Guest

Cisco CSS 11500 Series Content Services Switches

Basic Global Server Load Balancing Site Redundancy Using the CSS with DNS

Document ID: 25837

Updated: Jan 30, 2006

   Print

Introduction

This document describes how to create a backup/failover server farm using an extra single or redundant pair of Content Services Switches (CSS) in a remote location. This is helpful in situations where a CSS in a secondary data-center is available but only desired as a back-up in the event of a total failure in the primary site.

This document can also be used to help configure two site Global Server Load Balancing (GSLB) by omitting the access control list (ACL) on the secondary CSS.

Prerequisites

Requirements

Implementing this configuration requires knowledge of Domain Name System (DNS) administration and administrative access to the DNS server authoritative for the domain used. The only non-CSS configuration required is two NS records, a primary and secondary, with one pointing to the primary CSS' circuit VLAN address and the other to the secondary.

Components Used

This configuration was developed and tested using the software and hardware versions below.

  • CSS 11800 (West Coast Site)

  • CSS 11050 (East Coast Site)

  • Web NS version 5.0

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

For more information on document conventions, see the Cisco Technical Tips Conventions.

Background Information

An application session is configured between two CSS switches in two different geographic locations. There is no requirement for a point-to-point link joining the sites; the only requirement is that the two sites can route to each other.

Using the CSS switches DNS capability, a higher level DNS server (in this example, the one authoritative for yourdomain.com) will be configured to use both CSS' circuit VLAN address as NS records for a sub-domain called www.yourdomain.com. Whichever CSS is referred to by the higher level DNS server will then resolve that a record request with the IP address of the DNS content rule on the CSS.

The primary site will be preferred through a combination of using an ACL on the secondary CSS, an application session between the two CSS switches, and configuring the above mentioned NS records on the higher-level DNS server.

Configure

In this section, you are presented with the information to configure the features described in this document.

Network Diagram

This document uses the network setup shown in the diagram below.

basic_gslb.gif

Configurations

This document uses the configurations shown below.

  • West Coast Site (Primary)

  • East Coast Site (Backup)

West Coast Site (Primary)
!*************************** GLOBAL ***************************

  app 
  app session 192.168.2.1  



!--- Configures the app session to the remote CSS; remote service 
!--- and DNS info is shared through here.


  ip route 0.0.0.0 0.0.0.0 192.168.1.50
!************************* INTERFACE *************************
interface  3/2
  bridge vlan 2 

!************************** CIRCUIT **************************
circuit VLAN1
  ip address 192.168.1.1 255.255.255.0

circuit VLAN2
  ip address 10.1.1.1 255.255.255.0

!************************** SERVICE **************************
service primary1 
  ip address 10.1.1.2
  active 

service primary2 
  ip address 10.1.1.3
  active 

service primary3 
  ip address 10.1.1.4
  active 
         
service promary4 
  ip address 10.1.1.5
  active 
!*************************** OWNER ***************************
owner GSLB
 dns both  



!--- This states that there is a remote CSS authoritative for the same domain.


 content WWW
   vip address 192.168.1.2
   add service primary1
   add service primary2
   add service primary3
   add service primary4
   add dns www.yourdomain.com  



!--- This tells the CSS to resolve requests for this domain to this VIP.


   dns preferlocal  



!--- If the request first hits this site, then always prefer this site and not 
!--- the remote CSS authoritative for this domain.


   active

East Coast Site (Backup)
!*************************** GLOBAL ***************************

  app 
  app session 192.168.1.1  



!--- Configures the app session to the remote CSS; remote service 
!--- and DNS info and is shared through here.


  ip route 0.0.0.0 0.0.0.0 192.168.2.50
!************************* INTERFACE *************************
interface  3/1
  bridge vlan 2 

!************************** CIRCUIT **************************
circuit VLAN1
  ip address 192.168.2.1 255.255.255.0

circuit VLAN2
  ip address 10.1.1.1 255.255.255.0

!************************** SERVICE **************************
service backup1
  ip address 10.1.1.2
  active 

service backup2
  ip address 10.1.1.3
  active 
service hacked_redirect  


!--- This probe checks if the primary site is up.


      ip address 192.168.1.2
      keepalive type http

!*************************** OWNER ***************************
Owner GSLB
  dns both  


!--- This states that there is a remote CSS authoritative for the same domain.


  content WWW
    add dns www.yourdomain.com
    vip address 192.168.2.2
    add service backup1
    add service backup2

acl 1  



!--- If the primary site is up, then this ACL will tell requests 
!--- landing on this site to prefer the West Coast site.


   clause 10 permit any any destination content owner_backup/WWW-backup prefer hacked_redirectt
   clause 99 permit any any destination any
   apply circuit-(VLAN1)
   apply dns

acl 5 
   clause 10 permit any any destination any
   apply all

Verify

There is currently no verification procedure available for this configuration.

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

Related Information

Updated: Jan 30, 2006
Document ID: 25837