The alias ip address command allows a virtual server to be placed on an IP network that is different from the real server's IP network without the use of a router.
Use the failover alias ip address command to set up an alias on the standby failover unit and take advantage of one of the following attributes:
multiple IP addresses
dispatched mode
allowing a failover unit to be on a network that is different from a real server's network.
A maximum of 256 aliases are allowed.
Virtual servers can be grouped together with the buddy command. Certain commands and parameters (such as the sticky command) that affect one virtual server affect all other virtual servers in the buddy group.
The dynamic-feedback command configures a TCP connection between LocalDirector and a server running the Dynamic Feedback Agent. The Dynamic Feedback Agent provides statistical information to LocalDirector about the availability of servers in a server farm. LocalDirector maintains the connection to the Dynamic Feedback Agent server, updates the Dynamic Feedback Agent internal status about the availability of servers, and makes load balancing decisions based on the information it receives. This process ensures that the most available server is chosen to provide future connections.
New default values can be set for some LocalDirector commands. Once a new value is set, the new value is active until the value is changed with the default command.
LocalDirector can set an IP precedence value in the IP header to and from virtual servers with the color command. This allows packet prioritization for different types of services on virtual servers. The Cisco Policy Manager software, version 1.0, can be used with LocalDirector to support a graphical user interface (GUI) version of this feature.
The Cisco Appliance Server Architecture (CASA) architecture is now supported by LocalDirector. The CASA allows a stand-alone LocalDirector to implement Cisco Network Director Service Manager functionality.
The following changes have been made to existing LocalDirector features for the 3.1.1 release:
The LocalDirector version 2.1 implementation of the sticky command has been expanded to use the SSL session ID as a key for stateful sticky connections (instead of the client IP address). This allows the sticky command to effectively load balance traffic when proxy servers are in use. LocalDirector supports SSL3 servers and SSL2/3 (hybrid) clients.
LocalDirector load balances the User Datagram Protocol (UDP) protocol. A new field, protocol, can be specified for virtual servers and real servers. The virtual and real commands can use the default TCP protocol (using the tcp keyword), or if the protocol keyword set to udp, LocalDirector will load balance the UDP flows.
LocalDirector supports the following industry-standard modes of load balancing. These modes of load balancing are set with the redirection command:
Directed mode---Uses Network Address Translation (NAT) to translate the IP headers in packets. NAT, supported in LocalDirector since version 1.0, reduces system administration time by providing a quick setup with no network address changes.
Dispatched mode---Substitutes the MAC address of the server in the packet for the destination address, thus preserving the IP header information. Dispatched mode increases traffic throughput. However, dispatched mode also requires that the aliased IP address on a real server match the virtual IP address on LocalDirector. Dispatched mode should be used for UDP and for TCP when the IP address information needs to remain unchanged.
The servicevirtual_idftp-proxy command specifies that the virtual_id provides FTP service. LocalDirector monitors the control connection by proxying it, making this service pretty effective. The trade-off is that each FTP session now consumes more resources in LocalDirector.
The out-of-service command has added the following options: oos, maintenance, sticky, and failed.
The following sections contain important notes about the Cisco LocalDirector.
LocalDirector User Interface, Versions 2.2.x and 2.1.x, cannot be used with any LocalDirector version 3.1 release.
A Netscape 4.04 browser with the Apache webserver does not work with the sticky SSL feature. The SSL handshake occurs and data is sent from the client, but the connection pauses at that point. The server is apparently unable to work with the data received from the client.
This problem is inherent in the Netscape/Apache combination, and occurs whether or not LocalDirector is present. [CSCdk91721]
LocalDirector supports the SSL version 2/3 hybrid client hello message, which allows the client to send a Version 2 hello message as long as the client is capable of communicating with the server using Local Director version 3 after the handshake.
We have found that Internet Explorer (4.0) does not work with IIS because the server responds to the client's Version 2 hello message with a version 2 server hello message. [CSCdm46555]
The table below shows which combination of browsers and servers are performing correctly:
Browser
Apache
IIS
Netscape Navigator
works
works
Opera
works
works
Microsoft Internet Explorer
works
works if SSL version 2 is turned off (see CSCdm46555 ReleaseNote or Microsoft customer service document Q187498 for instructions)
If you are using the Dynamic Feedback Protocol (DFP) or SNMP to automatically change the weight of a real server, you can manually change that server's weight by using the weight command. The next time a "dynamic weight" is sent through SNMP or DFP, LocalDirector will use that dynamic weight.
This provides the ability to manually override the dynamic weight being fed into LocalDirector.
The Opera browser does not always use the same SSL session ID from the server. Consecutive connections to a secure virtual server using SSL sticky does not always result in a return to the same real server. This is due to the way Opera handles session IDs: Opera uses a new session ID, thus creating a new sticky association. [CSCdm49617]
The resolution for setting the default interval for UDP connections on real servers is the adjustment of the TIMEOUT knob for the real machines. [CSCdm15526]
Using the older specification for the port parameter (that is, ip_addressport instead of the new invocation ip_address:port) causes certain commands, including the no sticky command,to ignore the command altogether without generating error messages. Older configuration files should be checked to ensure the new style for specifying the port is used.
This is not a LocalDirector problem. This problem is due to the way the CLI reads virtual machine types. The LocalDirector does not know if a port or sticky timer is being specified in the CLI. To remove a sticky timer, specify the following syntax: no sticky [virt:port:bindid]. [CSCdk90873]
Caveats describe unexpected behavior in Cisco LocalDirector 3.1. This section contains open and resolved caveats for the Cisco Local Director version 3.1.
This section describes possibly unexpected behavior by Cisco LocalDirector version 3.1.4.
CSCdm48348
The number of sticky connection objects on a standby unit increases faster than the number of sticky connection objects on a primary unit.
CSCdp34739
Robust FTP is not implemented for static reals.
CSCdm04760
When using the static command, the LocalDirector does not translate the IP address in the data portion of the packet. This inability to translate the IP addresses causes FTP problems when a server inside the LocalDirector initiates an FTP session.
CSCdp24275
Pings from standby units usually fail. Arp and bridge tables are not updated when the IP address being pinged is on the same subnet as an alias of the LocalDirector.
CSCdm41158
Fragmented proxy packets (SSL sticky or robust FTP packets) are not processed correctly if the first packet received is out of sequence and does not contain the entire TCP header.
CSCdp37156
Proxy connections (SSL sticky or robust FTP) are not reassigned.
CSCdp35235
Failovers after a configure net with configuration files with lines that are larger than 5k do not always synchronize properly.
The following caveats were resolved for Cisco LocalDirector version 3.1.4.
CSCdm23831
RNS 4-port Ethernet cards with Intel chips can have 2% alignment errors.
CSCdm66919
Write mem failures do not generate syslog entries.
CSCdm66903
False OKs are returned through telnet connections.
CSCdm68225
If you are replicating FTP connections for a failover scenario, you also have to configure a 'default' virtual port for the virtual IP address in order to receive the data connections which are being replicated to the standby unit.
CSCdm69080
Backup machines are not properly cleared before replicating the failure configuration.
CSCdm66540
No error message is printed when a real that was specified by the weight command does not exist.
CSCdm70556
The weight value for all predictors must be greater than zero. If the weight value for a predictor is less than zero, the real machine will not be used. This behavior is similiar to the real machine behavior in oos maintenance mode.
CSCdm70558
The real machine does not default to a static weight when a dynamic weight change via DFP times out.
CSCdm71139
The data-in counter for the show real command does not get decremented correctly if the feature is not turned on for the real machine.
CSCdm72446
The LocalDirector mishandles ICMP error type 3 code 4 for dispatched mode.
CSCdm66643
If configuration file fails to download to the flash memory card, a cryptic error message is generated.
CSCdm81195
The second packet of LDAP traffic is delayed when bridged through the LocalDirector.
CSCdm78239
If the machines primary is removed a first, a backup machine can not be removed.
CSCdm77636
The default mode for redirect mode is assisted redirect mode. The default redirect mode should be local redirect mode.
CSCdm45514
The delay command parameters are hardcoded to 5 minutes.
CSCdm84715
The weight command is not saved if the weight parameter is the default parameter while the weight timeout parameter is not the default weight timeout parameter.
CSCdm66800
The LocalDirector weighted / loaded behavior can be unpredictable.
CSCdp02402
Buddy associations in the standby unit are not cleared during bootup or write standby.
CSCdp06329
The console does not distinguish between the non-existant sh e 4 command and the existant shu e 4 command. The console should return an error message.
CSCdp03095
Reals bound to sticky virtuals with SSL enabled will not fail.
CSCdp09265
The LocalDirector connection counter does not decrement properly.
CSCdp11596
If names are on, the delay command writes the name instead of the IP address into the configuration terminal. The end result is the loss of the command on reboot.
CSCdk87047
If the LocalDirector has a 4-port RNS card with the DEC chip set, internal looping occurs when you manually change the line speeds from 10baset to 100basetx and then back to 10baset.
CSCdm45606
If the no data command is invoked without keywords, no error message is displayed and nothing is changed. Additionally, the no data real_ip_address commanddoes not return the value to 0; the datareal_ip_address 0 command must be used to return the value to 0.
CSCdm52240
Clearing the default gateway with the clear configuration secondary command causes problems when the user invokes this command from a telnet session within a firewall.
CSCdp27237
Concurrent boot image commands from either a console or a telnet session will cause the LocalDirector to reload.
CSCdp27474
Concurrent conf net and write net commands from either a console or a telnet session will cause the LocalDirector to pause indefinitely.
CSCdp24266
The LocalDirector does not fail an FTP virtual when robust FTP for the virtual is enabled.
CSCdp34831
New connections are not reassigned to new reals when an RST is sent from the real.
CSCdp27345
The Ethernet driver can be corrupted by proxy or local telnet if either service retransmits packets.
CSCdp27416
Repeated use of the show error command causes the LocalDirector to reboot.
CSCdp29124
Reassign commands fail due to invalid TCP checksums in SYN.
CSCdp30505
The write standby command does not work.
CSCdp30689
LocalDirector is displayed in telnet password prompts.
CSCdp32523
Packets that arrive at a virtual server for a non-existent connection generate an RST to the client with a source IP address of 0.0.0.0.
CSCdp34843
Client connections are not RST'd when a real server is not available for a virtual server.
CSCdp36876
Real servers and virtual servers must have the same port to enable bind in dispatched mode.
The following caveat was resolved for Cisco LocalDirector version 3.1.2
CSCdm54556
The proxy code, which is used in the SSL sticky feature, dropped the first packet that completed the SSL handshake and contained data. The client had to resend the data, based on TCP timers, for the SSL session to continue. Although the SSL connections worked, the connections were slow because of the DATA resend that was required for the data dropped in the packet. This problem was compounded when the web page was composed of several sessions.
The following caveats were resolved for Cisco LocalDirector version 3.1.1:
CSCdj69947
Packets destined for servers on a different subnet than the LocalDirector traversed the outside Ethernet three times before being forwarded to the appropriate server if directly-connected multiple logical subnets were running on the inside interface.
CSCdj81299
Using the sticky command created a load inbalance when clients were coming from a site that used a proxy server to access the Internet. Since sticky in Version 2.x used the client's IP address for storing the association to a real server, all clients coming from a proxy server were sent to the same real server.
CSCdj82485
LocalDirector had to disable the Cisco Syslog MIB, so traps were not sent for every SYSLOG message when an SNMP host was configured.
CSCdk05464
The show interface command would display only interface 0 statistics when the show interface ethernet n command wasissued, regardless of what interface number n represented.
CSCdk06921
Connection replication only occured at the beginning of a connection. If failover occured, a connection remained intact on the newly active box. However, if the previously active box was rebooted and failover switched back , the connection was lost. All replication was lost on connections that were established before replication was enabled (even though the connection still existed) or if the standby box was rebooted.
CSCdk20283
If the standby unit was not present when the active LocalDirector was receiving connections in a failover configuration, the established connections were not replicated to the standby unit when they became available.
CSCdk22258
Support for the UDP protocol was needed for virtual servers and real servers.
CSCdk24894
The show memory command output was static. LocalDirector pre-allocated its memory on bootup in accordance to the configuration.
This was misleading to users who looked at the command as a way of determining how loaded their system was. Typically, this output did not change, regardless of the load on the system.
CSCdk25530
The command telnet 0.0.0.0 255.255.255.0 was accepted, but failed to perform any action. However, the command telnet 0.0.0.0 0.0.0.0 worked.
CSCdk33149
You could only retrieve the value for the first MIB instance in the cldVirtualTable.
CSCdk38075
If you attempted to create a real server that already existed on LocalDirector, an error message without a carriage return would display, making the output look garbled.
CSCdk50678
There was no value for the SNMP object sysobjectOID.
CSCdk55614
The oos command was not understood when downloading a configuration from a TFTP server with the config netfile ip command.
CSCdk58223
When trying to bind a server on a port higher than 32768, LocalDirector responded with the following error message:
machine does not exist; can't bind
CSCdk61788
If the snmpwalk or snmpget was used against LocalDirector, the incorrect value of 0 for ifAdminStatus was received.
CSCdk61794
Snmpwalk returned no information and produced the "End of MIB" message for walks on anything short of or equal to .1.3.6.1.2.
CSCkd66733
When binding an existing virtual server to a non-existent real server by IP address, LocalDirector responded with a correct error message. However, if an invalid name was used, the incorrect error message "arg2: invalid IP address" was returned.
CSCdk66749
Using the conf f command without a floppy disk in the drive failed to generate an error message.
CSCdk90027
An snmpget of cldRealTotalConnections using an index of (cldRealIPAddress,cldRealPort) with port value 0 resulted in LocalDirector returning the incorrect object, cldRealIPAddress, instead of the requested object.
CSCdm02673
LocalDirector performed a gratuitous ARP for each enabled interface. These gratuitous ARPs were propagated to each interface. This caused additional log entries in the networks when log events such as MAC address changed for IP addresses.
CSCdm22062
When LocalDirector would fail, it would shut down its interfaces. This was done as a precautionary measure to prevent a failed unit from harming the rest of the network (by constantly transmitting trash, and so forth). If you used the write mem command on LocalDirector while it was failed, it saved the information when the interfaces were down.
CSCdm22544
The arp command returned incorrect information if a colon was incorrectly used in the IP address.
CSCdm24145
SNMP traps that referenced real servers and virtual servers were not correct. For example, the trap (output from CWW):
If a failover cable was not connected and the write standby command was issued, the configuration was not replicated and the error message was not returned.
CSCdm47752
In a failover setup, the active unit replicates the configuration to the standby unit when the standby unit is available. Before the configuration is replicated, the current configuration on the standby unit is erased. However, in version 2.2.2, the static commands were not erased before replication, which led to a reboot on the show static command.
Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.
Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.
CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.
Modem: From North America, 408 526-8070; from Europe, 33 1 64 46 40 82. Use the following terminal settings: VT100 emulation; databits: 8; parity: none; stop bits: 1; and connection rates up to 28.8 kbps.
For a copy of CCO's Frequently Asked Questions (FAQ), contact ccohelp@cisco.com. For additional information, contact ccoteam@cisco.com.
If you are a network administrator and need personal technical assistance with a Cisco product that is under warranty or covered by a maintenance contract, contact Cisco's Technical Assistance Center (TAC) at 800 553-2447, 408 526-7209, or tac@cisco.com. To obtain general information about Cisco Systems, Cisco products, or upgrades, contact 800 553-6387, 408 526-7208, or csrep@cisco.com.
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more up to date than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.
If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco. We appreciate your comments.
