fir3net
PPS-Firenetbanner-780.5x190-30-03-17

Cisco CSS address translation

The Cisco CSS offers 2 address translation methods ; source groups and destination groups.

Source Group

When a connection is initiated outbound through the Cisco CSS (from any of the group services) the source IP is translated to the groups VIP address.
Source group servers are defined using the add service [service name] command.

Example : When SERVER-A initiates a connection outbound through the CSS, traffic will be source NAT`d behind address 10.1.1.100.

group SOURCE-GROUP
  vip address 10.1.1.100
  add service SERVER-A
  add service SERVER-B
  active

Destination Group

When connection is initiated to the groups defined VIP, traffic distributed to any of the servers that are configured within the group is proxied behind the VIP.
Destination groups are typically used when internal load balancing is required.
Destination group servers are defined using the add destination service [service name] command.

Example : When the client initiates a connection to group VIP (10.1.1.100) (that is destined for either SERVER-A or SERVER-B) traffic is proxied behind the subsequent VIP (10.1.1.100). Return traffic is then routed back through the CSS and balanced as per the configured content rule.

group DEST-GROUP
  vip address 10.1.1.100
  add destination service SERVER-A
  add destination service SERVER-B
  active

About the Author

RDonato

R Donato

Ricky Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Ricky on Twitter @f3lix001