Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

CSS VIP access

Hello,

we have Web1 and Web2 web servers

we have Dat1 and Dat2 database servers

Web1 and Web2 share VIP of 10.10.10.10

Dat1 and Dat2 share VIP of 10.10.10.20

all 4 servers are on same subnet of 10.10.10.0/24

Can Dat1 access VIP of 10.10.10.10@port 80? or Web servers access VIP of 10.10.10.20?

thanks

1 REPLY

Re: CSS VIP access

Its Do-able.

You will need to use source group to NAT the client's source IP so that the end server doesn't respond directly back to the client but instead goes back to the CSS.

Issue is that when WEB1 sends request to VIP configured for DB servers the CSS will select either DAT1/DAT2 and will hand over the traffic to the DAT1/DAT2. Now from DAT1/DAT2 perspective the source-address of this request is from WEB1 and since both WEB & DAT servers share same L2 VLAN it will attempt to send the response back to WEB1 directly using ARP(bypassing CSS and making the connection Assymetric). Since WEB1 sent request to VIP not DAT1/DAT2 ip , WEB1 will drop the response.

HTH

Syed Iftekhar Ahmed

148
Views
5
Helpful
1
Replies
CreatePlease to create content