Introduction of SSLM into a MSFC-FWSM-CSM Bridge Mode Configuration

Similar Messages

• CSM Bridge Mode Vserver Redirect

  I have a CSM in bridge mode, the MSFC in on the client side.
  vlan 28 client
  ip address 192.168.29.253 255.255.254.0
  gateway 192.168.28.253
  vlan 173 server
  ip address 172.17.3.8 255.255.255.0
  alias 172.17.3.5 255.255.255.0
  vlan 163 client
  ip address 172.17.3.8 255.255.255.0
  gateway 172.17.3.1
  I want to have a VIP on the 28 vlan and redirect to a VIP on the 163 vlan. I'm not sure how to do that. Plus this is all netbios, so could I do it with a virtual x.x.x.x any
  or do I have to specify tcp 137,138,139,445...
  any ideas would be great...thanks

  how can you redirect netbios traffic ???
  We can use HTTP redirect but I don't think this works for Netbios - correct me if I'm wrong.
  Therefore, I don't see how you can do a redirect.
  Moreover, why would you want to redirect to another vip ?
  As long as the traffic is coming to the CSM why don't you simply loadbalance to the end server ????
  Thanks,
  Gilles.

• CSM - Bridged Mode - Routed Mode Question

  Customer's request involves setting up a backup (failover) BCR server to receive hand held device scan events.
  The following needs to be performed:
  - Build new server up as identical to AAEPRDBCR01 (named AAEPRDBCR02).
  - Application to be installed onto the new server (configured identically to AAEPRDBCR01)
  - Configure customer's CSM to parse requests to AAEPRDBCR01, and failover to AAEPRDBCR02. i.e. when BCR01 is unplugged the CSM should realise and begin parsing requests through BCR02. If BCR01 comes online again, the requests should once again fall back to BCR01.
  I was thinking that the two servers would reside on eg.....VLAN 13 'BiscomBCR' and Users access these servers.
  Does it need to be routed or can we do the same config in Bridged mode, where the servers have the same IP addressing?
  Any pointers to any useful links is much appreciated.

  You can do this in bridged mode. You can basically create a backup serverfarm which contains your new server. (CR02). It will only be used if the normal serverfarm containing your existing server (CR01) is unavailable.
  Attached is a link to the CSM config doc - have a look at the config examples for the backup server farm. (Make sure you read the caveats about stickiness to understand what happens when the primary serverfarm comes back on line).
  http://www.cisco.com/en/US/products/hw/switches/ps708/module_installation_and_configuration_guides_book09186a0080470b20.html
  Hope this helps

• CSM Bridged mode config issue

  I currently have a CSM that is load balancing two web servers.  Everything working great.  I have two new web servers that are being used for a different system so I basically copied the old config, changed the names of the vservers, serverfarms and policies and expected the same result as the first.
  What is happening is that when I ping the VIP, it gets redirected to one of the reals but then the real responds back instead of the VIP.
  Not sure why that is happening.

  Sean,
  When you said "Typically, the rservers would use the same gateway you have configured on the client VLAN.  The important thing to make sure of, is that you must make sure that the ONLY for these rservers to reach their gateway is through the CSM that is bridging the servers' VLAN to that client VLAN."
  Now I assume you meant to say "Typically, the rservers would use the same gateway you have configured on the client VLAN.  The important thing to make sure of, is that you must make sure that the ONLY way for these rservers to reach their gateway is through the CSM that is bridging the servers' VLAN to that client VLAN.
  Well, I have a working bridging configuration for a different system and I have found that the real servers in my server vlan do have the client vlan IP address... But the server vlan is in fact a layer 2 vlan, it does not have it's own gateway so it has no other way out other than through the CSM and to the client vlan gateway, just as you said.
  What I have found is that the server vlan for my new set up actually has its own gateway.  Because of other servers in this vlan I cannot do away with it.  So, I looked at an ealier post where you stated" If the adding source-NAT resolves the issue, then you know that asymmetric routing was your problem.  One solution would be to leave the source-NAT config in permanently.  The other would be to set the default gateway of your new servers to the CSM interface, and another would be to use policy-based routing."
  The two solutions I am interested in is the client nat and the setting of the default gateway of the new servers to the CSM interface.  Exaclty what interface are you referring?  Are you referring to the IP address that bridges the client and server vlan together?
  Regarding your client nat example, you mentioned that the client nat address is owned by the CSM, but in your example config I did not see that IP address at all so I am a little confused as to how the csm owns this IP.
  I really appreciate your responses!

• CSM bridge mode urgent issue.

  Hi,
  I have a pair of CSM running 4.2.6 (tried 4.2.7 too) on cat 6500 sup 720 chassis.
  config is following :
  vlan 902 server
  ip address 192.168.1.36 255.255.255.224 alt 192.168.1.37 255.255.255.224
  vlan 100 client
  ip address 192.168.1.36 255.255.255.224 alt 192.168.1.37 255.255.255.224
  vserver VS_MWINA_WWW
  virtual 192.168.1.59 tcp www
  serverfarm SF_MWINA_W
  replicate csrp sticky
  replicate csrp connection
  persistent rebalance
  inservice
  real R_PARKINSON
  address 192.168.1.42
  inservice
  real R_GUEDEL
  address 192.168.1.39
  inservice
  serverfarm SF_MWINA_W
  nat server
  no nat client
  real name R_SRV1 8098
  inservice
  real name R_SRV2 8098
  inservice
  I am sniffing on the PO to the CSM module and what I see is the SYN goin from the chassis to the blade, nothing else. then sometimes it goes well and I have SYN/ACK and ACKs following.
  Any help would be greatly appreciated.

  If it was transmitted, ok I didn't see it but I don't see where it would have gone.
  The csm is a fine blade but sometimes not easy to trouleshoot I find.
  With our config I don't see what could cause it to stop working.
  Tech Proc 1 give me this
  scsm1 tech proc 1
  Software version: 4.2(7)
  --------------------- SESSION Statistics ---------------------
  Current time 438570 324085 1
  Aborted rx 152564848 2673378996 10183
  Total Packets rx 163666741 101777820 387
  Packets Dropped 80262 59218 0
  Packets Drop Stale Connection 22473 16390 0
  Packets Drop No More Sessions 0 0 0
  Packets Drop No VLAN 233026 172035 0
  Packets Drop Bad Checksum 0 0 0
  Packets Drop IP Fragments 0 0 0
  Packets Drop SI with no SMAC 0 0 0
  Packets Drop: SI, Route Mode, no DMAC 116827 115609 0
  Packets Drop: Not IP, SNAP 0 0 0
  Packets Drop: Zero L3 offset 0 0 0
  Packets Drop: vlan/vs Force Drop 204 0 0
  Packets Drop: Slowpath limit exceeded 0 0 0
  Packets Drop: LP non-ip, non-arp 0 0 0
  Packets Drop: TCP/UDP with zero port 1 0 0
  Packets Drop: CDP 0 0 0
  Packets Spanning Tree DMAC 0 0 0
  Packets Repeat: Slowpath limit exceeded 0 0 0
  Packets Rx on secondary vlan 0 0 0
  Packets Slowpath 5056349 3584950 13
  Packets Shakira 0 0 0
  Packets High Priority 467142 346215 1
  Packets Session Hit 43583067 12829485 48
  Packets New Sessions 333858 142719 0
  New Session- source route checks 79701 22473 0
  New Session- source ecmp route 0 0 0
  Packets Repeat 114240674 84857415 323
  Packets Repeat Reverse Frag 0 0 0
  Packets Repeat and Slowpath 0 0 0
  Packets Force Repeat 0 0 0
  Packets One Shot 0 0 0
  Packets bad parse 0 0 0
  Packets Session Hit TCP+NAT 0 0 0
  Packets Session Hit TCP 1364769 591465 2
  Packets Session Hit NAT 42218298 12238019 46
  Packets Session Hit Slw 0 0 0
  Packets Session FIN 664593 283296 1
  Packets Dropped- SYN+ACKs 0 0 0
  Packet, Transmit retries 0 0 0
  SYN Packets routed (w/o conn) 115956 115143 0
  Packets routed (w/o conn) 0 0 0
  Packets routed (w/o conn), bad enc 0 0 0
  Packets routed (w/o conn), FT 0 0 0
  Packets with no SMAC, sent to slowpath 539 0 0
  there are quite a lot of drops here.

• CSM redundant bridged mode - alias IP required?

  Hi! I am a little bit confused about the configuration guides concerning csm + fwsm
  + csm bridged mode. in my opinion when using bridged mode with the csm i do not really need any alias ip configuration - neither in the client vlan nor the server vlan. in bridged mode the csm does not route - thus i won't have any routes pointing to the csm. why are there always alias ip configurations in redundant bridged mode config guides? can somebody please clear that up for me? is there any other function of the alias IPs that I need them for?
  Thanks,
  Daniel

  Daniel,
  In general, if no router is present on a server-side VLAN, then each server's default route points to the aliased IP address. In the case of bridge mode, like you have, there is no need for the alias ip.
  Regards
  Pete..

• Deploying CSM in Bridge Mode into an existing server envronment

  We have installed two CSM's in a 6509's in a network that has servers already in an existing subnet and vlan.My question is.Can I use the same vlan that the servers are on at this time for the server slb vlan or do I have to create another server slb vlan in the subnet?

  the servers can stay in the same vlan.
  But if you want bridge mode, you will need to configure 2 vlans in the CSM using the same subnet.
  1 vlan will be the same as the servers.
  The 2nd vlan will be a new vlan using the same ip subnet.
  The MSFC should be setup with only the 2nd vlan.
  So at the end you get
  MSFC---VLAN-A----CSM-----VLAN-B----SERVERS
  <-------------- one subnet --------------->
  The servers can keep the same gateway ip address.
  This ip address should be moved from current msfc vlan to the newly created vlan.
  [I say MSFC, but it could be any other router being currently the default gateway]
  Gilles.

• Adding direct server access to CSM in bridge mode

  I have a CSM that I have set up in bridge mode and want to allow direct management access to the real servers.
  It looks like this. MSFC 10.1.100.1
  CSM 10.1.100.3
  Reals 10.1.100.10
  10.1.100.20
  10.1.100.25
  Virtual 10.1.100.130
  10.1.100.140
  I tried to use the same method that I found for routed mode on CCO.
  Serverfarm SERVER-SUBNET
  No nat server
  Predictor forward
  Vserver DIRECT-ACCESS
  Virtual 10.1.100.0 255.255.255.0 tcp any
  Serverfarm SERVER-SUBNET
  Inservice
  The next step in the documentation says to add a static route to the CSM
  Ip route 10.1.100.0 255.255.255.0 10.1.100.3
  But this does not make since since the MSFC 10.1.100.1 address is already the default gateway.
  So is there another way to configure bridge mode and enable direct management access?

  After I thought about bridge mode again and took out the direct-access and server-subnet commands. I tested again and I can now directly access the servers.

• How to Configure Transparent caching on Cat 6500 with CSM in bridge mode?

  hi.
  I found How to Configure Transparent caching on Cat 6500 with CSM in routed mode.
  But,
  I need help How to Configure Transparent caching on Cat 6500 with CSM in bridge mode?
  Please let me know sample configuration.
  thanks.

  Hi,
  I wrote the document you mentioned and I also wrote the one below.
  http://www.cisco.com/en/US/partner/products/hw/modules/ps2706/products_configuration_example09186a00802c1201.shtml
  The one with the SSLM is a bridge mode config.
  If you replace the SSLM with a cache [or a farm of caches] it would be a similar config.
  Replace the SSL21 vserver with an HTTP vserver [most important is to keep the vlan configured on each vserver]
  Regards,
  Gilles.

• ACE bridge mode , FWSM routed mode

  i have the following senario:
  MSFC ---vlan 777----FWSM----vlan160---ACE----VLAN180
  FWSM is working in routed mode and vlan 777 is shared between the MSFC and FWSM
  ACE is working in bridged mode and vlan 160 is shared between the FWSM and ACE
  vlan 180 is the server side vlan
  i want he FWSM ip address to be the Server gateway while ACE module in
  bridge mode
  i create bvi interface but i can't ping from ACE to FWSM or from FWSM to
  ACE
  if i change ACE to routed mode , i can ping to FWSM
  any body can help me in this issue?

  The config looks good.
  I would look at the arp table on FWSM and ACE when the ping fails and also capture a sniffer trace of ACE tengig interface and see if the ping request goes out - on which vlan - and if we get a response.
  Is evertyhing else working ?
  Like ping through the ACE module ?
  Your config does not show a 'no shutdown' on the vlan interface, but I assume you fixed that already.
  Gilles.

• CSM Bridging during Backups?

  I have two questions? This might seem like some dumb questions but, we have dual CSM's 4.2.6 in 6509 IOS 12.2(18)SXF in bridge mode. 1st question is, we have backup clients on one network and the host on another. The host is on a vlan behind the CSM and the backup client is not. Correct me if im wrong, but from my knowledge traffic should not go through the CSM when accessing the server RIP's directly. But why, does the CSM portchannel260 get impacted during backups? Shouldn't it route through the MSFC first? 2nd question if the backup server and the host is both on the same network but different vlans will it still communicate thru the MSFC or CSM? Please advise...Thx!

  Usually in bridge mode, the default gateway of a device is a router (often the MSFC) behind the CSM. The CSM bridge the front vlan with the backend vlan.
  So, even if the MSFC is the device that does the routing between your source and destination, this traffic still needs to go through the CSM.
  Same if the source and destination are in the same subnet. If the source is in vlan X and the destination in vlan Y using the same subnet with the CSM bridging the 2, the traffic still needs to go through the CSM.
  So, you should look at the CSM as an external device even if it sits in the same chassis as the MSFC.
  Gilles.

• Why do I lose internet connection when I put airport extreme into bridge mode to correct Double NAT issue

  I reset my airport extreme router the other day because I was too lazy to reset the password on my private network.
  I have been reading the advice found on apple support communities and wide web, but the solutions do not solve any problems and often create new ones.
  I'm regretting because everything was working just fine.
  But I remember having this double nat error when I first set it up a few months back, but now I cannot resolve it.
  I would live with the yellow light, but it seems that this double nat error is preventing my playstation 3 from connecting to the airport extreme.
  When I put the aiport extreme into bridge mode, I loose all my wireless networks, even when I reboot the airport extreme and the modem.
  I try rebooting the modem, then the airport. and vice versa. No internet.
  I switch back to NAT/DCHP and the internet works fine on apple devices, but not the playstation 3, and I have the 1 Double NAT error.
  I have a plain stock Motorolla modem and I can dial in and see settings (although nothing about NAT). I didn't see where to see them.
  I tried setting the DHCP only but it said it didn't like the settings. is there a stock range i could be using?

  I have a plain stock Motorolla modem and I can dial in and see settings (although nothing about NAT). I didn't see where to see them.
  Exact model .. motorola make adsl, cable and probably wireless modems.. with some modems and some modem router.. we need exact info. What kind of broadband do you have?
  I would note.. some of the motorola cable modems seem to have issues with the apple routers. If you are about due to change modems.. now is a good time.. not another motorola.
  If the modem is a straight cable modem, the AE must be in router mode.. but you need to power down the cable modem. maybe for 20min so the new router can pick up the IP address.
  You cannot use DHCP alone.. the ISP do not give you a block of IP addresses.
  You cannot use bridge with a pure modem.. you will find it works.. but only to one device.
  The only reason you get double NAT is the failure to pick up the public IP.
  Give the info required..
  If you have trouble, I need the actual IP of the modem. the actual IP of the AE WAN port when plugged in. Screenshots are good.

• Download DMS attachment into an application server in background mode?

  Is it possible to download DMS attachment into an application server in background mode?
  Currently I am using the following code but does not work in background mode
    CALL FUNCTION 'CVAPI_DOC_GETDETAIL'
      EXPORTING
        pf_dokar     = 'Z06'
        pf_doknr     = gs_drad-doknr
        pf_dokvr     = gs_drad-dokvr
        pf_doktl      = gs_drad-doktl
        pf_read_kpro = 'X'
      TABLES
        pt_files      = lt_file
      EXCEPTIONS
        not_found    = 1
        no_auth       = 2
        error            = 3
        OTHERS       = 4.
  *Copy Attachment from DMS to PC File
    CALL FUNCTION 'CVAPI_DOC_VIEW'
      EXPORTING
        pf_dokar      = 'Z06'
        pf_doknr      = gs_drad-doknr
        pf_dokvr       = gs_drad-dokvr
        pf_doktl          = gs_drad-doktl
        pf_appl_start = ' '
        pf_apptp      = '1'
        pf_filename   = 'C:\TEMP\ZLINK.BMP'
        ps_file       = ls_file
      IMPORTING
        pfx_file      = l_pfx_file
      EXCEPTIONS
        OTHERS        = 0.
  *Load BMP into SE78
    PERFORM import_bitmap_bds
      IN PROGRAM saplstxbitmaps
      USING l_filename             "Local File for Upload/Download
                 l_bmpnam             "Name
                'GRAPHICS'           "Application Object
                'BMAP'                   "ID
                'BCOL'                   "Color
                'BMP'                     "Extension
                'ZLINK PICTURE'   "Title
                space          "Resides in Printer Memory in Print Request
               'X'                 "Reserve Height of Graphic Automatically
               space           "Graphic Storage: Compressed Bitmaps
      CHANGING l_docid
             l_wf_res.   "Graphic Resolution
  Thanks

  Hi!
  You didn't find answer for this, because it is not possible. If you run your program in background, it is running on the server, and does not have any connection to your local machine. That's why you can't upload/download in background mode.
  You might try to address somehow your local PC, with its IP or MAC address, but I don't think does this task worth so much time.
  Run your program in online mode, or if you want to run it in background, then upload your file into the SAP server.
  Regards
  Tamá

• My iphone keeps going into a huge text or zoom mode, how do I get it back to normal?

  I have an iPhone 5S and just upgraded to Yosemite, apparently a big mistake after reading a lot of support items.
  My phone keeps going into a zoom or huge text mode and I cannot get it back to normal.  I also have an iPad that I send and receive messages on so not sure if that is causing a problem, it never was a problem before this upgrade.

  OS X Yosemite is for Macs, not iPhones. Perhaps you meant iOS 8.
  Try tapping twice on the screen with three fingers.
  And/or go to Settings > General > Accessibility > Zoom OFF.
  It has been this way since iOS 5.

• CSM bridge vs router mode

  Hi,
  Can the CSM be used in both the bridge and router mode for different VLANS ? Or does it need to use all router mode and all bridged mode ?

  you can have a mix of both.
  Gilles.