[c-nsp] csm Bride Mode Simple scenario. Is it Possible?

Arie Vayner (avayner) avayner at cisco.com
Sun Apr 13 07:46:08 EDT 2008


Ross,

The only issue I see with using different VIP addresses has to do with
pushing the traffic to the CSM, which can be solved by different routing
mechanisms. The routing "tweaks" are sometimes not elegant, but are not
much different in a case where you use an external load balancer
(especially in bridge mode).

When a VIP is active on the CSM it would be registered in the hardware
IXPs and there should not be any difference how the routing is done at
this stage...

I would be happy to assist with any further questions.

Arie

-----Original Message-----
From: Ross Vandegrift [mailto:ross at kallisti.us] 
Sent: Wednesday, April 09, 2008 17:03 PM
To: Brad Case
Cc: Arie Vayner (avayner); cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] csm Bride Mode Simple scenario. Is it Possible?

On Wed, Apr 09, 2008 at 11:02:06PM +1000, Brad Case wrote:
> I actually asked this same question to Cisco. The official response I 
> got was this:
> 
> Extract:
> 
> 
> This should work to some extent. However, for the large network I 
> don't know how reliable you can run this system for sure.
> 
> You are basically forcing static route in MSFC to forward traffic to 
> the client vlan of the CSM. This is not something desirable way to do 
> routing on the CSM. Especially bridge mode.

This response is completely bogus and highlights why I am frustrated
with Cisco's support for the CSM.  I have only ever heard of two people
at Cisco that really understood the thing, and I've personally only
talked to one.

> There will "only" be 2 VIP's setup this way & never anymore. There 
> will be many additional VIPs  that will be created using an VIP IP in 
> the same address range as the real server addresses (Text book
scenario).
> If the customer were to change the 2 VIP addresses it requires a 
> massive amount of logistics to do so, hence the reason why I am 
> considering doing it this way.
> 
> 
> I would really like to here what people have to say in relation to 
> this response & if I should be concerned in doing it like this for 
> just 2 VIP's only.

I have over 400 VIPs on a CSM running in this way, in bridged mode,
without advertise active.  Any IP can be used as a VIP so long as
traffic to that IP ends up directed to the CSM's client VLAN IP.

The easiest way to do this is add a static route for the VIP to the
CSM's client IP on the MSFC.  So for your example below, you would need
"ip route 50.40.220.99 255.255.255.255 10.20.220.2".

If you have an FT setup, you'll want the next-hop to be the client
VLAN's alias IP.


Ross

> 
> 
> Regards,
> 
> Brad
> 
> 
> 
> 
> 
> On Tue, Apr 8, 2008 at 5:59 PM, Arie Vayner (avayner) 
> <avayner at cisco.com>
> wrote:
> 
> > Brad,
> >
> > You should just make sure the virtual IP is routable on the MSFC. 
> > The best way is to use the "advertise" command on the virtual
server.
> >
> > Arie
> >
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net 
> > [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Brad Case
> > Sent: Tuesday, April 08, 2008 02:27 AM> > To: 
> > cisco-nsp at puck.nether.net
> > Subject: [c-nsp] csm Bride Mode Simple scenario. Is it Possible?
> >
> > Hi Guys,
> > I have a question that I simply cannot find an answer to on the 
> > Cisco site in regards to the CSM in Bridge mode.
> > Is it possible to have the vserver (VIP) IP in a differnt subnet 
> > range than the real IP addresses in the serverfarm that is bound to
it?
> >
> > In other words, as an example a typical bridge configuration is like
> > this:
> >
> >
> >
> > vlan 221 client
> >  ip address 10.20.220.2 255.255.255.0  gateway 10.20.220.1 !
> > vlan 220 server
> >  ip address 10.20.220.2 255.255.255.0 <<<<<<<<<<<<Two VLANs with the

> > same IP address are bridged
> > together>>>>>>>>>>>>>>>>>.
> > serverfarm WEBFARM
> >  nat server
> >  no nat client
> >  real 10.20.220.10
> >  inservice
> >  real 10.20.220.20
> >  inservice
> > !
> > vserver WEB
> >  virtual 10.20.220.100 tcp www
> >  serverfarm WEBFARM
> >  persistent rebalance
> >  inservice
> >
> >
> >
> > Is it possible to do something like this:
> >
> > vlan 221 client
> >  ip address 10.20.220.2 255.255.255.0  gateway 10.20.220.1 !
> > vlan 220 server
> >  ip address 10.20.220.2 255.255.255.0  <<<<<<<<<<<<Two VLANs with 
> > the same IP address are bridged
> > together>>>>>>>>>>>>>>>>>.
> >
> > serverfarm WEBFARM
> >  nat server
> >  no nat client
> >  real 10.20.220.10
> >  inservice
> >  real 10.20.220.20
> >  inservice
> > !
> > vserver WEB
> >  virtual 50.40.220.99 tcp www   <<<<<<<<<<  Place the IP address in
a
> > different subnet than the IP's in the serverfarm >>>>>>>>>>>>>>> 
> > serverfarm WEBFARM  persistent rebalance  inservice
> >
> >
> > <<<<<<<<On the MSFC place a static route to route the 50.40.220.99 
> > address towards the CSM IP on vlan 221>>>>>>>>>.
> >
> > ip route 50.40.220.99 255.255.255.255 10.20.220.2
> >
> >
> > Please if somebody knows if this is or is not possible it would be 
> > highly appreciated to hear your feedback.
> >
> >
> > Regards,
> >
> > Brad
> >  _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

--
Ross Vandegrift
ross at kallisti.us

"The good Christian should beware of mathematicians, and all those who
make empty prophecies. The danger already exists that the mathematicians
have made a covenant with the devil to darken the spirit and to confine
man in the bonds of Hell."
	--St. Augustine, De Genesi ad Litteram, Book II, xviii, 37


More information about the cisco-nsp mailing list