[c-nsp] csm Bride Mode Simple scenario. Is it Possible?

Brad Case overkillxx at gmail.com
Sun Apr 13 05:30:05 EDT 2008 

Hey,

Sorry guys, I have one last CSM query which relates directly to the below.
In the customers network  1 of the 2 VIP's  is actually used for server to
server load balancing.

So to simplify 3 servers all reside in the same subnet.

The addresses are the following:

server A: 10.20.220.11
server B: 10.20.220.12
server C: 10.20.220.15

Server A & B are in a serverfarm & the VIP address is 50.40.220.100

Server C needs to communicate to the VIP address of 50.40.220.100 to load
balance to servers A & B

Configuring ths up in Routed mode on the CSM is easy, however, in bridge
mode I am not  so sure. Below is the configuration which I think should work
(I cannot test it)   Presuming it does I am a little concerned with things
such as ICMP redirect occuring from the MSFC interface. Anyway, I would
really appreciate peoples input on the configuration:




vlan 221 client
   ip address 10.20.220.2 255.255.255.0
   gateway 10.20.220.1
  !
  vlan 220 server
   ip address 10.20.220.2 255.255.255.0
   <<<<<<<<<<<<Two VLANs with the same IP address are bridged
  together.

  serverfarm WEBFARM
   nat server
   nat client SABRIX
   real 10.20.220.11
   inservice
   real 10.20.220.12
   inservice
  !
  vserver WEB
   virtual 50.40.220.100 tcp www
<<<<<<<<<<  Place the IP address in a different subnet than the IP's in the
serverfarm >>>>>>>>
  serverfarm WEBFARM
persistent rebalance
 inservice

natpool SABRIX 10.20.220.55 10.20.220.55 netmask 255.255.255.0


Interface Vlan 221
ip address 10.20.220.1


  <<<<<<<<On the MSFC place a static route to route the 50.40.220.100

  address towards the CSM IP on vlan 221>>>>>.

  ip route 50.40.220.100 255.255.255.255 10.20.220.2


interface GigabitEthernet6/31
 description Server A
 switchport
 switchport access vlan 220
 switchport mode access


interface GigabitEthernet6/32
 description Server B
 switchport
 switchport access vlan 220
 switchport mode access

interface GigabitEthernet6/33
 description Server C
 switchport
 switchport access vlan 221
 switchport mode access


On Server C the default gateway is obviously going towards the MSFC address
of 10.20.220.1.  No other routes are defined on the server.

Anyones input is highly appreciated.

Regards,

Brad














On Thu, Apr 10, 2008 at 12:03 AM, Ross Vandegrift <ross at kallisti.us> wrote:

> On Wed, Apr 09, 2008 at 11:02:06PM +1000, Brad Case wrote:
> > I actually asked this same question to Cisco. The official response I
> got
> > was this:
> >
> > Extract:
> >
> >
> > This should work to some extent. However, for the large network I don't
> know
> > how reliable you can run this system for sure.
> >
> > You are basically forcing static route in MSFC to forward traffic to the
> > client vlan of the CSM. This is not something desirable way to do
> routing on
> > the CSM. Especially bridge mode.
>
> This response is completely bogus and highlights why I am frustrated
> with Cisco's support for the CSM.  I have only ever heard of two
> people at Cisco that really understood the thing, and I've personally
> only talked to one.
>
> > There will "only" be 2 VIP's setup this way & never anymore. There will
> > be many additional VIPs  that will be created using an VIP IP in the
> same
> > address range as the real server addresses (Text book scenario).
> > If the customer were to change the 2 VIP addresses it requires a massive
> > amount of logistics to do so, hence the reason why I am considering
> doing it
> > this way.
> >
> >
> > I would really like to here what people have to say in relation to this
> > response & if I should be concerned in doing it like this for just 2
> VIP's
> > only.
>
> I have over 400 VIPs on a CSM running in this way, in bridged mode,
> without
> advertise active.  Any IP can be used as a VIP so long as traffic to that
> IP
> ends up directed to the CSM's client VLAN IP.
>
> The easiest way to do this is add a static route for the VIP to the
> CSM's client IP on the MSFC.  So for your example below, you would need
> "ip route 50.40.220.99 255.255.255.255 10.20.220.2".
>
> If you have an FT setup, you'll want the next-hop to be the client
> VLAN's alias IP.
>
>
> Ross
>
> >
> >
> > Regards,
> >
> > Brad
> >
> >
> >
> >
> >
> > On Tue, Apr 8, 2008 at 5:59 PM, Arie Vayner (avayner) <avayner at cisco.com
> >
> > wrote:
> >
> > > Brad,
> > >
> > > You should just make sure the virtual IP is routable on the MSFC. The
> > > best way is to use the "advertise" command on the virtual server.
> > >
> > > Arie
> > >
> > > -----Original Message-----
> > > From: cisco-nsp-bounces at puck.nether.net
> > > [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Brad Case
> > > Sent: Tuesday, April 08, 2008 02:27 AM> > To:
> cisco-nsp at puck.nether.net
> > > Subject: [c-nsp] csm Bride Mode Simple scenario. Is it Possible?
> > >
> > > Hi Guys,
> > > I have a question that I simply cannot find an answer to on the Cisco
> > > site in regards to the CSM in Bridge mode.
> > > Is it possible to have the vserver (VIP) IP in a differnt subnet range
> > > than the real IP addresses in the serverfarm that is bound to it?
> > >
> > > In other words, as an example a typical bridge configuration is like
> > > this:
> > >
> > >
> > >
> > > vlan 221 client
> > >  ip address 10.20.220.2 255.255.255.0
> > >  gateway 10.20.220.1
> > > !
> > > vlan 220 server
> > >  ip address 10.20.220.2 255.255.255.0
> > > <<<<<<<<<<<<Two VLANs with the same IP address are bridged
> > > together>>>>>>>>>>>>>>>>>.
> > > serverfarm WEBFARM
> > >  nat server
> > >  no nat client
> > >  real 10.20.220.10
> > >  inservice
> > >  real 10.20.220.20
> > >  inservice
> > > !
> > > vserver WEB
> > >  virtual 10.20.220.100 tcp www
> > >  serverfarm WEBFARM
> > >  persistent rebalance
> > >  inservice
> > >
> > >
> > >
> > > Is it possible to do something like this:
> > >
> > > vlan 221 client
> > >  ip address 10.20.220.2 255.255.255.0
> > >  gateway 10.20.220.1
> > > !
> > > vlan 220 server
> > >  ip address 10.20.220.2 255.255.255.0
> > >  <<<<<<<<<<<<Two VLANs with the same IP address are bridged
> > > together>>>>>>>>>>>>>>>>>.
> > >
> > > serverfarm WEBFARM
> > >  nat server
> > >  no nat client
> > >  real 10.20.220.10
> > >  inservice
> > >  real 10.20.220.20
> > >  inservice
> > > !
> > > vserver WEB
> > >  virtual 50.40.220.99 tcp www   <<<<<<<<<<  Place the IP address in a
> > > different subnet than the IP's in the serverfarm >>>>>>>>>>>>>>>
> > > serverfarm WEBFARM  persistent rebalance  inservice
> > >
> > >
> > > <<<<<<<<On the MSFC place a static route to route the 50.40.220.99
> > > address towards the CSM IP on vlan 221>>>>>>>>>.
> > >
> > > ip route 50.40.220.99 255.255.255.255 10.20.220.2
> > >
> > >
> > > Please if somebody knows if this is or is not possible it would be
> > > highly appreciated to hear your feedback.
> > >
> > >
> > > Regards,
> > >
> > > Brad
> > >  _______________________________________________
> > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> --
> Ross Vandegrift
> ross at kallisti.us
>
> "The good Christian should beware of mathematicians, and all those who
> make empty prophecies. The danger already exists that the mathematicians
> have made a covenant with the devil to darken the spirit and to confine
> man in the bonds of Hell."
>        --St. Augustine, De Genesi ad Litteram, Book II, xviii, 37
>

More information about the cisco-nsp mailing list