I configured my companies 2 CSS's as load balancers for a bunch of web servers and they work great except for a minor issue that I cant seem to resolve. When a web daemon on a server crashes, or is shutdown for one reason or another, the CSS removes that service from the pool, which is good, but that server looses connection to the outside world. We can still SSH into the server and push data onto it, but the route to the outside world is dead.
This is a problem since our servers often need to connect to outside resources on startup.
We are currently set up with a 2-Tier network layout where the CSS is connected to our public network (say 184.108.40.206/24) and our servers sit on a private network(192.168.0.0/24) and use the CSS as their gateway.
I tried a number of fixes to rectify the situation, but nothing has worked so far. The servers have another NIC connected directly to the public network, but since the default GW is the CSS, it does not help. I tried changing the default GW on the servers to point to our public GW, but then access through the CSS VIP does not work. Static routes don't do the trick either.
Is there any configuration option that I can change so that the CSS does not kill the GW for a server whose service is down?
Either that, or do you know of a better way to lay out the configuration so we avoid the problem?
If needed I can post the configuration of our CSS and the network setup on our servers.
We already have groups set up for the servers. I have attached our config file (slightly edited for security reasons) to see our setup.
Here are some more details on our setup.
Public Network: 220.127.116.11/24
Private Network: 192.168.0.0/24
Public Gateway: 18.104.22.168
CSS IP: 22.214.171.124
CSS Gateway: 192.168.0.1
Server Network Setup:
Default Gateway -> CSS Gateway (192.168.0.1)
As I said, while the Tomcat daemon is running, the server can ping to the outside world through the CSS, but as soon as the daemon is stopped, the keepalive detects it as down, removes it from the pool and drops all outgoing packets from that server.
Introduction This article will help you understand the steps on how to
download the UCS licenses from the Cisco Systems website and then
installing it on the UCS. The redacted (blue lines) just covers up
certain numbers for privacy please do not take them...
Introduction This article will help you understand and educate the
customer on how to clear their "expired licenses"
(license-graceperiod-expired) from their UCS-M. If a customer just
purchased a license and needs a step by step guide on how to download
==================== VIC FNIC driver does not support Virtual Volumes (
second level LUN ID ) An enhancement request has been created to track
this feature - CSCux64473 UPDATE - 12-14-2016 We made some traction on
the enhancement request - The Fix is in t...