Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
589
Views
0
Helpful
6
Replies

%% Service IP Address conflicts with a local I/F, VIP, mgmt route

Go to solution
donaghq_2
Level 1
Level 1

‎09-20-2006 06:37 AM

Hello

I have a test environment where there is a VIP of 10.1.1.1. The content rule round robins requests to 10.1.2.1 and 10.1.3.1. I NAT every source address to 10.1.1.2 so that all requests return via the content switch and not the WAN (servers have a gateway address of 10.1.2.250 and 10.1.3.250 respectively).

The webserver people would like to be able to see all of the different addresses that target the webserver (I asked if they could add a default route to the source network to be via the content switch but they were unable to for some reason). The second option was to put the servers on the same subnet as the VIP. I tried to configure the services to have addresses of 10.1.1.3 and 10.1.1.4 but got the following error

%% Service IP Address conflicts with a local I/F, VIP, mgmt route

So finally the question is:

Is there any way to get around this?!

Regards

Donagh

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee
In response to donaghq_2

‎09-20-2006 11:42 PM

Donagh,

as I understand your servers are not directly connected in the same vlan as the CSS.

This is why you can't simply change the default gateway on the server to solve your issue.

The solution would be to use policy routing on the router sitting between the servers and the CSS.

You will need to match traffic coming from the server with source port equal to application port and redirect the traffic to the CSS.

Policy routing is a feature of most Cisco routers. If you're not familiar with this, you can do some research in our documentation and then post your question on the routing and switching forum.

If you move the servers to the same vlan as the CSS, you will have to change the default gateway of the servers to use the CSS.

If you don't want to do that, the only solution is policy routing.

Gilles.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee

‎09-20-2006 07:15 AM

You didn't say if the loadbalancer had an ip in vlan 10.1.2.x and 10.1.3.x.

Changing the services to 10.1.1.3 and 10.1.1.4 would still require you to change the default gateway so that the traffic points to the CSS.

Another solution is to use policy routing on the gateway so that traffic matching the application ports get redirected to the loadbalancer.

Finally, it should be possible to configure 10.1.1.3 as a service ip address.

Check your config to see if the address is not being used already.

Also do a 'sho boot' to verify if the ip address is not used for the management interface.

Gilles.

0 Helpful

Go to solution
donaghq_2
Level 1
Level 1
In response to Gilles Dufour

‎09-20-2006 08:07 AM

Hi Gilles

Thanks for your reply.

The load balancer has an address in the 10.1.1.x subnet.

>>>Another solution is to use policy routing on the gateway so that traffic matching the application ports get redirected to the loadbalancer>>>

Surely if the services are on the same subnet/switch as the VIP then they will not need their gateway defined as that of the interface on the load balancer. I would like other traffic to go via the WAN.

I do not have any management address configured.

Regards

Donagh

0 Helpful

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee
In response to donaghq_2

‎09-20-2006 11:42 PM

Donagh,

as I understand your servers are not directly connected in the same vlan as the CSS.

This is why you can't simply change the default gateway on the server to solve your issue.

The solution would be to use policy routing on the router sitting between the servers and the CSS.

You will need to match traffic coming from the server with source port equal to application port and redirect the traffic to the CSS.

Policy routing is a feature of most Cisco routers. If you're not familiar with this, you can do some research in our documentation and then post your question on the routing and switching forum.

If you move the servers to the same vlan as the CSS, you will have to change the default gateway of the servers to use the CSS.

If you don't want to do that, the only solution is policy routing.

Gilles.

0 Helpful

Go to solution
donaghq_2
Level 1
Level 1
In response to Gilles Dufour

‎09-21-2006 03:18 AM

Hi Gilles

My servers are not in the same Vlan as the CSS. Therein lies the problem and the reason I have to use NAT. I have tried to move the servers to the same VLAN but the CSS will not allow me to configure the servers to have the same address as the VIP and the interface in which they reside. I understand that I can do policy routing but I am confused why I cannot put a service in the same subnet as the VIP - this must be a technical limitation?

Thanks

Donagh

0 Helpful

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee
In response to donaghq_2

‎09-21-2006 05:54 AM

You should be able to have service in any subnet you want.

I can't tell you where is the error if I do not have your complete config and a 'show boot'.

Gilles.

0 Helpful

Go to solution
donaghq_2
Level 1
Level 1
In response to Gilles Dufour

‎09-25-2006 04:12 AM

hi Gilles

Looks like I made an error. I was trying to configure the service address to be the same address as another NAT address I was using (I have several different services setup and several different NATs)

Thanks for your time.

Regards

Donagh

0 Helpful
Customers Also Viewed These Support Documents