CSS Basic Configuration Guide (Software Version 5.00) - Configuring Services [Cisco CSS 11000 Series Content Services Switches]

Table Of Contents

Configuring Services

Service, Owner, and Content Rule Overview

Service Configuration Quick Start

Service Load Overview

Using ArrowPoint Content Awareness Based on Server Load and Weight

Using ACA Based on Server Load

Using ACA Based on Server Weight and Load

Configuring Load for Services

Configuring Global Load Step

Configuring Global Load Threshold

Configuring Global Load Reporting

Configuring Load Tear Down Timer

Configuring Load Ageout Timer

Showing Global Service Loads

Global Keepalive Mode

Creating a Global Keepalive

Activating a Global Keepalive Active

Configuring a Global Keepalive Description

Configuring a Global Keepalive Frequency

Configuring a Global Keepalive IP Address

Configuring a Global Keepalive Max Failure

Configuring a Global Keepalive Method

Configuring a Global Keepalive Port

Configuring a Global Keepalive Retryperiod

Deactivating a Global Keepalive

Configuring a Global Keepalive Type

Configuring a Global Keepalive URI

Associating a Service with a Global Keepalive

Configuring Global Keepalive Hash

Showing Global Keepalive Configurations

Script Keepalives

Script Keepalive Considerations

Configuring Script Keepalives

Viewing a Script Keepalive in a Service

Script Keepalive Status Codes

Script Keepalives and Upgrading WebNS Software

Creating Services

Configuring Services

Assigning an IP Address to the Service

Specifying a Port

Specifying a Protocol

Specifying a Domain Name

Configuring an Advanced Load Balancing String

Configuring a Service HTTP Cookie

Configuring Weight

Specifying a Service Type

How the CSS Accesses Server Types

Configuring Service Access

Configuring Service Cache Bypass

Configuring Network Address Translation for Transparent Caches

Configuring a Service to Bypass a Cache Farm

Configuring Keepalives for a Service

Configuring Keepalive Frequency

Configuring Keepalive Maxfailure

Configuring Keepalive Method

Configuring Keepalive Port

Configuring Keepalive Retryperiod

Configuring Keepalive Type

Configuring Keepalive URI

Configuring Keepalive Hash

Showing Keepalive Configurations

Configuring Maximum TCP Connections

Activating a Service

Suspending a Service

Removing a Service

Removing a Service From a Content Rule

Removing a Service From a Source Group

Showing Service Configurations

Where to Go Next

Configuring Services

This chapter describes how to configure services. This chapter also contains an overview on the association between services, owners, and content rules. Information in this chapter applies to all CSS models except where noted.

This chapter contains the following sections:

•Service, Owner, and Content Rule Overview

•Service Load Overview

•Configuring Load for Services

•Global Keepalive Mode

•Script Keepalives

•Script Keepalives and Upgrading WebNS Software

•Configuring Services

•Showing Service Configurations

Service, Owner, and Content Rule Overview

The CSS enables you to configure services, owners, and content rules to direct requests for content to a specific destination service (for example, a server or a port on a server). By configuring services, owners, and content rules, you optimize and control how the CSS handles each request for specific content.

•A service is a destination location where a piece of content resides physically
(a local or remote server and port). You add services to content rules. Adding a service to a content rule includes it in the resource pool that the CSS uses for load-balancing requests for content. A service may belong to multiple content rules.

•An owner is generally the person or company who contracts the Web hosting service to host their Web content and allocate bandwidth as required. Owners can have multiple content rules.

•A content rule is a hierarchical rule set containing individual rules that describe which content (for example, .html files) is accessible by visitors to the Web site, how the content is mirrored, on which server the content resides, and how the CSS should process requests for the content. Each rule set must have an owner.

The CSS uses content rules to determine:

–Where the content physically resides, whether local or remote

–Where to direct the request for content (which service or services)

–Which load balancing method to use

When a request for content is made, the CSS:

1. Uses the owner content rule to translate the owner Virtual IP address (VIP) or domain name using Network Address Translation (NAT) to the corresponding service IP address and port.

2. Checks for available services that match the content request.

3. Uses content rules to choose which service can best process the request for content.

4. Applies all content rules to service the request for content (for example, load balancing method, redirects, failover, stickiness).

illustrates the CSS service, owner, and content rule concepts.

Figure 5-1 Services, Owners, and Content Rules Concepts

Service Configuration Quick Start

Table 5-1 provides a quick overview of the steps required to configure services. Each step includes the CLI command required to complete the task. For a complete description of each feature and all the options associated with the CLI commands, refer to the sections following Table 5-1.
Table 5-1 Service Configuration Quick Start
Task and Command Example
1. Enter config mode by typing config.
# config
(config)#
2. Create services. When you create a service, the CLI enters that service mode, as shown in the command response below. To create additional services, reenter the service command.
(config)# service serv1
(config-service[serv1])#
(config-service[serv1])# service serv2
(config-service[serv2])#
3. Assign an IP address to each service. The IP address is the actual IP address of the server.
(config-service[serv2])#
(config-service[serv2])# ip address 10.3.6.2
(config-service[serv2])# service serv1
(config-service[serv1])# ip address 10.3.6.1
4. Activate each service.
(config-service[serv1])# active
(config-service[serv1])# service serv2
(config-service[serv2])# active
(config-service[serv2])# exit
5. Display all service configurations (optional).
(config-service[serv2])# show service summary
Service Load Overview

Server load is a mechanism to express the current load experienced by a server. The CSS calculates load by using the variances in normalized response times from client to server to determine a server's load number. A server with a heavier processing load would be biased toward a more significant, larger, load number.

To configure global load parameters for the eligibility and ineligibility of CSS services, use the load report, load teardown timer, and load ageout timer commands (discussed later in this section).

You can adjust load calculations by changing the load step size, which is the difference in milliseconds between load numbers. The CSS can determine the load step dynamically, or you can configure the initial load step using the global load step command.

The load on a service has a range of 2 to 255, with an eligible load of 2 to 254. An eligible service is an active service that can receive flows. A service with a load of 255 is offline.

A service becomes ineligible to receive flows when its load number exceeds the configured load threshold. The CSS uses the configured ageout timer value to return the service to the eligible state.

For the CSS to consider the server loads as different, response times of the servers must differ by the configured load step or greater. If the response times differ by less than the configured load step, the CSS considers the servers to have the same load.

Note Redirect services have load numbers associated with them, but the load numbers are either 2 (available) or 255 (unavailable).

shows servers A, B, and C with response times of 100 ms, 1100 ms, and 120 ms, respectively. One group of servers has load step configured to 10 ms. The second group of servers has load step configured to 100 ms.

Figure 5-2 Load Calculation Example with Three Servers

For the servers set to the 10 ms load step, the difference in response time between:

•ServerA and serverB is 1000 ms. Because this value is greater than the configured load step of 10 ms, the CSS considers the server loads different.

•ServerA and serverC is 20 ms. Because this value is greater than the configured load step of 10 ms, the CSS considers the server loads different.

For the servers set to 100 ms load step, the difference in response time between:

•ServerA and serverB is 1000 ms. Because this value is greater than the configured load step of 100 ms, the CSS considers the server loads different.

•ServerA and serverC is 20 ms. Because this value is less than the configured load step of 100 ms, the CSS considers servers A and C to have the same load.

Increasing the load step causes the load for servers to be closer to each other. Decreasing the load step causes the load for servers to be further from each other.

To enable you to configure an accurate load threshold for a server, you can calculate a load number for a server. To calculate a server load number:

1. Take the difference between the server with the lowest response time and the server for which you want to determine a load number.

2. Divide the difference by the configured load step.

3. Add this number to the calculated load step of the server with the lowest response time, which is always 2.

For example, to calculate the load number for serverC with the 10 ms load step:

1. Take the difference in server response time between serverA and serverC (20 ms).

2. Divide it by the configured load step (10 ms). The result equals 2.

3. Add 2 to serverA's (server with lowest response time) calculated load (2) to determine serverC's calculated load of 4.

Using ArrowPoint Content Awareness Based on Server Load and Weight

ArrowPoint Content Awareness (ACA) load-balancing algorithm balances traffic between a group of servers. You can configure the CSS to make ACA load-balancing decisions based on:

•Server load

•Server weight and load

Using ACA Based on Server Load

ACA determines the best service for each content request based on server load and size of the content being requested. ACA estimates the file size based on previous requests for the same content. A service with a lower load receives more flows than a service with a higher load.

Using ACA Based on Server Weight and Load

Server weight is a mechanism to express the processing capabilities of a server. Weights allow you to configure the CSS to prefer one group of servers over another. When you configure weights, the number of hits per server is relative to the weight configured on that server. A higher weight will bias flows toward the specified server. For example, in Figure 5-2, ServerA with a weight of two is hit twice as much as ServerB that has a weight of one. ServerC has a weight of 10 and is hit 10 times as much as ServerB. All servers with the same weight are hit equally in a roundrobin manner.

The CSS can use a server's weight in tandem with server load to determine server availability. When you configure ACA on a content rule to use both weight and load, the CSS calculates the number of requests per weight level based on the number of servers with that weight. The CSS then balances the requests among the servers based on their individual loads. The number of requests per weight level is equal to weight level * number of servers *10. The CSS then increments the weight level, and uses the same mechanism to balance requests among the servers in the next weight level.

For information on configuring weight for a service, refer to the section "Configuring Weight" described later in this chapter. Also see the section "Specifying a Service Weight" in <Xref_Color>Chapter 7, Configuring Content Rules.

Configuring Load for Services

The options for the global load command are:

•load step msec dynamic|static - Define the load step

•load threshold number - Set the load threshold for a service, determining its eligibility to receive flows

•load reporting - Enable or disable the CSS from generating teardown reports and deriving load numbers

•load teardown-timer - Set the maximum amount of time between teardown reports

•load ageout-timer - Set the time interval in seconds in which the CSS ages out stale load information for a service

For more information on these options and associated variables, refer to the following sections.

Configuring Global Load Step

Use the load step command to set the global load step, which is the difference in milliseconds between load numbers. Load numbers have a range from 2 to 254. By default, the CSS starts at a load step of 10 ms and then dynamically calculates the load step as it accumulates minimum and maximum response times for the services.

When you configure the load step to reduce the flows to a slower service, consider the differences in response times between services. For example:

•Increasing the load step causes the load for services to be closer to each other, thus increasing the number of flows to a slower service.

•Decreasing the load step causes the load for services to be further from each other, thus decreasing the flows to a slower service.

The options and syntax for this global configuration mode command are:

•load step msec dynamic (default) - Set the initial load step. The CSS uses the default of 10 ms as the initial load step, modifying it after the CSS collects sufficient response time information.

•load step msec static - Set a constant load step. The CSS uses this load step value instead of making dynamic calculations. The default is 10 ms.

Enter the load step in milliseconds from 10 to 1000000000. The default is 10 ms. For example, to set the load step to 100 ms, enter:
(config)# load step 100
To set the load step to the default of 10 ms, enter:
(config)# no load step
Configuring Global Load Threshold

Use the load threshold command to define the global load number which the CSS uses to determine if a service is eligible to receive flows. If the service load exceeds the threshold, the service becomes ineligible to receive flows until the CSS ages the service into the eligible state.

Enter the threshold as a number from 2 to 254. The default is 254, which is the maximum threshold services can reach before becoming unavailable. To view the global load on services, enter show load (see Table 5-2 for details).

For example, to set the load threshold to 25, enter:
(config)# load threshold 25
Note If you do not configure a load threshold for the content rule with the (config-owner-content) load-threshold command, the rule inherits this global load threshold.

To set the load threshold to the default of 254, enter:
(config)# no load threshold
Configuring Global Load Reporting

Use the load reporting command to enable the CSS to generate teardown reports and derive load numbers. A teardown report is a summary of response times for services when flows are being torn down. The CSS uses the teardown report to derive the load number for a service. The default is load reporting enable.

If you are not concerned about load reporting, disable it and it may increase performance (depending on flows and load reporting already occurring). To disable load reporting, enter:
(config)# no load reporting
To reenable load reporting, enter:
(config)# load reporting
Configuring Load Tear Down Timer

Use the load teardown-timer command to set the maximum time between teardown reports. A teardown report is a summary of response times for services when flows are being torn down. The CSS uses the teardown report to derive the load number for a service.

When the SFM has sufficient teardown activity for a service, it generates a teardown report and the teardown timer is reset. If a teardown report is not triggered at the end of the teardown timer interval due to insufficient activity, the CSS triggers the SFM to generate a teardown report based on its current activity. If there is no activity on the SFM, no report is generated and the timer resets.

Note The teardown timer is overridden when a service is reset. After 10 teardown reports are recorded, the timer is reset to its configured value.

Enter the teardown timer as the number of seconds between teardown reports. enter an integer from 0 to 1000000000. The default is 20. The value of 0 disables the timer. For example, to set the teardown timer to 120 seconds, enter:
(config)# load teardown-timer 120
To reset the teardown time interval to its default of 20 seconds, enter:
(config)# no load teardown-timer
Configuring Load Ageout Timer

Use the load ageout-timer command to set the time interval in seconds in which the CSS ages out stale load information for a service. When the ageout timer interval expires, the CSS erases the information and resets the service load to 2. Load information is stale when the teardown report number recorded on a service has not incremented during the ageout time interval because no flows (long or short) are being torn down on the service.

At the beginning of the time interval, the ageout timer saves the number of the current teardown report. When the SFM generates a a new teardown report, the report number in the SFM increments and any services in the report saves this number. At the end of the ageout time interval, the CSS compares the initial teardown number, saved at the beginning of the time interval, with the current teardown number saved by each service. If the number of a service is less than or equal to the timer number, the load information is stale. The CSS erases it and the service load is reset to 2.

Enter the ageout timer as the number of seconds to age out load information for a service. Enter an integer from 0 to 1000000000. The default is 60. The value of
0 disables the timer.

For example:
(config)# load ageout-timer 180
To set the ageout time to the default of 60, enter:
(config)# no load ageout-timer
Showing Global Service Loads

Use the show load command to display the global load configuration and service load information. For example:
(config)# show load
Table 5-2 describes the fields in the show load output.

Table 5-2 Field Descriptions for the show load Command

Field

Description

Global load information

The configured state of load reporting (enabled or disabled). Reporting is disabled by default.

Step Size

The configured method in which the load step size is calculated:

•Dynamic indicates that the CSS calculates the step size.

•Static indicates that the configured step size is used.

Configured

The configured load step. The value is the difference in milliseconds between load numbers. If the step size method is dynamic, this is the initial load step. The CSS modifies the value after it collects sufficient response time information from the services.

Actual

The actual load step. The value is the difference in milliseconds between load numbers. If the step size method is configured, the actual value will be the same as the Configured field.

Threshold

The configured global load number that the CSS uses to determine if a service is eligible to receive flows. The default is 254 with a range of 2 to 254.

Ageout-Timer

The configured time interval in seconds in which stale load information for a service is aged out. When the ageout timer interval expires, the CSS erases the information and resets the service load to 2. The default is 60 with a range of an integer from 0 to 1000000000. The value of 0 disables the timer.

Teardown-timer

The maximum time between teardown reports. The default is 20 with a range from 0 to 1000000000. The value of 0 disables the timer.

Configured

The configured maximum time between teardown reports. The default is 20 with a range from 0 to 1000000000. The value of 0 disables the timer.

Actual

The actual time between teardown reports.

Service Name

The name of the service.

Average Load Number

The average load number for the service.

Global Keepalive Mode

Global keepalive configuration mode allows you to create a global keepalive and configure its properties. Once you create and configure a keepalive, you can apply it to any service. Applying a keepalive to multiple services reduces the amount of configuration required for each service.

Global keepalives are independent of service mode. In service mode, you can also configure individual keepalive properties for a service. Global keepalives supersede the individual keepalive parameters configured in service mode.

The CSS supports a maximum of 512 keepalives (which can include a maximum of 255 script keepalives). The CSS supports a maximum of 256 keepalives of one type. These keepalives include:

•Global keepalives configured in keepalive configuration mode. The CSS counts a global keepalive as one keepalive regardless of the number of services you assign to it through the (config-service) keepalive type named command.

•ICMP, HTTP, TCP, FTP, and script keepalives configured and assigned to a service through the (config-service) keepalive command. Each time you assign one of these keepalives to a service through the (config-service) keepalive type command, the CSS counts it as one keepalive.

Caution Do not configure more than 256 keepalives of one type. Do not configure more than 512 total keepalives. Any services assigned to keepalives over 512 will not be eligible for content rule selection.

Caution You can configure a maximum of 255 script keepalives on a CSS (out of a maximum of 512 keepalives). Of the 255 script keepalives, you can configure a maximum of 16 keepalives to use script output. For details, refer to the "Script Keepalives" section earlier in this chapter.

To access keepalive configuration mode, use the keepalive command from circuit, global, interface, and IP configuration modes. The prompt changes to (config-keepalive [name]). You can also use this command from keepalive mode to access another keepalive.

The following sections describe how to configure global keepalives:

•Creating a Global Keepalive

•Activating a Global Keepalive Active

•Configuring a Global Keepalive Description

•Configuring a Global Keepalive Frequency

•Configuring a Global Keepalive IP Address

•Configuring a Global Keepalive Max Failure

•Configuring a Global Keepalive Method

•Configuring a Global Keepalive Port

•Configuring a Global Keepalive Retryperiod

•Deactivating a Global Keepalive

•Configuring a Global Keepalive Type

•Configuring a Global Keepalive URI

•Associating a Service with a Global Keepalive

•Configuring Global Keepalive Hash

Creating a Global Keepalive

Use the keepalive command to access keepalive configuration mode and configure global keepalive properties which you can apply to any service. Enter the name of the new keepalive you want to create or the name of an existing keepalive. Enter an unquoted text string with no spaces and a length of 1 to 31 characters. To see a list of existing keepalive names, enter keepalive ?.

The following example creates global keepalive keepimages.
(config)# keepalive keepimages
When you access this mode, the prompt changes to (config-keepalive [keepimages]).
(config-keepalive[keepimages])#
To remove an existing keepalive, enter:
(config)# no keepalive keepimages
Activating a Global Keepalive Active

Use the active command to activate the global keepalive. Activating a keepalive enables the CSS to start sending keepalive messages to the IP address.

For example, to activate the global keepalive keepimages, enter:
(config-keepalive[keepimages])# active
Configuring a Global Keepalive Description

Use the description command to specify the description for a keepalive. Enter the description as a quoted text string with a maximum of 64 characters, including spaces.

For example, to enter a description for the global keepalive keepimages, enter:
(config-keepalive[keepimages])# description "This keepalive is for 
the image servers"
To delete a description, enter:
(config-keepalive[keepimages])# no description
Configuring a Global Keepalive Frequency

Use the frequency command to specify the time between sending keepalive messages to the IP address. Enter the frequency time in seconds as an integer from
2 to 255. The default is 5.

Caution If you configure more than 16 script keepalives the CSS automatically adjusts the keepalive frequency time to a value that best fits the resource usage. Note that this adjustment also affects the keepalive retry period value (see "Configuring Keepalive Retryperiod") by adjusting that value to a number that is one-half the adjusted frequency time. If this occurs, you may observe in the output of the show service command that your previously set keepalive frequency and retry period times change to a different value, as determined by the CSS.

For example, to set the frequency time to 10 seconds, enter:
(config-keepalive[keepimages])# frequency 10
To reset the frequency to its default value of 5, enter:
(config-keepalive[keepimages])# no frequency
Configuring a Global Keepalive IP Address

Use the ip address command to specify the IP address where the keepalive messages are sent. Enter the IP address in dotted-decimal notation.

For example, to enter an IP address for keepalive keepimages, enter:
(config-keepalive[keepimages])# ip address 192.168.7.6
Configuring a Global Keepalive Max Failure

Use the maxfailure command to specify the number of times the IP address can fail to respond to a keepalive message before the CSS considers it down. Enter the maximum failure as an integer from 1 to 10. The default is 3.

For example, to set the global keepalive maxfailure number to 7, enter:
(config-keepalive[keepimages])# maxfailure 7
To reset the maximum failure number to its default value of 3, enter:
(config-keepalive[keepimages])# no maxfailure
Configuring a Global Keepalive Method

Use the method command to specify the HTTP keepalive method assigned to the global keepalive. The syntax and options for the keepalive mode command are:

•method get - The CSS issues a HTTP GET method to the service, computes a hash value on the page, and stores the hash value as a reference hash. Subsequent GETs require a 200 OK status (HTTP command completed OK response) and the hash value to equal the reference hash value. If the 200 OK status is not returned, or if the 200 OK status is returned but the hash value is different from the reference hash value, the CSS considers the service down.

When you specify the content information of an HTTP Uniform Resource Identifier (URI) for an HTTP keepalive, the CSS calculates a hash value for the content. If the content information changes, the hash value no longer matches the original hash value and the CSS assumes that the service is down. To prevent the CSS from assuming that a service is down due to a hash value mismatch, specify the keepalive method as head.

•method head (default) - The CSS issues a HTTP HEAD method to the service and a 200 OK status is required. The CSS does not compute a reference hash value for this type of keepalive. If the 200 OK status is not returned, the CSS considers the service down.

For example, to specify the HTTP get keepalive method, enter:
(config-keepalive[keepimages])# method get
Configuring a Global Keepalive Port

Use the port command to specify the port number used for global HTTP keepalives. Enter the port number associated with the global keepalive as an integer from 0 to 65535.

If configured, the CSS uses the TCP keepalive port. Otherwise, the CSS bases the default on the keepalive type. If the keepalive type is:

•HTTP or TCP, the default port number is 80

•FTP, the default port number is 21

For example, to set the global keepalive port to 8080, enter:
(config-keepalive[keepimages])# port 8080
To reset the port to the default of 0, enter:
(config-keepalive[keepimages])# no port
Configuring a Global Keepalive Retryperiod

Use the retryperiod command to specify the retry period to send messages to the keepalive IP address. Enter the retry period as an integer from 2 to 255 seconds. The default is 5 seconds.

For example, to configure a retry period of 60 seconds, enter:
(config-keepalive[keepimages])# retryperiod 60
To reset the retry period to its default value of 5, enter:
(config-keepalive[keepimages])# no retryperiod
Deactivating a Global Keepalive

Use the suspend command to deactivate the keepalive.

For example:
(config-keepalive[keepimages])# suspend
Configuring a Global Keepalive Type

Use the type command to specify the type of keepalive message assigned to a keepalive. The syntax and options for this keepalive mode command are:

•type ftp ftp_record - Keepalive type that accesses an FTP server by logging into the server as defined in an FTP record file.

•type http - An HTTP index page request using persistent connections.

•type http non-persistent - An HTTP index page request using non-persistent connections.

•type icmp (default) - An ICMP echo message.

•type script script_name {"arguments"} {use-output}- Script keepalive to be used by the service. The script is played each time the keepalive is issued. By default, the script does not parse the output. For details on script keepalives, refer to "Script Keepalives" later in this chapter.

Note To preserve CSS system resources, use script keepalives only when needed. If an ICMP or HTTP keepalive message is sufficient to validate the service, then use that type of message instead of a script keepalive.

•type tcp - A TCP session that determines service viability (3-way handshake
and reset (RST)).

For example, to set the global keepalive keepimages to type tcp, enter:
(config-keepalive[keepimages])# type tcp
Configuring a Global Keepalive URI

Use the uri command to specify the content information for an HTTP global keepalive. Enter the content information for a URI as a quoted text string with a maximum length of 64 characters. Do not include the host information in the string. The CSS derives the host information from the service IP address and the keepalive port number.

When you specify the content information for an HTTP keepalive, the CSS calculates a hash value for the content. If the content information changes, the hash value no longer matches the original hash value and the CSS assumes that the service is down. To prevent the CSS from assuming that a service is down due to a hash value mismatch, specify the keepalive method as head. If you specify a Web page with changeable content and do not specify the keepalive method as head, you must suspend and reactivate the service each time the content information changes.

For example, to specify the content information for the global keepalive, enter:
(config-keepalive[keepimages])# uri "/index.html"
To clear the content information for the URI assigned to this keepalive, enter:
(config-keepalive[keepimages])# no uri
Associating a Service with a Global Keepalive

Use the keepalive type named command to associate a service with a global keepalive. The service maintains the global keepalive attributes when you add the service to content rules.

The syntax for this command is keepalive type named name. Specify a global keepalive name to associate the server with a global keepalive.

For example, to associate imageserver1 with global keepalive keepimages, enter:
(config-service[imageserver1])# keepalive type named keepimages
Configuring Global Keepalive Hash

Use the hash command to override the default MD5 hash for a keepalive. The CSS compares the hash value against the computed hash value of all HTTP GET responses. A successful comparison results in the keepalive maintaining an ALIVE state.

To configure the hash value:

1. Configure the global keepalive. For example:
(config-keepalive[keepimages])# method get
(config-keepalive[keepimages])# uri "/testpage.html"
(config-keepalive[keepimages])# hash 
"1024b91e516637aaf9ffca21b4b05b8c"
2. Configure the service. For example:
(config)# service imageserver1
(config-service[imageserver1])# ip address 10.0.3.21
(config-service[imageserver1])# keepalive type named keepimages
(config-service[imageserver1])# active
3. Display the hash value using the show keepalive command. For example:
(config-keepalive[keepimages])# show keepalive
Keepalives:
Name: imageserver1
	Index:           0           State:      ALIVE
	Description:     Auto generated for service serv1
	Address:         10.0.3.21    Port:80
	Type:            HTTP GET:/testpage.html
	Hash:            1024b91e516637aaf9ffca21b4b05b8c
	Frequency:       5
	Max Failures:    3
	Retry Frequency: 5
	Dependent Services:
4. Use the hash value from the keepalive display to configure the keepalive hash. Enter the MD5 hash value as a quoted hexadecimal string up to 32 characters. For example:
(config-keepalive[keepimages])# hash 
"1024b91e516637aaf9ffca21b4b05b8c"
An excerpt of the service configuration from the running-config is shown below.
service imageserver1
	ip address 10.0.3.21
	keepalive type http
	keepalive method get
	keepalive uri "/testpage.html"
	keepalive hash "1024b91e516637aaf9ffca21b4b05b8c"
	active
To clear a hash value and return to the default hash value, enter:
(config-keepalive[keepimages])# no hash
Showing Global Keepalive Configurations

To display global keepalive configurations, use the show keepalive command. To display a list of existing keepalives, enter show keepalive ?.

This command provides the following options:

•show keepalive - Display information for all keepalives

•show keepalive keepalive_name - Display information for a specific keepalive

•show keepalive-summary - Display summary information for all keepalives

For example:
(config)# show keepalive
Keepalives:
Name:          keepimages  Index: 1   State: ALIVE ( ICP Check )
Description:   This keepalive is for image servers
Address:       172.16.1.7	 Port: 80
Type: HTTP:HEAD:/index.html
Frequency: 5
Max Failures: 3
Retry Frequency: 5
Dependent Services: imageserver1
Name: rualive   Index: 2           State: ALIVE
Description: Auto generated for service serv2
Address:        172.16.1.8         Port: 80
Type: HTTP:HEAD:/index.html
Frequency: 5
Max Failures: 3
Retry Frequency: 5
Dependent Services: serv2
(config)# show keepalive-summary
Keepalives:
Alive1         DOWN     192.25.1.7
Alive2         ALIVE    192.25.1.8
Table 5-3 describes the fields in the show keepalive output.

Table 5-3 Field Descriptions for the show keepalive Command

Field

Description

Name

The name of the keepalive.

Index

The CSS assigned unique index value for each keepalive.

State

The state of the keepalive. The possible states are down, alive, dying, and suspended.

Description

The description for the keepalive.

Address

The IP address where the keepalive messages are sent.

Port

The port number for the keepalive.

Type

The type of keepalive message assigned to the keepalive. The possible types are FTP, HTTP, ICMP, script, TCP, or named.

Frequency

The time in seconds between sending keepalive messages to the IP address. The default is 5. The range is from 2 to 255.

Max Failures

The configured number of times the IP address can fail to respond to a keepalive message before being considered down. The default is 3. The range is from 1 to 10.

Retry Frequency

The retry period in seconds to send messages to the keepalive IP address. The default is 5. The range is from 2 to 255.

Dependent Services

Services currently configured to use the keepalive. This is mainly used for named keepalive types.

Script Keepalives

Script keepalives are scripts that you can create to provide custom keepalives for your specific service requirements. To create the scripts, use the rich CSS Scripting Language that is included in your CSS software. For details on using the CSS Scripting Language, including using socket commands and examples of keepalive scripts, refer to the Content Services Switch Advanced Configuration Guide.

Currently, a CSS provides keepalives for FTP, HTTP, ICMP, and TCP. For information on global keepalives, refer to "Global Keepalive Mode" earlier in this chapter. For information on configuring keepalive messages, refer to "Configuring Keepalives for a Service" earlier in this chapter.

Using script keepalives allow you to extend the CSS keepalive functionality beyond the default keepalives. For example, you can develop a script specifically to connect a CSS to a Post Office Protocol 3 (POP3) mail server.

Once you create a script offline, you can upload it to the CSS and configure the script keepalive option on a service.

The CSS supports a maximum of 255 script keepalives (out of a maximum of 512 keepalive types). If you specify a script to parse the output for each executed command, you can configure only 16 keepalives that use script output.

Note You can also configure a script keepalive without having the corresponding script present on the CSS. In this case, a constant Down state remains on the service until you upload the appropriate script to the CSS. This allows you to develop and implement a configuration before uploading all the scripts to the CSS.

Script Keepalive Considerations

When you configure a script keepalive, follow the same general guidelines as those for global keepalive types, with the exceptions noted in these sections. For details on global keepalives, refer to the "Global Keepalive Mode" section earlier in this chapter.

The CSS Scripting Language allows you to pass 128 characters in a quoted argument. Assuming an average of seven characters per argument (plus a space delimiter), you can potentially use a maximum of 16 arguments in one script.

The CSS executes each line in a script keepalive. If your application requires numerous script keepalives (for example, greater than 60), keep each script as short and concise as possible. A smaller script yields much faster script execution results than a larger size script. To maximize system performance, avoid complex protocols or extensive scripts (for example, no database queries, not performing a full login with validation), which can take the CSS longer to execute.

Use the script naming convention of ap-kal-type, so that when you press tab or "?", you can easily see the keepalive scripts available for use. For example, an SMTP script would be named ap-kal-smtp. The script name can have a maximum of 32 characters. The arguments must be in a quoted text string with a maximum of 128 characters.

For the configured script keepalive to find the corresponding script, the script must reside in the /<current running version>/script directory. When you configure a script keepalive, use only script names. (A CSS does not accept path names.) If the script is present elsewhere on the CSS, the script keepalive assumes it does not exist.

Note Because many scripts have a multistep process such as connecting, sending a request, and waiting for a specific type of response, configure a higher frequency time value for script keepalives than for standard keepalives. A time interval of 10 seconds or higher ensures that the script keepalive has enough time to finish. Otherwise, state transitions may occur more often than is usual.

Because a CSS reads an entire script into memory, there is a maximum script keepalive size of 200 KB (approximately 6,000 lines). If a script exceeds this limit, it will not load. This should be more than adequate for all applications. For example, the script keepalives included with your CSS software are approximately 1 KB. To further conserve CSS memory, services can share a common script keepalive so that only one instance of the script needs to reside in memory. However, you must configure the script keepalive for each service where you want the script to run.

To see a complete list of all scripts available in the /<current running version>/script directory, press the Tab key or "?". Optionally, you can type a script name not found in the list, then you can upload the script later. You can manipulate scripts using the archive, clear, and copy commands. You can also upload a script from a local hard drive to the /script directory on the CSS, or download a script from the /script directory on the CSS to a local hard drive.

Configuring Script Keepalives

Note For a large number of services that use script keepalives, use a smaller subset of global keepalives to handle the work for them. For information on global keepalives, refer to "Global Keepalive Mode" earlier in this chapter.

Use the keepalive type script command to configure script keepalives. The syntax for this service configuration mode command is:

keepalive type script script_name {"arguments"}{use-output}

The optional use-output keyword allows the script to parse the output for each executed command. This optional keyword allows the use of grep and file direction within a script. You can configure a maximum of 16 script keepalives (out of a maximum of 255 script keepalives) to use script output. By default, the script does not parse the output.

For example, to configure an httplist keepalive, enter:
(config-service[serv1)# keepalive type script ap-kal-httplist 
"10.10.102.105 /default.htm"
In the previous command example, the keepalive command configures the serv1 service keepalive to be of type script with the script name ap-kal-httplist and the arguments "10.10.102.105 /default.htm". The output is not parsed by the script.

To disable a script keepalive on a service, enter:
(config-service[serv1])# keepalive type none
Viewing a Script Keepalive in a Service

When you add a script keepalive to a service, the CSS recognizes that the script is the keepalive for the service in the show service screen. The script name appears in the Keepalive field, and any potential arguments appear directly below in the Script Arguments field. If there are no script arguments, then the Script Arguments field does not appear.

For example, enter:
(config-service[serv1])# show service
Name: serv1                    Index: 1
	Type: Local                  State: Alive
	Rule (10.10.102.105 ANY ANY)
	Redirect Domain:
	Keepalive: (SCRIPT ap-kal-httplist 10   3   5)
	Script Arguments: "10.10.102.105 /default.htm"
	Script Error: None
	Script Run Time: 1 second
	Script Using Output Parsing:  No
	Mtu:               1500       State Transitions:   14
	Connections:       0          Max Connections:     0
	Total Connections: 0          Total Reused Conns:  0
	Weight:            1          Load:                2 
Note If a script keepalive terminates with an error, you can use the Script Error and Script Run Time fields to help troubleshoot the problem.

You can also use the show running-config command to display the script keepalive and its arguments.

For example, enter:
(config-service[serv1])# show running-config
service serv1
	ip address 10.10.102.105
	keepalive frequency 10
	keepalive type script ap-kal-httplist "10.10.102.105
	/default.htm"
	active 
The example above shows the script keepalive and arguments that have been configured on a service. If no arguments are specified in the script, then the quoted text following the script name will not appear.

Script Keepalive Status Codes

A script can return a status code of zero or non-zero. On a return of non-zero, the CSS flags the service state as Dying or Down; on a return of zero, the CSS flags the service state as Alive. For example, enter:
! Connect to the remote host
socket connect host einstein port 25 tcp
! Purposely fail
exit script 1
Because the above script fails when it executes the exit command, the script returns a non-zero value. By default, the script will fail with a syntax error if the connect command fails. Be sure to check the logic of your scripts to ensure that the CSS returns the correct value.

Script Keepalives and Upgrading WebNS Software

When you upgrade the WebNS software in your CSS, the upgrade process creates a new /<current running version>/script directory. You must copy your custom scripts (including custom script keepalives) to the new /<current running version>/script directory so that the CSS can find them.

Use the following procedure to ensure that your custom script keepalives operate properly after upgrading the software.

1. Upgrade the WebNS software in your CSS. See Appendix A, Upgrading Your CSS Software.

2. Copy the scripts from the old /<current running version>/script directory to the new /<current running version>/script directory.

3. Reboot the CSS.

Creating Services

A service can be a destination location or entity that contains and provides Internet content (for example, a server, an application on a server such as FTP, or streaming audio). A service has a name that is associated with an IP address, and optionally, a protocol and a port number.

By creating a service, you identify the service and enable the CSS to recognize it. You can then apply content rules to services that allow the CSS to:

•Direct requests for content to the service

•Deny requests for content from the service

Enter the service name from 1 to 31 characters. For example, to create service serv1, enter:
(config)# service serv1
The CSS transitions into the newly created service mode.
(config-service[serv1])#
Configuring Services

The following sections describe how to configure content services.

•Assigning an IP Address to the Service

•Specifying a Port

•Specifying a Protocol

•Specifying a Domain Name

•Configuring an Advanced Load Balancing String

•Configuring a Service HTTP Cookie

•Configuring Weight

•Specifying a Service Type

•Configuring Service Access

•Configuring Service Cache Bypass

•Configuring Network Address Translation for Transparent Caches

•Configuring a Service to Bypass a Cache Farm

•Configuring Keepalives for a Service

•Showing Keepalive Configurations

•Configuring Maximum TCP Connections

•Activating a Service

•Suspending a Service

•Removing a Service

Note The CSS supports stateless redundancy failover on CSSs operating in an IP redundancy or a VIP/interface redundancy configuration. Stateless redundancy failover requires a very specific redundant CSS configuration, which includes service IP address, number, and order. For details, refer to the Content Services Switch Advanced Configuration Guide, Chapter 5, Configuring Redundant Content Services Switches.

Assigning an IP Address to the Service

To enable the CSS to direct requests for content to the appropriate service, you must assign an IP address or range of IP addresses to a service. Assigning an IP address to a service identifies the service to the CSS. When the CSS receives a request for content, it translates the VIP (and potentially, the port) to the service IP address (or addresses) and port.

For example, to assign an IP address to serv1, enter:
(config-service[serv1])# ip address 172.16.1.1
The ip address range command allows you to specify a range of IP addresses starting with the IP address you specified using the ip address command. Enter a number from 1 to 65535. The default range is 1. For example, if you enter an IP address of 172.16.1.1 with a range of 10, the IP addresses range from 172.16.1.1 through 172.16.1.10.

When using the ip address range command, use IP addresses that are within the subnet you are using. The CSS does not arp for IP addresses that are not on the circuit subnet. For example, if you configure the circuit for 10.10.10.1/24 and configure the VIP range as 10.10.10.2 range 400, the CSS will not arp for any IP addresses beyond 10.10.10.254. Using the same example only with a VIP range of 200, the CSS will arp for all IP addresses in the range.

For example:
(config-service[serv1])# ip address 172.16.1.1 range 10
To restore a service IP address to the default of 0.0.0.0, enter:
(config-service[serv1])# no ip address
Note The CSS sends keepalives only to the first address in a service range. If you configure a scripted keepalive, it should contain the first address in a service range as one of its arguments.

For the CSS to forward requests to a service on any of the addresses in a range, the CSS must successfully arp for the first address in the range. This behavior is independent of keepalives.

Specifying a Port

Use the port command to specify a service TCP/UDP port number or range of port numbers. The TCP or UDP destination port number is associated with a service. Enter the port number as an integer from 0 to 65535. The default is any.

For example:
(config-service[serv1])# port 80
To specify a port to be used for keepalives, refer to the service mode keepalive port command.

Use the range option to specify a range of port numbers starting with the port number you specified using the port command. Enter a range number from 1 to 65535. The default range is 1. For example, if you enter a port number of 80 with a range of 10, the port numbers will range from 80 through 89. You can use the port range command only on local (default) services.

For example:
(config-service[serv1])# port 80 10
To set the port to the default of any, enter:
(config-service[serv1])# no port
Specifying a Protocol

To specify a service IP protocol, use the protocol command. The default setting for this command is any, for any IP protocol. The options for this command are:

•protocol tcp - The service uses the TCP protocol suite

•protocol udp - The service uses the UDP protocol suite

For example:
(config-service[serv1])# protocol tcp
To set the protocol to the default of any, enter:
(config-service[serv1])# no protocol
Specifying a Domain Name

Use the domain command to specify the domain name to prepend to a requested piece of content when an HTTP redirect service generates an "object moved" message for the service. The CSS uses the configured domain name in the redirect message as the new location for the requested content. The CSS prepends the domain name to the requested URL. If the domain name is not configured, the CSS uses the domain in the host-tag field from the original request. If no host tag is found, the CSS uses the service IP address to generate the redirect.

Note You can only use a service redirect domain on a service type redirect. You must specify the domain command for a redirect service to obtain an applicable HTTP redirect.

Note You cannot configure the domain and (config-service) redirect-string commands simultaneously on the same service.

Note The redirect-string and (config-service) domain commands are similar. The CSS returns the redirect-string command string as configured. With the (config-service) domain command, the CSS prepends the domain to the original requested URL.

Enter the service domain name as an unquoted text string with no spaces and a maximum length of 64 characters.

Note The CSS automatically prepends the domain name with http://.

For example:
(config-service[serv1])# domain www.arrowpoint.com
or
(config-service[serv1])# domain 172.16.3.6
To clear the redirect domain for this service, enter:
(config-service[serv1])# no domain www.arrowpoint.com
or
(config-service[serv1])# no domain 172.16.3.6
Configuring an Advanced Load Balancing String

To specify an advanced load-balancing string for a service, use the string command. Use this command in conjunction with the advanced load-balancing methods url, cookie, or cookieurl. For information on advanced load-balancing methods, refer to the Content Services Switch Advanced Configuration Guide.

Enter a string from 1 to 15 characters. For example:
(config-service[serv1])# string 172.16.3.6
To remove a string from a service, enter:
(config-service[serv1])# no string
Configuring a Service HTTP Cookie

Use the string command to specify the HTTP cookie for the service. The syntax for this service mode command is:

string cookie_name

Enter the cookie_name as an unquoted text string with no spaces and a maximum of 15 characters.

For example:
(config-service[serv1])# string userid3217
To remove the cookie for a service, enter:
(config-service[serv1])# no string
Configuring Weight

To specify the relative weight of the service, use the weight command in service mode. The CSS uses this weight when you configure ACA or weighted roundrobin load balancing on a content rule. By default, all services have a weight of 1. A higher weight will bias flows towards the specified service. To set the weight for a service, enter a number from 1 to 10. The default is 1.

For example:
(config-service[serv1])# weight 2
To restore the weight to the default of 1, enter:
(config-service[serv1])# no weight
Note When you add a service to content rules, the service weight as configured in service mode is applied to each rule as a server-specific attribute. To define a content rule-specific server weight, use the add service weight command. This command overrides the server-specific weight and applies only to the content rule to which you add the service. For information on the add service weight command, refer to "Configuring Content Rules".

Specifying a Service Type

Use the type command to specify the type for a service. If you do not define a type for a service, the default service type is local. The syntax and options for this service mode command are:

•type nci-direct-return - Specify the service is NAT Channel indication for direct return.

•type nci-info-only - Specify the service is NAT Channel indication for information only.

•type proxy-cache - Define the service as a proxy cache. This is a cache-specific option. This option bypasses content rules for requests coming from the cache server. Bypassing content rules in this case prevents a loop between the cache and the CSS. For a description of a proxy cache, refer to the Content Services Switch Advanced Configuration Guide.

•type redirect - Define the service as a remote service to enable the CSS to redirect content requests to the remote service when a local service is not available (for example, the local service has exceeded its configured load threshold). To configure a load threshold for a content rule, use the load-threshold command in owner-content mode (refer to <Xref_Color>Chapter 7, Configuring Content Rules, the section "Specifying a Load Threshold"). If you have multiple remote services defined as type redirect, the CSS uses the roundrobin load-balancing method to load balance requests between them.

When you add a type redirect service to a content rule, you must also configure an URL to match on the content. For example, "/*" or "/vacations.html".

•type redundancy-up - Specify the router service in a redundant uplink.

•type rep-cache-redir - Specify the service is a replication cache with redirect.

•type rep-store - Specify the service is a replication store.

•type rep-store-redir - Specify the service is a replication store with redirect. No content rules are applied to requests from this service type.

•type transparent-cache - Specify the service as a transparent cache. This is a cache-specific option. No content rules are applied to requests from this service type. Bypassing content rules in this case prevents a loop between the cache and the CSS. For a description of a transparent cache, refer to the Content Services Switch Advanced Configuration Guide.

For example, to enable the CSS to redirect content requests for serv1, specify redirect in the serv1 content rule:
(config-service[serv1])# type redirect
To restore the service type to the default setting of local, enter:
(config-service[serv1])# no type
How the CSS Accesses Server Types

When you configure a Layer 3 or 4 content rule, the rule hits the local services. If:

•The local services are not active or configured, the rule hits the primary sorry server.

•The primary sorry server fails, the rule hits the secondary sorry server.

Redirect services and redirect content strings cannot be used with Layer 3 or 4 rules because they use the HTTP protocol.

When you configure a Layer 5 content rule, the CSS directs content requests to local services. If:

•The local services are not active or configured, the rule sends the HTTP redirects with the location of the redirect services to the clients.

•The local and redirect services are not active or configured, the rule forwards the HTTP requests to the primary sorry server.

•All services are down except the secondary sorry server, the rule forwards the HTTP requests to the secondary sorry server.

For information on adding a service to a content rule or adding primary and secondary sorry servers, refer to <Xref_Color>Chapter 7, Configuring Content Rules, the section "Adding Services to a Content Rule".

Configuring Service Access

Use the access command to associate an access mechanism with a service for use during publishing, subscribing, and demand-based replication activities. You must use this command for each service that offers publishing services. This command is optional for subscriber services; the subscriber service inherits the access mechanism from the publisher.

When you use this command to associate an FTP access mechanism with a service, the base directory of an existing FTP record becomes the tree root. To maintain coherent mapping between WWW daemons and FTP daemons, make the FTP access base directory equivalent to the WWW daemon root directory as seen by clients. For information on creating an FTP record, refer to the (config) ftp-record command in Chapter 1, Logging in and Getting Started, the section "Configuring an FTP Record".

Enter the access ftp record as the name of the existing FTP record. Enter an unquoted text string with no spaces.

For example:
(config-service[serv1])# access ftp arrowrecord
To remove a service access mechanism, enter:
(config-service[serv1])# no access ftp
Configuring Service Cache Bypass

Use the cache-bypass command to prevent the CSS from applying content rules to requests originating from a proxy or transparent-cache type service when it processes the requests. By default, no content rules are applied to requests from a proxy or transparent-cache type service.

Note For a description of proxy and transparent caching, refer to the Content Services Switch Advanced Configuration Guide, Chapter 6, Configuring Caching.

For example:
(config-service[serv1])# cache-bypass
To allow the CSS to apply content rules to requests from a proxy or transparent-cache type service, enter:
(config-service[serv1])# no cache-bypass
Configuring Network Address Translation for Transparent Caches

Use the transparent-hosttag command to enable destination Network Address Translation (NAT) for the transparent cache service type.

Note Currently, you can use the transparent-hosttag command only with a CSS operating in a Client Side Accelerator (CSA) environment. For details on CSA, refer to the Content Service Switch Advanced Configuration Guide, Chapter 7, Configuring the CSS Domain Name Service.

Note For a description of a transparent cache, refer to the Content Services Switch Advanced Configuration Guide, Chapter 6, Configuring Caching.

For example:
(config-service[serv1])# transparent-hosttag
To disable destination NATing for the transparent cache service type, enter:
(config-service[serv1])# no transparent-hosttag
Configuring a Service to Bypass a Cache Farm

Use the bypass-hosttag command to allow the Client Side Accelerator (CSA) on the CSS to bypass a cache farm and establish a connection with the origin server to retrieve non-cacheable content. The domain name from the host tag field is used to look up the origin IP address on the CSA.

Note Currently, you can use the bypass-hosttag command only with a CSS operating in a CSA environment. For details on CSA, refer to the Content Services Switch Advanced Configuration Guide, Chapter 7, Configuring the CSS Domain Name Service.

For example:
(config-service[serv1])# bypass-hosttag
To disable bypassing cache for non-cacheable content, enter:
(config-service[serv1])# no bypass-hosttag
Configuring Keepalives for a Service

Use the keepalive command to configure keepalive message parameters for a service. With keepalive messages you can determine whether or not a service is still functioning. When you configure a keepalive for a service), the CSS periodically sends a message to the service based on the keepalive frequency to determine the state of the service. See the "Configuring Keepalive Frequency" section. The CSS considers the service to be alive when a service responds to the keepalive message.

The CSS transitions the service to the dying state when the service fails to respond to a keepalive message. The CSS tests whether the failed service is functional by sending a keepalive message at time intervals based on the retry period. See the "Configuring Keepalive Retryperiod" section.

The CSS transitions the service to the dead state if the service fails to respond a maximum number of retries to the keepalive message. See the "Configuring Keepalive Maxfailure" section. Then the CSS removes the service from the load-balancing algorithm. The CSS continues to test whether the service is functional at time intervals based on the retry period.

Thus, using the default values of a 5-second keepalive frequency interval, a 5-second retry period interval, and maximum of three failures, a service can transition from the alive state to the dead state in 20 seconds; a 5-second interval between a keepalive response and the initial keepalive failure based on the keepalive frequency, and three failures, each occurring at 5-second intervals based on the retry period.

Keepalives are a valuable and recommended attribute to set for a service. This information enables the CSS to take action rapidly when a service fails. The CSS supports a maximum of 512 keepalives (which can include a maximum of 255 script keepalives). The CSS supports a maximum of 256 keepalives of one type. These keepalives include:

•Global keepalives configured in keepalive configuration mode. The CSS counts a global keepalive as one keepalive regardless of the number of services you assign to it through the (config-service) keepalive type named command.

•ICMP, HTTP, TCP, FTP, and script keepalives configured and assigned to a service through the (config-service) keepalive command. Each time you assign one of these keepalives to a service through the (config-service) keepalive type command, the CSS counts it as one keepalive.

Caution Do not configure more than 256 keepalives of one type. Do not configure more than 512 total keepalives. Any services assigned to keepalives over 512 will not be eligible for content rule selection.

Caution You can configure a maximum of 255 script keepalives on a CSS (out of a maximum of 512 keepalives). Of the 255 script keepalives, you can configure a maximum of 16 keepalives to use script output. For details, refer to the "Script Keepalives" section earlier in this chapter.

The options for this service mode command are:

•keepalive frequency - Specify the keepalive message frequency

•keepalive maxfailure - Specify the number of times the service can fail to respond to a keepalive message before it is considered down

•keepalive method - Specify the HTTP method for the service

•keepalive port - Specify the port to be used for keepalives

•keepalive retryperiod - Specify the keepalive retry period for the service

•keepalive type - Specify the type of keepalive message for the service

•keepalive uri - Specify the content information of an HTTP keepalive URI for the service

•keepalive hash - Specify the MD5 hash that is compared for HTTP keepalives that use the GET method

For more information on these options and associated variables, refer to the following sections.

Configuring Keepalive Frequency

Use the keepalive frequency command to specify the time in seconds between sending keepalives messages to a service. Specify a frequency from 2 to 255 seconds. The default is 5 seconds.

Caution If you configure more than 16 script keepalives, the CSS automatically adjusts the keepalive frequency time to a value that best fits the resource usage. Note that this adjustment also affects the keepalive retry period value (see "Configuring Keepalive Retryperiod") by adjusting that value to a number that is one-half the adjusted frequency time. If this occurs, you may observe in the output of the show service command that your previously set keepalive frequency and retry period times change to a different value, as determined by the CSS.

For example, enter:
(config-service[serv1])# keepalive frequency 15
To reset the frequency to its default value of 5, enter:
(config-service[serv1])# no keepalive frequency
Configuring Keepalive Maxfailure

Use the keepalive maxfailure command to specify the number of times a service can fail to respond to a keepalive message before being considered down. Specify a maximum failure number from 1 to 10. The default is 3.

For example, enter:
(config-service[serv1])# keepalive maxfailure 5
To reset the maximum failure number to its default value of 3, enter:
(config-service[serv1])# no keepalive maxfailure
Configuring Keepalive Method

Use the keepalive method command to specify the HTTP keepalive method for a service. The syntax and options for this service mode command are:

•method get - The CSS issues a HTTP GET method to the service, computes a hash value on the page, and stores the hash value as a reference hash. Subsequent GETs require a 200 OK status (HTTP command completed OK response) and the hash value to equal the reference hash value. If the 200 OK status is not returned, or if the 200 OK status is returned but the hash value is different from the reference hash value, the CSS considers the service down.

When you specify the content information of an HTTP Uniform Resource Identifier (URI) for an HTTP keepalive, the CSS calculates a hash value for the content. If the content information changes, the hash value no longer matches the original hash value and the CSS assumes that the service is down. To prevent the CSS from assuming that a service is down due to a hash value mismatch, specify the keepalive method as head.

•method head (default) - The CSS issues a HTTP HEAD method to the service and a 200 OK status is required. The CSS does not compute a reference hash value for this type of keepalive. If the 200 OK status is not returned, the CSS considers the service down.

For example, enter:
(config-service[serv1])# keepalive method get
Configuring Keepalive Port

Use the keepalive port command to specify the port number used for keepalives. Enter the number as an integer from 0 to 65535. The default setting is based on the configured service port number. Otherwise, the default setting is based on the keepalive type. If the keepalive type is:

•HTTP or TCP, the default port number is 80

•FTP, the default port number is 21

Note If you do not configure a keepalive port, the TCP keepalive uses the service port configured with the (config-service) port command. If you do not configure either port, the TCP keepalive uses port 80.

For example, to specify port 8080 as the keepalive port for service serv1, enter:
(config-service[serv1])# keepalive port 8080
To reset the TCP keepalive port to its default of 0, enter:
(config-service[serv1])# no keepalive port
Configuring Keepalive Retryperiod

Use the keepalive retryperiod command to specify the keepalive retry period for a service. When a service has failed to respond to a given keepalive message (the service has transitioned to the dying state), the retry period specifies how frequently the CSS tests the service to see if it is functional. Enter the retry period as an integer from 2 to 255 seconds. The default is 5 seconds.

For example, to configure a retry period of 60 seconds, enter:
(config-service[serv1])# keepalive retryperiod 60
To reset the retry period to its default value of 5, enter:
(config-service[serv1])# no keepalive retryperiod
Configuring Keepalive Type

Use the keepalive type command to specify the type of keepalive message, if any, appropriate for a service or to associate a service with a global keepalive.

The syntax and options for this service mode command are:

•keepalive type ftp ftp_record - Keepalive method that accesses an FTP server by logging into the server as defined in an FTP record file.

•keepalive type http {non-persistent} - An HTTP index page request. By default, HTTP keepalives attempt to use persistent connections. To disable this behavior, include the non-persistent option.

•keepalive type icmp - An ICMP echo message (ping). This is the default keepalive type.

•keepalive type named name - Specify a global keepalive name to associate the server with a global keepalive. Before using this command, ensure that the global keepalive is activated through the (config-keepalive) active command. Assigning a service to a global keepalive overrides any keepalive properties you assigned in service mode.

•keepalive type none - Do not send keepalive messages to a service.

•keepalive type script script_name {"arguments"} {use-output} - Script keepalive to be used by the service. The script is played each time the keepalive is issued. By default, the script does not parse the output. For details on using script keepalives, refer to the "Script Keepalives" section earlier in this chapter.

Note To preserve CSS system resources, use script keepalives only when needed. If an ICMP or HTTP keepalive message is sufficient to validate the service, then use that type of message instead of a script keepalive.

•keepalive type tcp - A TCP session that determines service viability (3-way handshake and reset (RST)).

For example, to set serv1 keepalive type to ftp, enter:
(config-service[serv1])# keepalive type ftp
Configuring Keepalive URI

Use the keepalive uri command to specify the HTTP keepalive content information for a service. Enter the the content information of the URI as a quoted text string with a maximum of 64 characters. Do not include the host information in the string. The CSS derives the host information from the service IP address and the keepalive port number.

For example, enter:
(config-service[serv1])# keepalive uri "/index.html"
To clear the content information for this keepalive, enter:
(config-service[serv1])# no keepalive uri
When you specify the content information of a URI for an HTTP keepalive, the CSS calculates a hash value for the content. If the content information changes, the hash value no longer matches the original hash value and the CSS assumes that the service is down. To prevent the CSS from assuming that a service is down due to a hash value mismatch, define keepalive method as head. The CSS does not compute a hash value for this type of keepalive.

If you specify a Web page with changeable content and do not specify the head keepalive method, you must suspend and reactivate the service each time the content changes.

Configuring Keepalive Hash

Use the hash command to override the default MD5 hash for a keepalive. The CSS compares the hash value against the computed hash value of all HTTP GET responses. A successful comparison results in the keepalive maintaining an ALIVE state.

To configure the hash value:

1. Configure the keepalive. The example below creates a keepalive GET to a test page.
(config)# service serv1
(config-service[serv1])# ip address 10.0.3.21
(config-service[serv1])# keepalive type http
(config-service[serv1])# keepalive method get
(config-service[serv1])# keepalive uri "/testpage.html"
(config-service[serv1])# keepalive hash 
"1024b91e516637aaf9ffca21b4b05b8c"
(config-service[serv1])# active
2. Display the hash value using the show keepalive command. For example, enter:
(config-service[serv1])# show keepalive
Keepalives:
Name: serv1
	Index: 0          State: ALIVE
	Description: Auto generated for service serv1
	Address: 10.0.3.21  Port: 80
	Type:             HTTP:GET:/testpage.html
	Hash:             1024b91e516637aaf9ffca21b4b05b8c
	Frequency:        5
	Max Failures:     3
	Retry Frequency:  5
	Dependent Services:
3. Use the hash value from the keepalive display to configure the keepalive hash. Enter the MD5 hash as a quoted hexadecimal string up to 32 characters. For example:
(config-service[serv1])# keepalive hash 
"1024b91e516637aaf9ffca21b4b05b8c"
An excerpt of the service configuration from the running-config is shown below.
service serv1
	ip address 10.0.3.21
	keepalive type http
	keepalive method get
	keepalive uri "/testpage.html"
	keepalive hash "1024b91e516637aaf9ffca21b4b05b8c"
	active
To clear a hash value and return to the default hash value, enter:
(config-service[serv1])# no keepalive hash
Showing Keepalive Configurations

To display global keepalive configurations, use the show keepalive command. To display a list of existing keepalives, enter show keepalive ?. This command provides the following options:

•show keepalive - Displays information for all keepalives

•show keepalive-summary - Display summary information for all keepalives

For example, enter:
(config)# show keepalive
Keepalives:
Name: keepimages     Index: 1   State: ALIVE ( ICP Check )
Description: Auto generated for service imageserver1
Address: 172.16.1.7  Port: 80
Type: HTTP:HEAD:/index.html
Frequency: 5
Max Failures: 3
Retry Frequency: 5
Dependent Services: imageserver1
Name: rualive  Index: 2  State: ALIVE
Description: Auto generated for service serv2
Address: 172.16.1.8      Port: 80
Type: HTTP:HEAD:/index.html
Frequency: 5
Max Failures: 3
Retry Frequency: 5
Dependent Services: serv2
(config)# show keepalive-summary
Keepalives: 
keepimages	ALIVE	172.16.1.7
rualive	ALIVE	172.16.1.8
Configuring Maximum TCP Connections

To define the maximum number of TCP connections on a service, use the max connections command. Enter the maximum number of connections from 0 to 65535. The default is 0, which indicates that there is no limit on the number of connections.
(config-service[serv1])# max connections 7
To set the maximum TCP connections to the default of 0, enter:
(config-service[serv1])# no max connections
Note Do not use service max connections on UDP content rules. The service connection counters do not increment and remain at 0 because UDP is a connectionless protocol.

Activating a Service

Once you configure a service, you must activate it to enable the CSS to access it for content requests. Activating a service puts it into the resource pool for load-balancing content requests and starts the keepalive function.

The following command activates service serv1:
(config-service[serv1])# active
Suspending a Service

Suspending a service removes it from the pool for future load-balancing content requests. Suspending a service does not affect existing content flows, but it prevents additional connections from accessing the service for its content. You may want to suspend a service prior to performing maintenance on the service. The following command suspends service serv1:
(config-service[serv1])# suspend
Note When you suspend a service, the CSS rebalances the remaining services using the failover setting.

Removing a Service

When you remove a service, the CSS:

•Removes the service from all content rules to which the service has been added.

•Rebalances the remaining services. The CSS does not apply the failover setting.

Note You cannot retrieve service information once you issue the remove service command.

Removing a Service From a Content Rule

To display a list of services added to a content rule, enter the remove service ? command from the specific owner-content mode. For example:
(config-owner-content[arrowpoint-rule1])# remove service ?
	server1
	server3
To remove service server1 from owner arrowpoint content rule rule1, enter:
(config-owner-content[arrowpoint-rule1])# remove service server1
Removing a Service From a Source Group

To remove a service from a source group, use the remove service command. To display a list of services added to a source group, enter the remove service ? command from the specific group mode. For example:
(config-group[ftpgroup])# remove service ?
	server7
	serviceftp
For example, to remove service serviceftp from source group ftpgroup, enter:
(config-group[ftpgroup])# remove service serviceftp
Showing Service Configurations

Before activating a service, you may want to display the service configuration to ensure that all the parameters are correct. The show service command enables you to display information for a specific service or all services currently configured in the CSS, depending on the location from where you issue the command.

You can issue the following show service commands from any mode:

•show service - Display configurations for each service

•show service service_name - Display service information for a specific service

•show service summary - Display a summary of each service

From a specific service mode, the show service command displays configuration information only for that service. When you issue this command from any other mode, it displays configuration information for all services.

For example:
(config)# show service
Name: s1            Index:
 Type: Local        State:  Alive
 Rule: (192.168.101.15  ANY  ANY )
 Keepalive:         (ICMP   5   3   5 )
 Mtu:               1500       State Transitions:   14
 Connections:       0          Max Connections:     0
 Total Connections: 0          Total Reused Conns:  0
 Weight:            1          Load:                2 
The show service summary command displays a summary of all service currently configured. For example:
(config)# show service summary
Service Name     State Conn Weight Avg    Long    State
                                   Load   Load    Transitions
serv17            DOWN   0    1    254    254     1
serv18            ALIVE  0    0    254    0       5
NS6               ALIVE  0    0    254    0       3
SL3@192.16.10.25  ALIVE  0    1    212    254     1
To display configuration information for all services, enter:
# show service
To display information for a specific service, enter the show service command with the service name. For example:
# show service serv86
If you are in service mode, to display the configuration information for the current service, enter:
(config-service[serv86])# show service
Note The connection counters displayed with the show service command do not increment and remain at 0 for UDP flows. UDP is a connectionless protocol.

Table 5-4 describes the fields in the show service output.

Table 5-4 Field Descriptions for the show service Command

Field

Description

Name

The name of the service.

Index

The CSS assigned unique numeric index.

Type

The type for the service. If you do not define a type for the service, the default service type is local. The possible types are:

•nci-direct-return - A NAT Channel Indication (NCI) service for NAT peering.

•nci-info-only - The service is NAT Channel indication for information only.

•proxy-cache - The service is a proxy cache. This type bypasses content rules for requests from the cache.

•redirect - The service is not directly accessible and requires redirection.

•redundancy-up - The service is a redundant uplink.

•rep-cache-redir - The service is a replication cache with redirect.

•rep-store - The service is a replication store server for hot content.

•rep-store-redir - The service is a replication store to which content requests are redirected.

•transparent-cache - The service is a transparent cache. No content rules are applied to requests from the cache.

State

The state of the service. The State field displays reports the service as either Alive, Dying, Down, or Suspended. The Dying state reports that a service is failing according to the parameters configured in the following service mode commands: keepalive retryperiod, keepalive frequency, and keepalive maxfailure. When a service enters the Down state, the CSS does not forward any new connections to it (the service is removed from the load balancing rotation for the content rule). However, the CSS keeps all existing connections to the service (connections to that service are not "torn down").

Rule

The address, protocol, and port information for the service.

Redirect Domain

The domain name to be used when an HTTP redirect service generates an "object moved" message for the service.

Redirect String

The HTTP redirect string to be used when an HTTP redirect service generates an "object moved" message for the service.

Keepalive

The keepalive type, frequency, maxfailure, and retryperiod. The possible keepalive types are:

•ftp - The keepalive method that accesses an FTP server by logging into an FTP server as defined in an FTP record file.

•http - An HTTP index page request. By default, HTTP keepalives attempt to use persistent connections.

•icmp - An ICMP echo message (default)

•named - Global keepalive defined in keepalive configuration mode.

•none - Do not send keepalive messages to the service.

•script - Script keepalive to be used by the service. The script is played each time the keepalive is issued.

•tcp - TCP connection handshake request.

The keepalive frequency value is the time in seconds between sending keepalive messages to the service. The default is 5. The range is from 2 to 255. The keepalive maxfailure value is the number of times the service can fail to respond to a keepalive message before being considered down. The default is 3. The range is from 1 to 10. The keepalive retryperiod value is the time in seconds between sending retry messages to the service. The default is 5. The range is from 2 to 255.

Mtu

The size of the largest datagram that can be sent or received on the service.

State Transitions

The total number of state transitions on the service.

Connections

The current number of TCP connections on the service.

Max Connections

The configured maximum number of TCP connections on the service. The default is 0. The range is from 0 to 65535.

Total Connections

The total number of connections that have been mapped to the service.

Total Reused Conns

The total number of connections that were reused for multiple content requests during persistent connections.

Weight

The service weight used with load metrics to make load allocation decisions. The weight is used in ArrowPoint Content Awareness (ACA) and weighted roundrobin load balancing decisions. The default is 1. The range is from 1 to 10.

Load/Average Load

The current and average load for the service.

Where to Go Next

For information on creating and configuring owners, refer to Chapter 6, Configuring Owners.