Guest

Cisco Services Modules

Content Switching Module for Server Load Balancing and Direct Access to Real Servers Configuration Example

Cisco - Content Switching Module for Server Load Balancing and Direct Access to Real Servers Configuration Example

Document ID: 26290

Updated: Jan 23, 2007

   Print

Introduction

The Content Switching Module (CSM) can be added to a Catalyst 6500 with a Multilayer Switch Feature Card (MSFC) that runs Native IOS. This module allows ultimate performance when load balancing traffic to multiple servers or firewalls.

Typically, direct access to the servers is not available when you use a CSM. However, this configuration uses individual IP addresses in order to directly reach the servers. This configuration also shows load-balance connections to servers via the virtual address.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on these software and hardware versions:

  • Cisco IOS® Software Version 12.1(11b)E1

  • Catalyst 6000

  • ROM: System Bootstrap, Version 12.0(3)XE, Release Software

  • BOOTLDR: MSFC Software (C6MSFC-BOOT-M), Version 12.1(3a)E4, Early Deployment Release Software (fc1)

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to the Cisco Technical Tips Conventions for more information on document conventions.

Configure

In this section, you are presented with the information to configure the features described in this document.

Use the Command Lookup Tool (registered customers only) to obtain more information on the commands used in this section.

Network Diagram

This document uses this network setup:

csm_slb_reals-a.gif

Configuration

In order to complete this configuration, follow these steps:

  1. Configure VLANs on the switch.

    Router#vlan database
    Router(vlan)#vlan 10
    VLAN 10 added:
        Name: VLAN0010
    Router(vlan)#vlan 50
    VLAN 50 added:
        Name: VLAN0050
    Router(vlan)#exit 
    APPLY completed.
    Exiting....
  2. Configure ports on the switch.

    Router#conf t
    Enter configuration commands, one per line.  End with CNTL/Z.
    Router(config)#int fa 4/1
    Router(config-if)#switchport
    Router(config-if)#switchport access vlan 10
    Router(config-if)#no shut
    Router(config-if)#int fa 4/46
    Router(config-if)#switchport
    Router(config-if)#switchport access vlan 50
    Router(config-if)#no shut
    Router(config-if)#int fa 4/47
    Router(config-if)#switchport
    Router(config-if)#switchport access vlan 50
    Router(config-if)#no shut
    Router(config-if)#int fa 4/48
    Router(config-if)#switchport
    Router(config-if)#switchport access vlan 50
    Router(config-if)#no shut   
    Router(config-if)#int fa 4/45
    Router(config-if)#switchport
    Router(config-if)#switchport access vlan 50
    Router(config-if)#no shut
    Router(config-if)#exit
    
  3. Configure interface VLAN on MSFC for the client VLAN.

    Router(config-if)#interface vlan 10
    Router(config-if)#ip address 172.17.63.229 255.255.255.192
    Router(config-if)#no shut
    Router(config-if)#exit
    
  4. Configure routing on the MSFC.

    Router(config)#ip route 10.0.0.0 255.255.255.0 172.17.63.233
    Router(config)#ip route 0.0.0.0 0.0.0.0 172.17.63.193
    Router(config)#
  5. Configure the CSM server VLAN.

    Router(config)#module csm 3
    Router(config-module-csm)#vlan 50 server
    Route(config-slb-vlan-server)#ip address 10.0.0.1 255.255.255.0
    Route(config-slb-vlan-server)#gateway 172.17.63.229
    
  6. Configure the CSM client VLAN by configuring the IP address and gateway.

     Route(config-slb-vlan-server)#vlan 10 client
     Route(config-slb-vlan-client)#ip address 172.17.63.233 255.255.255.192
     Route(config-slb-vlan-client)#gateway 172.17.63.229
     Route(config-slb-vlan-client)#exit
     Router(config-slb-sfarm)#
    
  7. Configure serverfarm for direct-access.

    Router(config-module-csm)#serverfarm SERVER-SUBNETS
    Router(config-slb-sfarm)#predictor forward
    Router(config-slb-sfarm)#exit
    
  8. Configure vserver for direct-access.

    Router(config-module-csm)#vserver DIRECT-ACCESS
    Router(config-slb-vserver)#virtual 10.0.0.0 255.255.255.0 any
    Router(config-slb-vserver)#serverfarm SERVER-SUBNETS
    Router(config-slb-vserver)#inservice
    Router(config-slb-vserver)#exit
    Router(config-module-csm)#exit
    
  9. Configure serverfarm for servers.

    Router(config-module-csm)#serverfarm SERVERS
    Router(config-slb-sfarm)#nat server
    Router(config-slb-sfarm)#no nat client
    Router(config-slb-sfarm)#real 10.0.0.10
    Router(config-slb-real)#inservice
    Router(config-slb-real)#real 10.0.0.11
    Router(config-slb-real)#inservice
    Router(config-slb-real)#real 10.0.0.12
    Router(config-slb-real)#inservice
    Router(config-slb-real)#real 10.0.0.13
    Router(config-slb-real)#inservice
    Router(config-slb-real)#exit
    
  10. Configure vserver for load-balanced traffic.

    Router(config-slb-sfarm)#vserver MYSITE
    Router(config-slb-vserver)#virtual 172.17.63.231 any
    Router(config-slb-vserver)#serverfarm SERVERS
    Router(config-slb-vserver)#inservice
    Router(config-slb-vserver)#exit
    Router(config-module-csm)#serverfarm SERVER-SUBNETS
    Router(config-slb-sfarm)#predictor forward
    Router(config-slb-sfarm)#exit
    Router(config-module-csm)#exit
    Router(config)#exit
    Router#wr mem
    Building configuration...
    
    01:44:58: %SYS-5-CONFIG_I: Configured from console by console[OK]

Verify

Use this section to confirm that your configuration works properly.

  1. View the configuration.

    Router#show run
    Building configuration...
    
    Current configuration : 4071 bytes
    !
    version 12.1
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    !
    hostname Router
    !
    boot bootldr bootflash:c6msfc-boot-mz.121-3a.E4
    !
    redundancy
     main-cpu
      auto-sync standard
    ip subnet-zero
    !
    !
    !
    mls qos statistics-export interval 300
    mls qos statistics-export delimiter |
    module ContentSwitchingModule 3 
     vlan 50 server
      ip address 10.0.0.1 255.255.255.0
    !
     vlan 10 client
      ip address 172.17.63.233 255.255.255.192
      gateway 172.17.63.229
    !
     serverfarm SERVER-SUBNETS
      nat server 
      no nat client
      predictor forward
    !
     serverfarm SERVERS
    nat server 
      no nat client
      real 10.0.0.10
       inservice
      real 10.0.0.11
       inservice
      real 10.0.0.12
       inservice
      real 10.0.0.13
       inservice
    !
     vserver DIRECT-ACCESS
      virtual 10.0.0.0 255.255.255.0 any
      serverfarm SERVER-SUBNETS
      persistent rebalance
      inservice
    !
     vserver MYSITE
      virtual 172.17.63.231 any
      serverfarm SERVERS
      persistent rebalance
      inservice
    !
    !
    !
    !
    interface GigabitEthernet1/1
     no ip address
     shutdown
    !
    interface GigabitEthernet1/2
     no ip address
     shutdown
    !
    interface FastEthernet4/1
     no ip address
     switchport
     switchport access vlan 10
    !
    interface FastEthernet4/2
     no ip address
     shutdown
    !
    interface FastEthernet4/3
     no ip address
     shutdown
    !
    !
    
    --- output suppressed ---
    
    !
    !
    interface FastEthernet4/43
     no ip address
     shutdown
    !
    interface FastEthernet4/44
     no ip address
     shutdown
    !
    interface FastEthernet4/45
     no ip address
     switchport
     switchport access vlan 50
    !
    interface FastEthernet4/46
     no ip address
     switchport
     switchport access vlan 50
    !
    interface FastEthernet4/47
     no ip address
     switchport
     switchport access vlan 50
    !
    interface FastEthernet4/48
     no ip address
     switchport
     switchport access vlan 50
    !
    interface Vlan1
     no ip address
     shutdown
    !
    interface Vlan10
     ip address 172.17.63.229 255.255.255.192
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 172.17.63.193
    ip route 10.0.0.0 255.255.255.0 172.17.63.233
    no ip http server
    !
    !
    !
    line con 0
    line vty 0 4
    !
    end
    
  2. Verify that the VLANs are configured on the switch processor.

    Router#show vlan
    VLAN Name                             Status    Ports
    ---- -------------------------------- --------- -------------------------------
    1    default                          active    
    1002 fddi-default                     active    
    1003 token-ring-default               active    
    1004 fddinet-default                  active    
    1005 trnet-default                    active    
    
    VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
    ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
    1    enet  100001     1500  -      -      -        -    -        0      0   
    1002 fddi  101002     1500  -      -      -        -    -        0      0   
    1003 tr    101003     1500  -      -      -        -    -        0      0   
    1004 fdnet 101004     1500  -      -      -        ieee -        0      0   
    1005 trnet 101005     1500  -      -      -        ibm  -        0      0   
    
    Primary Secondary Type              Ports
    ------- --------- ----------------- ------------------------------------------
    
    Router#
  3. Verify that modules are in their proper slots.

    Router# show module
    Mod Ports Card Type                              Model              Serial No.
    --- ----- -------------------------------------- ------------------ -----------
      1    2  Cat 6k sup 1 Enhanced QoS (Active)     WS-X6K-SUP1A-2GE   SAD05020E10
      3    0  SLB Application Processor Complex      WS-X6066-SLB-APC   SAD051102E1
      4   48  48 port 10/100 mb RJ45                 WS-X6348-RJ-45     SAL05073TGR
    
    Mod MAC addresses                       Hw    Fw           Sw           Status
    --- ---------------------------------- ------ ------------ ------------ -------
      1  0001.c9b0.3b6c to 0001.c9b0.3b6d   7.0   5.4(2)       7.2(0.35)    Ok      
      3  0030.f271.5d28 to 0030.f271.5d2f   1.2                2.2(2a)      Ok      
      4  0004.de83.4530 to 0004.de83.455f   2.0   5.4(2)       7.2(0.35)    Ok      
    
    Mod Sub-Module                  Model           Serial           Hw     Status 
    --- --------------------------- --------------- --------------- ------- -------
      1 Policy Feature Card         WS-F6K-PFC      SAD05020NYT      1.1    Ok     
      1 MSFC Cat6k daughterboard    WS-F6K-MSFC     SAD05020B9A      1.4    Ok 
  4. Check your REALs.

    Router#show modu csm 3 reals
    
    real                  server farm      weight  state          conns
    -------------------------------------------------------------------
    10.0.0.10             SERVERS          8       OPERATIONAL    0        
    10.0.0.11             SERVERS          8       OPERATIONAL    0        
    10.0.0.12             SERVERS          8       OPERATIONAL    0        
    10.0.0.13             SERVERS          8       FAILED         0        
    Router#
  5. Check your vservers.

    Router#show module csm 3 vservers
    
    slb vserver      prot  virtual                  vlan  state         conns  
    ---------------------------------------------------------------------------
    DIRECT-ACCESS    any   10.0.0.0/24:0            ALL   OPERATIONAL   0       
    MYSITE           any   172.17.63.231/32:0       ALL   OPERATIONAL   1       
    Router#show module csm 3 ?
      arp           SLB arp cache listing
      capp          SLB Content Application Peering Protocol information
      conns         SLB connection information
      dfp           SLB DFP manager information
      ft            SLB ft information
      map           SLB map information
      memory        SLB memory information
      natpools      SLB client nat pool information
      policy        SLB policy information
      probe         SLB probe information
      reals         SLB real server information
      serverfarms   SLB server farm information
      static        SLB static server NAT information
      stats         SLB Statistics
      status        SLB status information
      sticky        SLB sticky database
      tech-support  SLB tech debug information
      vlan          SLB vlan information
      vservers      SLB virtual server information
  6. Check for connections on the CSM.

    Router#show module csm 3 conns
    
        prot vlan source                destination           state       
    ----------------------------------------------------------------------
    In  TCP  10   171.71.78.140:53141   172.17.63.231:23      ESTAB       
    Out TCP  50   10.0.0.11:23          171.71.78.140:53141   ESTAB       
    
    In  UDP  50   10.0.0.11:1130        192.168.1.1:161       ESTAB       
    Out UDP  10   192.168.1.1:161       10.0.0.11:1130        ESTAB 
  7. Check the statistics on the module.

    Router#show module csm 3 stats
    Connections Created:        6
    Connections Destroyed:      5
    Connections Current:        1
    Connections Timed-Out:      0
    Connections Failed:         0
    Server initiated Connections:
          Created: 13, Current: 0, Failed: 13
    L4 Load-Balanced Decisions: 18
    L4 Rejected Connections:    1
    L7 Load-Balanced Decisions: 0
    L7 Rejected Connections:
          Total: 0, Parser: 0,
          Reached max parse len: 0, Cookie out of mem: 0,
          Cfg version mismatch: 0, Bad SSL2 format: 0
    L4/L7 Rejected Connections:
          No policy: 0, No policy match 0,
          No real: 1, ACL denied 0,
          Server initiated: 0
    Checksum Failures:  IP: 0, TCP: 0
    Redirect Connections: 0,  Redirect Dropped: 0
    FTP Connections:            0
    MAC Frames:
          Tx: Unicast: 709, Multicast: 0, Broadcast: 155,
              Underflow Errors: 0
          Rx: Unicast: 723, Multicast: 1433, Broadcast: 83,
              Overflow Errors: 0, CRC Errors: 0
  8. Check for additional details on serverfarms.

    Router#show module csm 3 serverfarms detail
    SERVER-SUBNETS, predictor = Forward, nat = SERVER
      virtuals inservice: 1, reals = 0, bind id = 0, fail action = none
      inband health config: <none<
      retcode map = <none<
      Total connections = 0
    
    SERVERS, predictor = RoundRobin, nat = SERVER
      virtuals inservice: 1, reals = 4, bind id = 0, fail action = none
      inband health config: <none<
      retcode map = <none<
      Real servers:
        10.0.0.10, weight = 8, OPERATIONAL, conns = 0
        10.0.0.11, weight = 8, OPERATIONAL, conns = 0
        10.0.0.12, weight = 8, OPERATIONAL, conns = 0
        10.0.0.13, weight = 8, FAILED, conns = 0
      Total connections = 0
    
    Router#
    Router#show module csm 3 conns ?
      client   conns associated with a specific client IP address
      detail   Detailed output
      vserver  conns associated with a specific vserver
      |        Output modifiers
      <cr>
  9. Check for additional details on vservers.

    Router#show module csm 3 vservers detail
    DIRECT-ACCESS, state = OPERATIONAL, v_index = 10
      virtual = 10.0.0.0/24:0, any, service = NONE, advertise = FALSE
      idle = 3600, replicate csrp = none, vlan = ALL, pending = 30
      max parse len = 600, persist rebalance = TRUE
      conns = 1, total conns = 1
      Default policy:
        server farm = SERVER-SUBNETS
        sticky: timer = 0, subnet = 0.0.0.0, group id = 0
      Policy           Tot Conn     Client pkts  Server pkts
      ------------------------------------------------------
      (default)        1            27           19           
    
    MYSITE, state = OPERATIONAL, v_index = 11
      virtual = 172.17.63.231/32:0, any, service = NONE, advertise = FALSE
      idle = 3600, replicate csrp = none, vlan = ALL, pending = 30
      max parse len = 600, persist rebalance = TRUE
      conns = 0, total conns = 8
      Default policy:
        server farm = SERVERS
        sticky: timer = 0, subnet = 0.0.0.0, group id = 0
      Policy           Tot Conn     Client pkts  Server pkts
      ------------------------------------------------------
      (default)        8            539          405  

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

Related Information

Updated: Jan 23, 2007
Document ID: 26290