Is it possible to do stateful VIP redundancy on 1105x devices? (Storing sticky db on redundant CSS)
I have two of them and going to configure VIP for server load balancing. Single CSS is working well but i have two of them and i dont want to see disconnected sessions when primary goes down. Does anybody recommends any solution like this?
I have gotten a pseudo statefull failover to work, no sticky information is used. It is not acturally statefull in that the other box does not have any state information but is able to take over the TCP connection without the end points being affected. I don't have the config handy right now. If you need it I can dig it up and send it to you.
One of the keys is to set the persistence command to its default value (persistence reset redirect) also the load balancing must be by source IP address. This ensures that both boxes will select the same server - assuming that the configs and service states are identical.
The manual can help but I found that it called for more statements than were necessary and that it did not note the persistence requirement. I found that the command disables the PAT on the connections so that if the source port is 3546 coming into the CSS it will keep it as 3546 going to the service. If the port is translated then the backup switch will not know the translation and send it to the wrong socket on the client, resulting in an error.
It worked great but the downside is the global persistence command is inefficient and affects all sessions and that you have to use source IP load balancing for the rule you are protecting. I did not implement this in production.
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...
Cisco Documents are usually accurate, but when it came to the document
on Cisco APIC Signature-Based Transactions it was slightly off the mark.
This document is for those novices to API like me who cant seem to
figure out how to go about performing signat...