Guest

Cisco CSS 11500 Series Content Services Switches

Configuring nci-direct-return Services on the CSS

Document ID: 12635

Updated: Mar 07, 2006

   Print

Introduction

The nci-direct-return service type is useful when clients need to request content from a Reverse Proxy Cache (RPC) or from a geographically different origin server that is located on the Internet. The forward path to the server is through TCP connections between two Cisco Content Services Switch (CSS) 11500 series content services switches, but the reverse path can take a different path to the client that originated the request. Network Address Translation (NAT) peering allows the CSS to perform these things:

  • Build forward TCP switched connections between CSSs until the destination CSS is reached.

  • Perform the final transformations at the destination CSS that allow return traffic packets to flow to the client through any network path. NAT peering is especially useful for long, single-flow applications such as video streaming. This feature is ArrowPoint specific.

The first CSS to receive the client connection will make the load balance decision normally. If the destination service is of type nci-direct-return, then it will open a TCP connection to the destination IP address (a second CSS), and it will include, in the TCP option field, information about the initial client connection (client IP address, CSS Virtual IP [VIP], TCP ports, and sequence numbers). With this information, the second CSS is able to open a connection with the real server with the same parameters. Therefore, the reply from the server is sent directly to the client without the need to go back to the first CSS.

This document provides a sample configuration for nci-direct-return services on the CSS.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on these software and hardware versions:

  • CSS11500 that is running WebNS Software version 7.x

  • WebNS Software version 3.x (present in all CSS models)

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

For more information on document conventions, refer to the Cisco Technical Tips Conventions.

Configure

In this section, you are presented with the information to configure the features described in this document.

Network Diagram

This document uses this network setup:

nat_peering.gif

Configurations

Home Switch1 is at the corporate site that has a Frac-T1 connection. Streaming video is serviced at an extranet site that is well-connected and contains Fast Site Switch2. When a user requests information, it is serviced by corporate. When they need streaming video and hit the video page, they are seamlessly redirected to their well-connected extranet servers. The end user thinks that they are talking to the corporate site, and they are unaware from where the data is served.

This document uses these configurations:

Home Switch1
!Generated MAY 18 09:24:44

!Active version: ap0310027b

prompt NAT-Home

configure

!*************************** GLOBAL ***************************

  bridge spanning-tree disabled

  ip route 0.0.0.0 0.0.0.0 192.168.1.254 1

!--- Connect to the mock Internet.

!************************** CIRCUIT **************************

circuit VLAN1

  ip address 10.1.1.254 255.255.255.0

  ip address 192.168.1.253 255.255.255.0

!************************** SERVICE **************************

service HomeSrv1

  ip address 10.1.1.1

  active

service HomeSrv2

  ip address 10.1.1.2

  active

service VideoExtranet

  ip address 192.168.1.100              

!--- VIP of the remote CSS at the Fast Site.

  type nci-direct-return                

!--- Sends the request over to the remote site.

  active                                

!--- Sends the response directly back to the client, as if it
!--- was coming from the corporate site.

!**************************** URQL ****************************

urql VideoContent                       

!--- A group of URLs can be combined into a
!--- Universal Qualifier Resource list.

  description "Video files"             

  domain "10.1.1.100"                   

!--- Within the site 10.1.1.100, append these URLs
!--- for the search.

  url 10                            

  url 10 url "/sample.avi"

  url 12

  url 12 url "/cup.avi"

  url 14

  url 14 url "/grinder.avi"

  url 20

  url 20 url "/video.html"

  active

!*************************** OWNER ***************************

owner foo.com

  content L5_Basic

    protocol tcp

    port 80

    vip address 10.1.1.100

    url "/*"                            

!--- Local requests are handled locally.

    add service HomeSrv1

    add service HomeSrv2

    active


  content L5_FastVideoSite

    protocol tcp

    port 80

    vip address 10.1.1.100

    url urql VideoContent               

!--- If the URL matches one in this list, then forward
!--- the request to the external site.

    add service VideoExtranet         

    primarysorryserver HomeSrv1         

!--- If the link goes down or all of the remote servers
!--- go down, then use the local server.

    active                              

  group net-peer-group                  

!--- This is required so that the remote CSS knows 
!--- how to get back to this CSS.

    vip address 10.1.1.100              
    add destination service VideoExtranet
    active

Fast Site Switch2
!Generated MAY 18 07:28:57

!Active version: ap0310027b

prompt NAT-Fast

configure

!*************************** GLOBAL ***************************

  bridge spanning-tree disabled

  ip route 0.0.0.0 0.0.0.0 10.1.1.254 1

!************************** CIRCUIT **************************

circuit VLAN1

  ip address 10.1.1.253 255.255.255.0

  ip address 192.168.1.254 255.255.255.0

!************************** SERVICE **************************

service FastSrv1

  ip address 192.168.1.1

  active

service FastSrv2

  ip address 192.168.1.2

  active

!*************************** OWNER ***************************

owner foo.com

  content ReceiveRequests

    protocol tcp

    port 80

    vip address 192.168.1.100

    url "/*"

    add service FastSrv1

    add service FastSrv2

    active

Verify

Issue the show service summary command. The VideoExtranet service contacts the remote CSS to ensure that it is available.

Service Name    State    Conn  Weight  Avg   Stat
                                       Load  Transitions
HomeSrv1        Alive    0     1       2       0
HomeSrv2        Alive    0     1       2       0
VideoExtranet   Alive    0     1       2       0

With a client browser, go to the home page of 10.1.1.1.

Note:  With the show summary command, the request is handled locally.

Point the client browser to http://10.1.1.1/video.html. This time the VideoExtranet service is hit. The request goes to the remote CSS, which sends the content back as if it were 10.1.1.100 (Home Switch1).

If a sniffer is available, insert it between the two CSSs. Repeat the test with one of the video files. View the sniffer trace. You will see that the request was passed to the remote CSS, which then served the content with the Fast Site Switch2 MAC address, and the IP address of the Home Switch1 CSS. The remote CSS will send the information directly back to the end user. To simulate the whole remote site as down or unavailable, unplug the link between the CSSs and repeat the test. The CSS knows that the site is down, so it redirects content requests to the primary sorry server (HomeSvr1).

Note: A second sorry server can also be defined.

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

Related Information

Updated: Mar 07, 2006
Document ID: 12635