[c-nsp] Cisco CSS 11501 Load Balancers

Sam Hall Sam.Hall at the-logic-group.com
Fri May 27 12:17:08 EDT 2011


Hi Guys

Few questions regarding the Cisco CSS 11501 load balancers if you wouldn't mind helping out?


 1.  Do you know if this is all the attributes that a CSS's can route traffic based on? From the CSS config guide exert below i.e. L3, L4 and L5
    *   destination IP
    *   destination port
    *   protocol
    *   domain
    *   context path
 2.  What about other methods:
    *   source IP
    *   source port
    *   server certificates?
    *   client certificates?
    *   any others?
 3.  Do they support SSL client authentication rather than server authentication?
 4.  If 3) is true, do you know how many client certificates can they host?
 5.  Are the load balancers capable of probing a service to determine if there are packet delays on a network or a server resource is very high, then make a decision based on certain criteria i.e. route traffic to another server or network?
 6.  If a service is configured to forward to tcp port <any> (not www traffic), http keepalive is used and a 200 OK status is not returned, the server (xx) is then assumed down and therefore any new traffic is sent to another server in a group.  If server (xx) is not actually down just http/443, will any traffic that was established when the load balancer saw the (xx) http keepalive go down, continue to flow back via tcp port <any> to the load balancer and to whence it came from?  Or will it be dropped / lost as the load balancer will lose any translations?

Thanks




Cisco Content Services Switch Content Load-Balancing Configuration Guide

Chapter 10 Configuring Content Rules

Content Rule Overview

The CSS uses content rules to determine:
* Where the content physically resides, whether local or remote
* Where to direct the request for content (which service or services)
* Which load-balancing method to use

The type of rule also implies the layer at which the rule functions.
* A Layer 3 content rule implies a destination IP address of the host or network.
* A Layer 4 content rule implies a combination of destination IP address, protocol, and port.
* A Layer 5 content rule implies a combination of destination IP address, protocol, port, and URL that may or may not contain an HTTP cookie or a domain name.
10-3

Content Rule Hierarchy
Content rules are hierarchical. That is, if a request for content matches more than
one rule, the characteristics of the most specific rule apply to the flow. The CSS
uses this order of precedence to process requests for the content, with 1 being the
highest match and 9 being the lowest match. The hierarchy for content rules is as
follows:

1. Domain name, IP address, protocol, port, URL
2. Domain name, protocol, port, URL
3. IP address, protocol, port, URL
4. IP address, protocol, port
5. IP address, protocol
6. IP address
7. Protocol, port, URL
8. Protocol, port
* Protocol



Sam Hall
Senior Network Engineer

direct +44 (0)1252 644 287
email sam.hall at the-logic-group.com<mailto:fsam.hall at the-logic-group.com>

Follow us on our Twitter account <http://twitter.com/thelogicgroup>  for all the latest developments at The Logic Group.


<http://www.the-logic-group.com/>[http://www.the-logic-group.com/CP/UploadedImages/75bd388c-1f27-41f4-8f68-adf034d0b2ea.jpg]<http://www.the-logic-group.com/>


The Logic Group Enterprises Limited, Logic House, Waterfront Business Park, Fleet Road, Fleet,
Hampshire, GU51 3SB, United Kingdom. Registered in England. Registered No. 2609323


The information in this email and any attachments are confidential and may be legally privileged and protected by law. It is for the intended recipient only. If you are not the intended recipient you may not use, disclose, copy, distribute, print or rely on the content of this email or its attachments. If this email has been received by you in error please advise the sender and delete the email from your system.






More information about the cisco-nsp mailing list