CSS 11500 Port Aggregation
Does the 11503 or 11506 support any sort of port aggregation, like etherchannel, to support larger pipes than 1Gb?
Thanks,
Patrick
The CSS does not support EtherChannel.
~Zach
Similar Messages
-
CSS 11500 Responds for any Port
Hopefully this is an easy question but I am having a heck of a time finding an answer.
We have multiple CSS 11500 clusters. We have found that on all of them, if you try to open a session on any port to an IP address on the backend of the CSS, the CSS will complete the SYN-ACK-ACK session with the client. This happens regardless of whether there is something on that IP address or not.
Example:
Front Back
10.1.1.0/24 --- CSS --- 10.2.2.0/24
Coming from any IP, if I try to telnet to ANY IP on the 10.2.2.0 subnet (whether or not there is an actual server on that IP) on any port (whether or not that port is open or not), the CSS will complete the initial connection. I have verified this using telnet to numerous ports and viewing the transaction in a packet capture.
Is there any way to shut this off? This is causing some licensing issues for our security folks that use a vulnerability scanner licensed on number of IP addresses.
Thanks for any input!Thanks for your reply Marvin.
We actually use ACLs already - primarily for purposes of allowing backend servers to reach load-balanced services on the CSS they sit behind or for reverse proxy services.
I have tried specifically blocking access to backend IP addresses that are not used but oddly enough the CSS still replies and opens the initial TCP session just like any other.
I think I'm going to have to open a TAC case on this one. If they can't answer it, I may be forced to put all of these behind firewalls - which is doable but not ideal. -
Services with different IP address subnets over CSS 11500 series
Hi all folks!
I have two CSS 11500 series...
In just a few months i will have ready a DRS (Disaster Recovery Site), where i will have 2 more servers to add to the environment.
But this servers will be in a different subnet from that today i have for the servers who are configured in the current services of my CSS.
So then the doubt i arises is:
Is correct to add two new services with these servers, but using the IP addressing of the DRS site???, and including on the CSS a static route to this network, (of the DRS) in order to reach them?? is it correct, it will work well?
This would be so....
________________LAN to LAN_____________________
| |
| |
|------SITE A------| |------SITE B------|
[Firewall] ===============IPSEC============= [Firewall]
| |
| |
[CSS-A]-[CSS-B] [SWITCH]
| | | |
[SWITCH] | |
[srvA] [srvB] [srvC] [srvD] [srvE]
So, at [CSS-A] & B, i will put a static route to firewall that know the subnet of site B through the IPSEC tunnel.
So In the CSSs, i will add the new services for the Servers "D" & "E" with the IP address of Site B.
This should be seen as well:
!*************************** GLOBAL ***************************
ip route 0.0.0.0 0.0.0.0 [IP FIREWALL]
ip route SITE B [IP FIREWALL]
!************************** SERVICE **************************
service srvA
ip address A.A.A.x
port 8080
service srvB
ip address A.A.A.x+1
port 8080
service srvC
ip address A.A.A.x+2
port 8080
service srvD
ip address B.B.B.y
port 8080
service srvE
ip address B.B.B.y+1
port 8080
I know that this practice is not the most desirable, in fact should use"Basic Global Server Load Balancing Site Redundancy Using the CSS with DNS", but I don't have much time to change the entire environment today, and in this first stage i have to begin with this poor but quick solution that i thought and i wanted to be validated if there is posibliidades this to work
Within their experiences that they say? Will operate?
Thanks in advance!
Regards!
Esteban =)Daniel!
Sorry by delay!
Thank you so much for you time for reply.
You have given me a great help to this doubt!
But..using "source group" let me know..
I can´t undertand the really difference between NAT with ACls as you can see at this link: (http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_tech_note09186a0080093dfc.shtml)
and
this other link, using NAT (from the piont 5), (http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_configuration_example09186a0080093dff.shtml)
where the NAT is configured under a method different from the previous one..
So.. for this scenario described above, which would you recommend using? I would think that the second is the most indicated truth? What do you think?
Thanks in advance again!!!
Have nice day!
Regards.
Esteban. -
Load balancing PPTP (Windows 2003) behind CSS 11500
I am wondering if you can load balance PPTP service (TCP port 1723 and GRE) behind CSS 11500, please let me know if anyone as experience with this setup.
Irfan
[email protected]No. I dont think you can load balance PPTP service behind CSS 11500.
-
Hi,
I have a question regarding sorry server configuration on the CSS 11500 series.
Is there a way for the sorry server to ignore the URL path and always send the user traffic to the "root" page (e.g. index.html) of the sorry server web server?
The problem I have is the redirection of the "root" page (url "/") that is configured for the normal traffic is causing the sorry page not to work since the URL path ("/psp/CUSTOMER1/?cmd=login") does not exist on the sorry page web server:
service Sorry-Server
protocol tcp
port 8000
keepalive type tcp
ip address 192.168.2.254
active
service server1
ip address 192.168.2.101
protocol tcp
keepalive type tcp
port 8080
active
service server2
ip address 192.168.2.102
protocol tcp
keepalive type tcp
port 8080
active
owner Customer1
content Content1
vip address 192.168.1.101
port 80
protocol tcp
url "/*"
balance aca
advanced-balance arrowpoint-cookie
flow-timeout-multiplier 6
add service server1
add service server2
primarySorryServer Sorry-Server
active
content Content1-Redirect
redirect "/psp/CUSTOMER1/?cmd=login"
vip address 192.168.1.101
port 80
protocol tcp
url "/"
active
Thanks in advance for your help!
Best regards,
HarryHi again,
During a maintenance window I made the following change and that made things a bit better:
service Sorry-Server
type redirect
keepalive type none
redirect-string "192.168.2.254:8000"
active
However, since the redirect string points to a private address, Internet users are not able to access the URL.
As a work-around I sent the redirect to a new content rule with a public address and then configured a second sorry page server:
service Sorry-Server
type redirect
keepalive type none
redirect-string "sorry.example.com:8000"
active
service Sorry-Server-2
ip address 192.168.2.254
protocol tcp
port 8000
keepalive type tcp
active
owner Customer1
content Content2
vip address x.x.x.x
add service Sorry-Server-2
port 8000
protocol tcp
active
Is there a better way to do this?
Best regards,
Harry -
CSS 11500 url path rewrite and NAT
Hi,
We are evaluating a CSS 11500 and try to configure url path rewrite and NAT, but we have some problems.
What we would like to do is the following:
http://www.example.com/path1 -> http://host1:80
http://www.example.com/path2 -> http://host1:8080
http://www.example.com/path3 -> http://host2:80
The address www.example.com is resolving to a valid internet address, whereas host1 and host2 resolves to private IP addresses.
The client should always see the external url (e.g. http://www.example.com/path1/...) and the CSS should do the necessary translation.
Any help would be very much appreciated!
Regards,
HaraldHello Experts, I'm new with this cisco stuff too(just got it 3 weeks ago), but here is some of my experience with cisco css 11501.
First : Service ServerName, there is a port setting here, but from my experience, I think it is related with KeepAlive option, so, port is alternate way to know if the server alive or not.
Second : When you send request to cisco css, the port option in content port will be the cisco css port to accept request, so, if you send a request to http://vip:8080/, all service must be in the same port too to balance the request, in this case, port 8080, if one service port 80, i'm sure the css will not hit the server.
Third : To solve your problem...
http://www.example.com/path1 -> http://host1:80 (ipA)
http://www.example.com/path2 -> http://host1:80 (ipB)
http://www.example.com/path3 -> http://host2:80
if you are lazy to buy new nic, just set subinterface/ip alias on the host1, and make the webserver only bind to specific address, not to all interface...
O yea, about your path1/path2/path3 -> /, hmm, i'm still asking in this forum about path changing cause until now, i haven't know how to do this, i know about apache rewrite module, and success do this, if only i know about this in cisco css too :-(
I'm sorry if I make mistake, I'm just telling my experience... -
Do CSS 11500 series allow remote SPAN?
Hi,
I found SPAN (Switch port analyzer) is available on CSS 11500 series, but could only found destination must be local. Is it possible to do remote SPAN and make the destination be in another remote switch?
And how many local span sessions are allowed?
Thanks,
Rgds
JorgeCisco WebNS Software Version 7.20 delivers support for a new Cisco CSS 11501 model and Cisco WebNS Software 7.20 supports SPAN the features.
Switched Port Analyzer (SPAN) or port mirroring is useful for network analysis?a copy of the packets received or transmitted by a source port is sent to a designated destination port.
Kindly go through these links to get detailed information:
http://www.provantage.com/cisco-systems-css11503-ac~7CSCO288.htm
http://www.cisco.com/en/US/products/hw/contnetw/ps792/prod_release_note09186a008077c440 -
I recently replaced a Local Director with a CSS 11500 (v 8.2). I have an application that uses port 80 to send SOAP heartbeats at 1 minute intervals to a web server to maintain state. For some reason the CSS randomly decides to send RST to the client even though the backend service is active. In other words the the web server is not sending a RST. Is this an issue with flows? Load balancing schema? I did not have this issue with the Local Director.
no. This is not possible.
Gilles. -
CSS 11500 booting only to Offline DM mode
Hello,
I setup a new CSS 11500 this morning, going through the steps of setting up the administrator password, IP address for the management console etc, but when continuing the CSS went straight to the offline DM menu. Now rebooting the unit it clears all the tests, loads the operational flash but continues to go straight to the DM menu regardless whether you press <y> or not at the prompt.
I also tried connecting via telnet to the management console but get connection refused.
Any ideas on why the CSS boots only to the DM menu?
Thanks in advance,
- TrevorTrevor,
once if offdm, attached a laptop with FTP Server on it on the management port.
Then from offdm, you can configure the CSS to boot from FTP server.
Once the box is up and running again, make sure you have an image on disk.
Finally, you don't need a PCMCIA flash and no you should no have received one.
Regards,
Gilles. -
Ether Channel (port aggregation)
No matter LACP or PAgP is used, is it possible to do port aggregation on a Server with NIC 1 & NIC2 respectively connecting to different Switches which are then having the same uplink to higher level?
as follows : -
Server NIC # 1 ------ Switch #A ----\
---- LAN
NIC # 2 -------Switch # B ---/
My understanding is that it cannot, can it ?
Rgds,
Raymond.THanks, that's what i'd been understanding, yet, someone else post me this answer, Quote,
For your case, the LAN switches won't care how you send out the packet, it just treat the two NICs as two NICs, your server need to deal with the packet/session aggregation. It works because we suppose your server don't have any STP issues.
Kind Regards,
Bong So
Professional Services, Equant HK
UNQuote
I shall test ... the actual case is happening with our being installed IBM BladeCenter Server, having the NIC1 and NIC2 internally wired to CIGESM switch 1 and 2; and the NIC's are Broadcom capable of using Virtual adapters in either modes, one which is LACP.
Thanks again.
Raymond. -
What is the appropriate product name for CSS 11500 on Bug Toolkit
Today I tried to search DDTs of CSS 11500 on Bug Toolkit (http://www.cisco.com/cgi-bin/Support/Bugtool/home.pl), however I can not find out appropriate product name corresponding to CSS 11500.
Before I had searched DDTs of CSS 11500 on Bug Toolkit many times, at that time, if my memory correct..
I selected "Cisco CSS 11500 Series Content Services Switches" in the list of "Search for bugs in other Cisco software and hardware products" on Bug Toolkit.
But I can not find this product name today.
Do you know what product name appropriate for CSS 11500 on Bug Toolkit ?
Your information would be appreciated.
Best regards,Hi Gilles,
Thank you for your cooperation.
Today, I can find the CSS at "new Bug Toolkit".
http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs
Select Product Category: Application Networking Services
Select Product: Cisco CSS 11000 Series Content Services
So I understand I should go "new Bug Toolkit" instead of old "Bug Toolkit" to
search any DDTs for CSS 11500.
Many thanks.
Best regards, -
Multihoming with CSS 11500?
Can I do load balancing between two internet ISP's (multihoming), from Internet to Web Server (inside traffic) and from Internal network to Internet (outside traffic) with a Cisco CSS 11500?
you can connect the CSS to multiple ISP.
With the ECMP feature, the CSS will forward the response back to where the connection came from.
However, for outgoing connection, the CSS can't do loadbalancing over multiple ISP.
Regards,
Gilles. -
Dear NetPros:
Does anyone know that does Cisco CSS 11500 Series Content Services Switch support 'Session Caching of RDP Clients? session for roaming of disconnected sessions' features?
Thanks
BernardThe Cisco CSS 11500 is a compact modular platform, specifically designed to provide robust Layer 4-7 traffic management services for e-business applications in Internet and intranet data centers.
This URl should help you:
http://www.cisco.com/en/US/netsol/ns340/ns394/ns50/ns254/networking_solutions_package.html -
CSS 11500 - Change name device
Hi,
I need to change the device name (hostname) of my CSS 11500. How I can do that? I'm searching since some hours without result.to avoid having to retype the name after each reboot, you have to do a save_profile.
Gilles. -
Hi i have 2 CSS configued on active passive mode and 3 servers behind CSS for port 8080 service allowed. I want to allow my inside network to access these severs behind CSS for new port 3366...can anybody provide with the config for the same
You need to configure the Service Interfaces for the servers again with the new port.lie the below example:-
Existing Server config:-
service Test-001_Int1_8080
ip address <>
port 8080
protocol tcp
keepalive type tcp
active
new Service interface config:-
service Indy-001_Int1_3366
ip address <>
port 3366
protocol tcp
keepalive type tcp
active
then it is the new content rule and other config stuff..
Maybe you are looking for
-
How do I use a different style for a page for each user?
I want to allow users to choose their own page style. Is that possible? How do I do that? Thanks, Martine.
-
Peer to peer airplay between apple tv a1469 and retina macbookpro late 2013 are not working. Macbook sees apple tv but cannot connect to apple tv device. Any suggestions..?
-
Info about dir 6 cms 45 cal 51 ?????
hallo, I found a interesting link take a look at : http://enterprise.netscape.com/docs/ info about : Enterprise Server 6.0 Directory Server 6.0 Certificate Management System 4.5 Calendar Server 5.1 Antoine Smits
-
Programming Challenge -- Your chance to win an Ultra 20 Workstation.
In order to celebrate our first ever release of early Alpha bits of Sun Studio Compilers for Linux OS we've decided to give all of you a chance to experience first hand how indispensable our tools can be in the most challenging situations when you ha
-
Submit report to Oracle 6i Report Server via dbms_jobs or server side pl/sq
Is there a way to submit an Oracle report to an Oracle 6i Report Server from a dbms_job or a server-side pl/sql package?