Guest

Cisco ACE 4700 Series Application Control Engine Appliances

Cisco CSS-to-ACE Conversion Tool User Guide

  • Viewing Options

  • PDF (681.5 KB)
  • Feedback
Cisco CSS-to-ACE Conversion Tool User Guide

Table Of Contents

Cisco CSS-to-ACE Conversion Tool User Guide

Accessing the CSS-to-ACE Conversion Tool

Using the CSS-to-ACE Conversion Tool

Verifying and Modifying the Converted Configuration

Copying and Pasting the Converted Configuration File to the ACE

Example of a Copied Configuration File for Use By the ACE

Unsupported CSS Commands

ACE Appliance Documentation

Obtaining Documentation, Obtaining Support, and Security Guidelines


Cisco CSS-to-ACE Conversion Tool User Guide


This document describes how to use the CSS-to-ACE conversion tool to migrate Cisco Content Services Switches (CSS) running-configuration or startup-configuration files to the Cisco 4700 Series Application Control Engine (ACE) appliance. It describes how to access the conversion tool, use the tool to convert a CSS configuration to an ACE configuration, and copy the converted configuration to the ACE. This document also includes a summary of the CSS commands that are not supported by the conversion tool.

This document contains the following sections:

Accessing the CSS-to-ACE Conversion Tool

Using the CSS-to-ACE Conversion Tool

Verifying and Modifying the Converted Configuration

Copying and Pasting the Converted Configuration File to the ACE

Unsupported CSS Commands

ACE Appliance Documentation

Obtaining Documentation, Obtaining Support, and Security Guidelines

Accessing the CSS-to-ACE Conversion Tool

The conversion tool is included as part of the ACE software image and is accessible from the Cisco ACE Appliance web page using HTTP. To access the conversion tool, perform the following steps:


Step 1 Log in to your default ACE admin account.

Step 2 Create a Layer 3 and Layer 4 management policy. Ensure that, at a minimum, you permit HTTP traffic in the management policy to enable remote access to the Cisco ACE Appliance web page. The following configuration example shows how to enable web access to the ACE to access the ACE web page. For details on enabling remote access to the ACE, see the Cisco 4700 Series Application Control Engine Appliance Administration Guide.

class-map type management match-any L4_REMOTE-ACCESS_CLASS
  description Enable remote access traffic to the ACE and the Cisco ACE Appliance web page
  2 match protocol xml-https any
  4 match protocol icmp any
  5 match protocol telnet any
  6 match protocol ssh any
  7 match protocol http any
  8 match protocol https any

policy-map type management first-match L4_REMOTE-ACCESS_MATCH
  class L4_REMOTE-ACCESS_CLASS
    permit

interface vlan 10
  ip address 192.168.215.134 255.255.255.0
  service-policy input L4_REMOTE-ACCESS_MATCH
  no shutdown

ip route 0.0.0.0 0.0.0.0 192.168.215.1

Step 3 Open your preferred Internet web browser application, such as Microsoft Internet Explorer or Netscape Navigator.

Step 4 Specify the HTTP address of your ACE in the address field:

http://ace_ip_address

The Login dialog box appears.

Step 5 Enter your ACE default admin username and password in the fields provided, then click OK. The ACE web page appears (Figure 1).

Figure 1 Cisco ACE Appliance Web Page

Step 6 Click the CSS2ACE conversion tool link in the Tools section of the ACE web page. The CSS-to-ACE conversion tool appears (Figure 2). Proceed to the "Using the CSS-to-ACE Conversion Tool" section.

Figure 2 CSS-to-ACE Conversion Tool



Using the CSS-to-ACE Conversion Tool

You can convert a CSS startup- or running-config to an equivalent ACE startup- or running-config by using one of the following methods:

Copying and pasting the contents from a saved CSS configuration file or from the CSS show running-config or show startup-config command output to the conversion tool `

Uploading a saved CSS configuration file to the conversion tool

To use the conversion tool to convert a CSS configuration, perform the following steps:


Step 1 By default, the Admin context is always assumed as the target virtual context on the ACE. To migrate a CSS configuration to a different virtual context (for example, C1), specify a different virtual context name in the User Context Name: text box (see Figure 3). The conversion tool generates the corresponding ACE configuration for the Admin context to create the requested virtual context.

Step 2 Add the contents from a saved CSS configuration file or from the CSS show running-config or show startup-config command output by copying and pasting the complete configuration into the text area of the Paste CSS Commands: section of the conversion tool (Figure 3). Proceed to Step 4.

Figure 3 Pasting the Content of a CSS Configuration into the CSS-to-ACE Conversion Tool

Step 3 Click Browse to select a CSS configuration file to upload to the conversion tool. Navigate to the CSS configuration file that you want to convert, then click Open. The CSS configuration file appears in the Upload CSS Command File: section of the conversion tool (Figure 4). Proceed to Step 4.

Figure 4 Uploading a CSS Configuration File

Step 4 Click Get ACE Commands to convert the CSS commands. The tool converts the CSS startup- or running-config to an equivalent ACE startup- or running-config (Figure 5).

Figure 5 Converted CSS Commands to ACE Commands Example

In addition, the conversion tool lists the CSS commands from the original configuration file (Figure 6).

Figure 6 Summary of Converted CSS Commands Example

The conversion tool also includes a list of any unsupported CSS commands (Figure 7). The Notes section provides additional information, as necessary. Proceed to the "Verifying and Modifying the Converted Configuration" section.

Figure 7 Unsupported CSS Commands



Verifying and Modifying the Converted Configuration

Before you copy and paste the converted CSS configuration to the ACE CLI, we recommend that you first carefully review the converted configuration in a text file and make the appropriate content changes based on your network topology and deployment. This step helps you to avoid potential issues or conflicts before you copy the converted CSS configuration text file to the ACE CLI prompt.

Follow these configuration guidelines when verifying and modifying the converted CSS configuration:

The CSS does not display default values in the running configuration or startup configuration file even if you manually enter those values. The CSS default settings for probes (keepalives), such as retryperiod, frequency and expect status, are automatically converted by the conversion tool to the ACE configuration. However, you must review, edit, and test the other the areas in the converted configuration to ensure any additional CSS defaults are properly ported to the ACE configuration before deployment.

For the purpose of applying the Network Address Translation (NAT)-related CSS configurations, the least numbered VLAN is assumed to be the client-side VLAN and the next higher numbered VLAN is assumed to be the server-side VLAN. If you want to apply the NAT configurations to a different interface VLAN, manually make this change in the configuration. See the Cisco 4700 Series Application Control Engine Appliance Routing and Bridging Configuration Guide for background details.

The keepalive hash command of the service configuration mode uses a default hash value if the hash string provided is not equal to 32 bits.

The keepalive type script command of the service configuration mode is currently not supported. You must manually configure each of these scripted keepalives using the Toolkit Command Language (TCL) scripts on the ACE. See the Cisco 4700 Series Application Control Engine Appliance Server Load-Balancing Configuration Guide for background details.

Service policies are added to only a single interface VLAN. If you want to apply the service policy to a different interface VLAN, manually make this change in the configuration. See the Cisco 4700 Series Application Control Engine Appliance Routing and Bridging Configuration Guide for background details.

All SSL certificates must be imported into the associated context on the ACE before you apply the SSL-related configurations. See the Cisco 4700 Series Application Control Engine Appliance SSL Configuration Guide for background details.

The conversion tool does not convert the range option of the ip address command in service configuration mode; only the first IP address is converted. You must create individual real servers for each of the remaining IP addresses specified in the range option, and then add these real servers to the appropriate server farm. See the Cisco 4700 Series Application Control Engine Appliance Server Load-Balancing Configuration Guide for background details.

The conversion tool creates default interface gigabitEthernet configurations in the output and adds the VLAN numbers from the CSS configuration. Manually modify these configurations to suit your network topology or deployment. See the Cisco 4700 Series Application Control Engine Appliance Routing and Bridging Configuration Guide for background details.

The conversion tool creates separate Layer 7 policy maps for each CSS content rule. The Layer 7 policy maps are created separately even when multiple content rules share the same VIP, which results in only one of the policy maps taking effect. Manually combine these Layer 7 policy maps in order to share the same VIP. See the Cisco 4700 Series Application Control Engine Appliance Server Load-Balancing Configuration Guide for background details.

See the"Unsupported CSS Commands" section for a list of the CSS CLI commands that are not supported during the conversion.

To verify the converted output configuration, perform the following steps:


Step 1 Copy the complete converted configuration listed in the ACE Commands: section of the conversion tool (see Figure 5) to a text file. Save this text file as an appropriately named configuration file.

Step 2 Review the output configuration in the text file and make the appropriate changes in this text file based on your network topology and deployment.

Step 3 Save your modifications in the configuration text file.

Step 4 Copy the contents of the modified configuration text file directly to the ACE CLI prompt as described in the "Copying and Pasting the Converted Configuration File to the ACE" section.



Copying and Pasting the Converted Configuration File to the ACE

To copy and paste the converted configuration directly to the ACE CLI prompt, perform the following steps:


Step 1 Log in to the ACE by entering the login username and password at the following prompt:

switch login: xxxxxx
Password: yyyyyy

By default, both the username and password are admin.

The prompt changes as follows:

switch/Admin# 

Step 2 Access configuration mode as follows:

switch/Admin# configure
Enter configuration commands, one per line. End with CNTL/Z

The prompt changes as follows:

switch/Admin(config)#

Step 3 Copy the complete contents of the Admin Context: section of the converted configuration (as illustrated in Figure 5). Paste the copied Admin Context: content at the configuration mode prompt of the ACE CLI. If you are operating in multiple contexts, this step automatically creates the new virtual context identified in the User Context Name: text box of the conversion tool.

For example, enter:

switch/Admin(config)# resource-class RC1
switch/Admin(config-resource)# limit-resource sticky minimum 10 maximum unlimited
switch/Admin(config-resource)# context C1
switch/Admin(config-context)#   member RC1
switch/Admin(config-context)#

Step 4 If you are operating in multiple contexts, observe the CLI prompt to verify that you are operating in the desired context. If necessary, change to the correct context by using the changeto command in Exec mode.

switch/Admin(config-context)# exit
switch/Admin(config)# 
switch/Admin(config)# exit
switch/Admin# changeto C1
switch/C1# configure
Enter configuration commands, one per line. End with CNTL/Z
switch/C1(config)# 

Step 5 Copy the complete contents of the Configuration Commands for xx Context: section of the converted configuration (as illustrated in Figure 5). Paste the copied Configuration Commands for xx Context: content at the configuration mode prompt of the ACE CLI.

For example, to copy the converted configuration to the C1 context, enter:

switch/C1(config)# probe http Server1_PROBE
switch/C1(config-probe-http)#   request method head url "/"
switch/C1(config-probe-http)# probe http Server2_PROBE
switch/C1(config-probe-http)#   request method head url "/"
switch/C1(config-probe-http)# probe http Server3_PROBE
switch/C1(config-probe-http)#   request method head url "/"
switch/C1(config-probe-http)#
switch/C1(config-probe-http)# rserver host Server1
switch/C1(config-rserver-host)#   inservice
switch/C1(config-rserver-host)#   ip address 10.1.1.1
switch/C1(config-rserver-host)#   probe Server1_PROBE
switch/C1(config-rserver-host)# rserver host Server2
switch/C1(config-rserver-host)#   inservice
switch/C1(config-rserver-host)#   ip address 10.1.1.2
switch/C1(config-rserver-host)#   probe Server2_PROBE
switch/C1(config-rserver-host)# rserver host Server3
switch/C1(config-rserver-host)#   ip address 10.1.1.3
switch/C1(config-rserver-host)#   probe Server3_PROBE
switch/C1(config-rserver-host)#   weight 5
switch/C1(config-rserver-host)#
switch/C1(config-rserver-host)# serverfarm host L3_LeastConnections
switch/C1(config-sfarm-host)#   predictor leastconns
switch/C1(config-sfarm-host)#   rserver Server1
switch/C1(config-sfarm-host-rs)#   rserver Server2
switch/C1(config-sfarm-host-rs)#   rserver Server3
switch/C1(config-sfarm-host-rs)# serverfarm host L3_RoundRobin
switch/C1(config-sfarm-host)#   rserver Server1
switch/C1(config-sfarm-host-rs)#   rserver Server2
switch/C1(config-sfarm-host-rs)#   rserver Server3
switch/C1(config-sfarm-host-rs)#     inservice
switch/C1(config-sfarm-host-rs)# serverfarm host L5_ACA
.

Step 6 (Optional) Save the updated contents of the running- or startup-configuration file as follows:

To merge the contents of the startup-config file into the running-config file, use the copy startup-config running-config command.

To copy the contents of the running-config file to the startup-config file in Flash memory, use the copy running-config startup-config command.

Proceed to the "Example of a Copied Configuration File for Use By the ACE" section.



Example of a Copied Configuration File for Use By the ACE

After you copy the contents of the converted CSS-to-ACE configuration to the ACE, use the following commands to view the updated content of either the running- or startup-config file:

To view the running-config file, use the show running-config command.

To view the startup-config file, use the show startup-config command.

The following example is from the show running-config command output. This example includes hypertext cross-references to the applicable chapters in the ACE documentation set that you can refer to for the configuration details. You can click the URLs located above the command output for the configuration details. Use the ACE CLI commands to make modifications to the configuration, as needed.


switch/C1# show running-config
Generating configuration....

! http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/slb/guide/probe.html

probe http Server1_PROBE
  request method head
probe http Server2_PROBE
  request method head
probe http Server3_PROBE
  request method head

! http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/slb/guide/rsfarms.html

rserver host Server1
  ip address 10.1.1.1
  probe Server1_PROBE
  inservice
rserver host Server2
  ip address 10.1.1.2
  probe Server2_PROBE
  inservice
rserver host Server3
  ip address 10.1.1.3
  probe Server3_PROBE
  weight 5

! http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/slb/guide/rsfarms.html

serverfarm host L3_LeastConnections
  predictor leastconns
  rserver Server1
  rserver Server2
  rserver Server3
serverfarm host L3_RoundRobin
  rserver Server1
  rserver Server2
  rserver Server3
    inservice
serverfarm host L5_ACA
  rserver Server1
  rserver Server2
  rserver Server3
serverfarm host L5_WeightedRR
  rserver Server1
  rserver Server2
  rserver Server3

! http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/slb/guide/classlb.html

class-map match-all L3_LeastConnections_CLASS
  2 match virtual-address 10.1.1.100 any
class-map match-all L3_RoundRobin_CLASS
  2 match virtual-address 10.1.1.100 any
class-map match-all L5_ACA_CLASS
  2 match port tcp eq www
class-map type http loadbalance match-all L5_ACA_CLASSURL
  2 match http url /*.html
class-map match-all L5_WeightedRR_CLASS
  2 match port tcp eq www
class-map type http loadbalance match-all L5_WeightedRR_CLASSURL
  2 match http url /*.gif

!http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/administration/guide/access.html

class-map type management match-any TO-CP-POLICY
  2 match protocol http any
  3 match protocol icmp any
  4 match protocol telnet any
  5 match protocol snmp any
  6 match protocol ssh any

!http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/administration/guide/access.html

policy-map type management first-match TO-CP-POLICY
  class TO-CP-POLICY
    permit

! http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/slb/guide/classlb.html

policy-map type loadbalance first-match L3_LeastConnections_POLICY
  class class-default
    serverfarm L3_LeastConnections
policy-map type loadbalance first-match L3_RoundRobin_POLICY
  class class-default
    serverfarm L3_RoundRobin
policy-map type loadbalance first-match L5_ACA_POLICY
  class L5_ACA_CLASSURL
    serverfarm L5_ACA
policy-map type loadbalance first-match L5_WeightedRR_POLICY
  class L5_WeightedRR_CLASSURL
    serverfarm L5_WeightedRR
policy-map multi-match POLICY
  class L5_WeightedRR_CLASS
  class L5_ACA_CLASS
  class L3_LeastConnections_CLASS
    loadbalance vip inservice
    loadbalance policy L3_LeastConnections_POLICY
    loadbalance vip icmp-reply active
  class L3_RoundRobin_CLASS
    loadbalance vip inservice
    loadbalance policy L3_RoundRobin_POLICY
    loadbalance vip icmp-reply active

! http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/slb/guide/classlb.html

interface vlan 10
  ip address 192.168.10.50 255.255.255.0
  service-policy input TO-CP-POLICY
  service-policy input POLICY
  no shutdown

! http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/slb/guide/rsfarms.html

domain foo.com
  add-object serverfarm L3_LeastConnections
  add-object serverfarm L3_RoundRobin
  add-object serverfarm L5_ACA
  add-object serverfarm L5_WeightedRR
  add-object rserver Server1
  add-object rserver Server2
  add-object rserver Server3

Unsupported CSS Commands

The tool converts the majority of the CSS commands to comparable ACE commands. The converted output includes a list of the commands that are not supported by the tool during the conversion process (Figure 8).

Figure 8 Unsupported CSS Commands Area of the CSS-to-ACE Conversion Tool

Table 1 summarizes the CSS commands and command options that do not have an equivalent function in the ACE and are not supported by the conversion tool. The unsupported CSS commands are listed by global configuration mode.

Table 1 List of CSS Commands Not Supported in the ACE 

CSS Command

Global Configuration Mode

bypass persistence

flow permanent port

flow persist-span-ooo

flow set-port-zero

flow-state port_number

flow-state flow-disable timeout

flow tcp-reset-on-vip-unavailable

http-method parse

http-redirect-option

persistence reset, the remap option

restrict ftp

slowstart rate

snmp trap-source

sshd, the server-keybits option

tacacs-server frequency

tcp-ip-fragment-enabled

udp-ip-fragment-enabled

Content Configuration Mode Commands

The following add commands:

add dns

add location-service

add sasp-agent

The following options of the advanced-balance command:

cookieurl

sip-call-id

ssl

ssl-l4-fallback

url

wap-msisdn

The following options of the application command:

realaudio-control

sip

ssl

The following options of the balance command:

aca

domain

url

dnsbalance

dns-disable-local

failover

flow-reset-reject

hotlist

load-threshold

persistent

sticky-serverdown-failover

string-prefix

url eql

url dql

url urql

vip-ping-response

Header-Field Group Configuration Mode

header-field1

 

Interface Configuration Mode Commands

max-idle

phy 1Gbits-FD-asym

phy 1Gbits-FD-sym

phy 1Gbits-FD-no-pause

Keepalive Configuration Mode Commands

active

suspend

Owner Configuration Mode Commands

The following owner commands:

address

billing-info

case

content

description

dns

dnsbalance

email-address

Reporter Configuration Mode Commands

 

All commands

 

RMON Alarm Configuration Mode Commands

 

All commands

 

RMON Event Configuration Mode Commands

 

All commands

 

RMON History Configuration Mode Commands

 

All commands

 

Service Configuration Mode Commands

 

access ftp

bypass-hosttag

cache-bypass

compress, the tcp option

ip address, the range number option

keepalive type script

protocol

publisher

string

subscriber

transparent-hosttag

The following options of the type command:

nci-direct-return

nci-info-only

proxy-cache

redundancy-up

rep-cache-redir

rep-store

rep-store-redir

SSL-Proxy-List Configuration Mode Commands

ssl-server number http-header

ssl-server number tcp

1 The ACE supports the majority of the field-type variables except for the following selections: custom, msisdn, and request-line. The ACE supports the conversion of the majority of the operator variables except for the not-equal, not-exist and not-contain operators.


ACE Appliance Documentation

You can access the ACE appliance documentation on www.cisco.com at:

http://www.cisco.com/en/US/products/ps7027/tsd_products_support_series_home.html

To familiarize yourself with the ACE appliance, refer to the following documentation:

Release Note for the Cisco 4700 Series Application Control Engine Applicance

Cisco 4710 Application Control Engine Appliance Hardware Installation Guide

Cisco 4700 Series Application Control Engine Appliance Administration Guide

Cisco 4700 Series Application Control Engine Appliance Application Acceleration and Optimization Configuration Guide

Cisco 4700 Series Application Control Engine Appliance CLI Quick Configuration Guide

Cisco 4700 Series Application Control Engine Appliance Command Reference

Cisco 4700 Series Application Control Engine Appliance Device Manager GUI Configuration Guide

Cisco 4700 Series Application Control Engine Appliance Device Manager GUI Quick Configuration Note

Cisco 4700 Series Application Control Engine Appliance Routing and Bridging Configuration Guide

Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide

Cisco 4700 Series Application Control Engine Appliance Server Load-Balancing Configuration Guide

Cisco 4700 Series Application Control Engine Appliance SSL Configuration Guide

Cisco 4700 Series Application Control Engine Appliance System Message Guide

Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide

Obtaining Documentation, Obtaining Support, and Security Guidelines

For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html