[c-nsp] Cisco CSS 11501 Load Balancers

Tony Varriale tvarriale at comcast.net
Wed Jun 1 23:24:26 EDT 2011


>   1.  Do you know if this is all the attributes that a CSS's can route traffic based on? From the CSS config guide exert below i.e. L3, L4 and L5
>      *   destination IP
>      *   destination port
>      *   protocol
>      *   domain
>      *   context path

There are more.

>   2.  What about other methods:
>      *   source IP
>      *   source port
>      *   server certificates?
>      *   client certificates?
>      *   any others?

Yes, there are others.  All of them are described and detailed 
configuration guide(s).

You should start here: 
http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_installation_and_configuration_guides_list.html

Look for the balance command.

>   3.  Do they support SSL client authentication rather than server authentication?

Yes.  See the SSL configuration guide from the above main link.
>   4.  If 3) is true, do you know how many client certificates can they host?
I do not remember the limitations as it's been a while.  It may be in 
the docs.  And, I don't have them up in my lab yet to verify for you.

>   5.  Are the load balancers capable of probing a service to determine if there are packet delays on a network or a server resource is very high, then make a decision based on certain criteria i.e. route traffic to another server or network?

Yes.  In Ciscoland with CSS, these are called keepalives.  See  the 
Load-Balancing configuration guide.
>   6.  If a service is configured to forward to tcp port<any>  (not www traffic), http keepalive is used and a 200 OK status is not returned, the server (xx) is then assumed down and therefore any new traffic is sent to another server in a group.  If server (xx) is not actually down just http/443, will any traffic that was established when the load balancer saw the (xx) http keepalive go down, continue to flow back via tcp port<any>  to the load balancer and to whence it came from?  Or will it be dropped / lost as the load balancer will lose any translations?
>
I'm not sure I'm following your example.  Just because a server does not 
use the standard HTTP port does not mean it works differently on the 
CSS.  You just specify the port for the service and the keepalive.
> Sam Hall
> Senior Network Engineer
>
>
tv


More information about the cisco-nsp mailing list