	[x] Posted via EE Mobile
	Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.

Question

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

4.8

Cisco CSS 11501 Configuration

Asked by bmachtolff in Enterprise Firewalls, Network Routers, Networking

Tags: css

I have an existing network setup and need to implement this load balancer, but this thing is very complex with many modes of operation and features found on switches, routers and firewalls.

After several days of reading through documentation and examples and numerous trials, I've been unable to accomplish this.

My current setup is simple, seen in attached net1.pdf

I need to implement load balancing of two servers in VLAN2 (.21 and .22) and two servers in VLAN3 (.31 and .32)

I've been told that I have to use the one-arm design, but was trying to avoid that since Cisco warns against it due to a significant performance hit:
http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_configuration_example09186a0080093dff.shtml

I wired it as seen in the attached net2.pdf file.

My current config below in the Code section.

All servers need to be accessible individually (internally and externally) as well as through the VIPs (externally only). This is already a production environment, so I couldn't do much troubleshooting while services were down when I wired this thing up, but what I found was that interestingly enough, without using any VIP addresses, only existing IPs of the servers, I was able to connect to servers in VLAN3 from outside, but not from servers on VLAN2. At the same time, however, I was able to ping servers on VLAN3 from servers on VLAN2. Servers on VLAN2 have 172.16.2.1 as their gateway and servers on VLAN3 have 172.16.3.1 as theirs.

My intention is to have the CSS balance two servers on each subnet for connections from outside, but do not interfere with any traffic between the internal subnets since the firewall is already set up for that, including ACLs, etc.

Any help appreciated,

Peter.

View the Solution FREE for 30 Days

         
           
             1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:

           
           
             !**************** INTERFACE ****
interface e1
  bridge vlan 2
 
interface e5
  bridge vlan 2
 
interface e2
  bridge vlan 3
 
interface e6
  bridge vlan 3
 
!**************** CIRCUIT ****
circuit VLAN2
  ip address 172.16.2.3 255.255.255.0
 
circuit VLAN3
  ip address 172.16.3.3 255.255.255.0
 
!**************** SERVICE ****
service srv4
  ip address 172.16.2.21
  keepalive type tcp
  keepalive port 80
  active
service srv5
  ip address 172.16.2.22
  keepalive type tcp
  keepalive port 80
  active
 
service srv7
  ip address 172.16.3.31
  keepalive type tcp
  keepalive port 80
  active
service srv8
  ip address 172.16.3.32
  keepalive type tcp
  keepalive port 80
  active
 
!***************** OWNER *****
owner owner1
 
  content app1
    vip address 172.16.2.100
    add service srv4
    add service srv5
    balance leastconn
    port 80
    protocol tcp
    active
 
  content app2
    vip address 172.16.3.100
    add service srv7
    add service srv8
    balance leastconn
    port 80
    protocol tcp
    active

           
         

Attachments:

net1.pdf (32 KB) (File Type Details)

Current network setup without CSS

net2.pdf (34 KB) (File Type Details)

Potential CSS diagram

20091021-EE-VQP-81 - Hierarchy / EE_QW_3_20080625

Hall of Fame

1. keith_ala...82,100
2. deimark54,265
3. JFrederic...43,500
4. dpk_wal41,050
5. lrmoore34,450
6. ccomley33,960
7. grimkin22,976
8. MikeKane22,400
9. PeteLong19,164
10. 3nerds15,000
11. sangamc12,800
12. rsivanandan12,650
13. bignewf11,164
14. nodisco11,100
15. ikalmar10,249
16. uetian170710,134
17. kenboonejr9,425
18. VisionVoice9,000
19. decoleur8,550
20. stsonline7,500
21. pwindell6,900
22. Bembi6,000
23. harbor2355,500
23. asavener5,500
23. Jay_Gridley5,500
23. jodylemoine5,500

1. lrmoore1,600,373
2. keith_ala...605,928
3. calvinetter244,408
4. rsivanandan242,988
5. tim_holman196,866
6. nodisco185,714
7. batry_boy159,024
8. grblades127,009
9. Voltz-dk111,609
10. PeteLong102,309
11. dpk_wal97,550
12. JFrederic...83,100
13. carribeant...80,185
14. Cyclops3...78,576
15. stressedo...71,924
16. harbor23568,605
17. srikrishnak60,096
18. MikeKane56,928
19. deimark55,615
20. pruecons...55,203
21. ccomley54,304
22. jjoseph_x48,002
23. billwharton44,427
24. td_miles43,372
25. RobWill42,673

Cisco CSS 11501 Configuration

Asked by bmachtolff in Enterprise Firewalls, Network Routers, Networking

Tags: css

About this solution