[c-nsp] csm Bride Mode Simple scenario. Is it Possible?

Ross Vandegrift ross at kallisti.us
Wed Apr 9 10:03:27 EDT 2008


On Wed, Apr 09, 2008 at 11:02:06PM +1000, Brad Case wrote:
> I actually asked this same question to Cisco. The official response I got
> was this:
> 
> Extract:
> 
> 
> This should work to some extent. However, for the large network I don't know
> how reliable you can run this system for sure.
> 
> You are basically forcing static route in MSFC to forward traffic to the
> client vlan of the CSM. This is not something desirable way to do routing on
> the CSM. Especially bridge mode.

This response is completely bogus and highlights why I am frustrated
with Cisco's support for the CSM.  I have only ever heard of two
people at Cisco that really understood the thing, and I've personally
only talked to one.

> There will "only" be 2 VIP's setup this way & never anymore. There will
> be many additional VIPs  that will be created using an VIP IP in the same
> address range as the real server addresses (Text book scenario).
> If the customer were to change the 2 VIP addresses it requires a massive
> amount of logistics to do so, hence the reason why I am considering doing it
> this way.
> 
> 
> I would really like to here what people have to say in relation to this
> response & if I should be concerned in doing it like this for just 2 VIP's
> only.

I have over 400 VIPs on a CSM running in this way, in bridged mode, without
advertise active.  Any IP can be used as a VIP so long as traffic to that IP
ends up directed to the CSM's client VLAN IP.

The easiest way to do this is add a static route for the VIP to the
CSM's client IP on the MSFC.  So for your example below, you would need
"ip route 50.40.220.99 255.255.255.255 10.20.220.2".

If you have an FT setup, you'll want the next-hop to be the client
VLAN's alias IP.


Ross

> 
> 
> Regards,
> 
> Brad
> 
> 
> 
> 
> 
> On Tue, Apr 8, 2008 at 5:59 PM, Arie Vayner (avayner) <avayner at cisco.com>
> wrote:
> 
> > Brad,
> >
> > You should just make sure the virtual IP is routable on the MSFC. The
> > best way is to use the "advertise" command on the virtual server.
> >
> > Arie
> >
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net
> > [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Brad Case
> > Sent: Tuesday, April 08, 2008 02:27 AM> > To: cisco-nsp at puck.nether.net
> > Subject: [c-nsp] csm Bride Mode Simple scenario. Is it Possible?
> >
> > Hi Guys,
> > I have a question that I simply cannot find an answer to on the Cisco
> > site in regards to the CSM in Bridge mode.
> > Is it possible to have the vserver (VIP) IP in a differnt subnet range
> > than the real IP addresses in the serverfarm that is bound to it?
> >
> > In other words, as an example a typical bridge configuration is like
> > this:
> >
> >
> >
> > vlan 221 client
> >  ip address 10.20.220.2 255.255.255.0
> >  gateway 10.20.220.1
> > !
> > vlan 220 server
> >  ip address 10.20.220.2 255.255.255.0
> > <<<<<<<<<<<<Two VLANs with the same IP address are bridged
> > together>>>>>>>>>>>>>>>>>.
> > serverfarm WEBFARM
> >  nat server
> >  no nat client
> >  real 10.20.220.10
> >  inservice
> >  real 10.20.220.20
> >  inservice
> > !
> > vserver WEB
> >  virtual 10.20.220.100 tcp www
> >  serverfarm WEBFARM
> >  persistent rebalance
> >  inservice
> >
> >
> >
> > Is it possible to do something like this:
> >
> > vlan 221 client
> >  ip address 10.20.220.2 255.255.255.0
> >  gateway 10.20.220.1
> > !
> > vlan 220 server
> >  ip address 10.20.220.2 255.255.255.0
> >  <<<<<<<<<<<<Two VLANs with the same IP address are bridged
> > together>>>>>>>>>>>>>>>>>.
> >
> > serverfarm WEBFARM
> >  nat server
> >  no nat client
> >  real 10.20.220.10
> >  inservice
> >  real 10.20.220.20
> >  inservice
> > !
> > vserver WEB
> >  virtual 50.40.220.99 tcp www   <<<<<<<<<<  Place the IP address in a
> > different subnet than the IP's in the serverfarm >>>>>>>>>>>>>>>
> > serverfarm WEBFARM  persistent rebalance  inservice
> >
> >
> > <<<<<<<<On the MSFC place a static route to route the 50.40.220.99
> > address towards the CSM IP on vlan 221>>>>>>>>>.
> >
> > ip route 50.40.220.99 255.255.255.255 10.20.220.2
> >
> >
> > Please if somebody knows if this is or is not possible it would be
> > highly appreciated to hear your feedback.
> >
> >
> > Regards,
> >
> > Brad
> >  _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

-- 
Ross Vandegrift
ross at kallisti.us

"The good Christian should beware of mathematicians, and all those who
make empty prophecies. The danger already exists that the mathematicians
have made a covenant with the devil to darken the spirit and to confine
man in the bonds of Hell."
	--St. Augustine, De Genesi ad Litteram, Book II, xviii, 37


More information about the cisco-nsp mailing list