Guest

Cisco Services Modules

Configuring Single Subnet (Bridge) Mode on the CSM

Cisco - Configuring Single Subnet (Bridge) Mode on the CSM

Introduction

The Content Switching Module (CSM) provides high-performance Server Load Balancing (SLB) between network devices and server farms based on Layer 4 through 7 information packets. Server farms that are represented as virtual servers can improve scalability and availability of services for your network. You can add new servers and remove failed or existing servers at any time without affecting the virtual server's availability.

Clients connect to the CSM by supplying the virtual IP (VIP) address of the virtual server. When a client initiates a connection to the virtual server, the CSM chooses a real server (a physical device that is assigned to a server farm) for the connection based on configured load-balancing algorithms and policies (access rules). Policies manage traffic by defining where to send client requests for information.

Before You Begin

Conventions

For more information on document conventions, see the Cisco Technical Tips Conventions.

Prerequisites

There are no specific prerequisites for this document.

Components Used

This configuration can be used with any software and hardware versions that support the CSM.

Background Theory

Clients and servers communicate through the CSM using either Layer 2 or Layer 3 technology in a specific VLAN configuration. Clients connect to the client side VLAN and servers connect to the server side VLAN. Servers and clients can exist on different subnets. Servers can also be located more than one hop away and connect to the server-side VLAN through routers. A client sends a request to one of the module's VIP addresses. The CSM forwards this request to a server that can respond to the request. The server then forwards the response to the CSM, and the CSM forwards the response to the client.

When the client-side and server-side VLANs are on the same subnets, you can configure the CSM in single subnet (bridge) mode. This document describes single subnet (bridge) mode.

When the client-side and server-side VLANs are on different subnets, you can configure the CSM to operate in a secure (router) mode. For more information, refer to Configuring Secure (Router) Mode on the CSM.

Configure

Network Diagram

The following diagram illustrates different VLANs and different subnets.

csm-bridge.gif

Configurations

Complete these steps:

  1. Create the client and server VLAN on the MSFC.

    cat#conf t 
    cat(config)#vlan 100 
    cat(config-vlan)#exit 
    cat(config)#vlan 200 
    cat(config-vlan)#
  2. Configure physical interfaces that connects the client (uplink) to the corresponding VLAN.

    cat(config)#inter fastEthernet 2/1 
    cat(config-if)#switchport 
    cat(config-if)#switchport access vlan 100 
    cat(config-if)#no shut
    
  3. Configure physical interfaces that connects the servers to the corresponding VLAN.

    cat(config)#inter fastEthernet 2/3 
    cat(config-if)#switchport
    cat(config-if)#switchport access vlan 200 
    cat(config-if)#no shutdown 
    cat(config)#inter fastEthernet 2/4 
    cat(config-if)#switchport 
    cat(config-if)#switchport access vlan 200 
    cat(config-if)#no shutdown
    
  4. Configure the CSM.

    cat(config)#module csm 3 
    cat(config-module-csm)#
  5. Create the client-side VLAN and gateway.

    cat(config-module-csm)#vlan 100 client 
    cat(config-slb-vlan-client)#ip address 172.17.63.217 255.255.255.192 
    cat(config-slb-vlan-client)#gateway 172.17.63.214  
    cat(config-slb-vlan-client)#
  6. Create the server-side VLAN.

    cat(config-module-csm)#vlan 200 server 
    cat(config-slb-vlan-server)#ip address 172.17.63.217 255.255.255.192
    
  7. Create the server farm.

    cat(config-module-csm)#serverfarm wwwfarm
    cat(config-slb-sfarm)#real 172.17.63.215 
    cat(config-slb-real)#inservice 
    cat(config-slb-real)#real 172.17.63.216 
    cat(config-slb-real)#inservice
    
  8. Create Vserver and associate server farm.

    cat(config-module-csm)#vserver server 
    cat(config-slb-vserver)#virtual 172.17.63.241 tcp www 
    cat(config-slb-vserver)#serverfarm wwwfarm 
    cat(config-slb-vserver)#inservice
    

This is a sample configuration of SLB using the Cisco Catalyst 6500 and the CSM.

CSM (WS-X6066-SLB-APC) Running Config
Building configuration... 

Current configuration : 3863 bytes 
! 
version 12.1 
service timestamps debug uptime 
service timestamps log uptime 
no service password-encryption 
! 
hostname cat 
! 
boot system flash sup-bootflash:c6sup11-jsv-mz.121-11b.E 
! 
redundancy 
 main-cpu 
  auto-sync standard 
ip subnet-zero 
! 
mls qos statistics-export interval 300 
mls qos statistics-export delimiter | 
! 

!--- CSM located in slot 3. Module running as Active. 
 
! 
module ContentSwitchingModule 3  
! 


!--- Client side CSM VLAN 100 
!--- Gateway pointing to the MSFC.

! 
 vlan 100 client 
  ip address 172.17.63.217 255.255.255.192 
  gateway 172.17.63.214 
! 

!--- Server side CSM VLAN 200.

! 
 vlan 200 server 
  ip address 172.17.63.217 255.255.255.192 
! 

!--- Server farm configuration.
 
! 
 serverfarm WWWFARM 
  nat server  
  no nat client 
  real 172.17.63.215 
   inservice 
  real 172.17.63.216 
   inservice 
! 

!--- VServer configuration. 

! 
 vserver SERVER 
  virtual 172.17.63.241 tcp www 
  serverfarm WWWFARM 
  persistent rebalance 
  inservice 
! 
interface GigabitEthernet1/1 
 no ip address 
 shutdown 
! 
interface GigabitEthernet1/2 
 no ip address 
 shutdown 
! 

!--- Connection to upstream device.

! 
interface FastEthernet2/1 
 switchport 
 switchport access vlan 100 
 switchport mode access 
 no ip address 
! 
interface FastEthernet2/2 
 no ip address 
 shutdown 
! 

!--- Connection to Web servers.

! 
interface FastEthernet2/3 
 switchport 
 switchport access vlan 200 
 switchport mode access 
 no ip address 
! 
interface FastEthernet2/4 
 switchport 
 switchport access vlan 200 
 switchport mode access 
 no ip address 
! 
interface FastEthernet2/5 
 no ip address 
 shutdown 
! 

!--- MSFC VLAN 100.

! 
interface Vlan100 
 ip address 172.17.63.214 255.255.255.192 
! 
ip classless 
ip route 0.0.0.0 0.0.0.0 172.17.63.193 
no ip http server 
! 
! 
line con 0 
line vty 0 4 
 login 
! 
end

Verify (show Commands)

show module csm # status Command

The show module csm # status command displays the status of the SLB module. The module has to be online.

cat#show module csm 3 status
SLB Module is online in slot 3.
Configuration Download state: COMPLETE, SUCCESS

show module csm # vserver name word detail Command

The show module csm # vservers name word detail command displays detailed virtual server information. You also see the state of the virtual server and how many connections there are. This is the best command to use for getting virtual server information.

cat#show module csm 3 vservers name server detail 
SERVER, state = OPERATIONAL, v_index = 10
  virtual = 172.17.63.241/32:80, TCP, service = NONE, advertise = FALSE
  idle = 3600, replicate csrp = none, vlan = ALL, pending = 30
  max parse len = 600, persist rebalance = TRUE
  conns = 0, total conns = 4
  Default policy:
    server farm = WWWFARM
    sticky: timer = 0, subnet = 0.0.0.0, group id = 0
  Policy           Tot Conn     Client pkts  Server pkts
  ------------------------------------------------------
  (default)        4            56           56

show module csm # real detail Command

The show module csm # real detail command displays information for each real server, such as the server farm where each server resides, the servers' states, thresholds, and connections.

cat#show module csm 3 real detail
172.17.63.215, WWWFARM, state = OPERATIONAL
  conns = 0, maxconns = 4294967295, minconns = 0
  weight = 8, weight(admin) = 8, metric = 0, remainder = 0
  total conns established = 2, total conn failures = 2
172.17.63.216, WWWFARM, state = OPERATIONAL
  conns = 0, maxconns = 4294967295, minconns = 0
  weight = 8, weight(admin) = 8, metric = 0, remainder = 0
  total conns established = 2, total conn failures = 2
cat#show module csm 3 real detail

show module csm # serverfarm name word detail Command

The show module csm # serverfarms name word detail command displays the server farm information. This command shows the predictor used for load balancing. In this example, round robin, which is default, is being used.

cat#show module csm 3 serverfarms name wwwfarm detail 
WWWFARM, predictor = RoundRobin, nat = SERVER
  virtuals inservice: 1, reals = 2, bind id = 0, fail action = none
  inband health config: <none>
  retcode map = <none>
  Real servers:
    172.17.63.215, weight = 8, OPERATIONAL, conns = 0
    172.17.63.216, weight = 8, OPERATIONAL, conns = 0
  Total connections = 0

show module csm # vlan detail Command

The show module csm # vlan detail command displays the VLAN information for the client and the server.

cat#show module csm 3 vlan detail 
vlan   IP address       IP mask          type      
---------------------------------------------------
100    172.17.63.217    255.255.255.192  CLIENT
  GATEWAYS
  172.17.63.214    
200    172.17.63.217    255.255.255.192  SERVER
cat#

Troubleshoot

You should be able to ping the real server and CSM gateway from the Catalyst 6500 by issuing the ping or ping module csm # reals commands.

cat#ping module csm 3 reals
IP address       Reachable
--------------------------
172.17.63.215    Yes
172.17.63.216    Yes
cat#ping module csm 3 gateway                         
IP address       Reachable
--------------------------
172.17.63.214    Yes

Another good troubleshooting command is show module csm # arp. The CSM will learn the addresses. Make sure the gateway and reals are showing up.

cat#show module csm 3 arp 
Internet Address  Physical Interface  VLAN      Type       Status
--------------------------------------------------------------------
 172.17.63.210    00-E0-B6-01-FA-49   100       LEARNED    up(0 misses)
 172.17.63.214    00-04-C0-C0-68-00   100       GATEWAY    up(0 misses)
 172.17.63.215    00-60-B0-87-DC-1A   200       REAL       up(0 misses)
 172.17.63.216    00-50-DA-BF-A1-7F   200       REAL       up(0 misses)
 172.17.63.217    00-30-F2-71-5D-2E   100/200   --SLB--    local
 172.17.63.222    00-02-B9-45-A2-91   100       LEARNED    up(0 misses)
 172.17.63.241    00-30-F2-71-5D-2D   0         VSERVER    local

Related Information

Updated: Feb 10, 2006
Document ID: 5217