We are running redundant CSS's in one armed mode, and we use the group command. We have one group of servers that has content from third parties (search Engines). Since putting the group command on (to correct one issue) the source address is now being changed by the CSS (which is correct) however when the link on the internal web servers is clicked the third party gets the report and the referrer address shows up as the VIP not the Internet user.
Is there anyway to get this original source address back or into the packet(s) that hits the web server soas to send to the third party?
If you're not aware, there is a gotcha not using groups.You cannot access the server from a client address on the same subnet. Without the group the packet will be forwarded to the server (via a VIP on the CSS). The server will see the client address as being on the same subnet and will try to send the data directly and not through the CSS. Obviously this gets rejected by the client as it doesn't have a matching TCP session. As long as the source is on a different subnet to the server there is no problem.
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
In the Previous articles of ACI Automation, we are using Postman/Newman as the Rest API tool to automate the ACI Configuration.
In this article I’m going to discuss on usin...
One of the first steps in building your ACI Fabric is to go through Fabric Discovery. While Fabric Discovery is usually a straightforward process, there are various issues that may prevent you from discovering an ACI switch. This article wil...