Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
339
Views
0
Helpful
2
Replies

why the css can't balance ?

ccie_weili714
Level 1
Level 1

‎11-12-2006 06:12 PM

the css connects to cisco 6509 by trunking,permit vlan all, on the css and 6509 creats vlan61. the real servers connect to 6509.on the css creat VIP address for vlan61 that the ip address is the same subnet.

the question is that the user can access the service supplied by the real servers and ping the VIP address,but can't access the service through the VIP address. through the show service summary command ,the services are all alive.

Labels:
0 Helpful
2 Replies 2

Gilles Dufour
Cisco Employee
Cisco Employee

‎11-13-2006 12:14 AM

this is becaus your server bypasses the css for the response. You need to guarantee that the server response goes back to the CSS and not directly to the client.

Use a sniffer trace to see where the traffic is going and what is happening.

The ping are answered directly by the CSS because you have configured a L7 rule.

With an L3 rule, the ping would be forwarded to the servers and the response would also be asymetric causing a failure.

I believe I already told you this in a previou s post.

Gilles.

0 Helpful

nayanpanchal
Level 1
Level 1
In response to Gilles Dufour

‎11-13-2006 01:05 AM

You are using one-armed mode.

Configuring group will enable source-natting and it will make sure that return traffic will go through CSS.

I hope it helps.

nayan

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents