Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
846
Views
0
Helpful
3
Replies

Traffic between two real server from same VLAN but different Server Farm

rc5295509
Level 1
Level 1

‎12-03-2013 07:36 AM

Hi,

I have a trouble, I need that two real server from different serverfarm, but both are in the same VLAN and they are in the same context.

real server A, server farm A  need to comunicate with real server B with server farm B.

How is the best configuration for achieve this?

Labels:
0 Helpful
3 Replies 3

Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎12-03-2013 08:29 AM

Hi,

Please find the example below:

access-list ANYONE line 10 extended permit ip any any

rserver host SERVER_01
  ip address 192.168.1.11
  inservice
rserver host SERVER_02
  ip address 192.168.1.12
  inservice
rserver host SERVER_03
  ip address 192.168.1.13
  inservice

serverfarm host REAL_SERVERS
  rserver SERVER_01
    inservice
  rserver SERVER_02
    inservice
  rserver SERVER_03
    inservice

class-map match-all REAL_SERVERS
  2 match source-address 192.168.1.0 255.255.255.0----->Server range from where connection will originate


class-map match-all VIP-30
  2 match virtual-address 172.16.51.30 tcp eq www--->VIP on which the connections from clients as well as servers will come.


class-map type management match-any REMOTE_ACCESS
  description remote-access-traffic-match
  2 match protocol telnet any
  3 match protocol ssh any
  4 match protocol icmp any

policy-map type management first-match REMOTE_MGT
  class REMOTE_ACCESS
    permit


policy-map type loadbalance first-match SLB_LOGIC
  class class-default
    serverfarm REAL_SERVERS------>connections would be loadbalanced to this server after condition matches.


policy-map multi-match CLIENT_VIPS
  class VIP-30
    loadbalance vip inservice
    loadbalance policy SLB_LOGIC
    loadbalance vip icmp-reply active


  class REAL_SERVERS
    nat dynamic 1 vlan 451---->Traffic from real servers will be source natted so that return traffic also goes through the ACE and not directly since real servers are in same subnet.

interface vlan 251
  description Client vlan
  ip address 172.16.51.11 255.255.255.0
  access-group input ANYONE
  service-policy input REMOTE_MGT
  service-policy input CLIENT_VIPS
  no shutdown


interface vlan 451
  description Servers vlan
  ip address 192.168.1.1 255.255.255.0
  access-group input ANYONE
  service-policy input CLIENT_VIPS
  nat-pool 1 192.168.1.10 192.168.1.10 netmask 255.255.255.0 pat
  no shutdown

ip route 0.0.0.0 0.0.0.0 172.16.51.1

Please try and see if this helps.

Regards,

Kanwal

0 Helpful

rc5295509
Level 1
Level 1
In response to Kanwaljeet Singh

‎12-03-2013 10:02 AM

Hi..

And this work when you have a second server farm and another VIP?  look the diagram.. 

0 Helpful

Kanwaljeet Singh
Cisco Employee
Cisco Employee
In response to rc5295509

‎12-03-2013 10:08 AM

Hi,

Yes, it should work. So request from real server 192.168.1.11 will hit the VIP 40 and will get loadbalanced to  real server 4 under serverfarm 2 . Source NAT should be applied to traffic originating from real server1 so that returning traffic from real server4 comes via ACE and not directly.

Regards,

Kanwal

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents