Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Suspending a group/content rule on CSS

Hi,

I need to know what happens when I suspend a group or a content rule (to modify it, ie: remove or add a service):

1. Does it affect existing flows making use of this group/content rule ?

2. Does it only affect new connections ?

3. In a ASR redundancy mode, would the backup CSS take over new connections while the group/content rule is suspended ?

I'm looking for a way of amending my configuration (ie: remove/add a service to existing content rule or group) without being disruptive to the service.

Thanks

Arno

3 REPLIES
New Member

Re: Suspending a group/content rule on CSS

Hello Arno,

What happens when I suspend a group or a content rule:

1. Does it affect existing flows making use of this group/content rule ?

R/ Yes, at the point that you suspend the content rule the CSS is going to stop doing arping for that VIP address, so the current connections are going to be lost. And the new ones are not going to be able to reach the vip address.

For the group, if you suspend the group the only thing that is going to happen is that the CSS wont nat the new connections.

2. Does it only affect new connections ?

R/ Nop, it will affect also connections already established. (Just if you suspend the content rule) the group works when the traffic match on the content rule, so, when the content rule choose the service to send the traffic the CSS is going to check that the service is linked to a group in order to do the nat.

3. In a ASR redundancy mode, would the backup CSS take over new connections while the group/content rule is suspended ?

R/ Nop, the CSS is going to be the master for all the vips, including the one that you suspend, if the critical services and the reporters are alive the backup CSS is going to be the backup until the Master change to down.

So, does not matter if you suspend all content rules on your Master CSS, because the critical services and the reporters are alive.

If you need to modify your content rule, you will need a down time, or a maintenance window, if you don't want to do a failover.

Hope this help.

- Rodrigo

New Member

Re: Suspending a group/content rule on CSS

Hi Rodrigo,

Thank you very much for this very clear explanation.

Rgds,

Arno

New Member

Re: Suspending a group/content rule on CSS

I would think you could also turn down your outside interfaces (facing the client) and force the backup CSS to become the master. Make your changes on the initial CSS, turn your interfaces back up forcing traffic back, and then make changes on the second CSS.

I hope this helps,

Tom

300
Views
5
Helpful
3
Replies
CreatePlease to create content