Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2025
Views
0
Helpful
2
Replies

service and content rules questions

Go to solution
daniel.pimentel
Level 1
Level 1

‎11-25-2009 12:53 PM

Is it possible for a service, belonging to a content rule to reach that same content rule?

For example:

I have a service called serv1 with IP 192.168.44.10 listening in port 8080.

Another service called serv2 with IP 192.168.40.11 listening in port 8080 as well.

I have a content rule named cont1

this content rule is listening in port 80 and has assigned serv1 and serv2

Load balancing method is arrowpoint cookie.

VIP for cont1 is 192.168.45.100

Is it possible for either serv1 or serv2 to open a browser sessions and point to http://192.168.45.100 and be able to establish the communication?

I'm having that problem now, currently that VIP address is accesible to everyone in the intranet, but when I try to open a browser from either one of those 2 services, I get a Connection Reset By Peer. I'm not sure if this could be a routing problem or a css problem. Any help would be appreciated.

Thanks in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Syed Iftekhar Ahmed
Level 8
Level 8

‎11-25-2009 03:34 PM

I will try to explain why its not working. Assuming you are initiating request from serv1 ( 192.168.44.10)

1. When your request from Real Server reaches CSS the IP addresses in the packets are (src IP: 192.168.44.10 , dest ip : 192.168.45.100)

2. Lets suppose using LB algorithm CSS selects serv2 as the destination server.IP add in Packet that reaches serv2 will be (src IP: 192.168.44.10 , dest ip : 192.168.44.11)

3. Now serv2 sees this packet coming from serv1(192.168.44.10), since this ip is on tha same subnet as serv2 it will not send the reply back to CSS, rather it will try to deliver it direclty to serv1.

4. Serv1 never initiated request for serv2 (192.168.44.11), as a result will drop this reply (Note: serv1 is expecting a response from VIP i.e 192.168.45.100)

You will need to source NAt the traffic generated from the Real Servers. This can be achieved by using source groups in CSS.

Try the following config

group xyz

  add destination service serv1

  add destination service serv2

  vip address 192.168.45.100

With the above config, if serv2 gets selected as mentioned in the above example then the request it recieves from serv1/serv2 will have the 192.168.45.100 as the source IP.

HTH

Syed Iftekhar Ahmed

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Syed Iftekhar Ahmed
Level 8
Level 8

‎11-25-2009 03:34 PM

I will try to explain why its not working. Assuming you are initiating request from serv1 ( 192.168.44.10)

1. When your request from Real Server reaches CSS the IP addresses in the packets are (src IP: 192.168.44.10 , dest ip : 192.168.45.100)

2. Lets suppose using LB algorithm CSS selects serv2 as the destination server.IP add in Packet that reaches serv2 will be (src IP: 192.168.44.10 , dest ip : 192.168.44.11)

3. Now serv2 sees this packet coming from serv1(192.168.44.10), since this ip is on tha same subnet as serv2 it will not send the reply back to CSS, rather it will try to deliver it direclty to serv1.

4. Serv1 never initiated request for serv2 (192.168.44.11), as a result will drop this reply (Note: serv1 is expecting a response from VIP i.e 192.168.45.100)

You will need to source NAt the traffic generated from the Real Servers. This can be achieved by using source groups in CSS.

Try the following config

group xyz

  add destination service serv1

  add destination service serv2

  vip address 192.168.45.100

With the above config, if serv2 gets selected as mentioned in the above example then the request it recieves from serv1/serv2 will have the 192.168.45.100 as the source IP.

HTH

Syed Iftekhar Ahmed

0 Helpful

Go to solution
daniel.pimentel
Level 1
Level 1
In response to Syed Iftekhar Ahmed

‎11-30-2009 09:14 AM

Thanks a lot, that worked out

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents