RE: [load balancing] Accessing VIP from the inside on Cisco CSM

• Previous message: Mark Dittmer: "RE: [load balancing] Cisco CSS Secure Content Accelerators Hanging!!"
• Maybe in reply to: Jan Chrillesen: "[load balancing] Accessing VIP from the inside on Cisco CSM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

As suggested here, NAT is the way to go. The only problem is, everything in
your logs wil look like they are coming from the same IP address. It's
timing out because the server is simply arp'ing back to the connecting IP
address(cause it's on the same subnet) and circumventing traveling back
across the load balancer.

Another choice(though ugly) is to use host entries on your servers so that
when they are connecting back to certain things, they don't go through your
VIP's, or you could use a combination of host entries and associated VIP's
just for your servers. At least this way, you still see unique IP address
in your logs for all the customer traffic.

-----Original Message-----
From: Mark Dittmer [mailto:mdittmerIZZATsbcglobal.net]
Sent: Wednesday, January 14, 2004 2:15 AM
To: lb-lIZZATvegan.net
Subject: RE: [load balancing] Accessing VIP from the inside on Cisco CSM

Hi Jan,

Did you manage to get this working. You have to implement client nat and
this will work perfect

Mark

-----Original Message-----
From: owner-lb-lIZZATvegan.net [mailto:owner-lb-lIZZATvegan.net] On Behalf Of Jan
Chrillesen
Sent: Monday, January 05, 2004 5:14 AM
To: lb-lIZZATvegan.net
Subject: [load balancing] Accessing VIP from the inside on Cisco CSM

Hi,

We're running a pair of Cisco Catalyst 6509 switches with the CSM
content blade. We loadbalance a setup of servers, each running several
services, like smtp, pop3 and webmail. We have configured a VIP for each
service and everything works fine. Now we need to access a VIP from the
inside (the webmail servers needs to talk to the SMTP VIP). Since the
request originates from the server VLAN, and not the client VLAN, the
request just times out. Is there any way to make this work in a bridged
configuration?

Creating seperate VLAN's for each services is not an option since that'll
mean we can only run one service on each server.

Regards
Jan
____________________
The Load Balancing Mailing List
Unsubscribe: mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
Archive: http://vegan.net/lb/archive
LBDigest: http://lbdigest.com
MRTG with SLB: http://vegan.net/MRTG
Hosted by: http://www.tokkisystems.com

____________________
The Load Balancing Mailing List
Unsubscribe: mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
Archive: http://vegan.net/lb/archive
LBDigest: http://lbdigest.com
MRTG with SLB: http://vegan.net/MRTG
Hosted by: http://www.tokkisystems.com

LEGAL NOTICE
Unless expressly stated otherwise, this message is confidential and may be privileged. It is intended for the addressee(s) only. Access to this E-mail by anyone else is unauthorized. If you are not an addressee, any disclosure or copying of the contents of this E-mail or any action taken (or not taken) in reliance on it is unauthorized and may be unlawful. If you are not an addressee, please inform the sender immediately.
____________________
The Load Balancing Mailing List
Unsubscribe: mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
Archive: http://vegan.net/lb/archive
LBDigest: http://lbdigest.com
MRTG with SLB: http://vegan.net/MRTG
Hosted by: http://www.tokkisystems.com

• Next message: Daniel Howe: "[load balancing] Question about lbs"
• Previous message: Mark Dittmer: "RE: [load balancing] Cisco CSS Secure Content Accelerators Hanging!!"
• Maybe in reply to: Jan Chrillesen: "[load balancing] Accessing VIP from the inside on Cisco CSM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Jan 14 2004 - 11:21:08 EST