Comments on: Getting Something Out of the CSM

By: Aaron’s Worthless Words » Blog Archive » Configuring Fault Tolerance on the CSM

Fri, 10 Oct 2008 15:11:55 +0000

[...] me know if you have any questions and check out my page on getting output from Cisco’s fine mid-tier load [...]

By: xhon

xhon — Sat, 27 Sep 2008 21:33:55 +0000

one more very (at least for me) useful command run from switch# level
“show run mod X”, where X is slot number where CSM resides
it shows only configuration block for the csm
works with other modules as well

By: Aaron Conaway

Aaron Conaway — Fri, 19 Sep 2008 01:45:58 +0000

Hey, David.

I think if you turn off cleint NAT, you should be alright. Just go into your serverfarm for the VIP and do a “no nat client”. After such, you should see the clients appear unNATted.

By: droudpeyma

droudpeyma — Wed, 17 Sep 2008 17:19:07 +0000

Aaron,
Thanks so much for the info. I understand now why our farms are showing the source IP to be of the VIP. At the moment the farms are assigned to a NATPOOL on the client side. When that is removed the connection to the site breaks. Is there something else that needs to be done on the (client) Nat in order to restore the connection?
Thanks,
David

By: Aaron Conaway

Aaron Conaway — Wed, 17 Sep 2008 03:16:04 +0000

Hi, Droudpeyma. Thanks for commenting.

In the serverfarm configuration, there are two lines that deal with NAT — “nat client” and “nat server”. By default, client (source) NATting is off, and server (destination) NATting is on, so the source IP of the connection inbound to the serverfarm does not get changed before it’s passed on to the servers in the farm.

Here’s what the source and destination of the packets are at various steps in the process. Let’s assume the source IP is 12.34.56.78, the VIP is 1.1.1.1, and the serverfarm only has one server with the IP of 2.2.2.2. Assume that no other NATting is done in our little setup.

The packet leaves the client:
S: 12.34.56.78, D: 1.1.1.1
The CSM receives the packet and passes it on to the RIP:
S: 12.34.56.78, D: 2.2.2.2
The packet lands on the server:
S: 12.34.56.78, D: 2.2.2.2
The server generates a return packet:
S: 2.2.2.2, D: 12.34.56.78
The CSM gets the packet and sends it back to the client:
S: 1.1.1.1, D: 12.34.56.78
The client receives the packet:
S: 1.1.1.1, D: 12.34.56.78

Hope that helps. Let me know if it doesn’t.

By: droudpeyma

droudpeyma — Tue, 16 Sep 2008 22:12:51 +0000

Hey Aaron,
Thanks for teh great info. I don’t know if this is the right place to post this but here goes.
I understand the basic functions of the CSM but when traffic comes into a VIP and then to a farm, how do you get the CSM to pass the source IP to the destination? Wouldn’t that info be of some value?

By: Aaron’s Worthless Words » Blog Archive » Intro to Policies on the CSM

Mon, 23 Jun 2008 13:17:58 +0000

[...] Getting Something Out of the CSM [...]

By: Aaron Conaway

Aaron Conaway — Thu, 12 Jun 2008 13:18:40 +0000

Thanks, Clint. I’m trying to get back on track.

By: Clint Young

Clint Young — Wed, 11 Jun 2008 03:37:35 +0000

Said in the voices from the guys in the Guinness commercials… “BRILLIANT!” This is good stuff, keep it coming!