Catalyst 6500 シリーズ スイッチ コンテント スイッチング モジュール コンフィギュレーション ノート Software Release 4.2(1)
コンフィギュレーション例
コンフィギュレーション例
発行日;2012/01/11 | ドキュメントご利用ガイド | ダウンロード ; この章pdf , ドキュメント全体pdf (PDF - 2MB) | フィードバック

目次

コンフィギュレーション例

MSFCによるクライアント側のルータ モードの設定

MSFCによるクライアント側のブリッジ モードの設定

プローブの設定

サーバを送信元とするVIPへの接続用の送信元NATの設定

セッションの持続性(スティッキ性)の設定

ルータ モードでのサーバへのダイレクト アクセスの設定

サーバ間のロードバランシングされた接続の設定

RHIの設定

サーバ名の設定

バックアップ サーバ ファームの設定

送信元IPアドレスに基づいたロードバランシングの決定の設定

レイヤ7ロードバランシングの設定

HTTPリダイレクトの設定

コンフィギュレーション例

この付録の各例では、設定に関連する部分のみを示しています。レイヤ2およびレイヤ3 Catalystスイッチの設定の一部分が含まれる場合もあります。コメント行は#で始まります。 configuration terminal コマンドを入力して、コンフィギュレーション モードが開始されると、コメント行を設定にペーストすることができます。

vlan コマンドを使用して、スイッチ上のContent Switching Module(CSM;コンテント スイッチング モジュール)の設定で使用されるすべてのVLAN(仮想LAN)が作成されていることを確認します。

MSFCによるクライアント側のルータ モードの設定

ここでは、ルータ モードを設定する設定パラメータの例を示します。

module ContentSwitchingModule 5
vlan 220 server
ip address 10.20.220.2 255.255.255.0
alias 10.20.220.1 255.255.255.0
 
# The servers' default gateway is the alias IP address
# Alias IP addresses are needed any time that you are
# configuring a redundant system.
# However, it is a good practice to always use a
# alias IP address so that a standby CSM can easily
# be added without changes to the IP addressing scheme
 
!
vlan 221 client
ip address 10.20.221.5 255.255.255.0
gateway 10.20.221.1
 
# The CSM default gateway in this config is the
# MSFC IP address on that VLAN
 
!
serverfarm WEBFARM
nat server
no nat client
real 10.20.220.10
inservice
real 10.20.220.20
inservice
real 10.20.220.30
no inservice
!
vserver WEB
virtual 10.20.221.100 tcp www
serverfarm WEBFARM
persistent rebalance
inservice
 
# "persistence rebalance" is effective ONLY when performing
# L7 load balancing (parsing of URLs, cookies, header, ...)
# and only for HTTP 1.1 connections.
# It tells the CSM to parse and eventually make a new
# load balancing decision for each GET within the same
# TCP connection.
 
interface FastEthernet2/2
no ip address
switchport
switchport access vlan 220
 
# The above is the port that connects to the real servers
 
interface FastEthernet2/24
ip address 10.20.1.1 255.255.255.0
 
# The above is the interface that connects to the client side network
 
interface Vlan221
ip address 10.20.221.1 255.255.255.0
 
# The above is the MSFC interface for the internal VLAN used
# for MSFC-CSM communication
 

show コマンドの出力

Cat6k-2# show module csm 5 arp
 
Internet Address Physical Interface VLAN Type Status
--------------------------------------------------------------------
10.20.220.1 00-02-FC-E1-68-EB 220 -ALIAS- local
10.20.220.2 00-02-FC-E1-68-EC 220 --SLB-- local
10.20.220.10 00-D0-B7-A0-81-D8 220 REAL up(0 misses)
10.20.221.1 00-02-FC-CB-70-0A 221 GATEWAY up(0 misses)
10.20.221.5 00-02-FC-E1-68-EC 221 --SLB-- local
10.20.220.20 00-D0-B7-A0-81-D8 220 REAL up(0 misses)
10.20.220.30 00-D0-B7-A0-81-D8 220 REAL up(0 misses)
10.20.221.100 00-02-FC-E1-68-EB 0 VSERVER local
 
Cat6k-2# show module csm 5 vlan detail
vlan IP address IP mask type
---------------------------------------------------
220 10.20.220.2 255.255.255.0 SERVER
ALIASES
IP address IP mask
--------------------------------
10.20.220.1 255.255.255.0
221 10.20.221.5 255.255.255.0 CLIENT
GATEWAYS
10.20.221.1
Cat6k-2#
Cat6k-2# show module csm 5 real
 
real server farm weight state conns/hits
-------------------------------------------------------------------------
10.20.220.10 WEBFARM 8 OPERATIONAL 0
10.20.220.20 WEBFARM 8 OPERATIONAL 0
10.20.220.30 WEBFARM 8 OUTOFSERVICE 0
Cat6k-2#
Cat6k-2# show module csm 5 real detail
10.20.220.10, WEBFARM, state = OPERATIONAL
conns = 0, maxconns = 4294967295, minconns = 0
weight = 8, weight(admin) = 8, metric = 0, remainder = 0
total conns established = 5, total conn failures = 0
10.20.220.20, WEBFARM, state = OPERATIONAL
conns = 0, maxconns = 4294967295, minconns = 0
weight = 8, weight(admin) = 8, metric = 0, remainder = 0
total conns established = 5, total conn failures = 0
10.20.220.30, WEBFARM, state = OUTOFSERVICE
conns = 0, maxconns = 4294967295, minconns = 0
weight = 8, weight(admin) = 8, metric = 0, remainder = 0
total conns established = 0, total conn failures = 0
 
Cat6k-2#
Cat6k-2# show module csm 5 vserver detail
WEB, type = SLB, state = OPERATIONAL, v_index = 17
virtual = 10.20.221.100/32:80 bidir, TCP, service = NONE, advertise = FALSE
idle = 3600, replicate csrp = none, vlan = ALL, pending = 30, layer 4
max parse len = 2000, persist rebalance = TRUE
ssl sticky offset = 0, length = 32
conns = 0, total conns = 10
Default policy:
server farm = WEBFARM, backup = <not assigned>
sticky: timer = 0, subnet = 0.0.0.0, group id = 0
Policy Tot matches Client pkts Server pkts
-----------------------------------------------------
(default) 10 50 50
 
Cat6k-2#
Cat6k-2# show module csm 5 stats
Connections Created: 28
Connections Destroyed: 28
Connections Current: 0
Connections Timed-Out: 0
Connections Failed: 0
Server initiated Connections:
Created: 0, Current: 0, Failed: 0
L4 Load-Balanced Decisions: 27
L4 Rejected Connections: 1
L7 Load-Balanced Decisions: 0
L7 Rejected Connections:
Total: 0, Parser: 0,
Reached max parse len: 0, Cookie out of mem: 0,
Cfg version mismatch: 0, Bad SSL2 format: 0
L4/L7 Rejected Connections:
No policy: 1, No policy match 0,
No real: 0, ACL denied 0,
Server initiated: 0
Checksum Failures: IP: 0, TCP: 0
Redirect Connections: 0, Redirect Dropped: 0
FTP Connections: 0
MAC Frames:
Tx: Unicast: 345, Multicast: 5, Broadcast: 25844,
Underflow Errors: 0
Rx: Unicast: 1841, Multicast: 448118, Broadcast: 17,
Overflow Errors: 0, CRC Errors: 0
 

MSFCによるクライアント側のブリッジ モードの設定

ここでは、ブリッジ モードを設定する設定パラメータの例を示します。

module ContentSwitchingModule 5
vlan 221 client
ip address 10.20.220.2 255.255.255.0
gateway 10.20.220.1
!
vlan 220 server
ip address 10.20.220.2 255.255.255.0
 
# Two VLANs with the same IP address are bridged together.
 
!
serverfarm WEBFARM
nat server
no nat client
real 10.20.220.10
inservice
real 10.20.220.20
inservice
real 10.20.220.30
no inservice
!
vserver WEB
virtual 10.20.220.100 tcp www
serverfarm WEBFARM
persistent rebalance
inservice
 
interface FastEthernet2/2
no ip address
switchport
switchport access vlan 220
 
# The above is the port that connects to the real servers
 
interface FastEthernet2/24
ip address 10.20.1.1 255.255.255.0
 
# The above is the MSFC interface that connects to the client side network
 
interface Vlan221
ip address 10.20.220.1 255.255.255.0
 
# The above is the MSFC interface for the internal VLAN used
# for MSFC-CSM communication.
# The servers use this IP address as their default gateway
# since the CSM is bridging between the client and server VLANs
 

show コマンドの出力

Cat6k-2# show module csm 5 arp
 
Internet Address Physical Interface VLAN Type Status
--------------------------------------------------------------------
10.20.220.1 00-02-FC-CB-70-0A 221 GATEWAY up(0 misses)
10.20.220.2 00-02-FC-E1-68-EC 221/220 --SLB-- local
10.20.220.10 00-D0-B7-A0-81-D8 220 REAL up(0 misses)
10.20.220.20 00-D0-B7-A0-81-D8 220 REAL up(0 misses)
10.20.220.30 00-D0-B7-A0-81-D8 220 REAL up(0 misses)
10.20.220.100 00-02-FC-E1-68-EB 0 VSERVER local

プローブの設定

ここでは、プローブを設定する設定パラメータの例を示します。

module ContentSwitchingModule 5
vlan 220 server
ip address 10.20.220.2 255.255.255.0
alias 10.20.220.1 255.255.255.0
!
vlan 221 client
ip address 10.20.221.5 255.255.255.0
gateway 10.20.221.1
!
probe PING icmp
interval 5
failed 10
receive 4
 
# Interval between the probes is 5 seconds for healthy servers
# while it is 10 seconds for failed servers.
# The servers need to reply within 4 seconds.
 
!
probe TCP tcp
interval 5
failed 10
open 4
 
# The servers need to open the TCP connection within 4 seconds.
 
!
probe HTTP http
request method head url /probe/http_probe.html
expect status 200 299
interval 20
port 80
 
# The port for the probe is inherited from the vservers.
# The port is necessary in this case, since the same farm
# is serving a vserver on port 80 and one on port 23.
# If the "port 80" parameter is removed, the HTTP probe
# will be sent out on both ports 80 and 23, thus failing
# on port 23 which does not serve HTTP requests.
 
probe PING-SERVER-30 icmp
interval 5
failed 10
!
serverfarm WEBFARM
nat server
no nat client
real 10.20.220.10
inservice
real 10.20.220.20
inservice
real 10.20.220.30
health probe PING-SERVER-30
inservice
probe PING
probe TCP
probe HTTP
!
vserver TELNET
virtual 10.20.221.100 tcp telnet
serverfarm WEBFARM
persistent rebalance
inservice
!
vserver WEB
virtual 10.20.221.100 tcp www
serverfarm WEBFARM
persistent rebalance
inservice
!
 

show コマンドの出力

Cat6k-2# show module csm 5 probe
 
probe type port interval retries failed open receive
---------------------------------------------------------------------
PING icmp 5 3 10 4
TCP tcp 5 3 10 4
HTTP http 80 20 3 300 10 10
PING-SERVER-30 icmp 5 3 10 10
 
Cat6k-2# show module csm 5 probe detail
probe type port interval retries failed open receive
---------------------------------------------------------------------
PING icmp 5 3 10 4
real vserver serverfarm policy status
------------------------------------------------------------------------------
10.20.220.30:80 WEB WEBFARM (default) OPERABLE
10.20.220.20:80 WEB WEBFARM (default) OPERABLE
10.20.220.10:80 WEB WEBFARM (default) OPERABLE
10.20.220.30:23 TELNET WEBFARM (default) OPERABLE
10.20.220.20:23 TELNET WEBFARM (default) OPERABLE
10.20.220.10:23 TELNET WEBFARM (default) OPERABLE
TCP tcp 5 3 10 4
real vserver serverfarm policy status
------------------------------------------------------------------------------
10.20.220.30:80 WEB WEBFARM (default) OPERABLE
10.20.220.20:80 WEB WEBFARM (default) OPERABLE
10.20.220.10:80 WEB WEBFARM (default) OPERABLE
10.20.220.30:23 TELNET WEBFARM (default) OPERABLE
10.20.220.20:23 TELNET WEBFARM (default) OPERABLE
10.20.220.10:23 TELNET WEBFARM (default) OPERABLE
HTTP http 80 20 3 300 10 10
Probe Request: HEAD /probe/http_probe.html
Expected Status Codes:
200 to 299
real vserver serverfarm policy status
------------------------------------------------------------------------------
10.20.220.30:80 WEB WEBFARM (default) OPERABLE
10.20.220.20:80 WEB WEBFARM (default) FAILED
10.20.220.10:80 WEB WEBFARM (default) OPERABLE
10.20.220.30:80 TELNET WEBFARM (default) OPERABLE
10.20.220.20:80 TELNET WEBFARM (default) FAILED
10.20.220.10:80 TELNET WEBFARM (default) OPERABLE
PING-SERVER-30 icmp 5 3 10 10
real vserver serverfarm policy status
------------------------------------------------------------------------------
10.20.220.30:80 WEB WEBFARM (default) OPERABLE
10.20.220.30:23 TELNET WEBFARM (default) OPERABLE
 
Cat6k-2# show module csm 5 real
 
real server farm weight state conns/hits
-------------------------------------------------------------------------
10.20.220.10 WEBFARM 8 OPERATIONAL 0
10.20.220.20 WEBFARM 8 PROBE_FAILED 0
10.20.220.30 WEBFARM 8 OPERATIONAL 0
 

サーバを送信元とするVIPへの接続用の送信元NATの設定

この例では、サーバが、クライアントのアクセス先と同じVIPアドレスへのオープン接続を持つ状況を示します。サーバが、サーバどうしでバランスを保つために、送信元Network Address Translation(NAT;ネットワーク アドレス変換)が必要となります。送信元NATを設定するには、仮想サーバ コンフィギュレーションで vlan パラメータを使用して、接続が開始されるVLANを識別します。次に、異なるサーバ ファームを使用して、サーバを送信元とする接続を処理します。このサーバ ファーム用に、送信元NATが設定されます。送信元NATは、クライアントを送信元とする接続には使用されないため、サーバは実クライアントのIPアドレスを記録することができます。


) 同じVLAN内に位置する送信元および宛先サーバが、サーバ間でロードバランスされた接続をサポートする必要がある場合は、同様の設定を使用する必要があります。


module ContentSwitchingModule 5
vlan 220 server
ip address 10.20.220.2 255.255.255.0
alias 10.20.220.1 255.255.255.0
!
vlan 221 client
ip address 10.20.221.5 255.255.255.0
gateway 10.20.221.1
!
natpool POOL-1 10.20.220.99 10.20.220.99 netmask 255.255.255.0
!
serverfarm FARM
nat server
no nat client
real 10.20.220.10
inservice
real 10.20.220.20
inservice
real 10.20.220.30
inservice
!
serverfarm FARM2
nat server
nat client POOL-1
real 10.20.220.10
inservice
real 10.20.220.20
inservice
real 10.20.220.30
inservice
!
vserver FROM-CLIENTS
virtual 10.20.221.100 tcp telnet
vlan 221
serverfarm FARM
persistent rebalance
inservice
!
vserver FROM-SERVERS
virtual 10.20.221.100 tcp telnet
vlan 220
serverfarm FARM2
persistent rebalance
inservice
 

show コマンドの出力

Cat6k-2# show module csm 5 vser
vserver type prot virtual vlan state conns
---------------------------------------------------------------------------
FROM-CLIENTS SLB TCP 10.20.221.100/32:23 221 OPERATIONAL 1
FROM-SERVERS SLB TCP 10.20.221.100/32:23 220 OPERATIONAL 1
 
Cat6k-2# show module csm 5 conn detail
 
prot vlan source destination state
----------------------------------------------------------------------
In TCP 220 10.20.220.10:32858 10.20.221.100:23 ESTAB
Out TCP 220 10.20.220.20:23 10.20.220.99:8193 ESTAB
vs = FROM-SERVERS, ftp = No, csrp = False
 
In TCP 221 10.20.1.100:42443 10.20.221.100:23 ESTAB
Out TCP 220 10.20.220.10:23 10.20.1.100:42443 ESTAB
vs = FROM-CLIENTS, ftp = No, csrp = False
 
# The command shows the open connections and how they are translated.
#
# For each connection, both halves of the connection are shown.
# The output for the second half of each connection
# swaps the source and destination IP:port.
#
# The connection originated by server 10.20.220.10 is source-NAT'ed
# and source-PAT'ed (also its L4 source port needs to be translated)
# Its source IP changes from 10.20.220.10 to 10.20.220.99
# Its source L4 port changes from 32858 to 8193
 
Cat6k-2# show module csm 5 real
 
real server farm weight state conns/hits
-------------------------------------------------------------------------
10.20.220.10 FARM 8 OPERATIONAL 1
10.20.220.20 FARM 8 OPERATIONAL 0
10.20.220.30 FARM 8 OPERATIONAL 0
10.20.220.10 FARM2 8 OPERATIONAL 0
10.20.220.20 FARM2 8 OPERATIONAL 1
10.20.220.30 FARM2 8 OPERATIONAL 0
 
Cat6k-2# show module csm 5 natpool
nat client POOL-1 10.20.220.99 10.20.220.99 netmask 255.255.255.0
 
Cat6k-2# show module csm 5 serverfarm
 
server farm type predictor nat reals redirect bind id
----------------------------------------------------------------------
FARM SLB RoundRobin S 3 0 0
FARM2 SLB RoundRobin S,C 3 0 0
 

セッションの持続性(スティッキ性)の設定

ここでは、セッションの持続性またはスティッキ性を設定する設定パラメータの例を示します。

module ContentSwitchingModule 5
vlan 220 server
ip address 10.20.220.2 255.255.255.0
alias 10.20.220.1 255.255.255.0
!
vlan 221 client
ip address 10.20.221.5 255.255.255.0
gateway 10.20.221.1
!
serverfarm WEBFARM
nat server
no nat client
real 10.20.220.10
inservice
real 10.20.220.20
inservice
real 10.20.220.30
inservice
!
sticky 10 netmask 255.255.255.255 timeout 20
!
sticky 20 cookie yourname timeout 30
!
vserver TELNET
virtual 10.20.221.100 tcp telnet
serverfarm WEBFARM
persistent rebalance
inservice
!
vserver WEB1
virtual 10.20.221.101 tcp www
serverfarm WEBFARM
sticky 20 group 10
persistent rebalance
inservice
!
vserver WEB2
virtual 10.20.221.102 tcp www
serverfarm WEBFARM
sticky 30 group 20
persistent rebalance
inservice
!
 

show コマンドの出力

Cat6k-2# show module csm 5 sticky group 10
 
group sticky-data real timeout
----------------------------------------------------------------
10 ip 10.20.1.100 10.20.220.10 793
 
Cat6k-2# show module csm 5 sticky group 20
 
group sticky-data real timeout
----------------------------------------------------------------
20 cookie 4C656B72:861F0395 10.20.220.20 1597
 
 
Cat6k-2# show module csm 5 sticky
 
group sticky-data real timeout
----------------------------------------------------------------
20 cookie 4C656B72:861F0395 10.20.220.20 1584
10 ip 10.20.1.100 10.20.220.10 778

ルータ モードでのサーバへのダイレクト アクセスの設定

ここでは、ルータ モードを使用して、バックエンド サーバにダイレクト アクセスを行う仮想サーバの設定例を示します。


) ルータ モードでは、仮想サーバがヒットしない接続はいずれも廃棄されます。


module ContentSwitchingModule 5
vlan 220 server
ip address 10.20.220.2 255.255.255.0
alias 10.20.220.1 255.255.255.0
!
vlan 221 client
ip address 10.20.221.5 255.255.255.0
gateway 10.20.221.1
alias 10.20.221.2 255.255.255.0
 
# The alias IP is only required in redundant configurations
# This is the IP address that the upstream router (the MSFC
# in this case) will use as next-hop to reach the
# backend servers
# See below for the static route added for this purpose.
#
!
serverfarm ROUTE
no nat server
no nat client
predictor forward
 
#
# This serverfarm is not load balancing, but is simply
# routing the traffic according to the CSM routing tables
# The CSM routing table in this example is very simple,
# there is just a default gateway and 2 directly attached
# subnets.
#
# The "no nat server" is very important, since you do not
# want to rewrite the destination IP address when
# forwarding the traffic.
 
!
serverfarm WEBFARM
nat server
no nat client
real 10.20.220.10
inservice
real 10.20.220.20
inservice
!
vserver DIRECT-ACCESS
virtual 10.20.220.0 255.255.255.0 tcp 0
serverfarm ROUTE
persistent rebalance
inservice
 
# This vserver is listening to all TCP connections destined to the
# serverfarm IP subnet.
# Note: ping to the backend servers will not work with this example
 
!
vserver WEB
virtual 10.20.221.100 tcp www
serverfarm WEBFARM
persistent rebalance
inservice
 
interface Vlan221
ip address 10.20.221.1 255.255.255.0
 
# vlan221 is the L3 interface on the MSFC that connects to the CSM
# Client requests are being routed by the MSFC, from its other
# interfaces (not shown in this example) to vlan221.
 
!
ip classless
ip route 10.20.220.0 255.255.255.0 10.20.221.2
 
# This static route is necessary to allow the MSFC to reach
# the backend servers.
 

show コマンドの出力

Cat6k-2# show module csm 5 conn detail
 
prot vlan source destination state
----------------------------------------------------------------------
In TCP 221 10.20.1.100:44268 10.20.220.10:23 ESTAB
Out TCP 220 10.20.220.10:23 10.20.1.100:44268 ESTAB
vs = DIRECT-ACCESS, ftp = No, csrp = False
 
# The information displayed shows that the CSM is not rewriting any IP addresses while
# forwarding theconnection from VLAN 221 (client) to VLAN 220 (server) This connection has
# been created because it was destined to the virtual server DIRECT-ACCESS.
 
Cat6k-2# show module csm 5 vserver detail
WEB, type = SLB, state = OPERATIONAL, v_index = 14
virtual = 10.20.221.100/32:80 bidir, TCP, service = NONE, advertise = FALSE
idle = 3600, replicate csrp = none, vlan = ALL, pending = 30, layer 4
max parse len = 2000, persist rebalance = TRUE
ssl sticky offset = 0, length = 32
conns = 0, total conns = 0
Default policy:
server farm = WEBFARM, backup = <not assigned>
sticky: timer = 0, subnet = 0.0.0.0, group id = 0
Policy Tot matches Client pkts Server pkts
-----------------------------------------------------
(default) 0 0 0
 
DIRECT-ACCESS, type = SLB, state = OPERATIONAL, v_index = 15
virtual = 10.20.220.0/24:0 bidir, TCP, service = NONE, advertise = FALSE
idle = 3600, replicate csrp = none, vlan = ALL, pending = 30, layer 4
max parse len = 2000, persist rebalance = TRUE
ssl sticky offset = 0, length = 32
conns = 1, total conns = 1
Default policy:
server farm = ROUTE, backup = <not assigned>
sticky: timer = 0, subnet = 0.0.0.0, group id = 0
Policy Tot matches Client pkts Server pkts
-----------------------------------------------------
(default) 1 48 35
 

サーバ間のロードバランシングされた接続の設定

ここでは、3つのVLAN(1つのクライアントVLANおよび2つのサーバVLAN)によるCSMの設定例を示します。この設定では、サーバ間でロードバランシングされた接続が許可されます。送信元および宛先サーバは、異なるVLAN内にあるため、送信元NATは必要ありません。

module ContentSwitchingModule 5
vlan 220 server
ip address 10.20.220.2 255.255.255.0
alias 10.20.220.1 255.255.255.0
!
vlan 221 client
ip address 10.20.221.5 255.255.255.0
gateway 10.20.221.1
!
vlan 210 server
ip address 10.20.210.2 255.255.255.0
alias 10.20.210.1 255.255.255.0
!
serverfarm TIER-1
nat server
no nat client
real 10.20.210.10
inservice
real 10.20.210.20
inservice
!
serverfarm TIER-2
nat server
no nat client
real 10.20.220.10
inservice
real 10.20.220.20
inservice
!
vserver VIP1
virtual 10.20.221.100 tcp telnet
vlan 221
serverfarm TIER-1
persistent rebalance
inservice
!
vserver VIP2
virtual 10.20.210.100 tcp telnet
vlan 210
serverfarm TIER-2
persistent rebalance
inservice
!
 

show コマンドの出力

Cat6k-2# show module csm 5 arp
 
Internet Address Physical Interface VLAN Type Status
--------------------------------------------------------------------
10.20.210.1 00-02-FC-E1-68-EB 210 -ALIAS- local
10.20.210.2 00-02-FC-E1-68-EC 210 --SLB-- local
10.20.210.10 00-D0-B7-A0-68-5D 210 REAL up(0 misses)
10.20.210.20 00-D0-B7-A0-68-5D 210 REAL up(0 misses)
10.20.220.1 00-02-FC-E1-68-EB 220 -ALIAS- local
10.20.220.2 00-02-FC-E1-68-EC 220 --SLB-- local
10.20.210.100 00-02-FC-E1-68-EB 0 VSERVER local
10.20.220.10 00-D0-B7-A0-81-D8 220 REAL up(0 misses)
10.20.221.1 00-02-FC-CB-70-0A 221 GATEWAY up(0 misses)
10.20.221.5 00-02-FC-E1-68-EC 221 --SLB-- local
10.20.220.20 00-D0-B7-A0-81-D8 220 REAL up(0 misses)
10.20.221.100 00-02-FC-E1-68-EB 0 VSERVER local
 
Cat6k-2# show module csm 5 vser
 
vserver type prot virtual vlan state conns
---------------------------------------------------------------------------
VIP1 SLB TCP 10.20.221.100/32:23 221 OPERATIONAL 1
VIP2 SLB TCP 10.20.210.100/32:23 210 OPERATIONAL 1
 
Cat6k-2# show module csm 5 conn detail
 
prot vlan source destination state
----------------------------------------------------------------------
In TCP 221 10.20.1.100:44240 10.20.221.100:23 ESTAB
Out TCP 210 10.20.210.10:23 10.20.1.100:44240 ESTAB
vs = VIP1, ftp = No, csrp = False
 
In TCP 210 10.20.210.10:45885 10.20.210.100:23 ESTAB
Out TCP 220 10.20.220.10:23 10.20.210.10:45885 ESTAB
vs = VIP2, ftp = No, csrp = False
 
# The previous command shows a connection opened from a client coming in from VLAN 221
# (client is 10.20.1.100). That connection goes to virtual IP address 1 (VIP1) and is
# balanced to 10.20.210.10. Another connection is opened from server 10.20.210.10, goes to
# VIP2 and is balanced to 10.20.220.10
 

RHIの設定

CSMはいずれのIPサブネットにおいても、仮想サーバをサポートします。仮想サーバが、Multilayer Switch Feature Card(MSFC;マルチレイヤ スイッチ フィーチャ カード)と直接接続していないサブネット内で設定される場合は、この仮想サーバを処理するサーバ ファームの状態に応じて、スタティック ルートをMSFCルーティング テーブルに注入するようCSMを設定できます。

また、このメカニズムを障害の回復またはGlobal Server Load Balancing(GSLB;グローバル サーバ ロード バランシング)ソリューションにも使用することができます。この場合、2つの異なるCSMが同じVIPのスタティック ルートを注入します。スタティック ルートは、結果的に異なるコストで、特定の位置に再配分できます。

module ContentSwitchingModule 5
vlan 220 server
ip address 10.20.220.2 255.255.255.0
alias 10.20.220.1 255.255.255.0
!
vlan 221 client
ip address 10.20.221.5 255.255.255.0
gateway 10.20.221.1
alias 10.20.221.2 255.255.255.0
 

エイリアスIPは、CSMがアドバタイズされた仮想サーバに到達するために、ネクストホップとして使用するようMSFCに指示するIPのため、非常に重要です。

!
probe PING icmp
interval 2
retries 2
failed 10
receive 2
!
serverfarm WEBFARM
nat server
no nat client
real 10.20.220.10
inservice
real 10.20.220.20
inservice
probe PING
!
vserver WEB
virtual 10.20.250.100 tcp www
vlan 221
 
# By default, a virtual server listens to traffic coming in on any VLAN. You can restrict
# access to a virtual server by defining a specific VLAN. When using Route Health
# Injection, it is required to specify the VLAN for the virtual server. This tells the CSM
# which next-hop it needs to program in the static route that it will inject in the MSFC
# routing tables.
 
serverfarm WEBFARM
advertise active
 
# This is the command that tells the CSM to inject the route for this virtual server. The
# option "active" tells the CSM to remove the route if the backend serverfarm fails.
 
persistent rebalance
inservice
 

show コマンドの出力

Cat6k-2# show module csm 5 probe detail
probe type port interval retries failed open receive
---------------------------------------------------------------------
PING icmp 2 2 10 2
real vserver serverfarm policy status
------------------------------------------------------------------------------
10.20.220.20:80 WEB WEBFARM (default) OPERABLE
10.20.220.10:80 WEB WEBFARM (default) OPERABLE
 
Cat6k-2# show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
 
Gateway of last resort is 10.20.1.100 to network 0.0.0.0
 
10.0.0.0/8 is variably subnetted, 8 subnets, 3 masks
C 10.21.1.0/24 is directly connected, Vlan21
S 10.20.250.100/32 [1/0] via 10.20.221.2, Vlan221
 
# The static route to 10.20.250.100 has been automatically created by the CSM, since both
# servers were healthy.
 
C 10.20.221.0/24 is directly connected, Vlan221
S* 0.0.0.0/0 [1/0] via 10.30.1.100
 
Cat6k-2# show module csm 5 vser detail
WEB, type = SLB, state = OPERATIONAL, v_index = 14
virtual = 10.20.250.100/32:80 bidir, TCP, service = NONE, advertise = TRUE
idle = 3600, replicate csrp = none, vlan = 221, pending = 30, layer 4
max parse len = 2000, persist rebalance = TRUE
ssl sticky offset = 0, length = 32
conns = 0, total conns = 6
Default policy:
server farm = WEBFARM, backup = <not assigned>
sticky: timer = 0, subnet = 0.0.0.0, group id = 0
Policy Tot matches Client pkts Server pkts
-----------------------------------------------------
(default) 6 36 30
 
# Failing the servers causes the route to be removed This behaviour is configured with the
# advertise active command.
 
Cat6k-2# show module csm 5 probe detail
1d20h: %SYS-5-CONFIG_I: Configured from console by vty0 (probe detail
probe type port interval retries failed open receive
---------------------------------------------------------------------
PING icmp 2 2 10 2
real vserver serverfarm policy status
------------------------------------------------------------------------------
10.20.220.20:80 WEB WEBFARM (default) TESTING
10.20.220.10:80 WEB WEBFARM (default) TESTING
 
Cat6k-2#
1d20h: %CSM_SLB-6-RSERVERSTATE: Module 5 server state changed: SLB-NETMGT: ICMP health probe failed for server 10.20.220.20:80 in serverfarm 'WEBFARM'
1d20h: %CSM_SLB-6-RSERVERSTATE: Module 5 server state changed: SLB-NETMGT: ICMP health probe failed for server 10.20.220.10:80 in serverfarm 'WEBFARM'
 
\Cat6k-2#
Cat6k-2# show module csm 5 probe detail
probe type port interval retries failed open receive
---------------------------------------------------------------------
PING icmp 2 2 10 2
real vserver serverfarm policy status
------------------------------------------------------------------------------
10.20.220.20:80 WEB WEBFARM (default) FAILED
10.20.220.10:80 WEB WEBFARM (default) FAILED
Cat6k-2#
 
Cat6k-2# show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
 
Gateway of last resort is 10.20.1.100 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 8 subnets, 3 masks
C 10.21.1.0/24 is directly connected, Vlan21
C 10.20.221.0/24 is directly connected, Vlan221
S* 0.0.0.0/0 [1/0] via 10.30.1.100

サーバ名の設定

ここでは、サーバ名を使用してサーバとサーバ ファームを関連付ける別の方法を示します。この方法は、複数のサーバ ファームに同一のサーバを関連付ける場合に適しています。ユーザが、1つのコマンドだけでサーバをすべてのサーバ ファームのローテーションから外すことができるからです。

module ContentSwitchingModule 5
vlan 220 server
ip address 10.20.220.2 255.255.255.0
alias 10.20.220.1 255.255.255.0
!
vlan 221 client
ip address 10.20.221.5 255.255.255.0
gateway 10.20.221.1
alias 10.20.221.2 255.255.255.0
!
probe PING icmp
interval 2
retries 2
failed 10
receive 2
!
probe FTP ftp
interval 5
retries 2
failed 20
open 3
receive 3
!
probe HTTP http
request method head
expect status 200 299
interval 5
retries 2
failed 10
open 2
receive 2
!
real SERVER1
address 10.20.220.10
inservice
real SERVER2
address 10.20.220.20
inservice
!
serverfarm FTPFARM
nat server
no nat client
real name SERVER1
inservice
real name SERVER2
inservice
probe PING
probe FTP
!
serverfarm WEBFARM
nat server
no nat client
real name SERVER1
inservice
real name SERVER2
inservice
probe PING
probe HTTP
!
vserver FTP
virtual 10.20.221.100 tcp ftp service ftp
serverfarm FTPFARM
persistent rebalance
inservice
!
vserver WEB
virtual 10.20.221.100 tcp www
serverfarm WEBFARM
persistent rebalance
inservice
!
 

show コマンドの出力

Cat6k-2# show module csm 5 probe detail
probe type port interval retries failed open receive
---------------------------------------------------------------------
PING icmp 2 2 10 2
real vserver serverfarm policy status
------------------------------------------------------------------------------
10.20.220.20:21 FTP FTPFARM (default) OPERABLE
10.20.220.10:21 FTP FTPFARM (default) OPERABLE
10.20.220.20:80 WEB WEBFARM (default) OPERABLE
10.20.220.10:80 WEB WEBFARM (default) OPERABLE
FTP ftp 5 2 20 3 3
Expected Status Codes:
0 to 999
real vserver serverfarm policy status
------------------------------------------------------------------------------
10.20.220.20:21 FTP FTPFARM (default) OPERABLE
10.20.220.10:21 FTP FTPFARM (default) OPERABLE
HTTP http 5 2 10 2 2
Probe Request: HEAD /
Expected Status Codes:
200 to 299
real vserver serverfarm policy status
------------------------------------------------------------------------------
10.20.220.20:80 WEB WEBFARM (default) OPERABLE
10.20.220.10:80 WEB WEBFARM (default) OPERABLE
 
Cat6k-2# show module csm 5 real
 
real server farm weight state conns/hits
-------------------------------------------------------------------------
SERVER1 FTPFARM 8 OPERATIONAL 0
SERVER2 FTPFARM 8 OPERATIONAL 0
SERVER1 WEBFARM 8 OPERATIONAL 0
SERVER2 WEBFARM 8 OPERATIONAL 0
 
# Taking a server out of service at the server farm level will only take the server out of
# service for that specific farm
 
Cat6k-2# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Cat6k-2(config)# module csm 5
Cat6k-2(config-module-csm)# server webfarm
Cat6k-2(config-slb-sfarm)# real name server1
Cat6k-2(config-slb-real)# no inservice
Cat6k-2(config-slb-real)# end
1d20h: %CSM_SLB-6-RSERVERSTATE: Module 5 server state changed: SLB-NETMGT: Configured server 10.20.220.10:0 to OUT-OF-SERVICE in serverfarm 'WEBFARM'
Cat6k-2#
1d20h: %SYS-5-CONFIG_I: Configured from console by vty0 (10.20.1.100)
Cat6k-2#
Cat6k-2# show module csm 5 real
 
real server farm weight state conns/hits
-------------------------------------------------------------------------
SERVER1 FTPFARM 8 OPERATIONAL 0
SERVER2 FTPFARM 8 OPERATIONAL 0
SERVER1 WEBFARM 8 OUTOFSERVICE 0
SERVER2 WEBFARM 8 OPERATIONAL 0
Cat6k-2#
 
# Taking the server out of service at the real server level will take the server out of
# service for all the server farms
 
Cat6k-2# confure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Cat6k-2(config)# module csm 5
Cat6k-2(config-module-csm)# real server1
Cat6k(config-slb-module-real)# no inservice
Cat6k(config-slb-module-real)# end
Cat6k-2#
1d20h: %SYS-5-CONFIG_I: Configured from console by vty0 (10.20.1.100)
Cat6k-2# show module csm 5 real
 
real server farm weight state conns/hits
-------------------------------------------------------------------------
SERVER1 FTPFARM 8 OUTOFSERVICE 0
SERVER2 FTPFARM 8 OPERATIONAL 0
SERVER1 WEBFARM 8 OUTOFSERVICE 0
SERVER2 WEBFARM 8 OPERATIONAL 0
Cat6k-2#
 

バックアップ サーバ ファームの設定

ここでは、仮想サーバにバックアップ サーバ ファームを設定する例を示します。プライマリ サーバ ファームのすべてのサーバで障害が発生した場合、CSMがバックアップ サーバ ファームに要求を送り始めます。仮想サーバにスティッキ性が設定されている場合は、stickyオプションによりバックアップ動作を制御できます。

module ContentSwitchingModule 5
vlan 220 server
ip address 10.20.220.2 255.255.255.0
alias 10.20.220.1 255.255.255.0
!
vlan 221 client
ip address 10.20.221.5 255.255.255.0
gateway 10.20.221.1
alias 10.20.221.2 255.255.255.0
!
vlan 210 server
ip address 10.20.210.2 255.255.255.0
alias 10.20.210.1 255.255.255.0
!
probe PING icmp
interval 2
retries 2
failed 10
receive 2
!
real SERVER1
address 10.20.220.10
inservice
real SERVER2
address 10.20.220.20
inservice
real SERVER3
address 10.20.210.30
inservice
real SERVER4
address 10.20.210.40
inservice
!
serverfarm WEBFARM
nat server
no nat client
real name SERVER1
inservice
real name SERVER2
inservice
probe PING
!
serverfarm WEBFARM2
nat server
no nat client
real name SERVER3
inservice
real name SERVER4
inservice
probe PING
!
vserver WEB
virtual 10.20.221.100 tcp www
serverfarm WEBFARM backup WEBFARM2
persistent rebalance
inservice
!
 

show コマンドの出力

Cat6k-2# show module csm 5 real
 
real server farm weight state conns/hits
-------------------------------------------------------------------------
SERVER1 WEBFARM 8 OPERATIONAL 0
SERVER2 WEBFARM 8 OPERATIONAL 0
SERVER3 WEBFARM2 8 OPERATIONAL 0
SERVER4 WEBFARM2 8 OPERATIONAL 0
 
# All the servers are shown as operational.
 
Cat6k-2# show module csm 5 serverfarm detail
WEBFARM, type = SLB, predictor = RoundRobin
nat = SERVER
virtuals inservice = 1, reals = 2, bind id = 0, fail action = none
inband health config: <none>
retcode map = <none>
Probes:
PING, type = icmp
Real servers:
SERVER1, weight = 8, OPERATIONAL, conns = 0
SERVER2, weight = 8, OPERATIONAL, conns = 0
Total connections = 0
 
WEBFARM2, type = SLB, predictor = RoundRobin
nat = SERVER
virtuals inservice = 1, reals = 2, bind id = 0, fail action = none
inband health config: <none>
retcode map = <none>
Probes:
PING, type = icmp
Real servers:
SERVER3, weight = 8, OPERATIONAL, conns = 0
SERVER4, weight = 8, OPERATIONAL, conns = 0
Total connections = 0
 
Cat6k-2# show module csm 5 vserver detail
WEB, type = SLB, state = OPERATIONAL, v_index = 18
virtual = 10.20.221.100/32:80 bidir, TCP, service = NONE, advertise = FALSE
idle = 3600, replicate csrp = none, vlan = ALL, pending = 30, layer 4
max parse len = 2000, persist rebalance = TRUE
ssl sticky offset = 0, length = 32
conns = 0, total conns = 0
Default policy:
server farm = WEBFARM, backup = WEBFARM2 (no sticky)
sticky: timer = 0, subnet = 0.0.0.0, group id = 0
Policy Tot matches Client pkts Server pkts
-----------------------------------------------------
(default) 0 0 0
 
# No connections have been sent to the virtual server yet.
 
Cat6k-2# show module csm 5 vserver detail
WEB, type = SLB, state = OPERATIONAL, v_index = 18
virtual = 10.20.221.100/32:80 bidir, TCP, service = NONE, advertise = FALSE
idle = 3600, replicate csrp = none, vlan = ALL, pending = 30, layer 4
max parse len = 2000, persist rebalance = TRUE
ssl sticky offset = 0, length = 32
conns = 0, total conns = 14
Default policy:
server farm = WEBFARM, backup = WEBFARM2 (no sticky)
sticky: timer = 0, subnet = 0.0.0.0, group id = 0
Policy Tot matches Client pkts Server pkts
-----------------------------------------------------
(default) 14 84 70
 
# A total of 14 connections have been sent to the virtual server and have been balanced to # the primary server farm. For each connection, the client has sent 6 packets and the # server has sent 5 packets. Two servers are taken out of service
 
Cat6k-2#
1d21h: %CSM_SLB-6-RSERVERSTATE: Module 5 server state changed: SLB-NETMGT: ICMP health probe failed for server 10.20.220.10:80 in serverfarm 'WEBFARM'
1d21h: %CSM_SLB-6-RSERVERSTATE: Module 5 server state changed: SLB-NETMGT: ICMP health probe failed for server 10.20.220.20:80 in serverfarm 'WEBFARM'
 
Cat6k-2# show module csm 5 serverfarm detail
WEBFARM, type = SLB, predictor = RoundRobin
nat = SERVER
virtuals inservice = 1, reals = 2, bind id = 0, fail action = none
inband health config: <none>
retcode map = <none>
Probes:
PING, type = icmp
Real servers:
SERVER1, weight = 8, PROBE_FAILED, conns = 0
SERVER2, weight = 8, PROBE_FAILED, conns = 0
Total connections = 0
 
# The two servers have failed the probe but the CSM has not yet refreshed the ARP table
# for them, so the servers are not yet shown in the failed state
 
WEBFARM2, type = SLB, predictor = RoundRobin
nat = SERVER
virtuals inservice = 1, reals = 2, bind id = 0, fail action = none
inband health config: <none>
retcode map = <none>
Probes:
PING, type = icmp
Real servers:
SERVER3, weight = 8, OPERATIONAL, conns = 0
SERVER4, weight = 8, OPERATIONAL, conns = 0
Total connections = 0
 
Cat6k-2# show module csm 5 vserver detail
WEB, type = SLB, state = OUTOFSERVICE, v_index = 18
virtual = 10.20.221.100/32:80 bidir, TCP, service = NONE, advertise = FALSE
idle = 3600, replicate csrp = none, vlan = ALL, pending = 30, layer 4
max parse len = 2000, persist rebalance = TRUE
ssl sticky offset = 0, length = 32
conns = 0, total conns = 14
Default policy:
server farm = WEBFARM, backup = WEBFARM2 (no sticky)
sticky: timer = 0, subnet = 0.0.0.0, group id = 0
Policy Tot matches Client pkts Server pkts
-----------------------------------------------------
(default) 14 83 70
 
# The virtual server is displayed as out of service, even if it is configured with a
# backup server farm, which is healthy. This behaviour is useful if the backup server farm
# is configured as an HTTP redirect server farm to a different site and you are using some
# DNS-based GSLB method, where some connections are still being directed to the failed
# virtual server.
 
# If you want the CSM to consider the virtual server healthy and operational if the backup
# server farm is healthy, you just need to change an environmental variable.
 
Cat6k-2# show module csm 5 variable
 
variable value
----------------------------------------------------------------
ARP_INTERVAL 300
ARP_LEARNED_INTERVAL 14400
ARP_GRATUITOUS_INTERVAL 15
ARP_RATE 10
ARP_RETRIES 3
ARP_LEARN_MODE 1
ARP_REPLY_FOR_NO_INSERVICE_VIP 0
ADVERTISE_RHI_FREQ 10
AGGREGATE_BACKUP_SF_STATE_TO_VS 0
DEST_UNREACHABLE_MASK 0xffff
FT_FLOW_REFRESH_INT 15
GSLB_LICENSE_KEY (no valid license)
HTTP_CASE_SENSITIVE_MATCHING 1
MAX_PARSE_LEN_MULTIPLIER 1
NAT_CLIENT_HASH_SOURCE_PORT 0
ROUTE_UNKNOWN_FLOW_PKTS 0
NO_RESET_UNIDIRECTIONAL_FLOWS 0
SYN_COOKIE_INTERVAL 3
SYN_COOKIE_THRESHOLD 5000
TCP_MSS_OPTION 1460
TCP_WND_SIZE_OPTION 8192
VSERVER_ICMP_ALWAYS_RESPOND false
XML_CONFIG_AUTH_TYPE Basic
 
# The variable that you want to change is AGGREGATE_BACKUP_SF_STATE_TO_VS
 
Cat6k-2#
1d21h: %CSM_SLB-6-RSERVERSTATE: Module 5 server state changed: SLB-NETMGT: Server 10.20.220.20 failed ARP request
Cat6k-2#
 
# The CSM has refreshed the ARP entry for 10.20.220.20 which is now reported in the failed
state.
 
Cat6k-2# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Cat6k-2(config)# module csm 5
Cat6k-2(config-module-csm)# variable AGGREGATE_BACKUP_SF_STATE_TO_VS 1
Cat6k-2(config-module-csm)# end
 
1d21h: %SYS-5-CONFIG_I: Configured from console by vty0 (10.20.1.100)
 
Cat6k-2# show module csm 5 variable
 
variable value
----------------------------------------------------------------
ARP_INTERVAL 300
ARP_LEARNED_INTERVAL 14400
ARP_GRATUITOUS_INTERVAL 15
ARP_RATE 10
ARP_RETRIES 3
ARP_LEARN_MODE 1
ARP_REPLY_FOR_NO_INSERVICE_VIP 0
ADVERTISE_RHI_FREQ 10
AGGREGATE_BACKUP_SF_STATE_TO_VS 1
DEST_UNREACHABLE_MASK 0xffff
FT_FLOW_REFRESH_INT 15
GSLB_LICENSE_KEY (no valid license)
HTTP_CASE_SENSITIVE_MATCHING 1
MAX_PARSE_LEN_MULTIPLIER 1
NAT_CLIENT_HASH_SOURCE_PORT 0
ROUTE_UNKNOWN_FLOW_PKTS 0
NO_RESET_UNIDIRECTIONAL_FLOWS 0
SYN_COOKIE_INTERVAL 3
SYN_COOKIE_THRESHOLD 5000
TCP_MSS_OPTION 1460
TCP_WND_SIZE_OPTION 8192
VSERVER_ICMP_ALWAYS_RESPOND false
XML_CONFIG_AUTH_TYPE Basic
 
Cat6k-2# show module csm 5 vserver detail
WEB, type = SLB, state = OPERATIONAL, v_index = 18
virtual = 10.20.221.100/32:80 bidir, TCP, service = NONE, advertise = FALSE
idle = 3600, replicate csrp = none, vlan = ALL, pending = 30, layer 4
max parse len = 2000, persist rebalance = TRUE
ssl sticky offset = 0, length = 32
conns = 0, total conns = 14
Default policy:
server farm = WEBFARM, backup = WEBFARM2 (no sticky)
sticky: timer = 0, subnet = 0.0.0.0, group id = 0
Policy Tot matches Client pkts Server pkts
-----------------------------------------------------
(default) 14 83 70
 
# The virtual server is now shown as operational.
 
Cat6k-2# show module csm 5 real detail
SERVER1, WEBFARM, state = PROBE_FAILED
address = 10.20.220.10, location = <NA>
conns = 0, maxconns = 4294967295, minconns = 0
weight = 8, weight(admin) = 8, metric = 0, remainder = 0
total conns established = 7, total conn failures = 0
SERVER2, WEBFARM, state = FAILED
address = 10.20.220.20, location = <NA>
conns = 0, maxconns = 4294967295, minconns = 0
weight = 8, weight(admin) = 8, metric = 0, remainder = 0
total conns established = 7, total conn failures = 0
SERVER3, WEBFARM2, state = OPERATIONAL
address = 10.20.210.30, location = <NA>
conns = 0, maxconns = 4294967295, minconns = 0
weight = 8, weight(admin) = 8, metric = 0, remainder = 0
total conns established = 0, total conn failures = 0
SERVER4, WEBFARM2, state = OPERATIONAL
address = 10.20.210.40, location = <NA>
conns = 0, maxconns = 4294967295, minconns = 0
weight = 8, weight(admin) = 8, metric = 0, remainder = 0
total conns established = 0, total conn failures = 0
Cat6k-2#
 
1d21h: %CSM_SLB-6-RSERVERSTATE: Module 5 server state changed: SLB-NETMGT: Server 10.20.220.10 failed ARP request
 
# The ARP entry for the other server has been refreshed.
 
Cat6k-2# show module csm 5 real detail
SERVER1, WEBFARM, state = FAILED
address = 10.20.220.10, location = <NA>
conns = 0, maxconns = 4294967295, minconns = 0
weight = 8, weight(admin) = 8, metric = 0, remainder = 0
total conns established = 7, total conn failures = 0
SERVER2, WEBFARM, state = FAILED
address = 10.20.220.20, location = <NA>
conns = 0, maxconns = 4294967295, minconns = 0
weight = 8, weight(admin) = 8, metric = 0, remainder = 0
total conns established = 7, total conn failures = 0
SERVER3, WEBFARM2, state = OPERATIONAL
address = 10.20.210.30, location = <NA>
conns = 0, maxconns = 4294967295, minconns = 0
weight = 8, weight(admin) = 8, metric = 0, remainder = 0
total conns established = 0, total conn failures = 0
SERVER4, WEBFARM2, state = OPERATIONAL
address = 10.20.210.40, location = <NA>
conns = 0, maxconns = 4294967295, minconns = 0
weight = 8, weight(admin) = 8, metric = 0, remainder = 0
total conns established = 0, total conn failures = 0
 
# So far, each of the servers in the primary server farm have received 7 connections. New
# connections are now sent only to the backup server farm.
 
Cat6k-2# show module csm 5 real detail
SERVER1, WEBFARM, state = FAILED
address = 10.20.220.10, location = <NA>
conns = 0, maxconns = 4294967295, minconns = 0
weight = 8, weight(admin) = 8, metric = 0, remainder = 0
total conns established = 7, total conn failures = 0
SERVER2, WEBFARM, state = FAILED
address = 10.20.220.20, location = <NA>
conns = 0, maxconns = 4294967295, minconns = 0
weight = 8, weight(admin) = 8, metric = 0, remainder = 0
total conns established = 7, total conn failures = 0
SERVER3, WEBFARM2, state = OPERATIONAL
address = 10.20.210.30, location = <NA>
conns = 0, maxconns = 4294967295, minconns = 0
weight = 8, weight(admin) = 8, metric = 0, remainder = 0
total conns established = 6, total conn failures = 0
SERVER4, WEBFARM2, state = OPERATIONAL
address = 10.20.210.40, location = <NA>
conns = 0, maxconns = 4294967295, minconns = 0
weight = 8, weight(admin) = 8, metric = 0, remainder = 0
total conns established = 6, total conn failures = 0
Cat6k-2#
 

送信元IPアドレスに基づいたロードバランシングの決定の設定

ここでは、クライアントの送信元IPアドレスに基づいてロードバランシングを決定する例を示します。この設定では、slbポリシーを使用する必要があります。

module ContentSwitchingModule 5
vlan 220 server
ip address 10.20.220.2 255.255.255.0
alias 10.20.220.1 255.255.255.0
!
vlan 221 client
ip address 10.20.221.5 255.255.255.0
gateway 10.20.221.1
alias 10.20.221.2 255.255.255.0
!
probe PING icmp
interval 2
retries 2
failed 10
receive 2
!
real SERVER1
address 10.20.220.10
inservice
real SERVER2
address 10.20.220.20
inservice
real SERVER3
address 10.20.220.30
inservice
real SERVER4
address 10.20.220.40
inservice
!
serverfarm WEBFARM
nat server
no nat client
real name SERVER1
inservice
real name SERVER2
inservice
probe PING
!
serverfarm WEBFARM2
nat server
no nat client
real name SERVER3
inservice
real name SERVER4
inservice
!
policy SOURCE-IP-50
client-group 50
serverfarm WEBFARM2
 
# A policy consists of a series of conditions, plus the actions to take if those
# conditions are matched. In this case, the only condition is client-group 50 which
# requires the incoming connection to match the standard access-list 50. The only action
# to take is to use server farm WEBFARM2 to serve those requests.
 
!
vserver WEB
virtual 10.20.221.100 tcp www
serverfarm WEBFARM
persistent rebalance
slb-policy SOURCE-IP-50
 
# Slb-policies associated to a virtual server are always examined in the order in which
# they are configured. The defintion of the server farm under the virtual server
# configuration is the default policy and is always used as a last resort if no policy
# matches, or if there are no policies configured.
 
# In this case, incoming requests are processed to see if they match the conditions of the
# slb-policy SOURCe-IP-50. If they do, then the server farm WEBFARM2 is used, otherwise
# the default policy is selected (for example, WEBFARM is used).
 
# If a default server farm is not configured, then connections that do not match any
# policy are dropped.
 
# This example shows how to configure the IOS standard access list. You can configure any
# of the 1-99 standard access lists, or you can configure named access lists
 
inservice
!
access-list 50 permit 10.20.1.100
 

show コマンドの出力

Cat6k-2# show module csm 5 vser detail
WEB, type = SLB, state = OPERATIONAL, v_index = 18
virtual = 10.20.221.100/32:80 bidir, TCP, service = NONE, advertise = FALSE
idle = 3600, replicate csrp = none, vlan = ALL, pending = 30, layer 4
max parse len = 2000, persist rebalance = TRUE
ssl sticky offset = 0, length = 32
conns = 0, total conns = 0
Default policy:
server farm = WEBFARM, backup = <not assigned>
sticky: timer = 0, subnet = 0.0.0.0, group id = 0
Policy Tot matches Client pkts Server pkts
-----------------------------------------------------
SOURCE-IP-50 0 0 0
(default) 0 0 0
 
# This example shows that six connections have matched the slb-policy SOURCE-IP-50.
 
Cat6k-2# show module csm 5 vser detail
WEB, type = SLB, state = OPERATIONAL, v_index = 18
virtual = 10.20.221.100/32:80 bidir, TCP, service = NONE, advertise = FALSE
idle = 3600, replicate csrp = none, vlan = ALL, pending = 30, layer 4
max parse len = 2000, persist rebalance = TRUE
ssl sticky offset = 0, length = 32
conns = 0, total conns = 6
Default policy:
server farm = WEBFARM, backup = <not assigned>
sticky: timer = 0, subnet = 0.0.0.0, group id = 0
Policy Tot matches Client pkts Server pkts
-----------------------------------------------------
SOURCE-IP-50 6 36 30
(default) 0 0 0
 
# This example shows that SERVER3 and SERVER4 have received 3 connections each.
 
Cat6k-2# show module csm 5 real detail
SERVER1, WEBFARM, state = OPERATIONAL
address = 10.20.220.10, location = <NA>
conns = 0, maxconns = 4294967295, minconns = 0
weight = 8, weight(admin) = 8, metric = 0, remainder = 0
total conns established = 0, total conn failures = 0
SERVER2, WEBFARM, state = OPERATIONAL
address = 10.20.220.20, location = <NA>
conns = 0, maxconns = 4294967295, minconns = 0
weight = 8, weight(admin) = 8, metric = 0, remainder = 0
total conns established = 0, total conn failures = 0
SERVER3, WEBFARM2, state = OPERATIONAL
address = 10.20.220.30, location = <NA>
conns = 0, maxconns = 4294967295, minconns = 0
weight = 8, weight(admin) = 8, metric = 0, remainder = 0
total conns established = 3, total conn failures = 0
SERVER4, WEBFARM2, state = OPERATIONAL
address = 10.20.220.40, location = <NA>
conns = 0, maxconns = 4294967295, minconns = 0
weight = 8, weight(admin) = 8, metric = 0, remainder = 0
total conns established = 3, total conn failures = 0
Cat6k-2#
 

レイヤ7ロードバランシングの設定

ここでは、レイヤ7の情報に基づいてロードバランシングを決定する例を示します。この場合、CSMではTCP接続を終了し、要求をバッファに格納して、要求がポリシー条件に一致するか解析します。ロードバランスが決定されると、CSMは選択されたサーバとの接続を開始して、2つのフローを1つに結合します。

この例の設定では、マップおよびポリシーを使用する必要があります。ポリシーは条件および動作のリストで、すべての条件が真の場合に有効となります。

Cat6k-2(config-module-csm)# policy test
Cat6k-2(config-slb-policy)# ?
SLB policy config
client-group define policy client group
cookie-map define policy cookie map
default Set a command to its defaults
exit exit slb policy submode
header-map define policy header map
no Negate a command or set its defaults
reverse-sticky define sticky group for reverse traffic
serverfarm define policy serverfarm
set set policy parameters
sticky-group define policy sticky group
url-map define policy URL map
 
# The conditions are:
# -client-group (source IP matches a certain ACL)
# -cookie-map (match based on cookies)
# -header-map (match based on HTTP headers)
# -url-map (match based on URLs)
 
# The actions are:
# -serverfarm (the most common: use this serverfarm)
# -sticky-group (use sticky)
# -reverse-sticky (use reverse sticky)
# -set (set ip dscp)
 
\module ContentSwitchingModule 5
vlan 220 server
ip address 10.20.220.2 255.255.255.0
alias 10.20.220.1 255.255.255.0
!
vlan 221 client
ip address 10.20.221.5 255.255.255.0
gateway 10.20.221.1
alias 10.20.221.2 255.255.255.0
!
probe PING icmp
interval 2
retries 2
failed 10
receive 2
!
map TEST header
match protocol http header Host header-value www.test.com
!
map SPORTS url
match protocol http url /sports/*
 
# The definition of maps is based on the header and the URL. The URL starts right after
# the host. For example, in the URL http://www.test.com/sports/basketball/ the URL portion
# that the URL map applies to is /sports/basketball/.
 
!
real SERVER1
address 10.20.220.10
inservice
real SERVER2
address 10.20.220.20
inservice
real SERVER3
address 10.20.220.30
inservice
real SERVER4
address 10.20.220.40
inservice
!
serverfarm WEBFARM
nat server
no nat client
real name SERVER1
inservice
real name SERVER2
inservice
probe PING
!
serverfarm WEBFARM2
nat server
no nat client
real name SERVER3
inservice
real name SERVER4
inservice
!
policy TEST-SPORTS-50
url-map SPORTS
header-map TEST
client-group 50
serverfarm WEBFARM2
 
# Three conditions need to match for this policy to have a match.
 
!
vserver WEB
virtual 10.20.221.100 tcp www
serverfarm WEBFARM
persistent rebalance
slb-policy TEST-SPORTS-50
inservice
!
# If the three conditions defined in the policy are true then WEBFARM2 is used otherwise
# WEBFARM is.
 

show コマンドの出力

# In this example, 17 requests have matched the policy Of those, 12 requests have not
# matched the policy
 
Cat6k-2# show module csm 5 vserver detail
WEB, type = SLB, state = OPERATIONAL, v_index = 18
virtual = 10.20.221.100/32:80 bidir, TCP, service = NONE, advertise = FALSE
idle = 3600, replicate csrp = none, vlan = ALL, pending = 30, layer 4
max parse len = 2000, persist rebalance = TRUE
ssl sticky offset = 0, length = 32
conns = 0, total conns = 29
Default policy:
server farm = WEBFARM, backup = <not assigned>
sticky: timer = 0, subnet = 0.0.0.0, group id = 0
Policy Tot matches Client pkts Server pkts
-----------------------------------------------------
TEST-SPORTS-50 17 112 95
(default) 12 82 72
 
# This example shows that the 29 connections that were load balanced have been load
# balanced at Layer 7. For example, the CSM has to terminate TCP and parse Layer 5 through
# Layer 7 information.
 
Cat6k-2# show module csm 5 stats
Connections Created: 29
Connections Destroyed: 29
Connections Current: 0
Connections Timed-Out: 0
Connections Failed: 0
Server initiated Connections:
Created: 0, Current: 0, Failed: 0
L4 Load-Balanced Decisions: 0
L4 Rejected Connections: 0
L7 Load-Balanced Decisions: 29
L7 Rejected Connections:
Total: 0, Parser: 0,
Reached max parse len: 0, Cookie out of mem: 0,
Cfg version mismatch: 0, Bad SSL2 format: 0
L4/L7 Rejected Connections:
No policy: 0, No policy match 0,
No real: 0, ACL denied 0,
Server initiated: 0
Checksum Failures: IP: 0, TCP: 0
Redirect Connections: 0, Redirect Dropped: 0
FTP Connections: 0
MAC Frames:
Tx: Unicast: 359, Multicast: 0, Broadcast: 8,
Underflow Errors: 0
Rx: Unicast: 387, Multicast: 221, Broadcast: 1,
Overflow Errors: 0, CRC Errors: 0
 

HTTPリダイレクトの設定

ここでは、CSMによるHTTPリダイレクト メッセージの送信の設定例を示します。

# This configuration represents the configuration of site A
 
module ContentSwitchingModule 6
vlan 211 client
ip address 10.20.211.2 255.255.255.0
gateway 10.20.211.1
!
vlan 210 server
ip address 10.20.210.1 255.255.255.0
!
map SPORTMAP url
match protocol http url /sports*
!
serverfarm REDIRECTFARM
nat server
no nat client
redirect-vserver WWW2
webhost relocation www2.test.com 301
inservice
!
serverfarm WWW1FARM
nat server
no nat client
real 10.20.210.10
inservice
real 10.20.210.20
inservice
!
policy SPORTPOLICY
url-map SPORTMAP
serverfarm REDIRECTFARM
!
vserver WWW1VIP
virtual 10.20.211.100 tcp www
serverfarm WWW1FARM
persistent rebalance
slb-policy SPORTPOLICY
inservice
 
# This configuration represents the configuration of site B
 
module ContentSwitchingModule 7
vlan 221 client
ip address 10.20.221.2 255.255.255.0
gateway 10.20.221.1
!
vlan 220 server
ip address 10.20.220.1 255.255.255.0
!
serverfarm WWW2FARM
nat server
no nat client
real 10.20.220.10
inservice
real 10.20.220.20
inservice
!
vserver WWW2VIP
virtual 10.20.221.100 tcp www
serverfarm WWW2FARM
persistent rebalance
inservice
 

show コマンドの出力

# To test the configuration, the first nine requests are sent to www1.test.com requesting
# the home page “/.” The 10th request is sent to http://www1.test.com/sports/.
 
Cat6k-2# show module csm 6 vser deta
WWW1VIP, type = SLB, state = OPERATIONAL, v_index = 11
virtual = 10.20.211.100/32:80 bidir, TCP, service = NONE, advertise = FALSE
idle = 3600, replicate csrp = none, vlan = ALL, pending = 30
max parse len = 2000, persist rebalance = TRUE
ssl sticky offset = 0, length = 32
conns = 0, total conns = 10
Default policy:
server farm = WWW1FARM, backup = <not assigned>
sticky: timer = 0, subnet = 0.0.0.0, group id = 0
Policy Tot Conn Client pkts Server pkts
-----------------------------------------------------
SPORTPOLICY 1 3 1
(default) 9 45 45
 
Cat6k-2# show module csm 7 vser detail
WWW2VIP, type = SLB, state = OPERATIONAL, v_index = 26
virtual = 10.20.221.100/32:80 bidir, TCP, service = NONE, advertise = FALSE
idle = 3600, replicate csrp = none, vlan = ALL, pending = 30
max parse len = 2000, persist rebalance = TRUE
ssl sticky offset = 0, length = 32
conns = 0, total conns = 1
Default policy:
server farm = WWW2FARM, backup = <not assigned>
sticky: timer = 0, subnet = 0.0.0.0, group id = 0
Policy Tot Conn Client pkts Server pkts
-----------------------------------------------------
(default) 1 5 5
 
# Nine requests have matched the default policy for www1.test.com so they have been served
# by WWW1FARM. One request has matched the policy SPORTPOLICY and has been redirected to
# the second site that has then served the request.
 
# The following is an example of the request that was sent to www1.cisco.com asking for
# /sports/.
 
 
10.20.1.100.34589 > 10.20.211.100.80: P 1:287(286) ack 1 win 5840 (DF)
0x0000 4500 0146 763c 4000 4006 da85 0a14 0164 E..Fv<@.@......d
0x0010 0a14 d364 871d 0050 ec1d 69e6 7b57 aead ...d...P..i.{W..
0x0020 5018 16d0 96b2 0000 4745 5420 2f73 706f P.......GET./spo
0x0030 7274 732f 2048 5454 502f 312e 310d 0a43 rts/.HTTP/1.1..C
0x0040 6f6e 6e65 6374 696f 6e3a 204b 6565 702d onnection:.Keep-
0x0050 416c 6976 650d 0a55 7365 722d 4167 656e Alive..User-Agen
0x0060 743a 204d 6f7a 696c 6c61 2f35 2e30 2028 t:.Mozilla/5.0.(
0x0070 636f 6d70 6174 6962 6c65 3b20 4b6f 6e71 compatible;.Konq
0x0080 7565 726f 722f 322e 322d 3131 3b20 4c69 ueror/2.2-11;.Li
0x0090 6e75 7829 0d0a 4163 6365 7074 3a20 7465 nux)..Accept:.te
0x00a0 7874 2f2a 2c20 696d 6167 652f 6a70 6567 xt/*,.image/jpeg
0x00b0 2c20 696d 6167 652f 706e 672c 2069 6d61 ,.image/png,.ima
0x00c0 6765 2f2a 2c20 2a2f 2a0d 0a41 6363 6570 ge/*,.*/*..Accep
0x00d0 742d 456e 636f 6469 6e67 3a20 782d 677a t-Encoding:.x-gz
0x00e0 6970 2c20 677a 6970 2c20 6964 656e 7469 ip,.gzip,.identi
0x00f0 7479 0d0a 4163 6365 7074 2d43 6861 7273 ty..Accept-Chars
0x0100 6574 3a20 416e 792c 2075 7466 2d38 2c20 et:.Any,.utf-8,.
0x0110 2a0d 0a41 6363 6570 742d 4c61 6e67 7561 *..Accept-Langua
0x0120 6765 3a20 656e 5f55 532c 2065 6e0d 0a48 ge:.en_US,.en..H
0x0130 6f73 743a 2077 7777 312e 7465 7374 2e63 ost:.www1.test.c
0x0140 6f6d 0d0a 0d0a om....
 
# The following example is the message that the client has received back from
# www1.cisco.com. This message is the HTTP redirect message generated by the CSM
 
10.20.211.100.80 > 10.20.1.100.34589: FP 1:56(55) ack 287 win 2048 (DF)
0x0000 4500 005f 763c 4000 3e06 dd6c 0a14 d364 E.._v<@.>..l...d
0x0010 0a14 0164 0050 871d 7b57 aead ec1d 6b04 ...d.P..{W....k.
0x0020 5019 0800 8b1a 0000 4854 5450 2f31 2e30 P.......HTTP/1.0
0x0030 2033 3031 2046 6f75 6e64 200d 0a4c 6f63 .301.Found...Loc
0x0040 6174 696f 6e3a 2068 7474 703a 2f2f 7777 ation:.http://ww
0x0050 7732 2e74 6573 742e 636f 6d0d 0a0d 0a w2.test.com....
 
# The redirect location sent back to the client matches exactly the string configured with
# the webhost relocation www2.test.com 301 command because the client was browsing
# www1.test.com/sports/ and is redirected to www2.test.com/.
 
# In some cases this might not be the desired behaviour and there might be the need to
# preserve the original URL that the browser requested.
 
# To preseerve the URL that the browser requested, you can use the %p parameter as part of
# the redirect string.
 
# The configuration would then appear as:
 
# serverfarm REDIRECTFARM
# nat server
# no nat client
# redirect-vserver WWW2
# webhost relocation www2.test.com/%p
# inservice
 
# The following example shows the resulting redirect message which is sent back to the
# client:
 
10.20.211.100.80 > 10.20.1.100.34893: FP 1:64(63) ack 329 win 2048 (DF)
0x0000 4500 0067 7d95 4000 3e06 d60b 0a14 d364 E..g}.@.>......d
0x0010 0a14 0164 0050 884d 7093 b53b 4e0b e8a8 ...d.P.Mp..;N...
0x0020 5019 0800 2800 0000 4854 5450 2f31 2e30 P...(...HTTP/1.0
0x0030 2033 3032 2046 6f75 6e64 200d 0a4c 6f63 .302.Found...Loc
0x0040 6174 696f 6e3a 2068 7474 703a 2f2f 7777 ation:.http://ww
0x0050 7732 2e74 6573 742e 636f 6d2f 7370 6f72 w2.test.com/spor
0x0060 7473 2f0d 0a0d 0a ts/....
 
# In other cases, you may need to redirect an HTTP request to an HTTPS VIP, on the same or
# on a remote CSM. In that case, the URL request must change from http:// to https://
# You can do this by using the parameter ssl 443
 
# The configuration would then be as follows:
 
# serverfarm REDIRECTFARM
# nat server
# no nat client
# redirect-vserver WWW2
# webhost relocation www2.test.com/%p
# ssl 443
# inservice
 
# The following is the resulting redirect message sent back to the client.
 
10.20.211.100.80 > 10.20.1.100.34888: FP 1:65(64) ack 329 win 2048 (DF)
0x0000 4500 0068 2cda 4000 3e06 26c6 0a14 d364 E..h,.@.>.&....d
0x0010 0a14 0164 0050 8848 7088 b087 21e5 a627 ...d.P.Hp...!..'
0x0020 5019 0800 f39e 0000 4854 5450 2f31 2e30 P.......HTTP/1.0
0x0030 2033 3032 2046 6f75 6e64 200d 0a4c 6f63 .302.Found...Loc
0x0040 6174 696f 6e3a 2068 7474 7073 3a2f 2f77 ation:.https://w
0x0050 7777 322e 7465 7374 2e63 6f6d 2f73 706f ww2.test.com/spo
0x0060 7274 732f 0d0a 0d0a rts/....