Combination bridged mode routed mode CSM

We run an active/standby pair of
CSM with SSL WS-X6066-SLB-S-K9
currently we have our real servers in 2 vlans: 116 and 117. our VIPS are mostly in the client vlan 119. load balancing works fine.
We now want to load balance between real servers in the 116 vlan. So far we have been unsuccessfull to get it owrking. I suspect because we essentially require a configuration that combines routed with bridged mode.
has any one been able to configure such a setup? Is it possible at all?

This type of topology is not 'bridged mode'.
When you has source and destination of load-balancing process in the same subnet (in your topology vlan116) you need use source NAT (client nat in CSM terminology).
Let me explain it:
1. client (srcIP-vlan116) sedn request to VIP (VIP-vlan116).
2. CSM process (modified) request and send it to dstIP-vlan116 (src IP is srcIP-vlan116) (*)
3. server receive request. It will resopnse to srcIP-vlan116 and response is not delivered through CSM, but direct. TCP communication is not possible, because client's request is modified on the CSM.
* when CSM modify source IP for example to one of IP addresses of CSM, response from server is send always to CSM and not direct.
Martin

Similar Messages

  • Bridge mode CSM - Serverfarm with hosts in different vlans

    Hi,
    I'm trying to answer a question while doing design. I am planning on deploying a CSM in bridge mode with multiple vlans. I need to create a serverfarm which has real servers in two separate server side vlans.
    I would then present the Vserver on the client side only of one of the vlans (I always like to specify where I want the vserver). Whe traffic comes in to this vserver, will the CSM appropriately switch traffic to both vservers? I think it will but don't have access to a csm right now to mock it up.
    Thanks
    Adam

    You cannot have 3 vlans configured in bridge mode with all vlans using same address space.
    You can use mixed mode to achieve your goal.
    It is possible to have Vlan 10 and Vlan 11 in bridge mode and at the same time have VLAN 12 (for example) in the routed mode.
    - Traffic from vlan 10 to vlan 20 is bridged
    - Traffic from vlan 10 to vlan 12 is routed
    where Vlan 10&20 belong to same subnet and Vlan 12 is in different subnet.
    Syed

  • CSM bridge vs router mode

    Hi,
    Can the CSM be used in both the bridge and router mode for different VLANS ? Or does it need to use all router mode and all bridged mode ?

    you can have a mix of both.
    Gilles.

  • CSM route mode and bridge mode can exist at the same time?

    I'm using CSM on ver 4.x,and I used to the bridge mode for firewall load balance,for a new requset,I have to create a new server/client vlan,but the original firewall load balance was effected when I issued the server vlan command,and I'd like to use route mode for the new server farm,I'm wondering that route mode and brige mode can't exist at the same time,because it seems it doesn't make sense.Any reply will be very appreciated.

    you can use bridge mode and route mode at the same time.
    Traffic with desintation mac address being the CSM will be routed, otherwise it will be bridged.
    Gilles.

  • CSM concurrent bridge and router mode

    Hi,
    Is it possible on the CSM to use bridge and router mode at the same time ? Or is it only router mode or only bridge mode ?
    E.g. in the example below, when using HTTPS entering the vlan 3 , it will be bridged to vlan 3....But when using HTTP entering vlan 3...it will be routed to vlan 4... Will that work ?
    Thanks
    vlan 3 client
    ip address 3.3.3.1 255.255.255.0
    vlan 3 server
    ip address 3.3.3.1 255.255.255.0
    vlan 4 server
    ip address 4.4.4.1 255.255.255.0
    vserver HTTPS
    vlan 3
    virtual 3.3.3.10 tcp https
    serverfarm HTTPS
    serverfarm HTTPS
    no nat server
    no nat client
    real 3.3.3.11
    inservice
    real 3.3.3.12
    inservice
    vserver HTTP
    vlan 3
    virtual 3.3.3.11 tcp http
    serverfarm HTTP
    serverfarm HTTP
    nat server
    no nat client
    real 4.4.4.10
    inservice
    real 4.4.4.11
    inservice

    HI Michel,
    first of all you can run bridged and routed mode at the same time but you can not define the same vlan as client and server. If you would change the above config from vlan 3 server to vlan 30 server and place the reals in vlan 30 it will work. A proper layer 2 configuration is for sure the prerequisit.
    Kind regards,
    Joerg

  • CSM - Bridged Mode - Routed Mode Question

    Customer's request involves setting up a backup (failover) BCR server to receive hand held device scan events.
    The following needs to be performed:
    - Build new server up as identical to AAEPRDBCR01 (named AAEPRDBCR02).
    - Application to be installed onto the new server (configured identically to AAEPRDBCR01)
    - Configure customer's CSM to parse requests to AAEPRDBCR01, and failover to AAEPRDBCR02. i.e. when BCR01 is unplugged the CSM should realise and begin parsing requests through BCR02. If BCR01 comes online again, the requests should once again fall back to BCR01.
    I was thinking that the two servers would reside on eg.....VLAN 13 'BiscomBCR' and Users access these servers.
    Does it need to be routed or can we do the same config in Bridged mode, where the servers have the same IP addressing?
    Any pointers to any useful links is much appreciated.

    You can do this in bridged mode. You can basically create a backup serverfarm which contains your new server. (CR02). It will only be used if the normal serverfarm containing your existing server (CR01) is unavailable.
    Attached is a link to the CSM config doc - have a look at the config examples for the backup server farm. (Make sure you read the caveats about stickiness to understand what happens when the primary serverfarm comes back on line).
    http://www.cisco.com/en/US/products/hw/switches/ps708/module_installation_and_configuration_guides_book09186a0080470b20.html
    Hope this helps

  • Adding direct server access to CSM in bridge mode

    I have a CSM that I have set up in bridge mode and want to allow direct management access to the real servers.
    It looks like this. MSFC 10.1.100.1
    CSM 10.1.100.3
    Reals 10.1.100.10
    10.1.100.20
    10.1.100.25
    Virtual 10.1.100.130
    10.1.100.140
    I tried to use the same method that I found for routed mode on CCO.
    Serverfarm SERVER-SUBNET
    No nat server
    Predictor forward
    Vserver DIRECT-ACCESS
    Virtual 10.1.100.0 255.255.255.0 tcp any
    Serverfarm SERVER-SUBNET
    Inservice
    The next step in the documentation says to add a static route to the CSM
    Ip route 10.1.100.0 255.255.255.0 10.1.100.3
    But this does not make since since the MSFC 10.1.100.1 address is already the default gateway.
    So is there another way to configure bridge mode and enable direct management access?

    After I thought about bridge mode again and took out the direct-access and server-subnet commands. I tested again and I can now directly access the servers.

  • How to Configure Transparent caching on Cat 6500 with CSM in bridge mode?

    hi.
    I found How to Configure Transparent caching on Cat 6500 with CSM in routed mode.
    But,
    I need help How to Configure Transparent caching on Cat 6500 with CSM in bridge mode?
    Please let me know sample configuration.
    thanks.

    Hi,
    I wrote the document you mentioned and I also wrote the one below.
    http://www.cisco.com/en/US/partner/products/hw/modules/ps2706/products_configuration_example09186a00802c1201.shtml
    The one with the SSLM is a bridge mode config.
    If you replace the SSLM with a cache [or a farm of caches] it would be a similar config.
    Replace the SSL21 vserver with an HTTP vserver [most important is to keep the vlan configured on each vserver]
    Regards,
    Gilles.

  • CSM redundant bridged mode - alias IP required?

    Hi! I am a little bit confused about the configuration guides concerning csm + fwsm
    + csm bridged mode. in my opinion when using bridged mode with the csm i do not really need any alias ip configuration - neither in the client vlan nor the server vlan. in bridged mode the csm does not route - thus i won't have any routes pointing to the csm. why are there always alias ip configurations in redundant bridged mode config guides? can somebody please clear that up for me? is there any other function of the alias IPs that I need them for?
    Thanks,
    Daniel

    Daniel,
    In general, if no router is present on a server-side VLAN, then each server's default route points to the aliased IP address. In the case of bridge mode, like you have, there is no need for the alias ip.
    Regards
    Pete..

  • CSM in Bridge mode and Server initiated connections

    I know one can use Source NAT for server initiated connections back to VIP using CSM in routed mode. How do I achieve the same for bridge mode?
    Thanks in advance,
    Shahid

    Shahid,
    that's a well-known problem for all loadbalancer in the world.
    With a sniffer trace, or just thinking about TCP/IP rules you can figure out why client nat is required.
    If you go from a server to a vip, the CSM will forward the traffic to a random server.
    The CSM forwards the traffic with the source ip unchanged by default.
    The server receiving the traffic will forward the response back to the source that initiated the request.
    If the source is also a server in the same subnet, the response does not need to be sent through a gateway. Since both source and destination are in the same subnet, the traffic is sent based on mac address and it bypasses the CSM which can't perform the nating.
    The source receiving the response from the server directly will just ignore it.
    Using client nat forces the response to go back to the CSM which can perform the nating before sending it to the client.
    This has been discussed tons of times in this forum.
    It's a classic question :-)
    Gilles.

  • CSM config-sync in bridge mode?

    We are planning to upgrade our CSM from 4.1.6 to 4.2.6 and wanted to be able to utilize the config-sync capabilites in the new code. First, is config-sync supported in bridge mode and has anyone had much success or problems? We weren't able to find documentation on this? Please help!

    config-sync works with bridge mode and routing mode.
    You might want to go to 4.2.7 due to this ddts :
    CSCse65938: CSM config-sync causes standby csm to core dump
    Also, make sure your IOS version is at the right level due to this
    CSCej00341: CSM Configuartion Sync timing out for large configurations
    Gilles.

  • Deploying CSM in Bridge Mode into an existing server envronment

    We have installed two CSM's in a 6509's in a network that has servers already in an existing subnet and vlan.My question is.Can I use the same vlan that the servers are on at this time for the server slb vlan or do I have to create another server slb vlan in the subnet?

    the servers can stay in the same vlan.
    But if you want bridge mode, you will need to configure 2 vlans in the CSM using the same subnet.
    1 vlan will be the same as the servers.
    The 2nd vlan will be a new vlan using the same ip subnet.
    The MSFC should be setup with only the 2nd vlan.
    So at the end you get
    MSFC---VLAN-A----CSM-----VLAN-B----SERVERS
    <-------------- one subnet --------------->
    The servers can keep the same gateway ip address.
    This ip address should be moved from current msfc vlan to the newly created vlan.
    [I say MSFC, but it could be any other router being currently the default gateway]
    Gilles.

  • Since cahnging FIOS Internet provider, which required a router to go in front of "AirPort" I have a blinking yellow on the AirPort and suggested editing in AirPort utility to cahnge from Double NAT to "Bridge Mode" my knowledge base is not clear as t

    How do I clean up my new FIOS connection? I just cahnged ISP Fios and they reqquired a router of thier own in front of my AirPort Extreme. Since then I have blinking yellow light on the AirPort and AirPort utility keeps promting for an edit. Suggests canging from NAT to "Bridge mode". Obviuosly U have some internet or this post would not go anywhere, my knowledge base is not enought to feel comfortable with changing the settings. Correctly editing can be tricky, so how do I make necessary changes?

    How do I clean up my new FIOS connection?
    The FIOS router needs to be in Bridge Mode to prevent the Double NAT error from occurring when two routers are both fighting with each other for control of the network.
    Unfortunately, the likely problem from the FIOS side is that FIOS support will either tell you that their router cannot be configured to operate in Bridge Mode, or if it can, they will not tell you how to do it.
    But, it could not hurt to check with FIOS to see if anything might have changed recently in this regard, so your first call would be to FIOS support.
    If you cannot change the FIOS router to Bridge Mode, the alternate plan would be to change the AirPort Extreme to Bridge Mode. If you are using the Guest Network feature on the AirPort Extreme at this time, that feature will not work correctly when the AirPort is set up in Bridge Mode.

  • How can I set up a guest access point with a Time Capsule and an Airport Extreme? I am using a Telus router with the Time Capsule used as a wireless access point (bridge mode). I don't want the guest access point to have access to my network.

    How can I set up a guest access point with a Time Capsule and an Airport Extreme? I am using a Telus router with the Time Capsule used as a wireless access point (bridge mode). I don't want the guest access point to have access to my network.

    The Guest Network function of the Time Capsule and AirPort Extreme cannot be enabled when the device is in Bridge Mode. Unfortunately, with another router...the Telus...upstream on your network, Bridge Mode is indicated as the correct setting for all other routers on the network.
    If you can replace the Telus gateway with a simple modem (that performs no routing functions), you should be able to configure either the Time Capsule or the AirPort Extreme....whichever is connected to the modem....to provide a Guest Network.

  • Using Extreme in Bridge mode, can't see the DHCP clients if the D-Link router

    I have an Airport Extreme attached to my DLink modem/router.  I have configured the Airport Extreme in Bridge mode, and I was expecting all clients to show up in my D-Link router.  Although the configuration works most of the time, I have been experience a few issues:
    1.  From time to time, computers attached (both Windows and/or Mac) complain about an IP address conflict.  I can ignore the error and it works fine.
    2. From time to time, I loose Internet connectivity, and I need to disconnect my computer and reconnect again to solve the issue.  This is not necessarily linked to symptom #1
    3. On my D-Link router/modem (which I only use to connect my Airport to my ISP), if I check the DHCP clients, I can see the Airport router connected and *some* of the wireless clients that connect through the Airport.  The list changes quite randomly, and at times, I see the airport appearing twice with different IP addresses.
    Any help configuring it "right" will be appreciated!
    Alain

    When the AirPort Extreme is in bridge mode, the AirPort Extreme is simply passing through the DHCP settings and services that are handled by the D-Link modem/router.
    In other words, the D-Link device is in total charge of the DHCP services for devices on the network.
    You might want to check with D-Link support to see if they have any recommended practices for configuing the modem/router when another router....the AirPort Extreme in this case....is being used in bridge mode on the network

Maybe you are looking for