Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
640
Views
5
Helpful
3
Replies

Suspending a group/content rule on CSS

arnaud.chiaberge
Level 1
Level 1

‎06-01-2007 04:15 AM

Hi,

I need to know what happens when I suspend a group or a content rule (to modify it, ie: remove or add a service):

1. Does it affect existing flows making use of this group/content rule ?

2. Does it only affect new connections ?

3. In a ASR redundancy mode, would the backup CSS take over new connections while the group/content rule is suspended ?

I'm looking for a way of amending my configuration (ie: remove/add a service to existing content rule or group) without being disruptive to the service.

Thanks

Arno

Labels:
0 Helpful
3 Replies 3

RODRGUTI
Level 1
Level 1

‎06-01-2007 08:27 AM

Hello Arno,

What happens when I suspend a group or a content rule:

1. Does it affect existing flows making use of this group/content rule ?

R/ Yes, at the point that you suspend the content rule the CSS is going to stop doing arping for that VIP address, so the current connections are going to be lost. And the new ones are not going to be able to reach the vip address.

For the group, if you suspend the group the only thing that is going to happen is that the CSS wont nat the new connections.

2. Does it only affect new connections ?

R/ Nop, it will affect also connections already established. (Just if you suspend the content rule) the group works when the traffic match on the content rule, so, when the content rule choose the service to send the traffic the CSS is going to check that the service is linked to a group in order to do the nat.

3. In a ASR redundancy mode, would the backup CSS take over new connections while the group/content rule is suspended ?

R/ Nop, the CSS is going to be the master for all the vips, including the one that you suspend, if the critical services and the reporters are alive the backup CSS is going to be the backup until the Master change to down.

So, does not matter if you suspend all content rules on your Master CSS, because the critical services and the reporters are alive.

If you need to modify your content rule, you will need a down time, or a maintenance window, if you don't want to do a failover.

Hope this help.

- Rodrigo

arnaud.chiaberge
Level 1
Level 1
In response to RODRGUTI

‎06-04-2007 01:32 AM

Hi Rodrigo,

Thank you very much for this very clear explanation.

Rgds,

Arno

0 Helpful

tom.gill
Level 1
Level 1

‎06-04-2007 04:41 AM

I would think you could also turn down your outside interfaces (facing the client) and force the backup CSS to become the master. Make your changes on the initial CSS, turn your interfaces back up forcing traffic back, and then make changes on the second CSS.

I hope this helps,

Tom

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents