Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

why the css can't balance ?

the css connects to cisco 6509 by trunking,permit vlan all, on the css and 6509 creats vlan61. the real servers connect to 6509.on the css creat VIP address for vlan61 that the ip address is the same subnet.

the question is that the user can access the service supplied by the real servers and ping the VIP address,but can't access the service through the VIP address. through the show service summary command ,the services are all alive.

2 REPLIES
Cisco Employee

Re: why the css can't balance ?

this is becaus your server bypasses the css for the response. You need to guarantee that the server response goes back to the CSS and not directly to the client.

Use a sniffer trace to see where the traffic is going and what is happening.

The ping are answered directly by the CSS because you have configured a L7 rule.

With an L3 rule, the ping would be forwarded to the servers and the response would also be asymetric causing a failure.

I believe I already told you this in a previou s post.

Gilles.

New Member

Re: why the css can't balance ?

You are using one-armed mode.

Configuring group will enable source-natting and it will make sure that return traffic will go through CSS.

I hope it helps.

nayan

125
Views
0
Helpful
2
Replies
CreatePlease to create content