[c-nsp] csm Bride Mode Simple scenario. Is it Possible?

Chris Riling criling at gmail.com
Wed Apr 9 10:46:25 EDT 2008 

This is the same way I'm doing it; there is a bit of administrative overhead
though...

 Chris


On 4/9/08, Ross Vandegrift <ross at kallisti.us> wrote:
>
> On Wed, Apr 09, 2008 at 11:02:06PM +1000, Brad Case wrote:
> > I actually asked this same question to Cisco. The official response I
> got
> > was this:
> >
> > Extract:
> >
> >
> > This should work to some extent. However, for the large network I don't
> know
> > how reliable you can run this system for sure.
> >
> > You are basically forcing static route in MSFC to forward traffic to the
> > client vlan of the CSM. This is not something desirable way to do
> routing on
> > the CSM. Especially bridge mode.
>
> This response is completely bogus and highlights why I am frustrated
> with Cisco's support for the CSM.  I have only ever heard of two
> people at Cisco that really understood the thing, and I've personally
> only talked to one.
>
> > There will "only" be 2 VIP's setup this way & never anymore. There will
> > be many additional VIPs  that will be created using an VIP IP in the
> same
> > address range as the real server addresses (Text book scenario).
> > If the customer were to change the 2 VIP addresses it requires a massive
> > amount of logistics to do so, hence the reason why I am considering
> doing it
> > this way.
> >
> >
> > I would really like to here what people have to say in relation to this
> > response & if I should be concerned in doing it like this for just 2
> VIP's
> > only.
>
> I have over 400 VIPs on a CSM running in this way, in bridged mode,
> without
> advertise active.  Any IP can be used as a VIP so long as traffic to that
> IP
> ends up directed to the CSM's client VLAN IP.
>
> The easiest way to do this is add a static route for the VIP to the
> CSM's client IP on the MSFC.  So for your example below, you would need
> "ip route 50.40.220.99 255.255.255.255 10.20.220.2".
>
> If you have an FT setup, you'll want the next-hop to be the client
> VLAN's alias IP.
>
>
> Ross
>
> >
> >
> > Regards,
> >
> > Brad
> >
> >
> >
> >
> >
> > On Tue, Apr 8, 2008 at 5:59 PM, Arie Vayner (avayner) <avayner at cisco.com
> >
> > wrote:
> >
> > > Brad,
> > >
> > > You should just make sure the virtual IP is routable on the MSFC. The
> > > best way is to use the "advertise" command on the virtual server.
> > >
> > > Arie
> > >
> > > -----Original Message-----
> > > From: cisco-nsp-bounces at puck.nether.net
> > > [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Brad Case
> > > Sent: Tuesday, April 08, 2008 02:27 AM> > To:
> cisco-nsp at puck.nether.net
> > > Subject: [c-nsp] csm Bride Mode Simple scenario. Is it Possible?
> > >
> > > Hi Guys,
> > > I have a question that I simply cannot find an answer to on the Cisco
> > > site in regards to the CSM in Bridge mode.
> > > Is it possible to have the vserver (VIP) IP in a differnt subnet range
> > > than the real IP addresses in the serverfarm that is bound to it?
> > >
> > > In other words, as an example a typical bridge configuration is like
> > > this:
> > >
> > >
> > >
> > > vlan 221 client
> > >  ip address 10.20.220.2 255.255.255.0
> > >  gateway 10.20.220.1
> > > !
> > > vlan 220 server
> > >  ip address 10.20.220.2 255.255.255.0
> > > <<<<<<<<<<<<Two VLANs with the same IP address are bridged
> > > together>>>>>>>>>>>>>>>>>.
> > > serverfarm WEBFARM
> > >  nat server
> > >  no nat client
> > >  real 10.20.220.10
> > >  inservice
> > >  real 10.20.220.20
> > >  inservice
> > > !
> > > vserver WEB
> > >  virtual 10.20.220.100 tcp www
> > >  serverfarm WEBFARM
> > >  persistent rebalance
> > >  inservice
> > >
> > >
> > >
> > > Is it possible to do something like this:
> > >
> > > vlan 221 client
> > >  ip address 10.20.220.2 255.255.255.0
> > >  gateway 10.20.220.1
> > > !
> > > vlan 220 server
> > >  ip address 10.20.220.2 255.255.255.0
> > >  <<<<<<<<<<<<Two VLANs with the same IP address are bridged
> > > together>>>>>>>>>>>>>>>>>.
> > >
> > > serverfarm WEBFARM
> > >  nat server
> > >  no nat client
> > >  real 10.20.220.10
> > >  inservice
> > >  real 10.20.220.20
> > >  inservice
> > > !
> > > vserver WEB
> > >  virtual 50.40.220.99 tcp www   <<<<<<<<<<  Place the IP address in a
> > > different subnet than the IP's in the serverfarm >>>>>>>>>>>>>>>
> > > serverfarm WEBFARM  persistent rebalance  inservice
> > >
> > >
> > > <<<<<<<<On the MSFC place a static route to route the 50.40.220.99
> > > address towards the CSM IP on vlan 221>>>>>>>>>.
> > >
> > > ip route 50.40.220.99 255.255.255.255 10.20.220.2
> > >
> > >
> > > Please if somebody knows if this is or is not possible it would be
> > > highly appreciated to hear your feedback.
> > >
> > >
> > > Regards,
> > >
> > > Brad
> > >  _______________________________________________
> > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> --
> Ross Vandegrift
> ross at kallisti.us
>
> "The good Christian should beware of mathematicians, and all those who
> make empty prophecies. The danger already exists that the mathematicians
> have made a covenant with the devil to darken the spirit and to confine
> man in the bonds of Hell."
>        --St. Augustine, De Genesi ad Litteram, Book II, xviii, 37
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list