11-25-2009 12:53 PM
Is it possible for a service, belonging to a content rule to reach that same content rule?
For example:
I have a service called serv1 with IP 192.168.44.10 listening in port 8080.
Another service called serv2 with IP 192.168.40.11 listening in port 8080 as well.
I have a content rule named cont1
this content rule is listening in port 80 and has assigned serv1 and serv2
Load balancing method is arrowpoint cookie.
VIP for cont1 is 192.168.45.100
Is it possible for either serv1 or serv2 to open a browser sessions and point to http://192.168.45.100 and be able to establish the communication?
I'm having that problem now, currently that VIP address is accesible to everyone in the intranet, but when I try to open a browser from either one of those 2 services, I get a Connection Reset By Peer. I'm not sure if this could be a routing problem or a css problem. Any help would be appreciated.
Thanks in advance.
Solved! Go to Solution.
11-25-2009 03:34 PM
I will try to explain why its not working. Assuming you are initiating request from serv1 ( 192.168.44.10)
1. When your request from Real Server reaches CSS the IP addresses in the packets are (src IP: 192.168.44.10 , dest ip : 192.168.45.100)
2. Lets suppose using LB algorithm CSS selects serv2 as the destination server.IP add in Packet that reaches serv2 will be (src IP: 192.168.44.10 , dest ip : 192.168.44.11)
3. Now serv2 sees this packet coming from serv1(192.168.44.10), since this ip is on tha same subnet as serv2 it will not send the reply back to CSS, rather it will try to deliver it direclty to serv1.
4. Serv1 never initiated request for serv2 (192.168.44.11), as a result will drop this reply (Note: serv1 is expecting a response from VIP i.e 192.168.45.100)
You will need to source NAt the traffic generated from the Real Servers. This can be achieved by using source groups in CSS.
Try the following config
group xyz
add destination service serv1
add destination service serv2
vip address 192.168.45.100
With the above config, if serv2 gets selected as mentioned in the above example then the request it recieves from serv1/serv2 will have the 192.168.45.100 as the source IP.
HTH
Syed Iftekhar Ahmed
11-25-2009 03:34 PM
I will try to explain why its not working. Assuming you are initiating request from serv1 ( 192.168.44.10)
1. When your request from Real Server reaches CSS the IP addresses in the packets are (src IP: 192.168.44.10 , dest ip : 192.168.45.100)
2. Lets suppose using LB algorithm CSS selects serv2 as the destination server.IP add in Packet that reaches serv2 will be (src IP: 192.168.44.10 , dest ip : 192.168.44.11)
3. Now serv2 sees this packet coming from serv1(192.168.44.10), since this ip is on tha same subnet as serv2 it will not send the reply back to CSS, rather it will try to deliver it direclty to serv1.
4. Serv1 never initiated request for serv2 (192.168.44.11), as a result will drop this reply (Note: serv1 is expecting a response from VIP i.e 192.168.45.100)
You will need to source NAt the traffic generated from the Real Servers. This can be achieved by using source groups in CSS.
Try the following config
group xyz
add destination service serv1
add destination service serv2
vip address 192.168.45.100
With the above config, if serv2 gets selected as mentioned in the above example then the request it recieves from serv1/serv2 will have the 192.168.45.100 as the source IP.
HTH
Syed Iftekhar Ahmed
11-30-2009 09:14 AM
Thanks a lot, that worked out
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: