CSS advanced-balance not balancing

Discussion in 'Cisco' started by Keith Sherman, May 3, 2004.

  1. I have a CSS11501 and am trying to utilize advanced-balance
    sticky-srcip-dstport on a CSS behind a firewall. So, the CSS will
    always see IP address 10.1.1.1, but at different ports. The problem
    is, it sends the connections to just one of the two services I have
    active in the content rule. Anyone have ideas? Content rule:

    content ssl
    vip address 10.1.1.51
    redundant-index 11
    protocol tcp
    port 443
    advanced-balance sticky-srcip-dstport
    add service webserver2
    sticky-inact-timeout 60
    add service webserver1
    balance leastconn
    active
    Keith Sherman, May 3, 2004
    #1
    1. Advertising

  2. Keith Sherman

    Kevin Widner Guest

    You mention that the CSS will always see the IP 10.1.1.1, does that
    mean that all incoming clients are PAT'ed to that address? Why?

    If that is the case, however, then you will always see the same source
    IP, and the destination port is always 443 by your rule definition.
    You are not servicing any other destination ports. Since source IP and
    destination port are always the same in your setup, the CSS can't
    balance using that method.

    Since you appear to be operating an ssl enabled web server try using
    load balancing based on the ssl session id.
    advanced-balance ssl

    Maybe I am misunderstanding your setup....

    Kevin


    (Keith Sherman) wrote in message news:<>...
    > I have a CSS11501 and am trying to utilize advanced-balance
    > sticky-srcip-dstport on a CSS behind a firewall. So, the CSS will
    > always see IP address 10.1.1.1, but at different ports. The problem
    > is, it sends the connections to just one of the two services I have
    > active in the content rule. Anyone have ideas? Content rule:
    >
    > content ssl
    > vip address 10.1.1.51
    > redundant-index 11
    > protocol tcp
    > port 443
    > advanced-balance sticky-srcip-dstport
    > add service webserver2
    > sticky-inact-timeout 60
    > add service webserver1
    > balance leastconn
    > active
    Kevin Widner, May 10, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jeff
    Replies:
    1
    Views:
    1,610
    dmcknigh
    Nov 16, 2003
  2. Jim
    Replies:
    2
    Views:
    3,044
  3. digiusto
    Replies:
    0
    Views:
    759
    digiusto
    Mar 6, 2005
  4. Replies:
    0
    Views:
    559
  5. Michael  Osten
    Replies:
    0
    Views:
    1,757
    Michael Osten
    Feb 14, 2007
Loading...

Share This Page