Guest

Cisco CSS 11500 Series Content Services Switches

CSS 11500 Active-Active Stateful Failover ASR in One-Armed Mode Configuration Example

Document ID: 49841

Updated: Jul 12, 2006

   Print

Introduction

This document provides a sample configuration for an active-active stateful failover scenario where the two Content Services Switches (CSS) are in one-armed mode. The configuration in this document combines three major components:

  • Active-active failover means that a minimum of two virtual IP addresses are used. Each CSS is the master for one VIP and the backup for the other one.

  • Stateful failover indicates that upon failover there is no traffic interruption. The backup CSS knows from the master CSS which flows it receives in case of failover.

  • One-armed mode failover means that the CSS is connected to a single VLAN. This scenario requires additional configuration to make sure that the server response goes through the CSS. In this configuration, client NAT (source group) is used.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on a CSS 1150x that runs version 7.x.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Configure

In this section, you are presented with the information to configure the features described in this document. For this example, FTP servers are used. They make use of a control channel and data channels. This configuration works for any TCP or UDP traffic.

Network Diagram

This document uses this network setup:

css_asr_config.jpg

Configurations

This document uses this configuration:

CSS1#show run
!Generated on 03/09/2004 17:02:02
!Active version: sg0720305

configure


!*************************** GLOBAL ***************************
  bridge spanning-tree disabled 

!--- Portfast is enabled on the switch. Spanning tree
!--- is disabled on the CSS. Spanning tree is not required, and 
!--- disabling spanning tree speeds up failover. There is no STP 
!--- convergence timeout.

  app 
  app session 192.168.11.9 

!--- The app session is used for configuration synchronization.

  ip route 0.0.0.0 0.0.0.0 192.168.10.1 1 

!************************* INTERFACE *************************
interface  3/1
  bridge vlan 499 

!--- This is the only link to the switch. This is the one-armed model.

interface  3/8
  isc-port-one 

!--- This is the primary ASR link to exchange flow information between the two CSSs.
!--- You can also issue the isc-port-two command on a second link, 
!--- but this second link serves as a redundant link only.

!************************** CIRCUIT **************************
circuit VLAN499

  ip address 192.168.11.8 255.255.254.0 
    ip virtual-router 7 priority 110 preempt 
    ip virtual-router 8 priority 90 

!--- Active-active scenario. This CSS is the master for virtual router ID 7 
!--- and backup for virtual router ID 8.

    ip redundant-vip 7 192.168.11.249 
    ip redundant-vip 8 192.168.11.248 

!************************** SERVICE **************************
service bisou 
  ip address 192.168.11.46 
  redundant-index 75 

!--- Each service needs to be assigned a redundant-index.
!--- This index needs to be the same on both CSSs.

  active 

service tension 
  ip address 192.168.10.123 
  redundant-index 71 
  active 


!*************************** OWNER ***************************
owner MyCompany 

  content www 
    vip address 192.168.11.249 
    protocol tcp 
    port 80 
    url "/*" 
    advanced-balance arrowpoint-cookie 
    add service tension 
    redundant-index 72 

!--- Each service needs to be assigned a redundant-index.
!--- You do this only for the content rules that need to
!--- be replicated from the master CSS to the backup.

    active 

  content www2 
    vip address 192.168.11.248 
    add service bisou 
    redundant-index 76 
    protocol tcp 
    port 21 
    active 

!*************************** GROUP ***************************
group MyCompany-www 
  vip address 192.168.11.249 
  add destination service tension 
  redundant-index 73 
  active 

group MyCompany-www2 
  vip address 192.168.11.248 
  add destination service bisou 
  redundant-index 77 
  active
CSS2#show run
!Generated on 03/09/2004 17:05:40
!Active version: sg0720305

configure


!*************************** GLOBAL ***************************
  no restrict web-mgmt 
  app-udp 
  bridge spanning-tree disabled 

  app    
  app session 192.168.11.8 


  ip route 0.0.0.0 0.0.0.0 192.168.10.1 1 

!************************* INTERFACE *************************
interface  2/1
  bridge vlan 499 
  phy 100Mbits-FD 

interface  2/8
  isc-port-one 

!************************** CIRCUIT **************************
circuit VLAN499

  ip address 192.168.11.9 255.255.254.0 
    ip virtual-router 7 priority 90 
    ip virtual-router 8 priority 110 preempt 
    ip redundant-vip 7 192.168.11.249 
    ip redundant-vip 8 192.168.11.248 
 
!************************** SERVICE **************************
service tension 
  ip address 192.168.10.123 
  redundant-index 71 
  active 

service bisou 
  ip address 192.168.11.46 
  redundant-index 75 
  active 
 
owner MyCompany 
  content www 
    vip address 192.168.11.249 
    advanced-balance arrowpoint-cookie 
    protocol tcp 
    port 80 
    url "/*" 
    add service tension 
    redundant-index 72 
    active 

  content www2 
    vip address 192.168.11.248 
    add service bisou 
    redundant-index 76 
    protocol tcp 
    port 21 
    active 

!*************************** GROUP ***************************
group MyCompany-www 
  add destination service tension 
  redundant-index 73 
  vip address 192.168.11.249 
  active 

group MyCompany-www2 
  vip address 192.168.11.248 
  add destination service bisou 
  redundant-index 77 
  active 

Verify

Use this section to confirm that your configuration works properly.

The Output Interpreter Tool (registered customers only) (OIT) supports certain show commands. Use the OIT to view an analysis of show command output.

  • show isc-ports

  • show virtual-routers

  • show redundant-vip

  • show flows

CSS1#show isc-ports 
  Inter-Switch Communications Configuration:
    Inter-Switch Port One: 3/8
    Inter-Switch Port Two is not configured.

  Inter-Switch Communications Status:
    Inter-Switch Communications Are UP.
    Inter-Switch Communications are currently active on 3/8



CSS2#show isc-ports 
  Inter-Switch Communications Configuration:
    Inter-Switch Port One: 2/8
    Inter-Switch Port Two is not configured.

  Inter-Switch Communications Status:
    Inter-Switch Communications Are UP.
    Inter-Switch Communications are currently active on 
CSS1#show virtual-routers 

Virtual-Routers:


 Interface Address: 192.168.11.8      VRID: 7  
  Priority:      110          Config. Priority:  110
  State:         Master       Master IP:         192.168.11.8
  State Changes: 7            Last Change:       03/13/2004 12:06:14
  Preempt:       True      


 Interface Address: 192.168.11.8      VRID: 8  
  Priority:      90           Config. Priority:  90
  State:         Backup       Master IP:         192.168.11.9
  State Changes: 10           Last Change:       03/13/2004 12:05:54
  Preempt:       False     

CSS2#show virtual-routers 

Virtual-Routers:


 Interface Address: 192.168.11.9      VRID: 7  
  Priority:      90           Config. Priority:  90
  State:         Backup       Master IP:         192.168.11.8
  State Changes: 16           Last Change:       03/13/2004 12:18:06
  Preempt:       False     


 Interface Address: 192.168.11.9      VRID: 8  
  Priority:      110          Config. Priority:  110
  State:         Master       Master IP:         192.168.11.9
  State Changes: 7            Last Change:       03/09/2004 17:04:10
  Preempt:       True
CSS1#show redundant-vips 

Redundant-Vips:


 Interface Address: 192.168.11.8     VRID: 8  
  Redundant Address: 192.168.11.248     Range:       1
  State:             Backup             Master IP:   192.168.11.9
  State Changes:     10                 Last Change: 03/13/2004 12:05:54


 Interface Address: 192.168.11.8     VRID: 7  
  Redundant Address: 192.168.11.249     Range:       1
  State:             Master             Master IP:   192.168.11.8
  State Changes:     7                  Last Change: 03/13/2004 12:06:14

CSS2#show redundant-vips 

Redundant-Vips:


 Interface Address: 192.168.11.9     VRID: 8  
  Redundant Address: 192.168.11.248     Range:       1
  State:             Master             Master IP:   192.168.11.9
  State Changes:     7                  Last Change: 03/09/2004 17:04:10


 Interface Address: 192.168.11.9     VRID: 7  
  Redundant Address: 192.168.11.249     Range:       1
  State:             Backup             Master IP:   192.168.11.8
  State Changes:     16                 Last Change: 03/13/2004 12:18:06

The show flows command give you the list of active connections that are switched by the CSS. The backup CSS sees flows that actually go through the master CSS. This is the result of the ASR configuration. One difference, however, is that the backup CSS does not show any interface for the input and output ports. These ports are determined if the flows become active (which means the master failed over to the backup).

CSS1#show flows 0.0.0.0

--------------- ----- --------------- ----- --------------- --- ------- ------
Src Address     SPort Dst Address     DPort NAT Dst Address Prt InPort  OutPort
--------------- ----- --------------- ----- --------------- --- ------- ------
192.168.11.9    5001  192.168.11.8    1044  0.0.0.0         TCP  3/1      Ipv4
192.168.11.9    2771  192.168.11.8    5001  0.0.0.0         TCP  3/1      Ipv4
192.168.11.46   21    192.168.11.248  41697 192.168.11.41   TCP  -         -
192.168.11.41   1601  192.168.11.248  21    192.168.11.46   TCP  -         -

CSS1# 

CSS2#show flows 0.0.0.0

--------------- ----- --------------- ----- --------------- --- ------- ------
Src Address     SPort Dst Address     DPort NAT Dst Address Prt InPort  OutPort
--------------- ----- --------------- ----- --------------- --- ------- ------
192.168.11.8    5001  192.168.11.9    2771  0.0.0.0         TCP  2/1      Ipv4
192.168.11.46   21    192.168.11.248  41697 192.168.11.41   TCP  2/1       2/1
192.168.11.41   1601  192.168.11.248  21    192.168.11.46   TCP  2/1       2/1
192.168.11.8    1044  192.168.11.9    5001  0.0.0.0         TCP  2/1      Ipv4

Check for what happens after a failover. The first command output shows the status of both CSSs before failover. Disconnect CSS2 from the central switch to simulate the failover. The failover is indicated with the VRRP-4 message on CSS1. The data connection (TCP port 20) is now active on CSS1. CSS1 now lists the input and output ports for this flow. The FTP control channel (TCP port 21) is not yet active on CSS1 however. This is due to the fact that traffic has not been sent. The data session first needs to complete.

CSS2#show flows

--------------- ----- --------------- ----- --------------- --- ------- ------
Src Address     SPort Dst Address     DPort NAT Dst Address Prt InPort  OutPort
--------------- ----- --------------- ----- --------------- --- ------- ------
192.168.11.41   1614  192.168.11.248  20    192.168.11.46   TCP  2/1       2/1
192.168.11.46   20    192.168.11.248  51630 192.168.11.41   TCP  2/1       2/1
192.168.11.46   21    192.168.11.248  51628 192.168.11.41   TCP  2/1       2/1
192.168.11.41   1612  192.168.11.248  21    192.168.11.46   TCP  2/1       2/1


CSS1#show flows 0.0.0.0

--------------- ----- --------------- ----- --------------- --- ------- ------
Src Address     SPort Dst Address     DPort NAT Dst Address Prt InPort  OutPort
--------------- ----- --------------- ----- --------------- --- ------- ------
192.168.11.41   1614  192.168.11.248  20    192.168.11.46   TCP  -         -
192.168.11.46   20    192.168.11.248  51630 192.168.11.41   TCP  -         -
192.168.11.46   21    192.168.11.248  51628 192.168.11.41   TCP  -         -
192.168.11.41   1612  192.168.11.248  21    192.168.11.46   TCP  -         -



MAR  9 16:50:56 1/1 85 VRRP-4: Virtual router 8: master on interface 192.168.11.8


CSS1# 
CSS1# 
CSS1# 
CSS1# 
CSS1#show flows 0.0.0.0

--------------- ----- --------------- ----- --------------- --- ------- ------
Src Address     SPort Dst Address     DPort NAT Dst Address Prt InPort  OutPort
--------------- ----- --------------- ----- --------------- --- ------- ------
192.168.11.41   1614  192.168.11.248  20    192.168.11.46   TCP  3/1       3/1
192.168.11.46   20    192.168.11.248  51630 192.168.11.41   TCP  3/1       3/1
192.168.11.46   21    192.168.11.248  51628 192.168.11.41   TCP  -         -
192.168.11.41   1612  192.168.11.248  21    192.168.11.46   TCP  -         -

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

Related Information

Updated: Jul 12, 2006
Document ID: 49841