-
CSS Content Load-Balancing Configuration Guide (Software Version 7.40)
-
Index
-
Preface
-
Content Load-Balancing Overview
-
Configuring Flow and Port Mapping Parameters
-
Configuring Services
-
Configuring Service, Global, and Script Keepalives
-
Configuring Source Groups for Services
-
Configuring Loads for Services
-
Configuring Dynamic Feedback Protocol for Server Load Balancing
-
Configuring Owners
-
Configuring Content Rules
-
Configuring Sticky Parameters for Content Rules
-
Configuring HTTP Header Load Balancing
-
Configuring Caching
-
Configuring Content Replication
-
Table Of Contents
Matching Precedence for Layer 5 Rules
Content Rule Configuration Quick Start
Naming and Assigning a Content Rule to an Owner
Configuring a Virtual IP Address
Configuring a Domain Name Content Rule
Matching Content Rules to Multiple Domain Names
Configuring a Content Rule Using a Domain Name and a VIP Address
Using Wildcards in Domain Name Content Rules
General Guidelines for Domain Name Wildcards in Content Rules
Configuring Domain Qualifier Lists
Adding a DQL to a Content Rule
Removing a DQL from a Content Rule
Configuring Virtual Web Hosting
Adding Services to a Content Rule
Adding a Service to a Content Rule
Adding a Primary Sorry Server to a Content Rule
Adding a Secondary Sorry Server to a Content Rule
Adding a DNS Name to a Content Rule
Disabling DNS in a Content Rule
Removing a Service from a Content Rule
Configuring a DNS Balance Type
Configuring Extension Qualifier Lists
Specifying an EQL in a Uniform Resource Locator
Showing EQL Extensions and Descriptions
Configuring URL Qualifier Lists
Designating the Domain Name of URLs in a URQL
Adding a URQL to a Content Rule
URQL Configuration in a Startup-Config File
Specifying a Uniform Resource Locator
Specifying an Extension Qualifier List in a URL
Specifying the Number of Spanned Packets
Including Services in a CSS Ping Response Decision
Enabling TCP Flow Reset Reject
Configuring Persistence, Remapping, and Redirection
Configuring Content Rule Persistence
Configuring Bypass Persistence
Configuring HTTP Redirection and Service Remapping
Redirecting Requests for Content
Displaying the Persistence Settings
Specifying an Application Type
Configuring a Content Rule for FTP Connections
Enabling Content Requests to Bypass Transparent Caches
Clearing Counters in a Content Rule
Clearing Counters for Content Rules
Clearing Service Statistics Counters in a Content Rule
Configuring Content Rules
This chapter describes how to create and configure content rules. Information in this chapter applies to all CSS models except where noted.
This chapter contains the following major sections:
•
Naming and Assigning a Content Rule to an Owner
•
•
•
•
•
•
•
•
•
•
•
•
•
•
For information on how service, owners and content rules work together, see Chapter 1, Content Load-Balancing Overview.
Content Rule Overview
The CSS uses content rules to determine:
•
•
•
The type of rule also implies the layer at which the rule functions.
•
•
•
Content Rule Hierarchy
Content rules are hierarchical. That is, if a request for content matches more than one rule, the characteristics of the most specific rule apply to the flow. The CSS uses this order of precedence to process requests for the content, with 1 being the highest match and 9 being the lowest match. The hierarchy for content rules is as follows:
1.
2.
3.
4.
5.
6.
7.
8.
9.
Matching Precedence for Layer 5 Rules
In a Layer 5 content rule, the CSS matches the URL after the CSS matches the IP address, protocol, and port. An HTTP header field group in a Layer 5 content rule enables a rule to be more specific than if the rule defined just a URL. For more information on configuring HTTP header field groups, refer to the Chapter 11, Configuring HTTP Header Load Balancing.
Because content rules are hierarchical, if a request for content matches more than one rule, the characteristics of the most specific rule apply to the flow. For a Layer 5 content rule, the CSS uses the following order of precedence to process requests for the content, with 1 being the highest match and 10 being the lowest match.
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
In the following example, the content rules ruleWap and ruleNoWap are identical except ruleWap includes a header field group.
•
•
Because content rule ruleWap includes a header field group, the CSS will try to match on it before trying to match on content rule ruleNoWap.
header-field-group wapheader-field 1 msisdn existowner arrowpointcontent ruleWapvip address 192.168.128.151protocol tcpport 80url "/*"add service server1add service server2header-field-rule wapactivecontent ruleNoWapvip address 192.168.128.151protocol tcpport 80url "/*"add service server21add service server22activeContent Rule Configuration Quick Start
Table 9-1 provides a quick overview of the steps required to create and configure a Layer 3 content rule. Each step includes the CLI command required to complete the task. For a complete description of each feature and all the content rule configuration options, see the sections following Table 9-1.
Ensure that you have already created and configured a service and owner for the content rules. The command examples in Table 9-1 create a Layer 3 content rule for owner arrowpoint.
The following running-configuration example shows the results of entering the commands in Table 9-1.
!*************************** OWNER ***************************owner arrowpointaddress "200 Beaver Brook Road, Boxborough, MA 01719"content rule1add service server1vip address 192.168.3.6balance acaadd service serv2protocol tcpport 80url "//www.arrowpoint.com/"Naming and Assigning a Content Rule to an Owner
By assigning content rules to an owner, you can manage access to the content. Assign content rules to an owner by creating the content rule in the mode for that owner. The CSS identifies content rules by the names you assign.
To name a content rule and assign it to an owner, use the content command. Enter a content rule name from 1 to 31 characters.
The following example assigns:
•
•
(config-owner[arrowpoint])# content rule1Once you assign a content rule to an owner, the CLI prompt changes to reflect the specific owner and content rule mode.
(config-owner-content[arrowpoint-rule1])#Within owner and content mode, you can configure how the CSS will handle requests for the content. To remove an existing content rule from an owner, use the no content command from owner mode. For example, enter:
(config-owner[arrowpoint])# no content rule1Configuring a Virtual IP Address
A VIP address is an address that an Internet Domain Name System (DNS) provides when asked to resolve a domain name. For example, a DNS server may translate www.arrowpoint.com to the VIP address 192.217.4.15. Internet service providers (ISPs) generally assign VIP addresses. ISPs request VIP addresses from the Internet Assigned Numbers Authority (IANA).
Assigning a VIP address to owner content enables the CSS to translate (using Network Address Translation (NAT)) the VIP address to the IP address of the service where the content resides.
Note
To enable the CSS to translate an owner's Internet IP address to the IP address of the service where the content resides, configure a VIP address to the owner content. By translating a VIP address to the service IP address, the CSS enhances network security because it prevents users from accessing your private network IP addresses.
Caution
Note
Note
The variables and options for the vip address command include:
•
•
Note
To configure a VIP address, issue the vip address command and specify either an IP address or a host name. For example, enter:
(config-owner-content[arrowpoint-rule1])# vip address 192.168.3.6
Note
To configure a VIP address with a range of 10, use the vip address command with the range option. For example, enter:
(config-owner-content[arrowpoint-rule1])# vip address 192.168.3.6 range 10When using the vip address range command, use IP addresses that are within the subnet you are using. The CSS does not use the ARP for IP addresses that are not on the circuit subnet. For example, if you configure the circuit for 10.10.10.1/24 and configure the VIP address range as 10.10.10.2 range 400, the CSS will not use the ARP for any IP addresses beyond 10.10.10.254. Using the same example with a VIP address range of 200, the CSS will use the ARP for all IP addresses in the range. To remove a VIP address from a content rule, enter:
(config-owner-content[arrowpoint-rule1])# no vip addressFigure 9-1 shows an example of configuring a VIP address. In this example, a user requests content from arrowpoint. The content physically resides on the server with IP address 10.3.6.1. By configuring VIP address 158.37.6.0 to the content, the CSS translates the VIP address to the server IP address where the content actually resides without exposing internal IP addresses.
Figure 9-1 Example of Configuring a Virtual IP Address
Configuring a Domain Name Content Rule
The CSS allows you to use a domain name in place of, or in conjunction with, a VIP address in a content rule. Using a domain name in a content rule enables you to:
•
•
Note
To configure a domain name in a content rule, use the url command and place two slash characters (//) at the front of the quoted url_name or url_path.
For example, enter:
(config-owner-content[arrowpoint-rule1])# url "//www.arrowpoint.com/*"Normally, port 80 traffic does not use a port number in the domain name. To specify a port other than port 80, enter the domain name with the port number exactly. Separate the domain name and the port number with a colon. For example, enter:
(config-owner-content[arrowpoint-rule1])# url "//www.arrowpoint.com:8080/*"Use domain name rules rather than VIP rules when you have several transparent caches and you want certain domains to use the most powerful cache server. You want all other domains load balanced among the remaining cache servers. For this configuration, set up a domain name rule for the specific domains you want directed to the powerful cache server. Then configure a wildcard VIP rule (specify port 80 and no VIP address) to balance all other HTTP traffic among the remaining caches.
You may use a single VIP address in front of a server that is hosting many domain names. Over time, some of the domain names may receive more traffic and could benefit from having their content on a separate server. To segregate the traffic, configure the domain names you want directed to specific services. You do not need to configure additional VIP addresses for the domain names because the CSS will use the domain names as the matching criteria in the content rules.
Matching Content Rules to Multiple Domain Names
When you have a requirement for a content rule to match multiple domain names, you can associate a Domain Qualifier List (DQL) to the rule. A DQL is a list of domain names that you configure. You can use a DQL on a rule to specify that content requests for each domain in the list will match the rule.
You can determine the order that the domain names are listed in the DQL. You can arrange the names in a DQL by assigning an index number as you add the name to the list.
DQLs exist independently of any range mapping. You can use them as matching criteria to balance across servers that do not have IP addresses or port ranges. If you want to use range mapping when using a service range, you need to consider the index of any domain name in the DQL.
Note
If you are not using service ranges with DQLs, you do not need to configure any index; the default index is 1.
For example, you could configure a DQL named Woodworker.
(config)# dql WoodworkerThe domain names you could add as part of the DQL include www.wood.com, www.woodworker.com, www.maple.com, www.oak.com. You could configure www.wood.com and www.woodworker.com to have the same mapping index. You can enter indexes from 1 to 1000 and provide an optional quoted description for each index.
For example, enter:
(config-dql[Woodworker]# domain www.wood.com index 1 "This is the same as the woodworker domain"(config-dql[Woodworker]# domain www.woodworker.com index 1(config-dql[Woodworker]# domain www.maple.com index 2(config-dql[Woodworker]# domain www.oak.com index 3If you specify a DQL as a matching criteria for content rule WoodSites, and there are two services, S1 and S2, associated with the rule, the CSS checks the services at mapping time for ranges. To add a DQL to a content rule, use the url command as shown:
(config-owner-content[WoodSites])# url "/*" dql WoodworkerFor example, if the CSS receives a request for www.oak.com along with other criteria, a match on the WoodSites rule occurs on DQL index 3. If the rule has the roundrobin load-balancing method, the CSS examines a service (S2 for this example) to determine the back-end connection mapping parameters. If you configured S2 with a VIP address of 10.0.0.1 with a range of 5, the addresses include 10.0.0.1 through 10.0.0.5. Because this service has a range of addresses and 0 (any) as its port, the DQL index of 3 matches the service VIP address range index of 3, which is address 10.0.0.3.
To delete a DQL, use the no dql command. For example, enter:
(config)# no dql Woodworker
Note
For a complete description of DQLs, see the "Configuring Domain Qualifier Lists" section.
Configuring a Content Rule Using a Domain Name and a VIP Address
Use a domain name and a VIP address in a content rule when you want the CSS to match content requests going to a specific domain at a specific VIP address. If the CSS is serving more than one VIP address at the domain name, configure two domain name content rules and specify the different VIP addresses.
This configuration is shown in the following sample running-config. Note that because the IP addresses in the example are contiguous, you could use the vip address range command to specify a VIP address range of 2.
For example:
content domainRule1vip address 192.168.1.1protocol tcpport 80url "//domain.com/*"add service Serv1activatecontent domainRule2vip address 192.168.1.2protocol tcpport 80url "//domain.com/*"add service Serv1activateIf your network topology does not require that the CSS use an ARP reply for VIP addresses, you do not need to configure separate content rules for the domain name and VIP address. In this situation, a domain name content rule without a VIP address is sufficient because it will match all content requests going to the domain regardless of the VIP address. For example:
content domainRule3protocol tcpport 80url "//domain.com/*"add service Serv1activeAn example of a topology where an ARP reply is not required is when an upstream router has the CSS statically configured as the next-hop router for the VIP addresses.
Using Wildcards in Domain Name Content Rules
You can use wildcards in domain names as part of the matching criteria for a content rule. Domain name wildcards work within the content rule hierarchy. That is, if a request for content matches more than one rule (including a wildcard domain name), the characteristics of the most specific rule determine how the CSS sets up the flow.
Note
For example, the following content rule criteria have the highest precedence because, as a set, they provide the greatest specificity in matching content:
Domain name, IP address, protocol, port, URL
If you want to create a content rule using all these criteria, such as the configuration shown below, then the content rule matches only the JPEG files that are found in the domain whose name starts with "arr," as well as the other criteria, including VIP address, protocol, and port number.
(config-owner-content[arrowpoint-rule1])# vip address 192.168.3.6(config-owner-content[arrowpoint-rule1])# protocol tcp(config-owner-content[arrowpoint-rule1])# port 80(config-owner-content[arrowpoint-rule1])# url "//arr*.com/*.jpg"When the CSS encounters a content rule with a wildcard domain name and matches according to the content rule hierarchy, it stops the search at that point. This behavior is consistent with the way that the CSS manages content rules in general.
For example, if the content request matches the rule with VIP address 192.168.3.6 and URL /*, the CSS does not continue the search to match a second rule with a wildcard VIP address (no address specified) and a URL of /*.jpg. The specific address match makes the first rule more specific than the second rule.
To further clarify, if the match occurs on a rule with //arrowpoint*.com/*, the search stops at that point and does not continue to match a rule with //arr*.com/*.gif, because the first rule is a more specific match. Also note that a fully specified domain name rule (arrowpoint.com) is more specific than a wildcard domain name rule (arr*.com).
For example, to have the content rule match on all instances of the text string "arr" in the domain name portion of the content rule, enter:
(config-owner-content[arrowpoint-rule1])# url "//arr*.com/*"General Guidelines for Domain Name Wildcards in Content Rules
A domain name is made up of text strings called "words" and word separators called "dots" (.). The CSS parses the domain name from right word to left word. The CSS allows wildcards to be used as part of the domain name in one word or more than one word, but the wildcard cannot start the word.
For example, the CSS supports the following domain names:
•
•
•
•
Notice that the wildcard character either appears by itself as a domain word or appears to the right of any characters that start a domain word. However, a wildcard character cannot start a domain name word.
For example, the CSS does not support the following domain names:
•
•
•
Note
Configuring Domain Qualifier Lists
When you have a requirement for a content rule to match on multiple domain names, you can associate a domain qualifier list (DQL) to the rule. A DQL is a list of domain names that you configure and assign to a content rule, instead of creating a content rule for each domain. Assigning multiple domain names to a DQL enables you to have many domain names match one content rule.
You can use a DQL on a rule to specify that content requests for each domain in the list will match the rule. You can determine the order in which the domain names are listed in the DQL. You can arrange the names in a DQL by assigning an index number as you add the name to the list.
Note
DQLs exist independently of any range mapping. You can use them as a matching criteria to balance across servers that do not have VIP or port ranges. If you want to use range mapping when using range services, you need to consider the index of any domain name in the DQL. If you are not using service ranges with DQLs, you do not need to configure any index; the default index is 1.
For example, you could configure a DQL named Woodworker.
(config)# dql WoodworkerThe domain names you could add as part of the DQL include www.wood.com, www.woodworker.com, www.maple.com, www.oak.com. You could configure www.wood.com and www.woodworker.com to have the same mapping index. You can enter indexes from 1 to 1000 and provide an optional quoted description for each index.
For example, enter:
(config-dql[Woodworker]# domain www.wood.com index 1 "This is the same as the woodworker domain"(config-dql[Woodworker]# domain www.woodworker.com index 1(config-dql[Woodworker]# domain www.maple.com index 2(config-dql[Woodworker]# domain www.oak.com index 3If you specify a DQL as a matching criteria for content rule WoodSites, and there are two services, S1 and S2, associated with the rule, the CSS checks the services at mapping time for ranges. To add a DQL to a content rule, use the url command as shown:
(config-owner-content[WoodSites])# url "/*" dql WoodworkerFor example, if the CSS receives a request for www.oak.com along with other criteria, a match on the WoodSites rule occurs on DQL index 3. If the rule has the roundrobin balance method configured, the CSS examines a service (S2 for this example) to determine the backend connection mapping parameters. If you configured S2 with a VIP address of 10.0.0.1 with a range of 5, the addresses include 10.0.0.1 through 10.0.0.5. Because this service has a range of address and any as its port, the DQL index of 3 matches the service VIP range index of 3, which is address 10.0.0.3.
To access DQL configuration mode, use the dql command from any configuration mode except boot, group, RMON alarm, RMON event, and RMON history configuration modes. The prompt changes to (config-dql [name]). You can also use this command from DQL mode to access an existing DQL.
See the following sections to configure a DQL:
•
•
Creating a DQL
To create a new DQL, enter the name of the DQL you want to create as an unquoted text string with no spaces and a maximum of 31 characters. To access an existing DQL, enter the DQL name. To display a list of existing DQL names, use the dql ? command.
For example, to configure a DQL:
(config)# dql pet_domains (config-dql[pet_domains])#Describing a DQL
Use the description command to provide a description for DQL. Enter the description as a quoted text string with a maximum of 63 characters, including spaces.
For example, enter:
(config-dql[pet_domains])# description "pet supplies"Adding a Domain to a DQL
Assigning multiple domain names to a DQL enables you to have many domain names match one content rule. Use the domain command to add a domain to the list of domains supported by a DQL. The syntax is:
domain name index number {"description"}
The variables and option are:
•
•
If a domain has more than one domain name, you can assign the same index number to its different names.•
Note
For example, enter:
(config-dql[pet_domains])# domain www.birds.com index 1 "idaho-based"(config-dql[pet_domains])# domain www.cats.com index 2 "worldwide"(config-dql[pet_domains])# domain www.horses.com index 3 "florida-based"Normally, port 80 traffic does not use a port number in the domain name. To specify a port other than port 80, enter the domain name with the port number exactly. Separate the domain name and the port number with a colon. For example, enter:
(config-dql[pet_domains])# domain www.dogs.com:8080 index 4To add or delete a domain name from a DQL that is assigned to a content rule, you must first suspend the content rule using the suspend command. You cannot make changes to a DQL currently in use by a content rule.
For example, to remove a domain from the example DQL, enter:
(config-dql[pet_domains])# no domain www.birds.comAdding a DQL to a Content Rule
Once you have configured a DQL, use the url command to add it to a content rule. You cannot use wildcards in DQL entries.
For example, enter:
(config-owner-content[pets.com-rule1])# url "/*" dql pet_domainsRemoving a DQL from a Content Rule
To remove a DQL that is assigned to a content rule, you must first suspend the content rule using the suspend command. You cannot remove a DQL currently in use by a content rule. Once the content rule is suspended, use the no dql command to remove the DQL from the content rule.
For example, enter:
(config) no dql pet_domainsShowing DQL Configurations
Use the show dql command to display all DQL configurations. To display a specific DQL, include the DQL name in the command line.
For example, enter:
(config-dql[pet_domains])# show dql pet_domainsTable 9-2 describes the fields in the show dql command output.
Configuring Virtual Web Hosting
Virtual Web hosting enables you to host a large number of Web sites on a small number of servers (typically 2 to 10 servers) that have mirrored content. Each server can virtually host multiple IP addresses, ports, or domain names, and may contain hundreds or thousands of Web sites. The servers determine which Web site is being requested based on IP address, port, or domain name.
Configure virtual Web hosting when using File Transfer Protocol (FTP) or UDP applications.
To use virtual Web hosting, configure:
•
•
•
•
You can configure the CSS to load balance the Web sites by configuring port ranges, VIP ranges, or DQLs. For more information on the service and content rule commands required, see Chapter 3, Configuring Services and this chapter.
For example, if the destination IP address of an inbound content request matches the second VIP in the range configured on a content rule, the CSS maps the flow to the second IP address or port in the range configured on the corresponding service. If an outbound flow originates from the third IP address or port in the range configured on a service, the CSS maps the flow to the third VIP in the range configured on a matching source group.
See Table 9-3 for the steps required to configure virtual Web hosting.
The following running-configuration example shows the results of entering the commands in Table 9-3.
!************************** SERVICE **************************service serv1ip address 10.3.6.1 range 200protocol tcpkeepalive type httpkeepalive method getkeepalive uri "/index.html"active!**************************** DQL ****************************dql pet_domainsdomain www.birds.com index 1 "idaho-based"domain www.cats.com index 2 "worldwide"domain www.horses.com index 3 "florida-based"!*************************** OWNER ***************************owner arrowpointcontent rule1vip address 192.168.3.6 range 10add service serv1protocol tcpport 80url "/*" dql pet_domainsactive!*************************** GROUP ***************************group group1vip address 192.168.5.7 range 10add service serv1activeAdding Services to a Content Rule
Adding a service to a content rule includes it in the resource pool that the CSS uses for load-balancing requests for content. The maximum number of services that you can add to a single content rule is 64. Note that a service may belong to multiple content rules.
To add an existing service to a content rule, use the add command. To see a list of services you can add to a content rule, use add service ? command.
Note
The add service command enables you to add the following types of services to a content rule:
•
•
•
For information on configuring service types, see the "Specifying a Service Type" section in Chapter 3, Configuring Services.
When you configure a Layer 3 or Layer 4 content rule, the rule matches the local services. If:
•
•
Redirect services and redirect content strings cannot be used with Layer 3 or Layer 4 rules because they use the HTTP protocol.
When you configure a Layer 5 content rule, the CSS directs content requests to local services. If:
•
•
•
Note
Note
Adding a Service to a Content Rule
Use the add service command to add a service to a content rule. The maximum number of services that you can add to a single content rule is 64.
For example, enter:
(config-owner-content[arrowpoint-rule1])# add service serv2Specifying a Service Weight
The CSS uses the weight for a service when you configure weighted roundrobin load balancing on the content rule. When you assign a higher weight to the service, the CSS redirects more requests to the service.
When you add a service to a content rule, you can assign a weight for the service using the add service service_name weight command or the change service service_name weight command as described as follows:
•
•
Both commands override the server-specific weight and apply only to the content rule to which you add the service.
To set the weight for a service, enter a number from 0 (graceful shutdown) to 10. The default is the weight configured for a service through the (config-service) weight command (see the "Configuring Weight and Graceful Shutdown" section in Chapter 3, Configuring Services). By default, all services have a weight of 1.
Note
If you want to perform a graceful shutdown of an overloaded service or take a service offline gracefully for maintenance, when you specify a weight of 0, no new connections, except the connections for existing sticky sessions, will be directed to the service. Over time, as existing sticky sessions complete, the load on the service begins to diminish. Changing the weight from 0 to a value between 1 and 10 causes the service to be brought back into rotation for all load-balancing methods.
For example, to specify a service weight of 3, enter:
(config-owner-content[arrowpoint-rule1]) add service serv2 weight 3For example, to specify a weight of 0 to gracefully shut down an active service, enter:
(config-owner-content[arrowpoint-rule1]) change service serv2 weight 0To restore the weight to the weight configured in service mode, enter:
(config-owner-content[arrowpoint-rule1]) no change service serv2Note the following guidelines for the add service service_name weight and the change service service_name weight commands when configuring the CSS for a graceful shutdown:
•
•
•
Adding a Primary Sorry Server to a Content Rule
The CSS directs content requests to the primary sorry server when all other services are unavailable. You can configure this service to contain content, or to provide a drop or redirect message. This service is not used in load balancing.
Note
Use the primarySorryServer command to configure the primary sorry service for a content rule. Enter the server name as a case-sensitive unquoted text string with no spaces.
Note
For example, enter:
(config-owner-content[arrowpoint-rule1])# primarySorryServer slowserverTo remove a primary sorry service, enter:
(config-owner-content[arrowpoint-rule1])# no primarySorryServerAdding a Secondary Sorry Server to a Content Rule
A secondary sorry service is a backup service the CSS uses when the primary sorry service is unavailable. You can configure this service to contain content, or to provide a drop or redirect message. This service is not used in load balancing.
Use the secondarySorryServer command to configure the secondary sorry service for a content rule. Enter the server name as a case-sensitive unquoted text string with no spaces.
Note
For example, enter:
(config-owner-content[arrowpoint-rule1])# secondarySorryServer slowestserverTo remove a secondary sorry service, enter:
(config-owner-content[arrowpoint-rule1])# no secondarySorryServerAdding a DNS Name to a Content Rule
To specify a DNS name that maps to a content rule, use the add dns command. The options for this command are:
•
•
Note
For example, enter:
(config-owner-content[arrowpoint-rule1])# add dns arrowpoint 120To remove a DNS name mapped to the content rule, enter:
(config-owner-content[arrowpoint-rule1])# remove dns arrowpoint
Note
Disabling DNS in a Content Rule
If the services related to a content rule are not available for DNS activities, the CSS informs other CSSs through an Application Peering Protocol (APP) session. However, the services remain active for other functions.
To disable DNS in a content rule, use the dns-disable-local command.
If you configure the dns-disable-local command on a content rule in a GSLB environment, the rule is active, and there is no DNS peer configured for the domain name, the CSS responds with SERVERFAIL to the server that requested the DNS resolution.
For example, to disable DNS for a specific content rule, enter:
(config-owner-content[arrowpoint-rule1])# dns-disable-localTo enable DNS in the content rule, use the no dns-disable-local command. For example, enter:
(config-owner-content[arrowpoint-rule1])# no dns-disable-localActivating a Content Rule
Activating content enables the CSS to provide access to the content. To activate content, use the active command in content mode to activate specific content.
Note
For example, enter:
(config-owner-content[arrowpoint-rule1])# activeSuspending a Content Rule
Suspending a content rule deactivates it. Suspending a content rule:
•
•
To suspend a content rule, use the suspend command in content mode. For example, enter:
(config-owner-content[arrowpoint-rule1])# suspendRemoving a Content Rule
To remove an existing content rule, use the no content command from owner mode. For example, enter:
(config-owner[arrowpoint])# no content rule1Removing a Service from a Content Rule
Removing a service removes it from the resource pool that the CSS uses for balancing the load of requests for content governed by a rule. When you remove a service, the remaining services are rebalanced.
To remove an existing service from a content rule, use the remove command from owner-content mode. For example, enter:
(config-owner-content[arrowpoint-rule1])# remove service serv1Configuring a Protocol
Specifying a protocol in a content rule enables the CSS to direct requests for content associated with the content rule to use a specific protocol. You may specify the following protocols for content:
•
•
•
If you specify Session Initiation Protocol (SIP) as the application type and you have not previously configured a protocol in the content rule, the CSS automatically enters the default SIP protocol of UDP in the running-configuration file. See the "Specifying an Application Type" section.
To configure the TCP protocol for content, enter:
(config-owner-content[arrowpoint-rule1])# protocol tcpTo reset the protocol to the default of any, enter:
(config-owner-content[arrowpoint-rule1])# no protocolConfiguring a Port
Specifying a port enables the CSS to associate a content rule with a specific TCP/UDP port number. Specify a port number ranging from 0 to 65535. The default is 0, which indicates any port.
If you specify SIP as the application type and you have not previously specified a port in the content rule, the CSS automatically enters the default SIP port number of 5060 in the running-configuration file. See the "Specifying an Application Type" section.
To configure a port for content, enter:
(config-owner-content[arrowpoint-rule1])# port 80To reset the port number to the default of 0 value, enter:
(config-owner-content[arrowpoint-rule1])# no portConfiguring Load Balancing
To specify the load-balancing algorithm for a content rule, use the balance command available in content configuration mode. The options are:
•
•
•
•
Note
•
We do not recommend that you use UDP content rules with the leastconn load-balancing algorithm. The service connection counters do not increment and remain at 0 because UDP is a connectionless protocol. Because the counters remain at 0, the CSS will give inconsistent results.
•
•
•
•
•
Note
For example, to specify weightedrr load balancing, enter:
(config-owner-content[arrowpoint-rule1])# balance weightedrrTo revert the balance type to the default of roundrobin, enter:
(config-owner-content[arrowpoint-rule1])# no balanceConfiguring a DNS Balance Type
To determine where to resolve a request for a domain name into an IP address, use the dnsbalance command. The syntax and options for this content mode command are:
•
•
•
•
For example, enter:
(config-owner-content[arrowpoint-rule1])# dnsbalance roundrobinTo restore the DNS balance type to the default setting of using the owner's method, enter:
(config-owner-content[arrowpoint-rule1])# no dnsbalanceConfiguring Hot Lists
The CSS enables you to configure hot-list attributes for content rules. Defining hot-list attributes for a content rule enables you to determine which content is heavily accessed. With this information, you can accurately determine which content should be replicated. Use the hotlist command to define a hot list that lists the content most requested (hot content) during a user-defined period of time.
Note
You can configure the following attributes for hot lists for specific content from config-owner-content mode:
•
(config-owner-content[arrowpoint-rule1])# hotlistTo disable a hot list, enter:
(config-owner-content[arrowpoint-rule1])# no hotlist•
(config-owner-content[arrowpoint-rule1])# hotlist interval 10To restore the hot-list interval to the default of 1, enter:
(config-owner-content[arrowpoint-rule1])# no hotlist interval•
(config-owner-content[arrowpoint-rule1])# hotlist size 10To restore the hot-list size to the default of 10, enter:
(config-owner-content[arrowpoint-rule1])# no hotlist size•
(config-owner-content[arrowpoint-rule1])# hotlist threshold 9To restore the hot-list threshold default of 0, enter:
(config-owner-content[arrowpoint-rule1])# no hotlist threshold•
(config-owner-content[arrowpoint-rule1])# hotlist type hitcountTo restore the hot-list type to the default setting hitcount, enter:
(config-owner-content[arrowpoint-rule1])# no hotlist typeTo display hot-list information, use the show domain hotlist command. Table 9-4 describes the fields in the show domain hotlist command output.
Configuring a Domain Hotlist
A domain hot list lists the most accessed domains on a CSS during a user-defined period of time. Use the domain command to enable the domain hot list and configure domain hot-list parameters. The syntax and options are:
•
•
•
•
To enable a domain hot list, enter:
(config)# domain hotlistTo disable the domain hot list, enter:
(config)# no domain hotlistTo display the domain hot list and its configuration, use the show domain hotlist command (see Table 9-4).
Configuring Extension Qualifier Lists
An extension qualifier list (EQL) is a collection of file extensions that enable you to match a content rule based on extensions. You activate an EQL by associating it as part of a URL in a Layer 5 content rule. Use the eql command to access EQL configuration mode and configure an extension qualifier list. Enter a name that identifies the extension list you want to create. Enter an unquoted text string with no spaces and a length of 1 to 31 characters.
For example, enter:
(config)# eql graphics (config-eql[graphics])#To remove an existing EQL, use the no eql command from config mode. For example, enter:
(config)# no eql graphicsOnce you create an EQL, you can configure the following attributes for it:
•
(config-eql[graphics])# description "This EQL specifies graphic file extensions"•
For example, enter:
(config-eql[graphics])# extension pcxOptionally, you may provide a description of the extension type. Enter a quoted text string with a maximum length of 64 characters. For example, enter:
(config-eql[graphics])# extension gif "This is a graphics file"To remove an extension from an EQL, use the no extension command. For example, enter:
(config-eql[graphics])# no extension gifSpecifying an EQL in a Uniform Resource Locator
Server selections are based on the URL specified in the owner content rule. To enable the CSS to access a service when a request for content matches the extensions contained in a previously defined EQL, specify the URL and EQL name for the content.
Specify a URL as a quoted text string with a maximum of 252 characters followed by eql and the EQL name. Each path defined within the 252 URL character string cannot exceed a maximum of 32 characters. A URL path includes all characters between the two slashes (//).
Note
For example, enter:
(config-owner-content[arrowpoint.com-products.html])# url "/*" eql graphicsThe following example enables the CSS to direct all requests to the correct service for content that matches:
•
•
(config-owner-content[arrowpoint.com-products.html])# url "/customers/products/*" eql graphicsTo display an EQL name and extensions configured for a content rule, use the show rule command. For details on the show rule command and its output, see Chapter 9, Configuring Content Rules.
Showing EQL Extensions and Descriptions
To display a list of existing EQLs names, use eql ? command.
For example, enter:
(config)# eql ?To display the extensions configured for a specific EQL including any descriptions, use the show eql command and the EQL name. For example, enter:
(config)# show eql graphicsTable 9-5 describes the fields in the show eql command output.
Configuring URL Qualifier Lists
URQL configuration mode allows you to configure a Uniform Resource Locator qualifier list (URQL). A URQL is a group of URLs for content that you associate with one or more content rules. The CSS uses this list to identify which requests to send to a service. For example, you want all streaming video requests to be handled by your powerful servers. Create a URQL that contains the URLs for the content, and then associate the URQL to a content rule. The CSS will direct all requests for the streaming video URLs to the powerful servers specified in the content rule. Creating a URQL to group the URLs saves you from having to create a separate content rule for each URL.
Note
See the following sections to configure a URQL:
•
•
•
URQL Quick Start
Use the quick-start procedure in Table 9-6 to configure a URQL. Each step includes the CLI command required to complete the task. For a complete description of each feature, see the sections following this procedure.
The following running-configuration example shows the results of entering the commands in Table 9-6.
!**************************** URQL ****************************urql videosdescription "cooking streaming video"url 10url 10 url "/cooking/cookies.avi"url 10 description "making cookies"domain "www.arrowpoint.com"!*************************** OWNER ***************************owner chefsbestaddress "200 Beaver Brook Road, Boxborough, MA 01719"content recipesvip address 192.1.1.100protocol tcpport 80url "urql videos"add service server1activeCreating a URQL
To access URQL configuration mode, use the urql command. The prompt changes to (config-urql [name]). You can also use this command from URQL mode to access another URQL.
Enter the URQL name you want to create or enter an existing URQL. Enter the name as an unquoted text string with no spaces and a maximum of 31 characters. When you create a URQL, it remains suspended until you activate it using the activate command in URQL mode. To display a list of existing URQL names, enter:
(config)# urql ?For example, enter:
(config)# urql videos (config-urql[videos)#To remove an existing URQL, enter the following command in global configuration mode:
(config) no urql videosOnce you create a URQL, configure the URLs you want to group in the URQL. The following section describes how to complete this task.
Configuring a URL in a URQL
Use the url command to include the URL for content requests you want as part of this URQL, and optionally provide a description. The following sections describe how to configure a URL in a URQL:
Note
Specifying the URL Entry
To specify a URL entry in a URQL, enter a URL number from 1 to 1000. For example, enter:
(config-urql[videos])# url 10To remove a URL entry from a URQL, use the no url command. For example, enter:
(config-urql[videos])# no url 10To specify additional URL entries in the URQL, reenter the url command. For example, enter:
(config-urql[videos])# url 20 (config-urql[videos])# url 30 (config-urql[videos])# url 40Defining the URL
To define a URL for the entry, use the url command. Enter the URL as a quoted text string with a maximum of 252 characters. Each path defined within the 252 URL character string cannot exceed a maximum of 32 characters. A URL path includes all characters between the two slashes (//). In addition, an extension after the "." character cannot exceed 7 characters.
The URL must match the URL GET request exactly. Wildcards, partial URL paths, and a trailing "/" character in the URL are not allowed in a URQL URL entry. For example, enter:
(config-urql[videos])# url 10 url "/cooking/cookies.avi"To remove a URL from an entry, use the no url number url command. Use this command to remove a previously assigned URL before you redefine the URL for an entry. For example, enter:
(config-urql[videos])# no url 10 urlTo define additional URL for the entries, reenter the url entry url command. For example, enter:
(config-urql[videos])# url 20 url "/cooking/fudge.avi" (config-urql[videos])# url 30 url "/cooking/pie.avi" (config-urql[videos])# url 40 url "/cooking/cake.avi"Describing the URL
You may optionally enter a description for the URL. Enter a quoted text string with a maximum of 64 characters. For example, enter:
(config-urql[videos])# url 10 description "making cookies"To remove a description about the URL, enter:
(config-urql[videos])# no url 10 descriptionDesignating the Domain Name of URLs in a URQL
Use the domain command to designate the domain name or IP address of the URLs to a URQL. Enter the domain name in mnemonic host-name format (for example, www.arrowpoint.com) from 1 to 63 characters. Enter the IP address as a valid address for the domain name (for example, 192.168.11.1).
Note
For example, enter:
(config-urql[videos])# domain "www.arrowpoint.com"or
(config-urql[videos])# domain "192.168.11.1"Adding a URQL to a Content Rule
Once you create and configure a URQL, use the url urql command to add it to a previously configured content rule. You can assign only one URQL per rule. Also, a content rule may contain either a URL or a URQL. To see a list of URQLs, use the urql ? command.
Note
For example, enter:
(config-owner-content[chefsbest-recipes])# url urql videosTo remove a URQL from a content rule, enter:
(config-owner-content[chefsbest-recipes])# no url urqlTo display a URL for a content rule, use the show rule command for the content rule. For details on the show rule command and its output, see Chapter 9, Configuring Content Rules.
Describing the URQL
Use the description command to provide a description for a URQL. Enter the description an a quoted text string with a maximum of 64 characters.
For example, enter:
(config-urql[videos])# description "cooking streaming video"To clear a description for the URQL, enter:
(config-urql[videos])# no descriptionActivating a URQL
Use the active command to activate a suspended URQL. When you create a URQL, it is suspended until you use the active command to activate it.
Note
For example, enter:
(config-urql[videos])# activeSuspending a URQL
Use the suspend command to deactivate a URQL on all currently assigned content rules. For example, enter:
(config-urql[videos])# suspendTo reactivate the URQL, use the (config-urql) active command.
URQL Configuration in a Startup-Config File
The following example shows a URQL configuration in a startup-config file.
!**************************** URQL **************************urql excellence1 url 10 url 30 url 30 url "/arrowpoint.gif" domain "192.168.128.109" url 10 url "/"urql excellence2 url 10 url 10 url "/poweredby.gif" domain "192.168.128.109"Showing URQLs
To display a list of URQLs, enter:
(config)# urql ?To display all configured URQLs, enter:
(config)# show urqlTo display a specific URQL, enter:
(config)# show urql videosTable 9-7 describes the fields in the show urql command output.
Table 9-8 describes the additional fields when you display a specified URQL.
Specifying a Uniform Resource Locator
To specify the Uniform Resource Locator (URL) for content and enable the CSS to access a remote service when a request for content matches the rule, use the url command. Enter the URL as a quoted text string with a maximum length of 252 characters. Each path defined within the 252 URL character string cannot exceed a maximum of 32 characters. A URL path includes all characters between the double slash (//) at the beginning of the host name and the single slash (/) at the end of the host name. In addition, an extension after the period character (.) cannot exceed 7 characters.
Note
Before you can change the URL for a content rule, you must remove the current URL first using the no url command.
The syntax and options for the url content mode command are:
•
To specify a domain name, place two slashes (//) at the beginning of the URL. For example, "//www.arrowpoint.com/*" allows the rule to match on HTTP traffic that contains the www.arrowpoint.com domain name in the HTTP host tag.
Normally, port 80 traffic does not use a port number in the domain name. To specify a port other than port 80, enter the domain name with the port number exactly. Separate the domain name and the port number with a colon. For example, enter:
(config-owner-content[arrowpoint-rule1])# url "//www.arrowpoint.com:8080/*"To use stickiness based on Secure Sockets Layer (SSL) session ID, set the URL, set the port to 443 with the (config-owner-content) port command and enable stickiness with the (config-owner-content) advanced-balance ssl command. Then specify an SSL application type.
You can specify certain wildcard operations for wildcard matching. Use an asterisk (*) to specify a wildcard match. You can specify a maximum of eight directories. Each directory name can be a maximum of 32 characters with a total maximum of 252 characters in the URL. You can specify only one wildcard per URL.
Examples of supported wildcards are:
•
•
•
•
•
–
–
For example, "/announcements/new/*".
The eql_name is the name of the EQL. To see a list of EQLs, use the eql ? command.
•
The url_path variable is the path to any content file that has its domain defined in a DQL. Enter a quoted text string. You must place:
–
–
The dql_name variable is the name of the DQL. To see a list of DQLs, use the dql ? command.
•
The urql_name variable is the name of the URQL. You can assign only one URQL per rule. To see a list of URQLs, enter the urql ? command.
Note
For example, to specify a URL that matches all requests for content in the announcements directory with .html extensions, enter:
(config-owner-content[arrowpoint-products.html])# url "/announcements/*.html"To remove a URL, enter:
(config-owner-content[arrowpoint-products.html])# no urlTo remove a URQL from a URL, enter:
(config-owner-content[arrowpoint-products.html])# no url urqlTo display a URL for a content rule, use the show rule command for the content rule.
Specifying an Extension Qualifier List in a URL
Server selections are based on the URL specified in the owner content rule. To enable the CSS to access a service when a request for content matches the extensions contained in a previously defined EQL, specify the URL and EQL name for the content. For information on creating an EQL, see the "Configuring Extension Qualifier Lists" section.
Specify a URL as a quoted text string with a maximum of 252 characters followed by eql and the EQL name. Each path defined within the 252 URL character string cannot exceed a maximum of 32 characters. A URL path includes all characters between the two slashes (//).
Note
For example, enter:
(config-owner-content[arrowpoint-products.html])# url "/*" eql graphicsThe following example enables the CSS to direct all requests to the correct service for content that matches:
•
•
(config-owner-content[arrowpoint-products.html])# url "/customers/products/*" eql graphicsTo display a content rule EQL, use the show rule command.
Specifying the Number of Spanned Packets
In some environments, URLs, cookie strings, or HTTP header information can span multiple packets. In these environments, the CSS can parse up to 20 packets for Layer 5 information before making a load-balancing decision. By default, the CSS parses six packets.
The CSS makes the load-balancing decision as soon as it finds a match, and it does not require parsing of all the spanned packets. Because parsing multiple packets does impose a longer delay in connection, performance can be impacted by longer strings that span mulitple packets.
Use the spanning-packets command to configure the number of packets spanned for the search of the HTTP header termination string. To change the number of packets, enter a number from 1 to 20. The default value is 6. For example, to configure the number of packets spanned to 10, enter:
(config)# spanning-packets 10To reset the number of packets spanned to the default value of 6, enter:
(config)# no spanning-packetsSpecifying a Load Threshold
When the service load metric exceeds this threshold, the local service becomes unavailable and is redirected to remote services. To define a remote service, use the service mode type redirect command (see the "Specifying a Service Type" section in Chapter 3, Configuring Services).
Use the load-threshold command to set the normalized load threshold for the availability of each local service on a content rule. Enter the load threshold as an integer from 2 to 254. The default is 254, which is the maximum threshold a service can reach before becoming unavailable. To view the load on services, use show service. For example, enter:
(config-owner-content[arrowpoint-rule1])# load-threshold 100To reset the load threshold to its default value of 254, enter:
(config-owner-content[arrowpoint-rule1])# no load-thresholdIncluding Services in a CSS Ping Response Decision
By default, a CSS responds to a ping request to a Virtual IP (VIP) address configured on a content rule if any of the local services on the content rule are alive. To include remote services, for example services of type redirect, in the decision to respond to a ping request to the VIP address, use the vip-ping-response local-remote command. For example, enter:
(config-owner-content[arrowpoint-rule1])# vip-ping-response local-remoteTo reset the CSS to its default behavior of including only local services in the ping response decision, enter:
(config-owner-content[arrowpoint-rule1])# vip-ping-response localEnabling TCP Flow Reset Reject
By default, the CSS disables the sending of the TCP RST frame to the client when a flow for requested content is mapped to a destination IP address that is no longer reachable. Use the flow-reset-reject command to enable the CSS flow manager subsystem to send a TCP RST (reset) frame. The flow-reset-reject command prevents a CSS client from hanging up and retransmitting when the request can never be serviced. In addition, for UDP flows, the command allows the CSS to purge the flow cache of the UDP flow so that another request gets remapped to a different IP address, if necessary, without attempting to use the previously mapped IP address. The flow-reset-reject command is applied on a per-content rule basis.
To enable the CSS to send a TCP RST frame, enter:
(config-owner-content[rule1])# flow-reset-rejectTo reset the CSS back to the default state of not sending a TCP RST frame, enter:
(config-owner-content[rule1])# no flow-reset-rejectConfiguring Persistence, Remapping, and Redirection
During the life of a persistent connection, a CSS must determine when it needs to move a client connection to a new service based on content rules, load balancing, and service availability. In some situations, moving the client connection is not necessary; in other situations, it is mandatory. This section describes how to configure the CSS to make these decisions using:
•
•
•
•
Configuring Content Rule Persistence
When a CSS receives a request for content from a client, the software checks if the request matches a content rule to determine the best service to handle the request. If the request matches a content rule, the CSS establishes a client connection to the best service specified by the content rule. By default, the CSS keeps the client on the same connection for an entire flow session as long as a new content request:
•
•
This CSS behavior is known as content rule persistence. If you are using transparent caches (which prefetch content) or mirrored-content servers, this scheme works well because the same content is available on each service.
Use the persistent command in content configuration mode to maintain a persistent connection with a server as long as the above criteria are met. By default, persistence is enabled. Disabling persistence allows the CSS to move a connection to a better service on the same rule or to use cache bypass functionality (EQLs or failover bypass).
For example, enter:
(config-owner-content[arrowpoint-rule1])# persistentUse the no persistent command on a content rule with:
•
•
•
•
•
Note
To disable persistence:
(config-owner-content[arrowpoint-rule1])# no persistent
Note
Configuring Bypass Persistence
If a CSS bypasses a service (for example, a transparent cache is down and failover bypass is configured) and the next content request on the same TCP connection matches a content rule that contains the transparent cache that was down, the CSS will continue to bypass the cache, by default, even after the bypassed cache is back online. In this case, the CSS typically sends the content request to the origin server. This behavior is called bypass persistence.
You can configure the CSS to redirect or remap a bypassed connection using the bypass persistence global config command in conjunction with the persistence reset command.
Use the bypass persistence command to determine when the CSS performs either a remapping or redirection operation to reset a bypassed service when a content request matches on a content rule, but a previous request caused the bypass. This global command affects all flows. By default, bypass persistence is enabled.
For example, enter:
(config)# bypass persistence disableThe CSS uses remapping or redirection to reset the connection according to the setting of the persistence reset method.
(config)# bypass persistence enableThe CSS does not use remapping or redirection to reset the connection and continues to bypass a service.
Configuring HTTP Redirection and Service Remapping
If you need to place different content on different servers (for example, to conserve server disk space, for load-balancing considerations, or when using proxy caches), content rule persistence is not useful. In this case, you can disable persistence by using the no persistent command, described in the "Configuring Content Rule Persistence" section earlier in this chapter.
When the CSS receives a request for content that is not available on the current service, it must reset the current connection to the service and establish a new connection to another service (for example, a different proxy cache or the origin server) that contains the requested content. You can accomplish this in either of the following ways:
•
•
Note
Use the persistence reset global configuration mode command with the no persistent content rule command to cause an HTTP redirection or perform a back-end remapping operation when resetting a connection to a new back-end service. The global persistence reset command affects all flow setups that require redirection or remapping.
For example, to enable redirection:
(config)# persistence reset redirectFor example, to enable service remapping:
(config)# persistence reset remap
Note
If your topology consists of a CSS 11800 using ECMP to the servers and server port NAT configured on the services, to ensure the correct processing of packets either:
•
•
Note
Redirecting Requests for Content
Use the redirect command to set HTTP status code 302 (object moved) for a content rule and specify the alternate location of the content governed by a rule. Use this command to:
•
•
Note
Do not configure a service for a redirect-only content rule.For example, enter:
(config-owner-content[arrowpoint-rule1])# redirect "//www.arrowpoint.com/newlocation.html"To delete the redirect URL, enter:
(config-owner-content[arrowpoint-rule1])# no redirectDisplaying the Persistence Settings
Use the show remap command to display the configured persistence reset and bypass persistence settings. This command is available in all modes except RMON, URQL, and VLAN configuration modes.
Table 9-9 describes the fields in the show remap command output.
Defining Failover
Note
To define how the CSS handles content requests when a service fails or is suspended, use the failover command. For the CSS to use this setting, ensure that you configure a keepalive for each service; that is, do not set the keepalive type to none (the keepalive default is ICMP). The CSS uses the keepalive settings to monitor the services to determine server health and availability.
The failover command applies to the following caching load-balancing types:
•
•
•
•
•
•
Note
This command supports the following options:
•
•
•
For example, enter:
(config-owner-content[arrowpoint-rule1])# failover bypassTo restore the default setting of failover linear, enter:
(config-owner-content[arrowpoint-rule1])# no failoverFigure 9-2 shows three cache services configured for failover next. If ServerB fails, the CSS sends ServerB content requests to ServerC, which was configured after ServerB in the content rule.
Figure 9-2 ServerB Configured for Failover Next
As shown in Figure 9-3, if ServerC fails, the CSS sends ServerC content requests to ServerA because no other services were configured after ServerC.
Figure 9-3 ServerC Configured for Failover Next
Figure 9-4 shows three cache services configured for failover linear. If you suspend ServerB or if it fails, the CSS does not rebalance the services. It evenly distribute ServerB cache workload between servers A and C.
Note that Figure 9-4 and Figure 9-5 use the alphabet to illustrate division balance.
Figure 9-4 Suspended or Failed Service Configured for Failover Linear
Figure 9-5 also shows three cache services configured for failover linear, but in this example, you remove ServerB using the remove service command from owner-content mode. Because the CSS does not apply the failover setting when you remove a service, it rebalances the remaining services.
Figure 9-5 Removing a Service Configured for Failover Linear
Specifying an Application Type
The application type enables the CSS to correctly interpret the data stream to match and parse the content rule. If you do not specify an application type, the CSS rejects the data stream packets. Always define an application type for nonstandard ports. To specify the application type associated with a content rule, use the application command.
When configuring Layer 5 content rules for an application other than HTTP, use the appropriate application type to enable the Layer 5 rule to function.
A Layer 5 content rule supports the HTTP CONNECT, GET, HEAD, POST, PUSH, and PUT methods. In addition, the CSS recognizes and forwards the following HTTP methods directly to the destination server in a transparent caching environment but does not load balance them: RFC 2068 - OPTIONS, TRACE and RFC 2518 - PROPFIND, PROPPATCH, MKCOL, MOVE, LOCK, UNLOCK, COPY, DELETE.
The application command enables you to specify the following application types:
•
•
•
•
•
•
Note
Always configure the ssl application type with the ssl advanced load-balancing method. It is important that you configure both the application command and advanced-balance command together to ensure that the CSS properly interprets the SSL session ID and sticks the client to a server based on the ID. For details, see the "Specifying an Advanced Load-Balancing Method for Sticky Content" section in Chapter 10, Configuring Sticky Parameters for Content Rules.
To remove an application type, enter:
(config-owner-content[arrowpoint-rule1])# no applicationConfiguring a Content Rule for FTP Connections
If clients are connecting through Port (active) mode FTP, you need to configure the content rule with application type ftp-control . This application type instructs the CSS to process only FTP requests coming into the specified port.
(config-owner-content[arrowpoint-rule1])# application ftp-controlThe following example shows the portion of a running-config for content rule ftp_rule. In this content rule, the CSS process FTP requests on port 21.
!************************** OWNER **************************owner arrowpointcontent ftp_rule vip address 192.168.3.6 protocol tcp port 21 application ftp-control add service serv1 add service serv2 add service serv3 activeYou must also configure a source group because the control channel is a new flow initiated by the server. Configure the source group with the same VIP address as the content rule. For more information on configuring a source group for FTP connections, see the "Configuring a Source Group for FTP Connections"section in Chapter 5, Configuring Source Groups for Services.
The CSS tears down the FTP control channel after 10 minutes of idle time. This teardown may occur during a file transfer if the transfer exceeds 10 minutes. The idle timeout applies only to active FTP; it does not apply to PASV FTP.
To configure the timeout to a value that can accommodate the expected duration of FTP file transfers, use the owner-content flow-timeout-multiplier command on the associated content rule. This command specifies a value that the CSS uses to derive the number of seconds for which an idle flow can exist before the CSS tears it down. The CSS multiplies the value you specify by 16 to calculate the flow timeout in seconds. Enter an integer for the number variable from 0 to 65533.
For example, to configure a flow timeout period of 16 minutes (960 seconds), enter:
(config-owner-content[cisco-rule1])# flow-timeout-multiplier 60Enabling Content Requests to Bypass Transparent Caches
The "#" and "?" terminators indicate that the content is dependent on the arguments that follow the terminators. Because the content returned by the server is dependent on the content request itself, the returned content is deemed not cacheable, and the content request is directed to the origin server.
Use the param-bypass command to enable content requests to bypass transparent caches when the CSS detects special terminators in the requests. This command contains the following options:
•
•
For example, to enable the param-bypass command, enter:
(config-owner-content[arrowpoint-rule1])# param-bypass enableShowing Content
The show content command enables you to display content entries in the Content Service Database (CSD) of the CSS. This command is available in all modes.
To display content from a specific module, and content entry location, in either the CSS 11503 or CSS 11506, specify the show content command as follows:
show content slot_number {start-index index_number}
The variables and options are:
•
•
Use the show content command with no options or variables to show all content entries in the Content Service Database for a CSS 11501, CSS 11503, or CSS 11506.
For example, to look at the content from the module in CSS 11503 chassis slot 2, starting at index 150, enter:
(config)# show content slot 2 start-index 150Table 9-10 describes the fields in the show content command output.
Note
Showing Content Rules
The show rule command displays content rule information for specific content rules or all content rules currently configured in the CSS. When using the show rule command in content configuration mode, the CSS displays only information for the current rule. You cannot enter the owner and content rule name for another content rule.
Use the following show rule commands from any User, SuperUser, global configuration, owner, and content mode:
Note
•
•
•
•
•
•
•
•
•
•
•
•
To display all content rule information, enter:
# show ruleTo display the summary for all content rules, enter:
# show rule-summaryTo display all rule attributes for an owner, enter:
# show rule owner content_rule all
Note
Table 9-11 describes the fields in the show rule command output.
Table 9-11 Field Descriptions for the show rule Command Output
Name
The name of the content rule.
Owner
The owner of the rule.
Author
The author (Local CSS or remote CSS peer) of the rule.
Index
A CSS assigned unique index for the rule. The number is based in the order that the rule was created.
State
The state of the rule (active or suspend).
Type
The application type associated with the rule. The possible values are:
•
•
•
•
•
L3
Destination IP address.
L4
Destination protocol and port.
URL
The URL for the content.
URQL
The name of the associated URL Qualifier list.
EQL
The name of the associated EQL.
DQL
The name of the associated DQL.
Header Field Group
The name of the associated header-field group.
Total Bytes
Total bytes to the content rule.
Total Frames
Total frames to the content rule.
Total Redirects
Total redirects by the content rule (when the redirect command is configured for a content rule). This field increments whenever a request for content is redirected to an alternate location.
Total Rejects
Total rejects by the content rule. This field increments when all services for a content rule are unavailable.
Overload Rejects
Total rejects on the content rule due to overload on the rule's available services.
Balance
The load-balancing algorithm for the content rule. The possible values are:
•
•
•
Balance (continued)
•
•
•
•
•
•
•
Advanced Balance
The advanced load-balancing method for the content rule, including stickiness. The possible values are:
•
•
•
•
•
Advanced Balance (continued)
•
•
•
Sticky Mask
The subnet mask used for stickiness. The default is 255.255.255.255.
Sticky Inactivity Timeout
The inactivity timeout period on a sticky connection for a content rule before the CSS removes the sticky entry from the sticky table. The range is from 0 to 65535 minutes. The default value is 0, which means this feature is disabled.
Sticky No Cookie Found Action
The action the CSS should take for a sticky cookie content rule when it cannot locate the cookie header or the specified cookie string in the client request. The possible values are:
•
•
•
•
Sticky Server Down Failover
The action that the CSS should take when a sticky string is found but the associated service has failed or is suspended. The possible values are:
•
•
•
•
•
ArrowPoint Cookie Path
The pathname where you want to send the ArrowPoint cookie. The default path of the cookie is "/".
ArrowPoint Cookie Expiration
The expiration time that the CSS compares with the time associated with the ArrowPoint cookie. If you do not set an expiration time, the cookie expires when the client exits the browser.
ArrowPoint Cookie CSS/Browser Expired
Indicates whether the arrowpoint-cookie browser-expire command is enabled to allow the browser to expire the ArrowPoint cookie based on the expiration time. If the command is enabled, the field displays "Browser" in place of "CSS." The default is "CSS."
ArrowPoint Cookie Service
Specifies whether the arrowpoint-cookie expire-services command is issued to expire service information when the cookie expires before sending a new cookie. By default, when the cookie expires, the CSS sends a new cookie with the server information from the expired cookie.
ArrowPoint Cookie Advanced
Specifies whether the advanced-balance arrowpoint-cookie command is issued to enable the content rule to stick the client to the server based on the unique service identifier of the selected server in the ArrowPoint-generated cookie.
ArrowPoint Cookie Format
Specifies the format of the ArrowpointCookie expiration time, whether the RFC 2822-compliant format is enabled or disabled. The arrowpoint-cookie rfc2822-compliant command configures the ArrowpointCookie expiration time syntax to be RFC 2822-compliant. This command causes the arrowpoint-cookie expiration time syntax to be only three-character days of the week (for example, "Tue" rather than "Tues") and to capitalize only the first character of the month (for example, "Jan" rather than "JAN").
String Match Criteria
The string criteria to derive string results and the method to choose a destination server for the result. The string result is a sticky string in the cookie header, URL, or URL extension based on a sticky type being configured. See the following fields.
String Range
The starting and ending byte positions within a cookie, URL, or URL extension from a client. By specifying the range of bytes, the CSS processes the information located only within the range.
•
•
String Prefix
The string prefix located in the sticky range. If you do not configure the string prefix, the string functions start from the beginning of the cookie, URL, or URL extension, depending on the sticky type. If the string prefix is configured but is not found in the specified sticky range, load balancing defaults to the roundrobin method. The default has no prefix ("").
String Eos-Char
The ASCII characters that are the delimiters for the sticky string.
String Ascii-Conversion
Indicates whether to enable or disable the ASCII conversion of escaped special characters within the specified sticky range before applying any processing to the string. By default, ACSII conversion is enabled.
String Skip-Len
The number of bytes to skip after the end of the prefix to find the string result. The default is 0. The range is from 0 to 64.
String Process-Len
The number of bytes, after the end of the prefix designated by the string prefix command and skipping the bytes designated by the string skip-length command, that the string operation will use. The range is from 0 to 64. The default is 0.
String Operation
The method to choose a destination server for a string result; derived from the settings of the string criteria commands. The possible values are:
•
•
•
•
Location-Cookie
The format (NAME=VALUE) of the location cookie string.
Location-Cookie Expiration
The expiration date and time of the location cookie. This value tells the client browser when the cookie will expire.
Cookie-Domain
A domain name for the location cookie. The cookie domain name allows your browser to send the cookie back to any site that ends with the domain name that you specify.
Redirect
Text used to build an HTTP 302 redirect message that is sent to the client when the rule is matched.
Persistence
Indicates whether or not a persistent connection with a server is maintained. By default, persistence is enabled.
Param-Bypass
Indicates whether or not content requests bypass transparent caches when the CSS detects special terminators in the requests. These "#" and "?" terminators indicate that the content is dependent on the arguments that follow the terminators. Bypass is disabled by default.
Session Redundancy
Indicates whether ASR is enabled or disabled on the rule. For details on ASR, refer to the Cisco Content Services Switch Redundancy Configuration Guide.
Redund Glb Index
The unique global index value for Adaptive Session Redundancy assigned to the content rule using the redundant-index command in owner-content configuration mode.
IP Redundancy
The state of IP redundancy if configured on the rule. Possible values are Master, Backup, or Down. If IP redundancy is not configured, the state is Not Redundant.
Flow Timeout Multiplier
Number of seconds that a flow remains idle before the CSS reclaims the flow resources, as configured with the flow-timeout-multiplier command. For details on the flow-timeout-multiplier command, see Chapter 2, Configuring Flow and Port Mapping Parameters.
Rule Services
Content rule services to configuration and statistic information, as follows:
Local Load Threshold
The normalized load threshold for the availability of each local service on the content rule. When the service load metric exceeds this threshold, the local service becomes unavailable and is redirected to the remote services. The range is from 2 through 254. The default is 254, which is the maximum load. A load of 255 indicates that the service is down.
PrimarySorryServer
The primary service to be used when all other services for the content rule are unavailable.
SecondSorryServer
The secondary service to be used when all other services for the content rule are unavailable.
Name
The names of the services.
Hits
The number of content accesses on the service.
Wgt
The weight for the service used when you configure ACA, weighted roundrobin, and DFP load-balancing on the content rule. With a higher weight, the CSS redirects more requests to the service. The letters preceding the weight numbers have the following meanings:
•
•
•
State
The state of the service.
Ld
The service load. The range is from 2 to 255; 255 indicates that the service is unavailable.
KAlive
The service keepalive type.
Conn
The number of connections currently mapped to the service.
DNS
The number of times that the CSS DNS resolver chose the service as the answer to a DNS client query.
DNS Names
Domain Name System names.
DNS TTL
The Time to Live value, in seconds, which determines how long the DNS client remembers the IP address response to the query.
DNS Balance
Where the CSS resolves a request for a domain name into an IP address. The possible values are:
•
•
•
•
Hotlist
Indicates whether or not hot list is enabled.
Size
The total number of hot-list entries that is maintained for the rule. The range is from 1 to 100. The default is 10.
Type
The hot-list type. Currently, the CSS supports only the hit count hot-list type, which is the default setting. Hit count is the number of times that the content is accessed.
Threshold
The hit count per interval threshold below which content is not considered hot. The range is from 0 to 65535. The default is 0.
Interval
The interval, in minutes, for refreshing the hot list. The range is from 1 to 60. The default is 1.
Associated ACLs
The ACLs associated with a content rule.
TCP RST Client If Service Unreachable
Whether or not the flow-reset-reject command is enabled to allow the CSS's flow manager subsystem to send a TCP RST (reset) frame when a flow is mapped to a service that is no longer reachable. By default, the flow-reset-reject command is disabled.
Clearing Counters in a Content Rule
The CSS allows you to clear counters:
•
•
Use the zero command and its options to clear the counters for content rules or services associated with content rules, and set the counters to zero.
This section contains:
•
•
Clearing Counters for Content Rules
To reset the counters for all content rules to zero, use the zero all command. The reset counter statistics appear as zero in the show summary display.
Note
For example, enter:
(config-owner-content[rule1])# zero allClearing Service Statistics Counters in a Content Rule
To clear a service statistics counter for all CSS services associated with a content rule, use the zero command. To clear a service statistics counter for a specific service in the content rule, use the zero command and identify the name of the service. In this case, only the counter for the specified service is set to zero.
The reset statistics appear as 0 in the show service display.
You can issue the following zero commands from content mode:
•
•
•
You can issue the following zero commands from content mode:
•
•
•
For example, to clear a counter for all services associated with the specified content rule, enter:
(config-owner-content[rule1])# zero total-connectionsFor example, to clear a counter for a specific service in a content rule, enter:
(config-owner-content[rule1])# zero total-connections service serv1Where to Go Next
Once you create content rules you can configure sticky parameters for the content rules. For information on configuring sticky parameters, see Chapter 10, Configuring Sticky Parameters for Content Rules.
