Vlan499
Sticky 10 address source timeout 60
vserver SERV2FW
vlan499
sticky 60 group 10
vserver FW2SERV
vlan168
reverse-sticky 10
CSM side Vlan500
Sticky 10 address destination timeout 60
vserver SERV2FW
vlan500
sticky 60 group 10
vserver FW2SERV
vlan169
reverse-sticky 10
Regards,
Pascal.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide