|
|
This chapter contains an alphabetical listing of the LocalDirector commands. Documentation for each command includes a brief description of its use, command syntax, usage guidelines, and an example of the command output.
You can use the following commands to edit or view previously entered commands:
If you are using a VT100-compatible terminal, such as HyperTerminal with Windows 95 or Windows NT, the up and down arrow keys have the same effect as ^p and ^n. In addition, the left arrow key works as a backspace.
The command interpreter provides a command set that emulates Cisco IOS technologies. this command set provides three administrator access modes:
At startup, the console is in unprivileged mode. You can access privileged mode by entering the enable command. LocalDirector then prompts you for a password. When you first configure LocalDirector, a password is not required. Press the Enter key at the prompt. Assign a password to privileged mode with the enable password command. Exit privileged mode by entering the disable command.
Access configuration mode by entering the configure terminal command while in privileged mode. You can then write your settings to Flash memory, diskette, or to the console.
Information about each command is available by entering the command name followed by a question mark at the command line prompt.
The syntax of the command is displayed, and the prompt returns with the previous entry on the command line. Use the pager command to control display output.
For a listing of all commands available for the current mode, enter a question mark by itself.
You can abbreviate most commands down to the fewest unique characters for a command; for example, you can enter conf t (configure terminal) to start configuration mode.
If you enter a command that the LocalDirector does not recognize, the "Type `?' for a list of commands" message displays for a variety of reasons. This could be caused by the following:
1. Incorrect access mode—Ensure you are in configuration mode before entering configuration mode commands. From unprivileged mode, enter the enable command to start privileged mode. From privileged mode, enter config terminal to start configuration mode.
2. Incorrect number of parameters—Enter the help command to check the syntax of the command that you are entering.
3. Incorrect abbreviations—Try the command again with more characters or the full command name.
Table 6-1 lists configuration commands by LocalDirector features:
Set an alias IP address. (Configuration and Replication modes.)
The alias ip address command assigns multiple IP addresses to the virtual machine. This allows the virtual machine to be placed on a different IP network than the real machines, without using a router.
Use the no alias ip address command to remove an aliased IP address.
Use the show alias ip address command to display the aliased IP addresses.
Add an entry to the LocalDirector ARP table. (Privileged, Configuration, and Replication modes.)
The arp command adds an entry to the LocalDirector ARP table. ARP is a low-level TCP/IP protocol that resolves a node's physical address from its IP address.
Gratuitous ARPs are supported in LocalDirector version 1.6 and later.
Use no arp to delete alias ARP entries, the clear arp to remove other ARP entries, and the show arp to display ARP entries.
Directs connection requests to a specific instance of a virtual server. (Configuration and Replication modes.)
Use the assign command to associate client IP addresses with specific virtual servers. By default, the bind-id when defining a virtual server is 0 and the protocol is TCP. Any client IP address not identified by an assign command statement is directed to the default bind-id of 0. A virtual server with a bind-id of 0 cannot be used with the assign command because the bind-id of 0 is reserved for default traffic.
The show assign command displays the current assign information.
See the definition of Client-Assigned Load Balancing (Traffic Shaping) in Chapter 1, "Introduction" and the example of Client-Assigned Load Balancing (Traffic Shaping) in Chapter 4, "Installing and Configuring LocalDirector" for more information.
Automatically bring a failed real server back into service. (Configuration and Replication modes.)
A server is failed when it does not answer the number of connections set with the threshold command, even though it still might answer one of its existing data connections, or when it responds with TCP RSTs. The autounfail command brings a failed server into testing mode if it answers or sends data on a connection that is already established. The autounfail command is on by default.
In testing mode, the real server gets one real incoming connection. If it answers that connection, it is put in service. If it does not answer that connection, it is failed again.
The show autounfail command displays autounfail information about the real machine.
Assign a backup server for real and virtual servers. (Configuration and Replication modes.)
You can back up real servers with virtual addresses, and you can back up virtual servers with a real server. You can use a backup server when the real or virtual server is not in service (for example, it is failed or out of service).
It is important to note that the backup is treated just like any other real or virtual server by the LocalDirector. For example, if the backup is a real server it has the same adjustable parameters (retry, timeout, reassign, etc.) that other real machines have. The predictor for the backup virtual server is used to load balance the servers being backed up by that virtual server.
Use the no backup command to remove a backup server.
A real server bound to a virtual server, cannot also be used as a backup for that virtual. This means that the following configuration:
works; however, if you tried to bind real machine 5.5.5.5 to virtual 1.1.1.1, it will not let you since 5.5.5.5 is already serving as a backup for that virtual.
Also, if server 2.2.2.2 fails and it is backed up by 4.4.4.4, it uses that server as long as it is in service; however, if 4.4.4.4 is also failed it does not check the backup for 4.4.4.4.
Use the show backup command to display backup information.
Associate a virtual server with one or more real servers. (Configuration and Replication modes.)
Use virtual or real to define the virtual and real server addresses before using bind. Use the bind command to direct network traffic from a virtual server to a real server. Use no bind to release an association between a real and virtual server.
Show system buffer utilization.
The boot command enables booting from a remote image.
LocalDirector configuration files and software can be stored on a TFTP server.
In the following example, the LocalDirector is booted from a remote image, but not reloaded.
In the following example, the LocalDirector is booted from a remote image and reloaded.
Manipulate bridge table operations. (Configuration and Replication modes.)
Associate virtuals with one another to create a group. (Configuration and Replication modes.)
Use the buddy command to create a buddy group (named buddy_group), consisting of a list of virtuals. Certain commands and parameters (such as the sticky command) that affect one virtual affect all other virtuals in the buddy group. A virtual can reside in only one buddy group; if it currently exists in a group, it must be removed from that group before it can be added to a new group. The no buddy command removes a virtual from a buddy group and the buddy group itself, if the virtuals have already been removed from it.
The show buddy buddy_group lists the virtuals in a group. The show buddy virtual_id lists the buddy group that virtual resides within.
The casa commands configure the LocalDirector for the Cisco Appliance Server Architecture (CASA) environment. (Configuration and Replication modes.)
Use the casa service-manager port command to configure the UDP port for the Service Manager used for multicast communication between the CASA components. By default, the Service Manager port is 1638. An optional password and password timeout can be used, which is disabled by default. The password is the password to be used in MD5 encryption of packets between the Service Manager and Forwarding Agents. The no form of this command removes the port configuration.
Use the casa service-manager multicast-ttl command to set the time-to-live value for the IP multicast packets that are sent between the CASA components. The default time to live is 3 minutes. The no form of this command disables the time-to-live value.
The channel command is used to assign 2 or 4 ports as Fast EtherChannels. (Configuration and Replication modes.)
The show channel starting interface command displays the aggregate numbers for the channel, that is, the sum of the numbers from the individual interfaces that comprise the channel.
Combine with other commands to delete information associated with the other commands. (Privileged and Configuration mode.)
Use the clear command with arp, bridge, configuration, route, snmp-server, syslog, and telnet to clear the values associated with those commands.
Use the clear configuration command to delete all or part of the LocalDirector configuration. If you enter the clear configuration command without an optional argument, the default is to clear the secondary configuration.
Note The clear configuration command clears the running configuration. Once you use the write memory command to save the configuration to Flash memory, any information that has been cleared cannot be restored, unless it was previously saved to diskette with the write floppy command.
Set the IP precedence value for a virtual machine. (Configuration and Replication modes.)
The color command allows a value to be set on a per-virtual server to allow priotizing of packets for different types of services. Prioritized packets are sent to and from virtual servers. For example, one port may be used for HTTP traffic, using one priority, while another port may handle UDP traffic, with another priority. Use the no color command to remove the IP precedence on a virtual server.
The ip_precedence_value can be within the range 0-7, or can be one of the following keywords.
Any more info on these precedences? Would 0 be the lowest and 7 the highest?
Define the current configuration. (Privileged and Configuration modes.)
Each statement is read into the current configuration and evaluated with these rules:
Limit number of connections to a server that has an open connection to a client but is not sending data in response to a request. (Configuration and Replication modes.)
Some web servers (especially those running Microsoft Windows NT 4.0) continue to establish connections to a real server even though the daemon or application running on that port is dead. The data command can be used to limit the number of connections sent to a server that is not sending data.
There is no time interval associated with the data command, and the following explains the sequence of events that determine whether or not the server is responding:
2. Server kernel responds with SYN/ACK.
3. Client sends HTTP GET request (LocalDirector counts this as one data request).
4. If the Server responds, the LocalDirector subtracts 1 from the count.
5. If the count reaches a preset threshold, the LocalDirector fails the server.
Many kernels will not accept a TCP connection (SYN) if there is no process listening on the port that the client is attempting to connect to. Some kernels, though, mistakenly do accept the connection (SYN/ACK). Because the server is responding (with a SYN/ACK, but not with data), the LocalDirector does not recognize this as a real machine failure.
The data command determines the number of connections to allow to a real server where data has been not been sent back to the client, regardless of the SYN/ACK response. Once a real machine reaches this number, the LocalDirector checks to see if other machines bound to the virtual server are also at 80 percent of their threshold capacity (based on DataIn value). If the other machines are close to reaching this value, then the LocalDirector assumes the site is busy and does not fail the machine.
If the other machines are not at this capacity, then the LocalDirector fails the real machine and sends the following SYSLOG/SNMP message:
The show real command indicates the number of unanswered connections for each real server, and the show data command indicates the value set with the data command. Use the no data command to return to the default value of 0.
Set and display LocalDirector tunable parameter defaults. (Configuration and Replication modes.)
You can set new defaults for some LocalDirector parameters. Once a new value is set, it is in effect until set again with the default command. The default parameters for the following commands can be set:
Keep connections in LocalDirector memory for five minutes after TCP ending sequence. (Configuration and Replication modes.)
The delay command is used to put connections into a "pending deletion" state instead of removing them immediately when a TCP ending sequence is received. If the delay command is set for a virtual server, the connection remains in memory for approximately five minutes.
If any data arrives for the connection, it is put back in an "active" state. If any other packet comes across for the connection, the packet passes through the virtual server, but the connection is not considered active.
Use this command only when responses to and from clients are often dropped, especially during the closing of TCP connections or for UDP connections. For example, there is a known bug with the Trumpet WinSock stack running on Windows 3.11 where HTTP get requests are sent out of order, and this causes the LocalDirector to drop the connection even though it has not completed.
Connect to a real server and obtain dynamic feedback. (Configuration and Replication modes.)
What is the default timeout period?
The dynamic-feedback command obtains information about the availability of a real server
Exit privileged mode and return to unprivileged mode. (Privileged mode.)
The disable command exits privileged mode and returns you to unprivileged mode. Use the enable command to return to privileged mode.
Start privileged mode. (Unprivileged and privileged modes.)
The enable command starts privileged mode. LocalDirector prompts you for your privileged mode password. When you first configure LocalDirector, a password is not required and you can press the Enter key at the prompt. Use disable to exit privileged mode. Use enable password to change the privileged mode password.
In the example below, note that the prompt changes from ">" to "#" when you enter privileged mode.
Set the privileged mode password. (Privileged and Configuration modes.)
The enable password command changes the privileged mode password, for which you are prompted after you enter the enable command. When you first configure LocalDirector, a password is not required and you can press the Enter key at the prompt. Assign a password to privileged mode with the enable password command.
Enable access to the optional failover feature. (Configuration and Replication modes.)
Failover provides a mechanism for LocalDirector to be redundant by allowing two identical units to serve the same functionality. Both LocalDirector units must run the same version of software, and the failover cable must be used to connect the two units. The failover command without an argument indicates that you have connected the failover cable and intend to use a secondary unit to back up the primary LocalDirector. The default configuration includes the no failover command; however if the failover cable is present at boot-up, it will be detected automatically and failover will be enabled. Use the show failover command to verify the status of the connection and to determine which unit is active. Use the replicate command to maintain connection state on a per-virtual basis.
Note Turn off unused interfaces with the no interface command, or the LocalDirector unit will be seen as failed.
Failover works by passing control to the secondary unit should the primary unit fail. The switch between units occurs within 30 seconds of the failure event. The markings on the failover cable let you choose which unit is primary and which is secondary.
Note Use identical LocalDirector units as failover pairs. Make sure that the hardware
platform, and the number and type of interfaces on each unit are the same.
Failover works in a switched environment, as long as both units are running LocalDirector
software version 1.6.3. or later.
Failover only works with the Cisco failover cable. LocalDirector failover does not work
with alternate vendor DB15-to-DB15 cables.
Because configuration replication is automatic from the active unit to the standby unit,
configuration changes should only be entered from the active unit.
The following output shows failover on, and the primary unit state is active:
The following example shows the show failover output if failover has not started monitoring the network interfaces:
Display help information. (All modes.)
The help or ? command displays help information about all commands. You can view help on an individual command by entering the command name followed by a question mark. The command line prompt returns with the command syntax, and the command appears on the command line.
Use the pager command to control the display output.
Enter ? at the command prompt to get a list of all of the commands available for the current mode.
Change the host name in the LocalDirector command line prompt. (Configuration mode.)
The hostname command changes the host name label on prompts.
Configure network interfaces. (Configuration and Replication modes.)
The interface command identifies the type of network interface boards, and the speed and duplex settings for Ethernet. Use show interface to view information about the interface.
To configure full duplex Ethernet, the auto option is recommended, but your network interface has to support auto-detection. (The RNS 4-port adapter cards do not support the auto option.) You can force the Ethernet argument to accept full duplex with the 100full option if the network accepts full duplex and 100 megabit Ethernet.
Note In releases prior to version 2.2.1, the no interface command was used to disable and enable access to an interface. This command no longer is used to enable and disable an interface. Use the shutdown command instead.
Note If a crossover cable is used to connect the LocalDirector to a Cisco 7500 series
router, use the 100full option.
Use the 100full option for the 4-port Ethernet interfaces on the LocalDirector 420.
Mark a real or virtual server as being in service (IS). (Configuration and Replication modes.)
The in-service command indicates that the virtual server or real server is ready to accept connections.
In following example, the in-service (is) command is used with the all option to put all ports of real server 192.168.1.1 in-service. This puts all ports of the real server (both default and port-bound) in-service with just one command.
Server www.domain.com is put in-service by using the name of the server for server_id. Because no port is specified, only the default ports are put in-service.
When port-bound server 192.168.1.3 80 is put in-service, the remaining ports (both default and port-bound) are left out-of-service.
Assign the system IP address for the LocalDirector. (Configuration and Replication modes.)
The ip address command assigns an IP address to the LocalDirector. Use the show ip address command to view the address.
In the following example, the system IP address is 192.168.1.1, and the failover IP address is 192.168.1.2. The current IP of 192.168.1.2 indicates that this is the standby unit for failover. If the current IP is the system IP address, the unit is active. If the current IP is the failover IP address, the unit is standby.
Note You cannot use the traceroute command with the LocalDirector IP address. The traceroute command can only be used with virtual IP addresses.
See also: failover
Terminate a Telnet session. (Privileged and Configuration modes.)
The kill command terminates a Telnet session. Use who or show who to view the Telnet session ID value. When you kill a Telnet session, LocalDirector lets any active commands terminate and then drops the connection without warning to the user.
Set the maximum number of connections that LocalDirector will send to a real server. (Configuration and Replication modes.)
You can set the maximum number of connections that a real server accepts to avoid overloading the server. There is no default setting for maxconns, and the value is "unlimited" when viewed with the show maxconns command.
Specify the maximum transmission unit (MTU) value for the specified network interface. (Configuration and Privileged modes.)
For Ethernet interfaces, the default MTU should be 1,500 bytes in a block; for FDDI, specify 4,096 bytes.
The value for the mtu command depends on the type of network interface specified in the interface command. The minimum value for bytes is 64 and the maximum is 65,535 bytes.
Enable and disable the Routing Information Field (RIF) for FDDI interfaces. (Configuration and Replication modes.)
Enables or disables an interface's ability to collect and use source-route information (RIF) for routable protocols. The all keyword enables the multiring for all frames. See the chapter "Configuring Source-Route Bridging" in the document Router Products Configuration and Reference for more information.
In FDDI (and token-ring), if a RIF exists in the IP header it can cause problems. The multiring command, which is on by default in LocalDirector, interprets and uses the RIF field in the header. When this is turned off (suggested for FDDI and token-ring) by using no multiring all, the RIF field is not used in the IP header.
Associate a name with an IP address. (Configuration and Replication modes.)
Use the name command to identify a virtual or real server by a text name. This makes it easier to change the LocalDirector configuration because you can refer to real and virtual servers by name rather than IP address; however, the port number and bind-id must be included with the name when identifying port-bound servers and virtual servers with bind-ids. The name command can be used before or after a server is defined.
The name command is optional, and it is not related to DNS. It provides a means of making LocalDirector servers easier to configure, and the names associated to the configuration do not have to be synchronized with DNS.
Use the no name command to remove an assigned name.
In the example that follows, the name command is used to identify IP address 192.168.1.1 as "v1" and then it is defined as a virtual server with the virtual command. This creates a virtual server with a default port of 0 and a bind-id of 0.
Two more virtual servers created using the same name, and they are bound to port 80 with bind-ids of :1 and :2.
A virtual server is created with an IP address of 192.168.1.2 that is bound to port 443 and has a bind-id of :1. The name command is then used to identify IP address 192.168.1.2 as "v2" after the virtual server is defined.
The name "v1" is used as the virtual_id with the in-service command and the all option to put all virtual servers with IP address 192.168.1.1 in service.
The name "v2" is used to identify a virtual server bound to port 80 with a bind-id of :1.
Determine whether IP addresses or server names display in screen output. (Privileged, Configuration, and Replication modes.)
You can use either the server name or IP address to configure real and virtual servers regardless of whether the names command is on or off. The status of the names command does not affect the write terminal and show configuration commands. Use the show names command to check the status of names.
Use the no names command to disable the display of names in screen output.
Mark a virtual or real server as out of service (OOS). (Configuration and Replication modes.)
When you mark a real server as being out of service, LocalDirector does not assign new connections to it, but lets old connections continue to run until they complete. An out-of-service real server can still be accessed by clients specifying its actual IP address. Use show real to watch the status of open connections; when all connections appear as OOS, you can power-off the server or reconfigure it as required.
In following example, the out-of-service (oos) command is used with the all option to take all ports of real server 192.168.1.1 out-of-service. This takes all ports of the real server (both default and port-bound) out-of-service with just one command.
Server www.domain.com is placed out-of-service by using the name of the server for server_id. Because no port is specified, only the default ports are taken out-of-service.
When port-bound server 192.168.1.3 80 is placed out-of-service, the remaining ports (both default and port-bound) are left in-service.
Control display output. The pager command is on by default. (Configuration, Unprivileged, and Privileged modes.)
If the pager option is on, only one screen of output displays at a time. Pressing the spacebar displays the next page of information, and pressing Enter displays the next line. Pressing the "q" key stops the output and returns to the system prompt.
If the no pager command is used, screen output scrolls until the end without stopping.
Use the show pager command to see if the pager option is on or off.
Modify Telnet login password. (Configuration and Replication modes.)
The password command sets a password for Telnet access. The default password is cisco, and it should be changed from the default.
See also: enable password
Send a ping request message. (Configuration and Privileged modes.)
The ping command determines if the LocalDirector has connectivity or if a host is available on the network. The command output shows if the response was received; that is, that the host exists on the network. If the host is not responding, ping displays "no response received." Use show interface to ensure that the LocalDirector is connected to the network and has connectivity.
The command displays three attempts that reached the specified address:
Turn on or off the ability to ping a virtual address. The default is to not allow a virtual address to be pinged. (Configuration and Replication modes.)
By default, virtual addresses cannot be pinged. This helps protect virtual addresses from an ICMP echo flood.
Use the ping-allow command to enable a LocalDirector virtual address to respond to a ping request.
The following example allows a virtual address to be pinged from interface 0:
Choose the type of load balancing for each virtual server. (Configuration and Replication modes.)
Each virtual server can have a different predictor option. The show virtual command shows an asterisk (*) next to the active predictor. This indicates whether the virtual server is using the selected predictor value, or is in slowstart mode.
The slowstart option is available for the leastconns or weighted arguments. The LocalDirector rotates through the servers until the number of connections reaches a pre-determined level when slowstart is enabled. This avoids overloading a server with too many requests when it is brought in-service. The slowstart option is enabled by default.
The leastconns predictor option directs network connections to the server with the least number of open connections. Although it may not be intuitively obvious that the leastconns predictor would provide effective load balancing; in fact, it does quite well. At web sites where there is a collection of servers with similar performance, the leastconns option is effective in smoothing distribution in situations where a server gets bogged down for one reason or another. In sites where there are large differences in the capacity of various servers, the leastconns option also performs very well. In maintaining the same amount of connections to all servers, those capable of processing (and thus terminating) connections the fastest will get more connections over time. A server deemed to be twice as powerful as another server does, in fact, get about twice as many connections per second.
The weighted predictor option allows you to assign a performance weight to each server. Weighted load balancing is similar to leastconns, but servers with a higher weight value receive a larger percentage of connections at any one time. LocalDirector administrators can assign a weight to each real server, and the LocalDirector uses this weight to determine the percentage of the current number of connections to give each server. The default weight is one.
For example, in a configuration with 5 servers, the percentage of connections is calculated as follows:
weight server1 7
weight server2 8
weight server3 2
weight server4 2
weight server5 5
total weight of all servers = 24
This will result in server1 getting 7/24 of the current number of connections, server2 getting 8/24, server3 getting 2/24, etc. If a new server, server6, is added with a weight of 10, it will get 10/34, and so on.
The weighted predictor gives new connections to the real machine that is in most need of a connection, based on how many connections the virtual machine and real machines bound to it have at that moment.
Virtual server 1.1.1.1 has 50 connections and is bound to real servers 1.1.1.2, 1.1.1.3, and 1.1.1.4.
real server 1.1.1.2 has 20 connections with a weight of 3
real server 1.1.1.3 has 10 connections with a weight of 2
real server 1.1.1.4 has 15 connections with a weight of 4
Based on weights, the load should be distributed as follows:
real server 1.1.1.2 gets 3/9 of conns, which is 33%
real server 1.1.1.3 gets 2/9 of conns, which is 22%
real server 1.1.1.4 gets 4/9 of conns, which is 44%
The actual percentage of connections to the real servers is as follows:
real server 1.1.1.2 has 20/50 connections, or 40%
real server 1.1.1.3 has 10/50 connections, or 20%
real server 1.1.1.4 has 15/50 connections, or 30%
Thus, real server 1.1.1.4 will receive connections to bring it closer to having 44% of the connections at the time.
Note The weight command is used to set the weight values for the real servers, and the predictor command is used to set load balancing to the weighted option.
The roundrobin predictor option directs the network connection to the next server, and treats all servers as equals, regardless of number of connections or response time. Although the LocalDirector roundrobin predictor appears similar to DNS round robin, it is superior because there is no propagation delay or caching that hinder the algorithm. Also, the LocalDirector can determine when a server is not responding, and avoid sending connections to that server.
The fastest predictor option directs the network connection to the server with the fastest response rate, although it does not perform consistently in varying server configurations. Web-server performance, in particular, does not follow a linear progression of response time to number of connections. Web servers seem to respond flatly to a point, and then at a certain load there is a sharp, dramatic increase in the response time. In these situations, the fastest predictor will tend to overload a particular server before moving on to another.
Use the loaded predictor to give each server a weighted number of connections in a row (roundrobin style) before proceeding to the next server on the list. For example:
Server 1 will receive 2 connections, then Server 2 will receive 4 connections, and then Server 3 will receive 1 connection, etc.
Note The weight command is used to set the weight values for the real servers, and the predictor command is used to set load balancing.
Define a real server. (Configuration and Replication modes.)
Real servers are actual host machines with unique IP addresses that provide IP services to the network. Use no real to remove a real server from LocalDirector. Real servers can still be accessed using their actual IP address.
Use the show real command to check the service state of real servers. Possible service states are:
The server is online and accepting connections.
The out-of-service command was used to take the server out of service, and connections are not sent to it via the virtual server. Connections addressed to the server's actual IP address are bridged by the LocalDirector.
The server has not responded to the number of connections set by the threshold command or has responded with the same number of TCP RSTs.
After the time set by the retry command has passed, the LocalDirector puts a failed real server into testing mode where it gets one live connection from a virtual server. If the real server does not respond or responds with TCP RST, then it goes back to a failed state and a SYSLOG message is generated. If the server responds to the connection, then its state is changed to in-service. Note that the LocalDirector does not generate any traffic to test the real server. Instead, a live connection is sent to the server in testing state. If the real server is failed and there is no traffic to the virtual server(s) that it is bound to, it stays in testing mode.
The show real command provides the following information:
Table 6-2 Description of show real Output
Although a space can be used as a delimiter for port-bound servers, a colon is preferred. Note that the port is 0 by default, and the is (in-service) command is used to put the port 80 server in service when it is defined:
Set number of retries to a real server before the connection is reassigned to another server. (Configuration and Replication modes.)
If reassign is at the default of 3, then TCP will attempt to connect three times before going to another server (TCP SYNs are counted). If threshold is set to 8, this can happen eight times before the server is marked as failed.
Set the type of load balancing redirection for the virtual machine. (Configuration and Replication modes.)
The IP address or name, port (if a port-bound server), bind-id, and protocol of a virtual server. |
|
Uses NAT to pass packets to the real server. (NAT replaces the virtual IP address with IP address of the real server.) |
|
The IP address of the virtual machine is aliased on each real server, making address translation unnecessary. (The LocalDirector replaces the MAC address on a packet with that of the real server. Packets are then passed on to a real server, retaining the IP address.) |
|
Use the LocalDirector style of architecture; that is, the style used since version 1.0 |
|
Use the Cisco Appliance Services Architecture (CASA), introduced in version 3.1. |
The redirection command allows you to change the way packets pass through the LocalDirector.
Directed mode uses Network Address Translation (NAT) to translate the IP headers in packets. NAT, supported in LocalDirector since version 1.0, provides quick setup with no network address changes, reducing system administration time.
Using NAT may not always be the best solution though. Since some protocols embed the IP address within the payload, this can be a problem when a packet is encrypted. Additionally, searching though an entire payload for an IP address is processor-intensive and time-consuming. In these cases, performance can be increased using Dispatched mode.
Dispatched mode increases traffic throughput, but requires an additional setup of assigning an aliased IP address on a real server that matches the virtual IP address on the LocalDirector. Dispatched mode should be used for UDP and TCP when the IP address information needs to remain unchanged.
Reboot and reload the configuration. (Privileged mode.)
The reload command reboots the LocalDirector and reloads the configuration from Flash memory.
Note You are prompted for confirmation before starting with "Proceed with reload?"
Press y or the Enter key to continue with the reboot.
The replicate command enables stateful failover. (Configuration and Replication modes.)
Connection replication is a property of the virtual server, and it is set and cleared with the replicate command. This replicates all established connections to standby unit. In the event of a LocalDirector failure (with failover configured), the standby unit has information for current connections, and keeps connections to the virtual server alive.
This is settable on a per-virtual basis, which means you can turn it on for 3270 and leave it off for HTTP. Because HTTP connections are short-lived, it is not recommended that the LocalDirector maintain state for these connections.
Use the replicate interface command to dedicate an interface to stateful failover.
Take a server out of service, and then bring it back in service. (Privileged, Configuration, and Replication modes.)
The restart command takes a server out-of-service and puts it back in-service with one command.
Specify the number of minutes before a failed machine is sent a live connection to check its state. (Configuration and Replication modes.)
The retry command sets the number of minutes before a failed real machine is assigned another connection. If the retry is set to zero, the failed server is not retried until the server is brought back into service with the in-service command.
Note If the retry value for a real server is left at the default setting of one minute, the value does not display with write terminal or show configuration. It does display with the show retry command.
Enable IP routing table updates from received RIP broadcasts. (Configuration and Replication modes.)
If you have RIP on your network, enter the rip passive command. If you are not using RIP on your network, you must assign a static route with the route command. The LocalDirector does not broadcast RIP, it only listens to RIP.
Add a static route to the IP routing table. (Configuration and Replication modes.)
If you want to change an existing route, you must first use the no route command to clear the route, and then specify the new route with the route command. Defining a new IP route with the route command does not overwrite a route that is already established.
The secure command turns bridging on or off per interface. (Configuration and Replication modes.)
The secure command blocks bridged traffic bound for a specific interface in the LocalDirector without affecting traffic that is load-balanced through a virtual server. Only traffic being serviced by a virtual server traverses the interface, and no traffic is bridged to or from the interface.
Note If an interface is secured on the LocalDirector with the secure command, make sure that all real servers on that network have the LocalDirector as their default route. Also, make sure that the LocalDirector has a default route to the router.
Set the type of service provided by the virtual machine. (Configuration and Replication modes.)
View LocalDirector information. (All modes.)
The show command with arguments displays the value assigned to that variable. For example, show real displays all of the real servers defined in the configuration.
Any settings left at their default values do not display with the write terminal command. Use the show command and the command associated with the setting to view the default value in the configuration (for example, show retry). The only exception to this is the show configuration command which displays the configuration stored in Flash memory, and therefore do not include default values either.
Use the show ? command to view the names of the arguments that can be used with show.
The pager command is used to control the display of show command output.
See also: pager
The shutdown command disables an interface.(Configuration and Replication modes.)
Use the shutdown command to disable access to the network interface. This is important if failover is configured, because failover will see the unused interfaces as failed if they are not turned off. The no form of the command enables an interface.
For example, to enable an interface and configure its speed, use the commands:
To disable this same interface, use the commands:
Use the write memory command to save configurations to flash memory.
Configure the LocalDirector SNMP agent. (Configuration and Replication modes.)
Your name or that of the LocalDirector system administrator. |
|
The IP address of a host to where SNMP traps should be sent. You can specify a maximum of 64 host IP addresses, one per command. |
|
When used with contact, specify your name or that of the LocalDirector system administrator. When used with location, specify your LocalDirector location. |
|
When used with host, the IP address of a host where SNMP traps are sent. You can specify a maximum of 64 host IP addresses. |
This command configures the SNMP agent on the LocalDirector. LocalDirector converts the contact and location information to lowercase.
To configure SNMP, use the following commands:
mib2.system
mib2.interfaces
mib2.snmp
Cisco LocalDirector MIB
cisco.ciscoMgmt.ciscoLocalDirectorMIB.ciscoLocalDirectorMIBObjects
ciscoMgmt.*.cldVirtualMachine.cldVirtualTable.cldVirtualTableEntry
VirtuallIpAddress
VirtualPort
VirtualBindID
VirtualState
VirtualTotalConnections
VirtualTotalPackets
TotalBytes
VirtualWeight
ciscoMgmt.*.cldReallMachine.cldRealTable.cldRealTableEntry
ReallIpAddress
RealPort
RealBindID
RealState
RealTotalConnections
RealTotalPackets
TotalBytes
RealWeight(read/write) - RealWeight can be set using snmp commands.
FailoverEnabled
FailoverCableStatus
FailoverUnitType
FailoverUnitStatus
FailoverActiveTimeStamp
warmStart
linkDown
linkUP
Cisco Syslog Trap
Cisco LocalDirector Traps
All syslog messages are sent as an enterprise(cisco) trap.
OID{1.3.6.1.4.1.9.9.41.2} Generic trap=6, Specific Trap=1
ciscoLocalDirectorVirtualStateChange (Virtual State Change)
ciscoLocalDirectorRealStateChange (Real State Change)
ciscoLocalDirectorFailoverEnableChange (Failover is turned on/off)
ciscoLocalDirectorFailoverCableChange (Status of failover serial cable)
ciscoLocalDirectorFailoverUnitStatus (The unit's failover activity: active or standby)
All of the HPOV commands are in the /opt/OV/bin directory. When using HPOV, you must use a name for the LocalDirector, and the name must be listed in the /etc/hosts file.
The xnmbrowser on the command line is recommended for viewing the mibs.
Note If you do not load the MIBS then you need to use the raw OIDs; however, if you load the MIBS first, you can use MIB names.
The static command translates a real server IP address to that of a virtual server. (Configuration and Replication modes.)
Use the static command to translate a real server address to a virtual server address. This allows the real server to make outbound connections, but keeps the IP address hidden outside the LocalDirector network.
For outbound connections that the real server makes (not in response to a user accessing the virtual server), the IP address is translated to the virtual IP address identified by the static command. The outbound connection count is displayed with the show static command.
If the real_port exists as a port-bound server, then the outbound connection is counted towards the number of connections for that real server (that is, it will affect load balancing); otherwise, the connection is only translated and does not affect load balancing.
Set the number of minutes defining the period of inactivity between connections before the client is sent to another server. (Configuration and Replication modes.)
Virtual server IP address or name, port number, bind-id, and protocol. |
|
The elapsed time of connection inactivity, after which a connection from the same client can be reassigned to a different real server. The default is 0 minutes, and the maximum value is 65535 (45.5 days). |
|
The sticky connection is based on the sticky session ID. Note SSL version 2 is not supported and produces a fatal error. LocalDirector supports SSL version 3 servers and SSL2/3 (hybrid) clients. |
The sticky command ensures that the same client gets the same server for multiple connections. The connection is based on IP address for generic or sticky session ID for ssl. The sticky command is used when applications require a consistent and constant connection to the same server. If you are connecting to a system that keeps state about your connection, sticky allows you to get back to the same real server again and retain the statefulness of the system. For example, if an online form is being completed by a client, the sticky command ensures that multiple connections are sent to the same server to complete the transaction.
The sticky command is not timing how long a client is connected; it is timing periods of inactivity. If sticky is set to five, and the client is active, new requests from the client are not sent to another server via load balancing, even if five minutes has elapsed. However, if five minutes of connection inactivity elapse, the requests from the client could be sent to another real server.
If maxconns will be exceeded by new connection, a new host is chosen and sticky information is updated to reflect new host. Then all future connections (within sticky number of minutes) go to new host.
Note sticky generic only monitors the source and destination IP address. If a proxy is used to launch connections (all source IP addresses are the same) then use the sticky ssl. The example that follows shows how to setup sticky for proxy requests.
Use show sticky or show virtual to display the sticky value. Use the no sticky command to turn sticky off and return to the default value of 0.
The sticky command can also be used in conjunction with the buddy command to sticky two virtuals together. This would be useful for linking a virtual using port 80 to a virtual handling port 443 (SSL) traffic.
In the following example, the virtual command is used to identify 192.168.1.1:443 as a virtual server accepting traffic on port 443 (SSL), and 192.168.1.1:80 as a virtual server accepting HTTP traffic. The sticky command is used to ensure that SSL requests from the same client will be sent to port 443 on real server 192.168.1.1:443 until 10 minutes of inactivity have elapsed:
Show inactive connections for the virtual server. (Configuration and Privileged modes.)
Set the number of unanswered SYNs to a virtual server before entering synguard mode. (Configuration and Replication modes.)
The synguard command provides limited protection against SYN attacks to the virtual IP address. Once the number of unanswered SYNs set with synguard command is reached, the LocalDirector starts to protect the real network and servers from a SYN attack.
A SYSLOG message is sent when the LocalDirector enters synguard mode.
Note The LocalDirector does not leave synguard mode automatically. Either reset the synguard value to 0, or raise the value.
To use syngaurd effectively, monitor the website to gather statistics about the highest number of SYN counts. Then, set the synguard level to a percentage (perhaps 10 to 15 percent, or whatever is appropriate for the site) above that number.
Use the no synguard command to return to the default value of 0. The show synguard command displays synguard settings and whether or not synguard is active, and the show syn command displays the number of connections and SYN count for the virtual server.
Log messages to SYSLOG server. (Configuration and Replication modes.)
Displays SYSLOG messages on the console port. Use no syslog console to stop the display. SYSLOG messages to the console display as they are logged, and may display in the middle of other screen information. SYSLOG messages scroll on the screen without pausing. This command is not stored in the configuration. |
|
Set the facility number and error level for messages sent to SYSLOG, hosts, and to the console. |
|
Eight facilities LOCAL0(16) through LOCAL7(23); the default is LOCAL4(20). Hosts file the messages based on the facility number in the message. The facility number is a unique device number that identifies logging information and is saved in a log file shared by a number of devices. |
|
Message type; sets the level above which LocalDirector suppresses messages to the SYSLOG hosts. Setting the level to 3, for example, allows messages with levels 0, 1, 2, and 3 to display. The default is 3. The levels are: |
Messages are sent to the SYSLOG host over UDP. Use the syslog host command to specify which systems receive the messages. You can use show syslog to view previously sent messages.
The syslog console command is not stored in the LocalDirector configuration. This is because the console for a Telnet user may not be available when the box is rebooted, thus causing a problem. The syslog console command must be entered each time you want the syslog output to come to your console, whether it is the actual serial line console or a telnet console.
Logging is enabled by configuring the LocalDirector with the IP address of the log host.
To configure SYSLOG, use the following commands:
To configure a UNIX system to accept SYSLOG messages, perform the following steps:
Step 2 Log into the UNIX system as root (superuser) and execute the following commands; change name to the log file where you want SYSLOG messages to appear:
Step 3 While still logged in as root, edit the /etc/syslog.conf file with a UNIX editor and add the following selector and action pairs for each message type you want to capture:
In the syslog.conf file, code each selector and action pair for the messages you want to receive. For example, if you want to receive messages in a file called localdirector for message priorities 0, 1, 2, and 3, and you use the default LOCAL4 facility, the syslog.conf statements would be:
This configuration directs LocalDirector SYSLOG messages to the specified file. Alternatively, if you want the message sent to the logging host console or emailed to a system administrator, refer to the UNIX syslog.conf(4) manual page.
Entries in /etc/syslog.conf must obey these rules:
Step 4 Inform the SYSLOG server program on the UNIX system to reread the syslog.conf file by sending it a HUP (hang up) signal with the following commands:
The first command lists the SYSLOG process ID. This number may vary by system. The second command sends SYSLOG the HUP signal to restart.
The following example shows SYSLOG error messages generated by a bridge loop:
Add authorized IP addresses for Telnet access to LocalDirector. (Configuration and Replication modes.)
The IP address or network of a host that is authorized to access the LocalDirector Telnet management interface. |
|
The subnet mask for the network specified in this command. Use any valid mask, or a network IP address to enable access to all in the subnet; for example if you set mask to 255.255.255.0, all systems in the subnet can access the LocalDirector over Telnet. If you set mask to 255.255.255.255, only the IP address you specify can access the LocalDirector. |
The telnet command is used to identify who can configure the LocalDirector via Telnet. Up to 16 hosts or networks are allowed access to the LocalDirector console, four simultaneously. The show telnet command displays the list of IP addresses authorized to access the LocalDirector. Use no telnet or clear telnet to remove Telnet access from an IP address. Use the who command to view IP addresses that are accessing the LocalDirector.
Use the password command to change the access password for Telnet.
Set the IP address of the TFTP server for storing secondary configuration information and software image files. (Configuration and Replication modes.)
The tftp-server command defines the IP address of a TFTP server. When a TFTP server is defined, secondary configuration information can be written to, and read from, a TFTP server with the write net and configure net commands. The secondary configuration contains information about virtual and real servers, server bindings, backup servers, and load balancing.
The commands associated with TFTP are as follows:
Configure the number of consecutive TCP connection reassignments that a real server can exhibit before LocalDirector marks the real server as failed. (Configuration and Replication modes.)
Use show real or show threshold to display real server threshold values. When the number of connection reassignments is equal to the threshold value, the server is failed by the LocalDirector. Connection reassignments may be due to a TCP RST, or no answer from the real server.
Failed real servers are not utilized by virtual servers while in the failed state; however, LocalDirector retests each failed server periodically with a single TCP connection attempt to see if the server has returned to normal behavior. If so, LocalDirector marks the server as in service which makes it available to handle virtual server requests.
Set connection timeout for real machine. (Configuration and Replication modes.)
Real server IP address or name, port (if a port-bound server), bind-id, and protocol. |
|
The number of minutes the server maintains a connection before dropping it. The default is 120 minutes, and the minimum is |
Idle connections will be timed out after the number of minutes set with the timeout command for each real server. In addition, every two minutes the LocalDirector will remove a connection that has not been fully established (that is, either the client or server did not complete the TCP handshaking sequence to get the connection established).
Create a virtual server to accept a connection from the network. (Configuration mode.)
The port traffic that runs on the server. Use a colon as a delimiter between the IP address and port number. If you do not identify a specific port, all traffic is allowed to the server and the port is labeled 0. Servers with a port specified are referred to as "port-bound" servers. |
|
Used with the assign command to direct traffic to a specific location. Use a colon as a delimiter between the bind-id and port number. If you do not specify a bind-id when defining a virtual server, the default is :0. Any client IP address not identified by an assign command statement will be directed to the default bind-id of 0. |
|
The protocol to use. Available options are TCP, UDP, and GRE. |
|
In service (is) or out of service (oos). The default is oos. |
The virtual command creates a virtual server to accept a connection from the network. Virtual servers present a single address for a group of real servers and load balance service requests between the real servers in a site. The virtual server IP address is published to the user community, but the real IP address can remain unpublished.
If you are using directed mode, and the published or "advertised" addresses are different from internal addresses, the IP address of the LocalDirector must be on the network from which you want to access the LocalDirector. That is, if your virtual servers are on network 204.31.17.x, and your real servers are on network 192.168.89.x, then the IP address of the LocalDirector should be either 204.31.17.x (if accessing the LocalDirector from outside) or 192.168.89.x (if accessing the LocalDirector from inside). Here "accessing" means using Telnet, SNMP, or SYSLOG to connect to the LocalDirector. Virtual server addresses can only be accessed from the client side of LocalDirector.
If you are using dispatched mode, you can create an alias IP address on the LocalDirector and keep it in a subnet different from the location of the real servers.
Specify the IP address of the LocalDirector with the ip address command before defining virtual servers. If no real servers are bound to the virtual server, the no virtual command can be used to remove the virtual server from LocalDirector.
Note If you define a port-bound virtual server and there is no real server with that port defined (or a real server configured for default ports), the client is sent a TCP RST when a connection to that port is attempted.
The show virtual command indicates the service state of virtual servers. Possible service states are:
The virtual server accepting connections.
The out-of-service command was used to take the virtual server offline, and it is not accepting traffic for load balancing. Connections addressed to the virtual server will be dropped.
The virtual server is unable to direct traffic to real servers. The real servers bound to the virtual server are either out of service or failed.
All of the real servers bound to the virtual server have reached the value set with the maxconns command, and they are not accepting connections even though the servers are in service.
The show virtual command provides the following information:
Table 6-3 Description of show virtual Output
|
The port and bind-id are optional when defining virtual servers. Although a space can be used as a delimiter for the port, a colon is preferred and must be used with the bind-id. Note that the port and bind-id are 0 by default:
In the following example, note the use of the name command. The name is used with the port and bind-id to identify the server (virtual_id):
To remove a virtual server you have to first remove any bind association to real servers. For example:
Assign a relative value to the distribution of connections for real servers. (Configuration and Replication modes.)
The IP address or name, port (if a port-bound server), bind-id, and protocol of a real server. |
|
The number that will be averaged to determine the distribution of current connections among real servers. The default is one, and the value can be a whole number from 0 to 65535. A value of 0 is equivalent to placing the server out of service. |
Assign a larger number to servers with higher performance. In the following example, the weights of all of the servers equals eight. Therefore, server 192.168.1.1 would receive 4/8 of the connections, or 50%. Server 192.168.1.2 would receive 25% of the connections, and servers 192.168.1.3 and 192.168.1.4 would each receive 12.5% of the connections. Faster servers will still receive more connections because they will service the connection faster, regardless of the percentage of connections that they are assigned at the time.
Note Weight values will only take effect when the predictor command option for the virtual server to which the real server is bound is set to weighted or loaded.
Show active Telnet administration sessions. (Unprivileged, Privileged, and Configuration modes.)
The who command shows the tty_id and IP address of each Telnet client currently logged in to the LocalDirector. This command is the same as the show who command.
Store the current configuration. (Privileged and Configuration modes.)
The write erase command clears the Flash memory configuration. |
|
The write floppy command stores the current running configuration on floppy disk. |
|
The write memory command saves the current running configuration to Flash memory. When using failover, this forces the configuration to be written to Flash memory on the standby unit also. |
|
The write terminal command displays the current running configuration on the console computer. Before using this command, you can set your terminal communications program to store the screen display in a log file. |
|
Save configuration to a remote TFTP server. To use this option, issue the tftp-server command first, or identify the name of the file and the IP address of the TFTP server. The file must be created on the TFTP server before it can be saved to the TFTP server. |
|
Use the write floppy command to save the current running configuration to floppy disk, and use the write memory command to save to Flash memory. You can save your configuration on the distribution diskette that shipped with your LocalDirector. Use configure memory or configure floppy to restore the saved configuration.
Any settings left at the default value will not be displayed with the write terminal command. Use the show command and the command associated with the setting to view the default value in the configuration (for example, show retry). The only exception to this is the show configuration command which displays the configuration stored in Flash memory, and therefore will not include default values either.
Posted: Fri Oct 17 10:25:23 PDT 2003
All contents are Copyright © 1992--2003 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.