|
|
This chapter describes how to configure the CSM and contains these sections:
Before you configure the CSM, you must take these actions:
This example shows how to configure VLANs:
This example shows how to configure a physical interface as a Layer 2 interface and assign it to a VLAN:
 |
Caution You cannot use the MSFC simultaneously as the router for both the client and the server side. Do not configure the Layer 3 VLAN interface for both the client and the server side. |
This example shows how to configure the Layer 3 VLAN interface:
The software interface for the CSM is the Cisco IOS command-line interface. To understand the Cisco IOS command-line interface and Cisco IOS command modes, refer to Chapter 2 in the Catalyst 6000 Family IOS Software Configuration Guide.
 |
Note Because of each prompt's character limit, some prompts may be truncated. For example: Router(config-slb-vlan-server)# may appear as Router(config-slb-vlan-serve)# |
In any command mode, you can get a list of available commands by entering a question mark (?) as follows:
|
Note Online help shows the default configuration values and ranges available to commands. |
This section describes three methods for upgrading the CSM:
To upgrade the CSM you need to perform a session into the CSM module being upgraded. During the upgrade, enter all commands on a console connected to the supervisor engine. Enter each configuration command on a separate line. To complete the upgrade, enter the exit command to return to the supervisor engine prompt.
|
Caution You must enter the exit command to terminate sessions with the CSM that is being upgraded. If you do not terminate the session and you remove the CSM from the Catalyst 6000 family chassis, you cannot enter configuration commands to the CSM unless you press Ctrl + ^, enter x, and enter the disconnect command at the prompt. |
|
Note Refer to the Catalyst 6000 Family Supervisor Engine Flash PC Card Installation Note for instructions on loading images into bootflash. |
To upgrade the CSM from the supervisor engine bootflash, perform these steps:
Step 2 Set up a session between the supervisor engine and the CSM:
Step 3 Load the image from the supervisor engine to the CSM:
zz = 12 if the supervisor engine is installed in chassis slot 1.
zz = 22 if the supervisor engine is installed in chassis slot 2.
Step 4 Reboot the CSM by power cycling the CSM or by entering the following commands on the supervisor engine console:
|
Note Throughout this publication, the term Flash PC card is used in place of the term PCMCIA card. |
To upgrade the CSM from a removable Flash PC card inserted in the supervisor engine, perform these steps:
x = 0 if the Flash PC card is installed in supervisor engine PCMCIA slot 0.
Step 2 Set up a session between the supervisor engine and the CSM:
Step 3 Load the image from the supervisor engine to the CSM:
Step 4 Reboot the CSM by power cycling the CSM or by entering the following commands on the supervisor engine console:
To upgrade the CSM from an external TFTP server, perform these steps:
|
Note You can use an existing VLAN, however, for a reliable download, you should create a VLAN specifically for the TFTP connection. |
Step 2 Configure the interface that is connected to your TFTP server.
Step 3 Add the interface to the VLAN.
Step 4 Enter the CSM vlan command. See the "Configuring VLANs" section for more information.
Step 5 Add an IP address to the VLAN for the CSM.
Step 6 Enter the show csm slot vlan detail command to verify your configuration. See the "Configuring VLANs" section for more information.
Step 7 Make a Telnet connection into the CSM with the session CSM-slot-number 0 command.
Step 8 Upgrade the image using the upgrade TFTP-server-IP-address c6slb-apc.rev-number.bin command.
For information about saving and restoring configurations, refer to the Catalyst 6000 Family IOS Software Configuration Guide.
Load balancing on the Catalyst 6000 family switch can operate in two modes: the routed processor (RP) mode and the CSM mode. By default, the CSM is configured in RP mode. The RP mode allows you to configure one or multiple CSMs in the same chassis and run Cisco IOS SLB on the same switch.
The following sections provide information about CSM modes:
CSM mode allows you to configure a single CSM only. The CSM mode is supported for backward compatibility with previous software releases. The single CSM configuration will not allow Cisco IOS SLB to run on the same switch.
Before you can enter CSM configuration commands on the switch, you must specify the CSM that you want to configure. To specify a CSM for configuration, use the module csm slot-number command where slot-number is the chassis slot where the CSM being configured is located.
The module csm command places you in CSM configuration submode. All further configuration commands that you enter apply to the CSM installed in the slot you have specified.
|
Note Unless otherwise specified, all the examples in this publication assume that you have already entered this command and entered the configuration submode for the CSM you are configuring. |
The command syntax for CSM mode and RP mode configuration is identical with these exceptions:
To configure a virtual server for multiple CSMs, perform this task:
| Command | Purpose | |
|---|---|---|
| Step 1 | ||
| Step 2 |
Existing CSM configurations are migrated to the new configuration when the mode is changed from csm to rp using the ip slb mode command. If any Cisco IOS SLB or CSM configuration exists, you are prompted for the slot number.
You can migrate from an RP mode configuration to CSM mode configuration on the Catalyst 6000 family switch. You can only manually migrate from a Cisco IOS SLB configuration to a CSM configuration.
The configuration process described here assumes that the switch is in the RP mode. Figure 3-1 shows an overview of the configuration process required and optional operations are shown.
|
Note Configuring policies is not necessary for Layer 4 load balancing. |
To configure the required parameters, see the following sections:
After you configure the required load-balancing parameters on the CSM, you can configure the optional parameters in the following sections:
To save or restore your configurations or to work with advanced configurations, refer to the following sections in Chapter 3 through Chapter 6:
When you install the CSM in a Catalyst 6500 series switch, you need to configure client-side and server-side VLANs. (See Figure 3-2.)
|
Note You must configure VLANs on the Catalyst 6000 family switch before you configure VLANs for the CSM. VLAN IDs must be the same for the switch and the module. |
*Any router configured as a client-side gateway or a next-hop router for servers more than one hop away must have ICMP redirects disabled. The CSM does not perform a Layer 3 lookup to forward traffic; the CSM cannot act upon ICMP redirects.
** You can configure up to seven gateways per VLAN for up to 256 VLANs and up to 224 gateways for the entire system. If an HSRP gateway is configured, the CSM uses 3 gateway entries out of the 224 gateway entries because traffic can come from the virtual and physical MAC addresses of the HSRP group. (See the "Configuring HSRP" section.)
To configure client-side VLANs, perform this task:
|
Caution You cannot use VLAN 1 as a client-side or server-side VLAN for the CSM. |
| Command | Purpose | |
|---|---|---|
| Step 1 | Configures the client-side VLANs and enters the client VLAN mode1. |
|
| Step 2 | Configures an IP address to the CSM used by probes and ARP requests on this particular VLAN2. |
|
| Step 3 |
| 1Enter the exit command to leave a mode or submode. Enter the end command to return to the menu's top level.
2The no form of this command restores the defaults. |
This example shows how to configure the CSM for client-side VLANs:
To configure server-side VLANs, perform this task:
| 1Enter the exit command to leave a mode or submode. Enter the end command to return to the menu's top level.
2The no form of this command restores the defaults. 3The alias is required in the redundant configuration. See the "Configuring Fault Tolerance" section. |
This example shows how to configure the CSM for server-side VLANs:
A server farm or server pool is a collection of servers that contain the same content. You specify the server farm name when you configure the server farm and add servers to it, and when you bind the server farm to a virtual server. When you configure server farms, do the following:
You also can configure inband health monitoring for each server farm (see the "Configuring Inband Health Monitoring" section). You can assign a return code map to a server farm to configure return code parsing (see the "Configuring HTTP Return Code Checking" section.
To configure server farms, perform this task:
| Command | Purpose | |
|---|---|---|
| Step 1 | Creates and names a server farm and enters the server farm configuration mode1 2. |
|
| Step 2 | Configures the load-balancing prediction algorithm2. If not specified, the default is roundrobin. |
|
| Step 3 | (Optional) Enables the NAT mode, client2. See the "Configuring Client NAT Pools" section. |
|
| Step 4 | (Optional) Specifies that the destination IP address is not changed when the load balancing decision is made. |
|
| Step 5 | (Optional) Associates the server farm to a probe that can be defined by the probe command2. |
|
| Step 6 | (Optional) Binds a single physical server to multiple server farms and reports a different weight for each one2. The bindid is used by DFP. |
|
| Step 7 | (Optional) Sets the behavior of connections to real servers that have failed2. |
|
| Step 8 | ||
| Step 9 |
| 1Enter the exit command to leave a mode or submode. Enter the end command to return to the menu's top level.
2The no form of this command restores the defaults. |
This example shows how to configure a server farm, named p1_nat, using the least-connections (leastconns) algorithm. The real server with the fewest number of active connections will get the next connection request for the server farm with the leastconns predictor.
Real servers are physical devices assigned to a server farm. Real servers provide the services that are load balanced. When the server receives a client request, it sends the reply to the CSM for forwarding to the client.
You configure the real server in the real server configuration mode by specifying the server IP address and port when you assign it to a server farm. You enter the real server configuration mode from the server farm mode where you are adding the real server.
To configure real servers, perform this task:
| Command | Purpose | |
|---|---|---|
| Step 1 | Identifies a real server as a member of the server farm and enters the real server configuration mode. An optional translation port can also be configured1, 2. |
|
| Step 2 | (Optional) Sets the weighting value for the virtual server predictor algorithm to assign the server's workload capacity relative to the other servers in the server farm if the round robin or least connection is selected2. |
|
| Step 3 | (Optional) Sets the maximum number of active connections on the real server2. When the specified maximum is reached, no more new connections are sent to that real server until the number of active connections drops below the minimum threshold. |
|
| Step 4 | (Optional) Sets the minimum connection threshold2. |
|
| Step 5 | Enables the real server for use by the CSM2 3. |
|
| Step 6 | (Optional) Displays information about configured real servers. The sfarm option limits the display to real servers associated with a particular virtual server. The detail option displays detailed real server information. |
|
| Step 7 | Displays active connections to the CSM. The vserver option limits the display to connections associated with a particular virtual server. The client option limits the display to connections for a particular client. The detail option displays detailed connection information. |
| 1Enter the exit command to leave a mode or submode. Enter the end command to return to the menu's top level.
2The no form of this command restores the defaults. 3Repeat Steps 1 through 5 for each real server you are configuring. |
This example shows how to create real servers:
Policies are access rules that traffic must match when balancing to a server farm. Policies allow the CSM to balance Layer 7 traffic. Multiple policies can be assigned to one virtual server, creating multiple access rules for that virtual server. When configuring policies, you first configure the access rules (maps, client-groups, and sticky groups) and then you combine these access rules under a particular policy.
|
Note You must associate a server farm with a policy. A policy that does not have an associated server farm cannot forward traffic. The server farm associated with a policy receives all the requests that match that policy. |
When the CSM is able to match policies, it selects the policy that appears first in the policy list. Policies are located in the policy list in the sequence in which they were bound to the virtual server. You can reorder the policies in the list by removing policies and reentering them in the correct order. Enter the no slb-policy policy name command and the slb-policy policy name command in the vserver submode to remove and enter policies.
To configure load-balancing policies, perform this task:
| Command | Purpose | |
|---|---|---|
| Step 1 | Creates the policy and enters the policy submode to configure the policy attributes1. |
|
| Step 2 | Associates a URL map to a policy2. You must have previously created and configured the URL maps and cookie maps with the map command. See the "Configuring Maps" section. |
|
| Step 3 | Associates a cookie map to a policy2. |
|
| Step 4 | ||
| Step 5 | Associates this policy to a specific sticky group2. |
|
| Step 6 | Configures a client filter associated with a policy. Only standard IP access lists are used to define a client filter. |
|
| Step 7 | Configures the server farm serving a particular load-balancing policy. Only one server farm can be configured per policy2. |
|
| Step 8 | Marks traffic with a dscp-value if packets matched with the load-balancing policy2. |
| 1Enter the exit command to leave a mode or submode. Enter the end command to return to the menu's top level.
2The no form of this command restores the defaults. |
This example assumes that the URL map, map1 has already been configured and shows how to configure server load-balancing policies and associate them to virtual servers:
You configure maps to define multiple URLs, cookies, HTTP headers, and return codes into groups that can be associated with a policy when you configure the policy. (See the "Configuring Policies" section.) Regular expressions for URLs (for example, url1 and url2) are based on UNIX filename specifications. See Table 3-1 for more information.
To add a URL map, perform this task:
| Command | Purpose | |
|---|---|---|
| Step 1 | ||
| Step 2 | Specifies a string expression to match against the requested URL2. |
| 1Enter the exit command to leave a mode or submode. Enter the end command to return to the menu's top level.
2The no form of this command restores the defaults. |
| Convention | Description |
|---|---|
Do not match any in the range. All other characters represent themselves. |
|
To add a cookie map, perform this task:
| Command | Purpose | |
|---|---|---|
| Step 1 | ||
| Step 2 | Configures multiple cookies1. |
| 1The no form of this command restores the defaults. |
This example shows how to configure maps and associate them with a policy:
Using the map command, you create a map group with the type HTTP header. Entering the map command places you in a submode where you can specify the header fields and values for CSM to search for in the request.
To create a map for the HTTP header, perform this task:
| Command | Purpose | |
|---|---|---|
For more information about header maps, see the "Configuring Generic Header Parsing" section.
To create a map for return code checking, perform this task:
| Command | Purpose | |
|---|---|---|
For more information about return code maps, see the "Configuring HTTP Return Code Checking" section.
Configuring a sticky group involves configuring the attributes of that group and associating it with a policy. Sticky time specifies the period of time that the sticky information is kept. The default sticky time value is 1440 minutes (24 hours).
To configure sticky groups, perform this task:
| Command | Purpose |
|---|---|
Ensures that connections from the same client matching the same policy use the same real server1. |
| 1The no form of this command restores the defaults. |
This example shows how to configure a sticky group and associate it with a policy:
Virtual servers represent groups of real servers and are associated with real server farms through policies. Configuring virtual servers requires that you set the attributes of the virtual server specifying the default server farm (default policy) and that you associate other server farms through a list of policies. The default server farm (default policy) is used if a request does not match any SLB policy or if there are no policies associated with the virtual server.
Before you can associate a server farm with the virtual server, you must configure the server farm. For more information, see the "Configuring Server Farms" section. Policies are processed in the order in which they are entered in the virtual server configuration. For more information, see the "Configuring Policies" section.
In software release 2.2(1), you can configure each virtual server with a pending connection timeout to terminate connections quickly if the switch becomes flooded with traffic. This connection applies to a transaction between the client and server that has not completed the request and reply process.)
|
Note You can configure a single virtual server to operate at either Level 4 or Level 7. To configure a virtual server to operate at Level 4, specify the server farm (default policy) as part of the virtual server configuration (see Step 3 in the following task table). To configure a virtual server to operate at Level 7, add SLB policies in the configuration of the virtual server (see Step 7 in the following task table). |
In software release 2.1(1), the CSM can load-balance traffic from any IP protocol. When you configure a virtual server in vserver submode, you must define the IP protocol that the virtual server will accept.
|
Note Although all IP protocols have a protocol number, the CSM allows you to specify TCP or UDP by name instead of requiring you to enter their numbers. |
Configure the virtual server in the virtual server configuration submode.
To configure virtual servers, perform this task:
| Command | Purpose | |
|---|---|---|
| Step 1 | Identifies the virtual server and enters the virtual server configuration mode1, 2. |
|
| Step 2 | Sets the IP address for the virtual server optional port number or name and the connection coupling and type2. The protocol value is tcp, udp, Any (no port-number is required), or a number value (no port-number is required). |
|
| Step 3 | Associates the default server farm with the virtual server2 3. Only one server farm is allowed. If the server farm is not specified, all the requests not matching any other policies will be discarded. |
|
| Step 4 | (Optional) Configures connections from the client to use the same real server2 3. The default is sticky off. |
|
| Step 5 | (Optional) Restricts which clients are allowed to use the virtual server2 3. |
|
| Step 6 | (Optional) Associates one or more content switching policies with a virtual server2. |
|
| Step 7 | Enables the virtual server for use by the CSM2. |
|
| Step 8 | Displays information for virtual servers defined for Content Switching. |
| 1Enter the exit command to leave a mode or submode. Enter the end command to return to the menu's top level.
2The no form of this command restores the defaults. 3These parameters refer to the default policy. |
This example shows how to configure a virtual server named barnett, associate it with the server farm named bosco, and configure a sticky connection with a duration of 50 minutes to sticky group 12:
This example shows how to configure a virtual server name vs1, with two policies and a default server farm when client traffic matches a specific policy. The virtual server will be load balanced to the server farm attached to that policy. When client traffic fails to match any policy, the virtual server will be load balanced to the default server farm named bosco.
Transmission Control Protocol (TCP) is a connection-oriented protocol that uses known protocol messages for activating and deactivating TCP sessions. In server load balancing, when adding or removing a connection from the connection database, the Finite State Machine correlates TCP signals such as SYN, SYN/ACK, FIN, and RST. When adding connections, these signals are used for detecting server failure and recovery and for determining the number of connections per server.
The CSM also supports User Datagram Protocol (UDP). Because UDP is not connection-oriented, protocol messages cannot be generically sniffed (without knowing details of the upper-layer protocol) to detect the beginning or end of a UDP message exchange. Detection of UDP connection termination is based on a configurable idle timer. Protocols requiring multiple simultaneous connections to the same real server are supported (such as FTP). Internet Control Management Protocol (ICMP) messages destined for the virtual IP address are also handled (such as ping).
To configure TCP parameters, perform this task:
| Command | Purpose | |
|---|---|---|
| Step 1 | Identifies the virtual server and enters the virtual server configuration mode1,2. |
|
| Step 2 | Configures the amount of time (in seconds) that connection information is maintained in the absence of packet activity for a connection2. |
| 1Enter the exit command to leave a mode or submode. To return to the Router (config)> top level of the menu, enter the end command.
2The no form of this command restores the defaults. |
This example shows how to configure TCP parameters for virtual servers:
Configuring the Dynamic Feedback Protocol (DFP) allows servers to provide feedback to the CSM to enhance load balancing. DFP allows host agents (residing on the physical server) to dynamically report the change in status of the host systems providing a virtual service.
|
Note A DFP agent may be on any host machine. A DFP agent is independent of the IP addresses and port numbers of the real servers that are managed by the agent. DFP Manager is responsible for establishing the connections with DFP agents and receiving load vectors from DFP agents. |
To configure DFP, perform this task:
| Command | Purpose | |
|---|---|---|
| Step 1 | Configures DFP manager, supplies an optional password, and enters the DFP agent submode1, 2. |
|
| Step 2 | Configures the time intervals between keepalive messages, the number of consecutive connection attempts or invalid DFP reports, and the interval between connection attempts2. |
|
| Step 3 |
| 1Enter the exit command to leave a mode or submode. Enter the end command to return to the menu's top level.
2The no form of this command restores the defaults. |
This example shows how to configure the dynamic feedback protocol:
The redirect-vserver command is a server farm submode command that allows you to configure virtual servers dedicated to real servers. This mapping provides connection persistence, which maintains connections from clients to real servers across TCP sessions.
To configure redirect virtual servers, perform this task:
| Command | Purpose | |
|---|---|---|
| Step 1 | Configures virtual servers dedicated to real servers and enters the redirect server submode1, 2. |
|
| Step 2 | Configures the destination URL host name when redirecting HTTP requests arrive at this server farm. Only the beginning of the URL can be specified in the relocation string. The remaining portion is taken from the original HTTP request2. |
|
| Step 3 | Configures the relocation string sent in response to HTTP requests in the event that the redirect server is out of service. Only the beginning of the relocation string can be specified. The remaining portion is taken from the original HTTP request2. |
|
| Step 4 | Configures the redirect virtual server IP address and port2. |
|
| Step 5 | Sets the CSM connection idle timer for the redirect virtual server2. |
|
| Step 6 | Configures the combination of the ip-address and network-mask used to restrict which clients are allowed to access the redirect virtual server2. |
|
| Step 7 | Enables the redirect virtual server and begins advertisements2. |
|
| Step 8 | ||
| Step 9 |
| 1Enter the exit command to leave a mode or submode. Enter the end command to return to the menu's top level.
2The no form of this command restores the defaults. |
This example shows how to configure redirect virtual servers to specify virtual servers to real servers in a server farm:
When you configure client Network Address Translation (NAT) pools, NAT converts the source IP address of the client requests into an IP address on the server-side VLAN. Use the NAT pool name in the serverfarm submode of the nat command to specify which connections need to be configured for client NAT pools.
To configure client NAT pools, perform this task:
| Command | Purpose | |
|---|---|---|
| Step 1 | Configures a content switching NAT. You must create at least one client address pool to use this command1, 2. |
|
| Step 2 | ||
| Step 3 | ||
| Step 4 |
| 1Enter the exit command to leave a mode or submode. Enter the end command to return to the menu's top level.
2The no form of this command restores the defaults. |
This example shows how to configure client NAT pools:
NAT for the server allows you to support connections initiated by real servers and to provide a default configuration used for servers initiating connections that do not have matching entries in the server NAT configuration. By default, the CSM allows server-originated connections without NAT.
To configure NAT for the server, perform this task:
| 1Enter the exit command to leave a mode or submode. Enter the end command to return to the menu's top level.
2The no form of this command restores the defaults. |
Posted: Sat Jan 18 08:52:18 PST 2003
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.
