Cisco CSM One-Arm Config (Server Originated Connections)
by admin on Mar.07, 2007, under Networking, load balancing
I have been working on setting up a test for one over our load balanced webservers to be placed behind the new firewall we have installed. With putting this server behind the firewall I am also switching that webserver to use one-armed mode for load balancing.
Basically the main thing with one-armed CSM configs is that you put the MSFC as the default gateway for your load balanced servers instead of the CSM. You then put a PBR on the MSFC to point load balanced traffic to the CSM, all other traffic bypasses the CSM without having to add static routes on the servers.
Here is a couple of things you need to add for server originated connections in the One-Armed mode.
serverfarm FORWARD
no nat server
no nat client
predictor forward
vserver CATCHALL
virtual 0.0.0.0 0.0.0.0 any
vlan #
serverfarm FORWARD
persistent rebalance
Be careful when using the “variable ROUTE_UNKNOWN_FLOW_PKTS 2” this can cause issues with some server originated connections.
Here is a document on the subject of FWSM and CSM in One-Arm Mode.
April 25th, 2007 on 6:14 am
hi,
thanx for this post..