Getting Started Guide, Cisco ACE Application Control Engine Module
Configuring Route Health Injection
Downloads: This chapterpdf (PDF - 116.0KB) The complete bookPDF (PDF - 3.17MB) | Feedback

Configuring Route Health Injection

Table Of Contents

Configuring Route Health Injection

Information About RHI

Configuring Route Health Injection

Configuration Example for Route Health Injection

Where to Go Next


Configuring Route Health Injection


This chapter describes how to configure route health injection (RHI) for the Cisco Application Control Engine (ACE) module.

This chapter contains the following sections:

Information About RHI

Configuring Route Health Injection

Configuration Example for Route Health Injection

Where to Go Next

Information About RHI

After reading this chapter, you should have a basic understanding of what RHI is, how it works in the ACE, and how to configure it to advertise a VIP.

Route Health Injection (RHI) allows the ACE to advertise the availability of a VIP address throughout the intranet as a host route. The ACE send this RHI information to the MSFC in the Catalyst 6500 series switch or the Cisco 7600 series router, which periodically propagates the VIP availability according to the RHI information it receives. RHI is normally restricted to intranets because the MSFC does not broadcast host-route availability to the Internet.

The ACE uses health probes (configured in Chapter 10, Configuring Health Monitoring Using Health Probes) together with RHI to determine the availability of a VIP before advertising it. When a VIP becomes unavailable, the ACE withdraws the RHI information. The MSFC adds an entry in its routing table for each VIP address it receives from the ACE. The routing protocol running on the MSFC sends routing-table updates, including availability and hop-count routing information for each instance of a VIP address to other routers. The client router uses the routing information to choose a route based on best available path to that VIP address and also where the Cisco application switch is logically closer to the client system.

RHI is aware of virtual routing and forwarding (VRF) allowing ACE virtual devices to inject and remove routes directly from VRF routing tables in the supervisor engine.

By default, the ACE advertises the VLAN of the VIP interface for RHI. To advertise a VLAN for route health injection (RHI) that is different from the VIP interface VLAN, use the ip route inject vlan command in interface configuration mode. By default, the ACE advertises the VLAN of the VIP interface for RHI. Use this command when there is no directly shared VLAN between the ACE and the Catalyst 6500 series supervisor engine. This topology can occur when there is an intervening device, for example, a Cisco Firewall Services Module (FWSM), configured between the ACE and the supervisor engine. Be sure to configure this command on the VIP interface of the ACE.

Configuring Route Health Injection

Procedure

 
Command
Purpose

Step 1 

changeto context
 
        

Example:

host1/Admin# changeto VC_WEB
host1/VC_WEB#

Changes to the correct context if necessary. Check the CLI prompt to verify that you are operating in the desired context.

Step 2 

config
 
        

Example:

host1/VC_WEB# config
host1/VC_WEB(config)# 

Enters configuration mode.

Step 3 

policy-map multi-match name

Example:

host1/VC_WEB(config)# policy-map 
multi-match PM_MULTI_MATCH
host1/VC_WEB(config-pmap)#

Accesses the PM_MULTI_MATCH Layer 3 and Layer 4 multi-match policy map that you created in Chapter 6, Configuring Server Load Balancing.

Step 4 

class name

Example:

host1/VC_WEB(config-pmap)# class VS_WEB
host1/VC_WEB(config-pmap-c)#

Accesses the VS_WEB Layer 3 and Layer 4 class map that you created in Chapter 6, Configuring Server Load Balancing.

Step 5 

loadbalance vip advertise [active] | 
[metric number]
 
        

Example:

host1/VC_WEB(config-pmap-c)# 
loadbalance vip advertise active

Enables the ACE to advertise the availability of a VIP address throughout the network.

Without the active option, the ACE always advertises the VIP whether or not there is any active real server associated with this VIP.

You must enable the advertising of a VIP using the loadbalance vip advertise command before you can enter a distance metric value for the route. Otherwise, the ACE returns an error message.

Step 6 

exit

Example:

host1/VC_WEB(config-pmap-c)# exit
host1/VC_WEB(config-pmap)# exit

host1/VC_WEB(config)#

Exits policy map class configuration mode. Exits policy map configuration mode. Alternatively, you can press Ctrl-G to exit one mode.

Step 7 

ip route inject vlan vlan_id
 
        

Example:

host1/VC_WEB(config)# interface vlan 
400
host1/VC_WEB(config-if)# ip route 
inject vlan 200

(Optional) Advertises a VLAN for route health injection (RHI) that is different from the VIP interface VLAN.

The vlan_id is the interface shared between the supervisor engine and the intervening device.

Use this command when there is no directly shared VLAN between the ACE and the Catalyst 6500 series supervisor engine. This topology can occur when there is an intervening device, for example, a Cisco Firewall Services Module (FWSM), configured between the ACE and the supervisor engine.

Be sure to configure this command on the VIP interface of the ACE.

Step 8 

exit
 
        
Example:
host1/VC_WEB(config-if)# exit
host1/VC_WEB(config) exit
host1/VC_WEB#

Exits interface configuration mode. Exits configuration mode.

Step 9 

show running-config policy-map 
policy_name
 
        

Example:

host1/VC_WEB# show running-config 
policy-map PM_MULTI_MATCH

Displays the policy-map configuration information.

Step 10 

copy running-config startup-config

Example:

host1/VC_WEB# copy running-config startup-config

(Optional) Copies the running configuration to the startup configuration.

Configuration Example for Route Health Injection

The following example shows how to configure RHI. The commands that you have configured in this chapter appear in bold text.

switch/VC_WEB(config)# do show running config
Generating configuration....
 
   
access-list INBOUND line 8 extended permit ip any any
 
   
probe http HTTP_PROBE1
  expect status 200 200
 
   
rserver host RS_WEB1
  description content server web-one
  ip address 10.10.50.10
  inservice
rserver host RS_WEB2
  description content server web-two
  ip address 10.10.50.11
  inservice
rserver host RS_WEB3
  description content server web-three
  ip address 10.10.50.12
  inservice
rserver host RS_WEB4
  description content server web-four
  ip address 10.10.50.13
  inservice
 
   
serverfarm host SF_WEB
  predictor hash header Accept
  probe HTTP_PROBE1
  rserver RS_WEB1 80
    inservice
  rserver RS_WEB2 80
    inservice
  rserver RS_WEB3 80
    inservice
  rserver RS_WEB4 80
    inservice
 
   
sticky http-cookie Cookie1 StickyGroup1
  timeout 3600
  serverfarm SF_WEB
 
   
ssl-proxy service SSL_PSERVICE_SERVER
  key cisco-sample-key
  cert cisco-sample-cert
 
   
class-map match-all CM_SSL
  2 match virtual-address 10.10.40.11 tcp eq https
class-map type management match-any REMOTE_ACCESS
  description Remote access traffic match
  2 match protocol ssh any
  3 match protocol telnet any
  4 match protocol icmp any
class-map match-all VS_WEB
  2 match virtual-address 10.10.40.10 tcp eq www
 
   
policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
  class REMOTE_ACCESS
    permit
 
   
policy-map type loadbalance first-match PM_LB
  class class-default
    serverfarm SF_WEB
 
   
policy-map multi-match PM_MULTI_MATCH
  class VS_WEB
    loadbalance vip inservice
    loadbalance policy PM_LB
    loadbalance vip advertise active
policy-map multi-match PM_SSL
  class CM_SSL
    ssl-proxy server SSL_PSERVICE_SERVER
 
   
service-policy input REMOTE_MGMT_ALLOW_POLICY
 
   
interface vlan 400
  description Client connectivity on VLAN 400
  ip address 10.10.40.1 255.255.255.0
  access-group input INBOUND
  service-policy input PM_MULTI_MATCH
  service-policy input PM_SSL
  no shutdown
  ip route inject vlan 200
 
   
interface vlan 500
  description Server connectivity on VLAN 500
  ip address 10.10.50.1 255.255.255.0
  no shutdown
 
   
domain DOMAIN1
add-object all
 
   
ip route 0.0.0.0 0.0.0.0 172.25.91.1
username USER1 password 5 $1$vAN9gQDI$MmbmjQgJPj45lxbtzXPpB1  role SLB-Admin domain 
DOMAIN1
 
   

Where to Go Next

In this chapter, you have enabled the RHI feature to advertise the availability of a VIP address. In the next chapter, you will learn how to configure redundancy or fault tolerance.