cc/td/doc/product/lan/cat6000/cfgnotes
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

Configuring the Content Switching Module
Preparing to Configure the CSM
Upgrading to a New Software Release
Saving and Restoring Configurations
Configuring CSM Modes
Configuration Overview
Configuring VLANs
Configuring Server Farms
Configuring Real Servers
Configuring Policies
Configuring Virtual Servers
Configuring TCP Parameters
Configuring Dynamic Feedback Protocol
Configuring Redirect Virtual Servers
Configuring Client NAT Pools
Configuring Server-Initiated Connections

Configuring the Content Switching Module


This chapter describes how to configure the CSM and contains these sections:

Preparing to Configure the CSM

Before you configure the CSM, you must take these actions:

This example shows how to configure VLANs:

Router>
Router> enable
Router# vlan database
Router(vlan)# vlan 130
VLAN 130 added:
Name: VLAN130
Router(vlan)# vlan 150
VLAN 150 added:
Name: VLAN150
Router(vlan)# exit

This example shows how to configure a physical interface as a Layer 2 interface and assign it to a VLAN:

Router>
Router> enable
Router# config
Router(config)# interface 3/1
Router(config-if)# switchport
Router(config-if)# switchport access vlan 150
Router(config-if)# no shutdown
Router(vlan)# exit

Caution   You cannot use the MSFC simultaneously as the router for both the client and the server side. Do not configure the Layer 3 VLAN interface for both the client and the server side.

This example shows how to configure the Layer 3 VLAN interface:

Router>
Router> enable
Router# config
Router(config)# interface vlan 130
Router(config-if)# ip address 10.10.1.10 255.255.255.0
Router(config-if)# no shutdown
Router(vlan)# exit

Using the Command-Line Interface

The software interface for the CSM is the Cisco IOS command-line interface. To understand the Cisco IOS command-line interface and Cisco IOS command modes, refer to Chapter 2 in the Catalyst 6000 Family IOS Software Configuration Guide.


Note   Because of each prompt's character limit, some prompts may be truncated. For example:
Router(config-slb-vlan-server)# may appear as Router(config-slb-vlan-serve)#

Accessing Online Help

In any command mode, you can get a list of available commands by entering a question mark (?) as follows:

Router> ?

or

Router(config)# ip slb ?

Note   Online help shows the default configuration values and ranges available to commands.

Upgrading to a New Software Release

This section describes three methods for upgrading the CSM:

To upgrade the CSM you need to perform a session into the CSM module being upgraded. During the upgrade, enter all commands on a console connected to the supervisor engine. Enter each configuration command on a separate line. To complete the upgrade, enter the exit command to return to the supervisor engine prompt.


Caution   You must enter the exit command to terminate sessions with the CSM that is being upgraded. If you do not terminate the session and you remove the CSM from the Catalyst 6000 family chassis, you cannot enter configuration commands to the CSM unless you press Ctrl + ^, enter x, and enter the disconnect command at the prompt.

Upgrading from the Supervisor Engine Bootflash


Note   Refer to the Catalyst 6000 Family Supervisor Engine Flash PC Card Installation Note for instructions on loading images into bootflash.

To upgrade the CSM from the supervisor engine bootflash, perform these steps:


Step 1   Enable the TFTP server to supply the image from bootflash as follows:

Router>
Router> enable
Router# configure terminal
Router(config)# tftp-server sup-bootflash:c6slb-apc.revision-num.bin
Router(config)

Step 2   Set up a session between the supervisor engine and the CSM:

Router# session slot csm-slot-number processor 0

Step 3   Load the image from the supervisor engine to the CSM:

CSM> upgrade 127.0.0.zz c6slb-apc.revision-num.bin

where:

zz = 12 if the supervisor engine is installed in chassis slot 1.
zz = 22 if the supervisor engine is installed in chassis slot 2.


Note    The supervisor engine only can be installed in chassis slot 1 or slot 2.

Step 4   Reboot the CSM by power cycling the CSM or by entering the following commands on the supervisor engine console:

Router# configure terminal
Router(config)# hw-module module slot-number reset



Upgrading from a PCMCIA Card


Note   Throughout this publication, the term Flash PC card is used in place of the term PCMCIA card.

To upgrade the CSM from a removable Flash PC card inserted in the supervisor engine, perform these steps:


Step 1   Enable the TFTP server to supply the image from the removable Flash PC card:

Router>
Router> enable
Router# configure terminal
Router(config)# tftp-server slotx:c6slb-apc.revision-num.bin

where:

x = 0 if the Flash PC card is installed in supervisor engine PCMCIA slot 0.

Step 2   Set up a session between the supervisor engine and the CSM:

Router# session slot csm-slot-number processor 0

Step 3   Load the image from the supervisor engine to the CSM:

CSM> upgrade slot0: c6slb-apc.revision-num.bin

Note    The supervisor engine can only be installed in chassis slot 1 or slot 2.

Step 4   Reboot the CSM by power cycling the CSM or by entering the following commands on the supervisor engine console:

router# config terminal
Router# hw-module module slot-number reset



Upgrading from an External TFTP Server

To upgrade the CSM from an external TFTP server, perform these steps:


Step 1   Create a VLAN on the supervisor engine for the TFTP CSM runtime image download.


Note    You can use an existing VLAN, however, for a reliable download, you should create a VLAN specifically for the TFTP connection.

Step 2   Configure the interface that is connected to your TFTP server.

Step 3   Add the interface to the VLAN.

Step 4   Enter the CSM vlan command. See the "Configuring VLANs" section for more information.

Step 5   Add an IP address to the VLAN for the CSM.

Step 6   Enter the show csm slot vlan detail command to verify your configuration. See the "Configuring VLANs" section for more information.

Step 7   Make a Telnet connection into the CSM with the session CSM-slot-number 0 command.

Step 8   Upgrade the image using the upgrade TFTP-server-IP-address c6slb-apc.rev-number.bin command.



Saving and Restoring Configurations

For information about saving and restoring configurations, refer to the Catalyst 6000 Family IOS Software Configuration Guide.

Configuring CSM Modes

Load balancing on the Catalyst 6000 family switch can operate in two modes: the routed processor (RP) mode and the CSM mode. By default, the CSM is configured in RP mode. The RP mode allows you to configure one or multiple CSMs in the same chassis and run Cisco IOS SLB on the same switch.

The following sections provide information about CSM modes:

CSM mode allows you to configure a single CSM only. The CSM mode is supported for backward compatibility with previous software releases. The single CSM configuration will not allow Cisco IOS SLB to run on the same switch.

Specifying CSM Locations

Before you can enter CSM configuration commands on the switch, you must specify the CSM that you want to configure. To specify a CSM for configuration, use the module csm slot-number command where slot-number is the chassis slot where the CSM being configured is located.

The module csm command places you in CSM configuration submode. All further configuration commands that you enter apply to the CSM installed in the slot you have specified.


Note   Unless otherwise specified, all the examples in this publication assume that you have already entered this command and entered the configuration submode for the CSM you are configuring.

Mode Command Syntax

The command syntax for CSM mode and RP mode configuration is identical with these exceptions:

To configure a virtual server for multiple CSMs, perform this task:

Command Purpose
Step 1 

Router(config)# module csm 5

Specifies the location of the CSM you are configuring.

Step 2 

Router(config-module-csm)# vserver VS1

Configures the virtual server.

Migrating Between Modes

Existing CSM configurations are migrated to the new configuration when the mode is changed from csm to rp using the ip slb mode command. If any Cisco IOS SLB or CSM configuration exists, you are prompted for the slot number.

You can migrate from an RP mode configuration to CSM mode configuration on the Catalyst 6000 family switch. You can only manually migrate from a Cisco IOS SLB configuration to a CSM configuration.

Configuration Overview

The configuration process described here assumes that the switch is in the RP mode. Figure 3-1 shows an overview of the configuration process required and optional operations are shown.


Note   Configuring policies is not necessary for Layer 4 load balancing.


Figure 3-1   Configuration Overview


To configure the required parameters, see the following sections:

After you configure the required load-balancing parameters on the CSM, you can configure the optional parameters in the following sections:

To save or restore your configurations or to work with advanced configurations, refer to the following sections in Chapter 3 through Chapter 6:

Configuring VLANs

When you install the CSM in a Catalyst 6500 series switch, you need to configure client-side and server-side VLANs. (See Figure 3-2.)


Note   You must configure VLANs on the Catalyst 6000 family switch before you configure VLANs for the CSM. VLAN IDs must be the same for the switch and the module.


Figure 3-2   Configuring VLANs


Diagram notes:

*Any router configured as a client-side gateway or a next-hop router for servers more than one hop away must have ICMP redirects disabled. The CSM does not perform a Layer 3 lookup to forward traffic; the CSM cannot act upon ICMP redirects.

** You can configure up to seven gateways per VLAN for up to 256 VLANs and up to 224 gateways for the entire system. If an HSRP gateway is configured, the CSM uses 3 gateway entries out of the 224 gateway entries because traffic can come from the virtual and physical MAC addresses of the HSRP group. (See the "Configuring HSRP" section.)

Configuring Client-Side VLANs

To configure client-side VLANs, perform this task:


Caution   You cannot use VLAN 1 as a client-side or server-side VLAN for the CSM.

Command Purpose
Step 1 

Router(config-module-csm)# vlan vlanid client

Configures the client-side VLANs and enters the client VLAN mode1.

Step 2 

Router(config-slb-vlan-client)# ip ip-address netmask

Configures an IP address to the CSM used by probes and ARP requests on this particular VLAN2.

Step 3 

Router(config-slb-vlan-client)# gateway ip-address

Configures the gateway IP address.

1Enter the exit command to leave a mode or submode. Enter the end command to return to the menu's top level.

2The no form of this command restores the defaults.

This example shows how to configure the CSM for client-side VLANs:

Router(config-module-csm)# vlan 130 client
Router(config-slb-vlan-client)# ip addr 123.44.50.6 255.255.255.0
Router(config-slb-vlan-client)# gateway 123.44.50.1
Router(config-slb-vlan-client)# exit
Router# show module csm vlan 1

Configuring Server-Side VLANs

To configure server-side VLANs, perform this task:

Command Purpose
Step 1 

Router(config-module-csm)# vlan vlanid server

Configures the server-side VLANs and enters the server VLAN mode1.

Step 2 

Router(config-slb-vlan-server)# ip ip-address netmask

Configures an IP address for the server VLAN2.

Step 3 

Router(config-slb-vlan-server)# alias ip-address netmask

(Optional) Configures multiple IP addresses to the CSM as alternate gateways for the real server3.

Step 4 

Router(config-slb-vlan-server)# route ip-address netmask gateway gw-ip-address

Configures a static route to reach the real servers if they are more than one Layer 3 hop away from the CSM.

Step 5 

Router # show module csm slot vlan [client | server | ft] [id vlan-id] [detail]

Displays the client-side and server-side VLAN configurations.

1Enter the exit command to leave a mode or submode. Enter the end command to return to the menu's top level.

2The no form of this command restores the defaults.

3The alias is required in the redundant configuration. See the "Configuring Fault Tolerance" section.

This example shows how to configure the CSM for server-side VLANs:

Router(config-module-csm)# vlan 150 server
Router(config-slb-vlan-server)# ip addr 123.46.50.6 255.255.255.0
Router(config-slb-vlan-server)# alias 123.60.7.6 255.255.255.0
Router(config-slb-vlan-server)# route 123.50.0.0 255.255.0.0 gateway 123.44.50.1
Router(config-slb-vlan-server)# exit

Configuring Server Farms

A server farm or server pool is a collection of servers that contain the same content. You specify the server farm name when you configure the server farm and add servers to it, and when you bind the server farm to a virtual server. When you configure server farms, do the following:

You also can configure inband health monitoring for each server farm (see the "Configuring Inband Health Monitoring" section). You can assign a return code map to a server farm to configure return code parsing (see the "Configuring HTTP Return Code Checking" section.

To configure server farms, perform this task:

Command Purpose
Step 1 

Router(config-module-csm)# serverfarm serverfarm-name

Creates and names a server farm and enters the server farm configuration mode1 2.

Step 2 

Router(config-slb-sfarm)# predictor [roundrobin | leastconns | hash url | hash address [source | destination] [ip-netmask] | forward]]

Configures the load-balancing prediction algorithm2. If not specified, the default is roundrobin.

Step 3 

Router(config-slb-sfarm)# nat client client-pool-name

(Optional) Enables the NAT mode, client2. See the "Configuring Client NAT Pools" section.

Step 4 

Router(config-slb-sfarm)# no nat server

(Optional) Specifies that the destination IP address is not changed when the load balancing decision is made.

Step 5 

Router(config-slb-sfarm)# probe probe-name

(Optional) Associates the server farm to a probe that can be defined by the probe command2.

Step 6 

Router(config-slb-sfarm)# bindid bind-id

(Optional) Binds a single physical server to multiple server farms and reports a different weight for each one2. The bindid is used by DFP.

Step 7 

Router(config-slb-sfarm)# failaction purge

(Optional) Sets the behavior of connections to real servers that have failed2.

Step 8 

Router(config-slb-real)# inservice

Enables the real servers.

Step 9 

Router# show module csm slot serverfarm serverfarm-name [detail]

Displays information about one or all server farms.

1Enter the exit command to leave a mode or submode. Enter the end command to return to the menu's top level.

2The no form of this command restores the defaults.

This example shows how to configure a server farm, named p1_nat, using the least-connections (leastconns) algorithm. The real server with the fewest number of active connections will get the next connection request for the server farm with the leastconns predictor.

Router(config-module-csm)# serverfarm pl_nat
Router(config-slb-sfarm)# predictor leastconns
Router(config-slb-sfarm)# real 10.1.0.105
Router(config-slb-real)# inservice
Router(config-slb-sfarm)# real 10.1.0.106
Router(config-slb-sfarm)# inservice

Configuring Real Servers

Real servers are physical devices assigned to a server farm. Real servers provide the services that are load balanced. When the server receives a client request, it sends the reply to the CSM for forwarding to the client.

You configure the real server in the real server configuration mode by specifying the server IP address and port when you assign it to a server farm. You enter the real server configuration mode from the server farm mode where you are adding the real server.

To configure real servers, perform this task:

Command Purpose
Step 1 

Router(config-slb-sfarm)# real ip-address [port]

Identifies a real server as a member of the server farm and enters the real server configuration mode. An optional translation port can also be configured1, 2.

Step 2 

Router(config-slb-real)# weight weighting-value

(Optional) Sets the weighting value for the virtual server predictor algorithm to assign the server's workload capacity relative to the other servers in the server farm if the round robin or least connection is selected2.

Step 3 

Router(config-slb-real)# maxconns max-conns

(Optional) Sets the maximum number of active connections on the real server2. When the specified maximum is reached, no more new connections are sent to that real server until the number of active connections drops below the minimum threshold.

Step 4 

Router(config-slb-real)# minconns min-conns

(Optional) Sets the minimum connection threshold2.

Step 5 

Router(config-slb-real)# inservice

Enables the real server for use by the CSM2 3.

Step 6 

Router# show module csm slot [sfarm serverfarm-name] [detail]

(Optional) Displays information about configured real servers. The sfarm option limits the display to real servers associated with a particular virtual server. The detail option displays detailed real server information.

Step 7 

Router# show module csm slot [vserver virtserver-name] [client ip-address] [detail]

Displays active connections to the CSM. The vserver option limits the display to connections associated with a particular virtual server. The client option limits the display to connections for a particular client. The detail option displays detailed connection information.

1Enter the exit command to leave a mode or submode. Enter the end command to return to the menu's top level.

2The no form of this command restores the defaults.

3Repeat Steps 1 through 5 for each real server you are configuring.

This example shows how to create real servers:

Router(config-module-csm)# serverfarm serverfarm
Router(config-slb-sfarm)# real 10.8.0.7
Router(config-slb-real)# inservice
Router(config-slb-sfarm)# real 10.8.0.8
Router(config-slb-real)# inservice
Router(config-slb-sfarm)# real 10.8.0.9
Router(config-slb-real)# inservice
Router(config-slb-sfarm)# real 10.8.0.10
Router(config-slb-real)# inservice
Router(config-slb-sfarm)# real 10.1.0.105
Router(config-slb-real)# inservice
Router(config-slb-sfarm)# real 10.1.0.106
Router(config-slb-sfarm)# inservice
Router(config-slb-real)# end
Router# show reals detail
Router# show conns detail

Configuring Policies

Policies are access rules that traffic must match when balancing to a server farm. Policies allow the CSM to balance Layer 7 traffic. Multiple policies can be assigned to one virtual server, creating multiple access rules for that virtual server. When configuring policies, you first configure the access rules (maps, client-groups, and sticky groups) and then you combine these access rules under a particular policy.


Note   You must associate a server farm with a policy. A policy that does not have an associated server farm cannot forward traffic. The server farm associated with a policy receives all the requests that match that policy.

When the CSM is able to match policies, it selects the policy that appears first in the policy list. Policies are located in the policy list in the sequence in which they were bound to the virtual server. You can reorder the policies in the list by removing policies and reentering them in the correct order. Enter the no slb-policy policy name command and the slb-policy policy name command in the vserver submode to remove and enter policies.

To configure load-balancing policies, perform this task:

Command Purpose
Step 1 

Router(config-module-csm)# policy policy-name

Creates the policy and enters the policy submode to configure the policy attributes1.

Step 2 

Router(config-slb-policy)# url-map url-map-name

Associates a URL map to a policy2. You must have previously created and configured the URL maps and cookie maps with the map command. See the "Configuring Maps" section.

Step 3 

Router(config-slb-policy)# cookie-map cookie-map-name

Associates a cookie map to a policy2.

Step 4 

Router(config-slb-policy)# header-map name

Associates an HTTP header map to a policy.

Step 5 

Router(config-slb-policy)# sticky-group group-id

Associates this policy to a specific sticky group2.

Step 6 

Router(config-slb-policy)# client-group value | std-access-list-name

Configures a client filter associated with a policy. Only standard IP access lists are used to define a client filter.

 

Step 7 

Router(config-slb-policy)# serverfarm serverfarm-name

Configures the server farm serving a particular load-balancing policy. Only one server farm can be configured per policy2.

Step 8 

Router(config-slb-policy)# set ip dscp dscp-value

Marks traffic with a dscp-value if packets matched with the load-balancing policy2.

1Enter the exit command to leave a mode or submode. Enter the end command to return to the menu's top level.

2The no form of this command restores the defaults.

This example assumes that the URL map, map1 has already been configured and shows how to configure server load-balancing policies and associate them to virtual servers:

Router(config-slb-policy)# serverfarm pl_sticky
Router(config-slb-sfarm)# real 10.1.0.105
Router(config-slb-sfarm)# inservice
Router(config-slb-policy)# exit
Router(config-module-csm)# policy policy_sticky_ck
Router(config-slb-policy)# serverfarm pl_sticky
Router(config-slb-policy)# url-map map1
Router(config-slb-policy)# exit
Router(config-module-csm)# vserver vs_sticky_ck
Router(config-slb-vserver)# virtual 10.1.0.80 tcp 80
Router(config-slb-vserver)# slb-policy policy_sticky_ck
Router(config-slb-sfarm)# inservice
Router(config-slb-policy)# exit

Configuring Maps

You configure maps to define multiple URLs, cookies, HTTP headers, and return codes into groups that can be associated with a policy when you configure the policy. (See the "Configuring Policies" section.) Regular expressions for URLs (for example, url1 and url2) are based on UNIX filename specifications. See Table 3-1 for more information.

To add a URL map, perform this task:

Command Purpose
Step 1 

Router(config-module-csm)# map url-map-name url

Creates a group to hold multiple URL match criteria.1, 2

Step 2 

Router(config-slb-map-url)# match protocol http url url-path

Specifies a string expression to match against the requested URL2.

1Enter the exit command to leave a mode or submode. Enter the end command to return to the menu's top level.

2The no form of this command restores the defaults.

Table 3-1   Special Characters for Matching String Expressions

Convention Description

*

Zero or more characters.

?

Exactly one character.

\

Escaped character.

Bracketed range [0-9]

Matching any single character from the range.

A leading ^ in a range

Do not match any in the range. All other characters represent themselves.

.\a

Alert (ASCII 7).

.\b

Backspace (ASCII 8).

.\f

Form-feed (ASCII 12).

.\n

New line (ascii 10).

.\r

Carriage return (ASCII 13).

.\t

Tab (ASCII 9).

.\v

Vertical tab (ASCII 11).

.\0

Null (ASCII 0).

.\\

Backslash.

.\x##

Any ASCII character as specified in two-digit hex notation.

To add a cookie map, perform this task:

Command Purpose
Step 1 

Router(config)# map cookie-map-name cookie

Configures multiple cookies into a cookie map1.

Step 2 

Router(config-slb-map-cookie)# match protocol http cookie cookie-name cookie-value cookie-value-expression

Configures multiple cookies1.

1The no form of this command restores the defaults.

This example shows how to configure maps and associate them with a policy:

Router(config-module-csm)# serverfarm pl_url_url_1
Router(config-slb-sfarm)# real 10.8.0.26
Router(config-slb-real)# inservice
Router(config-slb-real)# exit
Router(config-slb-sfarm)# exit
Router(config-slb-policy)# serverfarm pl_url_url_1
Router(config-slb-policy)# url-map url_1
Router(config-slb-policy)# exit
Router(config-module-csm)# serverfarm pl_url_url_2
Router(config-slb-sfarm)# real 10.8.0.27
Router(config-slb-real)# inservice
Router(config-slb-real)# exit
Router(config-slb-sfarm)# exit
Router(config-module-csm)# map url_1  url
Router(config-slb-map-url)# match protocol http url /url1
Router(config-slb-map-url)# exit
Router(config-module-csm)# map url_2 url
Router(config-slb-map-url)# match protocol http url /url/url/url
Router(config-slb-map-url)# match protocol http url /reg/*long.*
Router(config-slb-map-url)# exit
Router(config-module-csm)# policy policy_url_1
Router(config-module-csm)# policy policy_url_2
Router(config-slb-policy)# serverfarm pl_url_url_2
Router(config-slb-policy)# url-map url_2
Router(config-slb-policy)# exit
Router(config-module-csm)# vserver vs_url_url
Router(config-slb-vserver)# virtual 10.8.0.145 tcp 80
Router(config-slb-vserver)# slb-policy policy_url_1
Router(config-slb-vserver)# slb-policy policy_url_2
Router(config-slb-vserver)# inservice
Router(config-slb-vserver)# exit

Using the map command, you create a map group with the type HTTP header. Entering the map command places you in a submode where you can specify the header fields and values for CSM to search for in the request.

To create a map for the HTTP header, perform this task:

Command Purpose

 

Router(config-module-csm)# map name header

Creates and names an HTTP header map group.

For more information about header maps, see the "Configuring Generic Header Parsing" section.

To create a map for return code checking, perform this task:

Command Purpose

 

Router(config-module-csm)# map name retcode

Creates and names a return code map group.

For more information about return code maps, see the "Configuring HTTP Return Code Checking" section.

Configuring Sticky Groups

Configuring a sticky group involves configuring the attributes of that group and associating it with a policy. Sticky time specifies the period of time that the sticky information is kept. The default sticky time value is 1440 minutes (24 hours).

To configure sticky groups, perform this task:

Command Purpose
Router(config-module-csm)# sticky sticky-group-id [netmask netmask | cookie name | ssl] [timeout sticky-time]

Ensures that connections from the same client matching the same policy use the same real server1.

1The no form of this command restores the defaults.

This example shows how to configure a sticky group and associate it with a policy:

Router(config-module-csm)# sticky 1 cookie foo timeout 100
Router(config-module-csm)# serverfarm pl_stick
Router(config-slb-sfarm)# real 10.8.0.18
Router(config-slb-real)# inservice
Router(config-slb-sfarm)# real 10.8.0.19
Router(config-slb-real)# inservice
Router(config-slb-real)# exit
Router(config-slb-sfarm)# exit
Router(config-module-csm)# policy policy_sticky_ck
Router(config-slb-policy)# serverfarm pl_stick
Router(config-slb-policy)# sticky-group 1
Router(config-slb-policy)# exit
Router(config-module-csm)# vserver vs_sticky_ck
Router(config-slb-vserver)# virtual 10.8.0.125 tcp 90
Router(config-slb-vserver)# slb-policy policy_sticky_ck
Router(config-slb-vserver)# inservice
Router(config-slb-vserver)# exit

Configuring Virtual Servers

Virtual servers represent groups of real servers and are associated with real server farms through policies. Configuring virtual servers requires that you set the attributes of the virtual server specifying the default server farm (default policy) and that you associate other server farms through a list of policies. The default server farm (default policy) is used if a request does not match any SLB policy or if there are no policies associated with the virtual server.

Before you can associate a server farm with the virtual server, you must configure the server farm. For more information, see the "Configuring Server Farms" section. Policies are processed in the order in which they are entered in the virtual server configuration. For more information, see the "Configuring Policies" section.

In software release 2.2(1), you can configure each virtual server with a pending connection timeout to terminate connections quickly if the switch becomes flooded with traffic. This connection applies to a transaction between the client and server that has not completed the request and reply process.)


Note   You can configure a single virtual server to operate at either Level 4 or Level 7. To configure a virtual server to operate at Level 4, specify the server farm (default policy) as part of the virtual server configuration (see Step 3 in the following task table). To configure a virtual server to operate at Level 7, add SLB policies in the configuration of the virtual server (see Step 7 in the following task table).

In software release 2.1(1), the CSM can load-balance traffic from any IP protocol. When you configure a virtual server in vserver submode, you must define the IP protocol that the virtual server will accept.


Note   Although all IP protocols have a protocol number, the CSM allows you to specify TCP or UDP by name instead of requiring you to enter their numbers.

Configure the virtual server in the virtual server configuration submode.

To configure virtual servers, perform this task:

Command Purpose
Step 1 

Router(config-module-csm)# vserver virtserver-name

Identifies the virtual server and enters the virtual server configuration mode1, 2.

Step 2 

Router(config-slb-vserver)# virtual ip-address [ip-mask] protocol port-number [service ftp]

Sets the IP address for the virtual server optional port number or name and the connection coupling and type2. The protocol value is tcp, udp, Any (no port-number is required), or a number value (no port-number is required).

Step 3 

Router(config-slb-vserver)# serverfarm serverfarm-name

Associates the default server farm with the virtual server2 3. Only one server farm is allowed. If the server farm is not specified, all the requests not matching any other policies will be discarded.

Step 4 

Router(config-slb-vserver)# sticky duration

(Optional) Configures connections from the client to use the same real server2 3. The default is sticky off.

Step 5 

Router(config-slb-vserver)# client ip-address network-mask [exclude]

(Optional) Restricts which clients are allowed to use the virtual server2 3.

Step 6 

Router(config-slb-vserver)# slb-policy policy-name

(Optional) Associates one or more content switching policies with a virtual server2.

Step 7 

Router(config-slb-vserver)# inservice

Enables the virtual server for use by the CSM2.

Step 8 

Router# show module csm slot vserver [details]

Displays information for virtual servers defined for Content Switching.

1Enter the exit command to leave a mode or submode. Enter the end command to return to the menu's top level.

2The no form of this command restores the defaults.

3These parameters refer to the default policy.

This example shows how to configure a virtual server named barnett, associate it with the server farm named bosco, and configure a sticky connection with a duration of 50 minutes to sticky group 12:

Router(config)# mod csm 2
Router(config-module-csm)# sticky 1 cookie foo timeout 100
Router(config-module-csm)# exit
Router(config-module-csm)#
Router(config-module-csm)# serverfarm bosco
Router(config-slb-sfarm)# real 10.1.0.105
Router(config-slb-real)# inservice
Router(config-slb-real)# exit
Router(config-slb-sfarm)#
Router(config-slb-sfarm)# vserver barnett
Router(config-slb-vserver)# virtual 10.1.0.85 tcp 80
Router(config-slb-vserver)# serverfarm bosco
Router(config-slb-vserver)# sticky 50 group 12
Router(config-slb-vserver)# inservice
Router(config-slb-vserver)# exit
Router(config-module-csm)# end

This example shows how to configure a virtual server name vs1, with two policies and a default server farm when client traffic matches a specific policy. The virtual server will be load balanced to the server farm attached to that policy. When client traffic fails to match any policy, the virtual server will be load balanced to the default server farm named bosco.

Router(config)# mod csm 2
Router(config-module-csm)# map map3 url
Router(config-slb-map-url)# match protocol http url *finance*
Router(config-slb-map-url)#
Router(config-slb-map-url)# map map4 url
Router(config-slb-map-url)# match protocol http url *mail*
Router(config-slb-map-url)#
Router(config-slb-map-url)# serverfarm bar1
Router(config-slb-sfarm)# real 10.1.0.105
Router(config-slb-real)# inservice
Router(config-slb-real)#
Router(config-slb-real)# serverfarm bar2
Router(config-slb-sfarm)# real 10.1.0.106
Router(config-slb-real)# inservice
Router(config-slb-real)#
Router(config-slb-real)# serverfarm bosco
Router(config-slb-sfarm)# real 10.1.0.107
Router(config-slb-real)# inservice
Router(config-slb-real)#
Router(config-slb-real)# policy pc1
Router(config-slb-policy)# serverfarm bar1
Router(config-slb-policy)# url-map map3
Router(config-slb-policy)# exit
Router(config-module-csm)#
Router(config-module-csm)# policy pc2
Router(config-slb-policy)# serverfarm bar2
Router(config-slb-policy)# url-map map4
Router(config-slb-policy)# exit
Router(config-module-csm)#
Router(config-module-csm)# vserver bar1
Router(config-slb-vserver)# virtual 10.1.0.86 tcp 80
Router(config-slb-vserver)# slb-policy pc1
Router(config-slb-vserver)# slb-policy pc2
Router(config-slb-vserver)# serverfarm bosco
Router(config-slb-vserver)# inservice
Router(config-slb-vserver)#

Configuring TCP Parameters

Transmission Control Protocol (TCP) is a connection-oriented protocol that uses known protocol messages for activating and deactivating TCP sessions. In server load balancing, when adding or removing a connection from the connection database, the Finite State Machine correlates TCP signals such as SYN, SYN/ACK, FIN, and RST. When adding connections, these signals are used for detecting server failure and recovery and for determining the number of connections per server.

The CSM also supports User Datagram Protocol (UDP). Because UDP is not connection-oriented, protocol messages cannot be generically sniffed (without knowing details of the upper-layer protocol) to detect the beginning or end of a UDP message exchange. Detection of UDP connection termination is based on a configurable idle timer. Protocols requiring multiple simultaneous connections to the same real server are supported (such as FTP). Internet Control Management Protocol (ICMP) messages destined for the virtual IP address are also handled (such as ping).

To configure TCP parameters, perform this task:

Command Purpose
Step 1 

Router(config-module-csm)# vserver virtserver-name

Identifies the virtual server and enters the virtual server configuration mode1,2.

Step 2 

Router(config-slb-vserver)# idle duration

Configures the amount of time (in seconds) that connection information is maintained in the absence of packet activity for a connection2.

1Enter the exit command to leave a mode or submode. To return to the Router (config)> top level of the menu, enter the end command.

2The no form of this command restores the defaults.

This example shows how to configure TCP parameters for virtual servers:

Router(config-module-csm)# vserver barnett
Router(config-slb-vserver)# idle 10

Configuring Dynamic Feedback Protocol

Configuring the Dynamic Feedback Protocol (DFP) allows servers to provide feedback to the CSM to enhance load balancing. DFP allows host agents (residing on the physical server) to dynamically report the change in status of the host systems providing a virtual service.


Note   A DFP agent may be on any host machine. A DFP agent is independent of the IP addresses and port numbers of the real servers that are managed by the agent. DFP Manager is responsible for establishing the connections with DFP agents and receiving load vectors from DFP agents.

To configure DFP, perform this task:

Command Purpose
Step 1 

Router(config-module-csm)# dfp [password password]

Configures DFP manager, supplies an optional password, and enters the DFP agent submode1, 2.

Step 2 

Router(config-slb-dfp)# agent ip-address port [activity-timeout [retry-count [retry-interval]]]

Configures the time intervals between keepalive messages, the number of consecutive connection attempts or invalid DFP reports, and the interval between connection attempts2.

Step 3 

Router# show module csm slot dfp [agent [detail | ip-address port] | manager [ip_addr] | detail | weights]

Displays DFP manager and agent information.

1Enter the exit command to leave a mode or submode. Enter the end command to return to the menu's top level.

2The no form of this command restores the defaults.

This example shows how to configure the dynamic feedback protocol:

Router(config-module-csm)# dfp password password
Router(config-slb-dfp)# agent 123.234.34.55 5 6 10 20
Router(config-slb-dfp)# exit

Configuring Redirect Virtual Servers

The redirect-vserver command is a server farm submode command that allows you to configure virtual servers dedicated to real servers. This mapping provides connection persistence, which maintains connections from clients to real servers across TCP sessions.

To configure redirect virtual servers, perform this task:

Command Purpose
Step 1 

Router(config-slb-sfarm)# redirect-vserver name

Configures virtual servers dedicated to real servers and enters the redirect server submode1, 2.

Step 2 

Router(config-slb-redirect-v)# webhost relocation relocation string

Configures the destination URL host name when redirecting HTTP requests arrive at this server farm. Only the beginning of the URL can be specified in the relocation string. The remaining portion is taken from the original HTTP request2.

Step 3 

Router(config-redirect-v)# webhost backup backup string

Configures the relocation string sent in response to HTTP requests in the event that the redirect server is out of service. Only the beginning of the relocation string can be specified. The remaining portion is taken from the original HTTP request2.

Step 4 

Router(config-redirect-v)# virtual v_ipaddress tcp port

Configures the redirect virtual server IP address and port2.

Step 5 

Router(config-redirect-v)# idle duration

Sets the CSM connection idle timer for the redirect virtual server2.

Step 6 

Router(config-redirect-v)# client ip-address network-mask [exclude]

Configures the combination of the ip-address and network-mask used to restrict which clients are allowed to access the redirect virtual server2.

Step 7 

Router(config-redirect-v)# inservice

Enables the redirect virtual server and begins advertisements2.

Step 8 

Router(config-redirect-v)# ssl port

(Optional) Enables SSL forwarding by the virtual server.

Step 9 

Router# show module csm vserver redirect [detail]

Shows all redirect servers configured.

1Enter the exit command to leave a mode or submode. Enter the end command to return to the menu's top level.

2The no form of this command restores the defaults.

This example shows how to configure redirect virtual servers to specify virtual servers to real servers in a server farm:

Router (config)# serverfarm FARM1
Router (config-slb-sfarm)# redirect-vserver REDIR_1
Router (config-slb-redirect-)# webhost relocation 127.1.2.30 301
Router (config-slb-redirect-)# virtual 172.1.2.30 tcp www
Router (config-slb-redirect-)# inservice
Router (config-slb-redirect-)# exit
Router (config-slb-sfarm)# redirect-vserver REDIR_2
Router (config-slb-redirect-)# webhost relocation 127.1.2.31 301
Router (config-slb-redirect-)# virtual 172.1.2.31 tcp www
Router (config-slb-redirect-)# inservice
Router (config-slb-redirect-)# exit
Router (config-slb-sfarm)# real 10.8.0.8
Router (config-slb-real)# redirect-vserver REDIR_1
Router (config-slb-real)# inservice
Router (config-slb-sfarm)# real 10.8.0.9
Router (config-slb-real)# redirect-vserver REDIR_2
Router (config-slb-real)# inservice
Router (config-slb-real)# end
Router# show module csm serverfarm detail

Configuring Client NAT Pools

When you configure client Network Address Translation (NAT) pools, NAT converts the source IP address of the client requests into an IP address on the server-side VLAN. Use the NAT pool name in the serverfarm submode of the nat command to specify which connections need to be configured for client NAT pools.

To configure client NAT pools, perform this task:

Command Purpose
Step 1 

Router(config-module-csm)# natpool pool-name start-ip end-ip netmask mask

Configures a content switching NAT. You must create at least one client address pool to use this command1, 2.

Step 2 

Router(config-module-csm)# serverfarm serverfarm-name

Enters the serverfarm submode to apply the client NAT.

Step 3 

Router(config-slb-sfarm)# nat client clientpool-name

Associates the configured NAT pool with the server farm.

Step 4 

Router# show module csm natpool [name pool-name] [detail]

Displays the NAT configuration.

1Enter the exit command to leave a mode or submode. Enter the end command to return to the menu's top level.

2The no form of this command restores the defaults.

This example shows how to configure client NAT pools:

Router(config)# natpool pool1 102.36.445.2 102.36.16.8 netmask 255.255.255.0
Router(config)# serverfarm farm1
Router(config-slb-sfarm)# nat client pool1

Configuring Server-Initiated Connections

NAT for the server allows you to support connections initiated by real servers and to provide a default configuration used for servers initiating connections that do not have matching entries in the server NAT configuration. By default, the CSM allows server-originated connections without NAT.

To configure NAT for the server, perform this task:

Command Purpose
Step 1 

Router(config)# static [drop | nat [ipaddress | virtual]]

Configures the server-originated connections. Options include dropping the connections, configuring them with NAT with a given IP address, or with the virtual IP address that they are associated with1, 2.

Step 2 

Router(config-slb-static)# real ip-address [subnet-mask]

Configures the static nat submode where the servers will have this NAT option. You cannot use the same real server with multiple NAT configuration options.

1Enter the exit command to leave a mode or submode. Enter the end command to return to the menu's top level.

2The no form of this command restores the defaults.


hometocprevnextglossaryfeedbacksearchhelp
Posted: Sat Jan 18 08:52:18 PST 2003
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.