[c-nsp] Cisco CSS 11501 Load Balancers
Tony Varriale
tvarriale at comcast.net
Wed Jun 1 23:24:26 EDT 2011
> 1. Do you know if this is all the attributes that a CSS's can route traffic based on? From the CSS config guide exert below i.e. L3, L4 and L5
> * destination IP
> * destination port
> * protocol
> * domain
> * context path
There are more.
> 2. What about other methods:
> * source IP
> * source port
> * server certificates?
> * client certificates?
> * any others?
Yes, there are others. All of them are described and detailed
configuration guide(s).
You should start here:
http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_installation_and_configuration_guides_list.html
Look for the balance command.
> 3. Do they support SSL client authentication rather than server authentication?
Yes. See the SSL configuration guide from the above main link.
> 4. If 3) is true, do you know how many client certificates can they host?
I do not remember the limitations as it's been a while. It may be in
the docs. And, I don't have them up in my lab yet to verify for you.
> 5. Are the load balancers capable of probing a service to determine if there are packet delays on a network or a server resource is very high, then make a decision based on certain criteria i.e. route traffic to another server or network?
Yes. In Ciscoland with CSS, these are called keepalives. See the
Load-Balancing configuration guide.
> 6. If a service is configured to forward to tcp port<any> (not www traffic), http keepalive is used and a 200 OK status is not returned, the server (xx) is then assumed down and therefore any new traffic is sent to another server in a group. If server (xx) is not actually down just http/443, will any traffic that was established when the load balancer saw the (xx) http keepalive go down, continue to flow back via tcp port<any> to the load balancer and to whence it came from? Or will it be dropped / lost as the load balancer will lose any translations?
>
I'm not sure I'm following your example. Just because a server does not
use the standard HTTP port does not mean it works differently on the
CSS. You just specify the port for the service and the keepalive.
> Sam Hall
> Senior Network Engineer
>
>
tv
More information about the cisco-nsp
mailing list