I have a pair of CSS configured for Active-Active Virtual IP (VIP) and virtual interface redundancy. I was recently told that some servers on the backend VLAN need to talk to a client VIP. To ensure the CSS stays in a conversation I need to source NAT. Unfortunately the "client" users of the application cannot be subject to source NAT.
Long term I will be creating a new VLAN interface to split the servers up (waiting on cabling). As a short-term fix I want to implement a "one-armed" VIP as a temporary solution for server to server communication. Servers would point at this temporary VIP and a group used for source NAT.
My question is what VIP address do I use on the group? Do I use the Content rule VIP or configure different VIPs for the group? Also do I need unique group VIPs for each CSS when using this redundant configuration. I have axtra IP addresses available if I need to use them.
If you have a very specific need in terms of natting and using a source group, you may want to consider applying a nat or source group via an ACL.
So if you only have 2 servers on the back end that you need to nat going outbound, you could configure an acl and apply it to the vlan it is inbound on and apply the source group on the acl. Here is a link on using acls:
clause 10 permit 10.1.1.1 255.255.255.255 destination any sourcegroup natserver
assuming the 10.1.1.1 is the server you want to nat and natserver is the name of the source group.
Just beware of using acls as they can be tricky and please understand that there is an implicit deny on all vlans when you enable the acls, so make sure you have atleast a "permit any any destination any" with all vlans applied to it..
Thanks Pete. I already have an ACL configuration in my back pocket. However as you alluded to it is a maintenance headache. New servers require changes to the ACL's and/or an nql. I won't use them unless I have to.
The unmanaged mode is also known as Network only switching, which is introduced in Brazos release. It adds the flexibility for customer to use only network automation for service appliance.
If a device is configured a...
Usually, we can access ESXi Shell by pressing Alt+F1 from ESXi DCUI (Direct Console User Interface).
But on HyperFlex system, it just shows black window.
This is expected behavior because HyperFlex redirects ESXi Shell output to SoL...
Configuring an Export Policy Using the GUI
This procedure explains how to configure an Export policy using the APIC GUI. Follow these steps to trigger a backup of your data:
On the menu bar, choose Admi...