CSS Redundancy Configuration Guide (Software Versions 8.10 and 8.20)
Configuring Adaptive Session Redundancy
Download this chapter
Configuring Adaptive Session RedundancyConfiguring Adaptive Session Redundancy
Download the complete book
Cisco Content Services Switch Redundancy Configuration Guide (Software Versions 8.10 and 8.20), Book-Length PDFCisco Content Services Switch Redundancy Configuration Guide (Software Versions 8.10 and 8.20), Book-Length PDF (PDF - 2 MB)
give_us_feedback

Table Of Contents

Configuring Adaptive Session Redundancy

Overview of CSS Redundancy

When to Use VIP and Virtual Interface Redundancy

When to Use ASR

When to Use Box-to-Box Redundancy

Configuring Adaptive Session Redundancy

Stateful Failover

Inter-Switch Communications

Redundant Indexes

Configuration Requirements and Restrictions

Upgrading to WebNS Version 7.40 and Higher

ASR Quick Start

Configuring Inter-Switch Communications

Configuring Redundant Services

Configuring Redundant Content Rules

Configuring Redundant Source Groups

Source Group Port-Mapping Behavior in an ASR Configuration

Synchronizing ASR Configurations

Displaying ASR Information

Displaying Inter-Switch Communications Ports

Displaying Dormant Flow Information

Displaying ASR Information for Content Rules, Services, and Source Groups

Displaying ASR Status and Global Index Values

Displaying Summary ASR Information


Configuring Adaptive Session Redundancy

This chapter describes how to configure Adaptive Session Redundancy (ASR) for stateful failover on a CSS.

This chapter contains the following major sections:

Overview of CSS Redundancy

Configuring Adaptive Session Redundancy

Displaying ASR Information

Overview of CSS Redundancy

Redundancy helps to ensure:

High availability for your network applications

Users do not experience long network delays or black holes due to a single point of failure.

A CSS provides three types of redundancy.

Virtual IP (VIP) redundancy and virtual interface redundancy - Provide redundant VIP addresses and redundant virtual interfaces for fate sharing and server default gateways. For details, see Chapter 1, Configuring VIP and Virtual Interface Redundancy.

Adaptive Session Redundancy (ASR) - Provides session-level redundancy (stateful failover) to continue active flows without interruption if the master CSS fails over to the backup CSS. For details, see this chapter.

Box-to-box redundancy - Provides chassis-level redundancy between two identically configured CSSs. For details, see Chapter 3, Configuring Box-to-Box Redundancy.

The following sections provide information about when (and when not) to use the different types of redundancy.

When to Use VIP and Virtual Interface Redundancy

Typically, you configure VIP redundancy on the public side of CSS peers that are positioned in front of a server farm. You configure virtual interface redundancy on the private-side interfaces attached to the L2 device in front of the servers.

Configure VIP redundancy:

With virtual interface redundancy to provide fate sharing

When you have a common subnet between the two CSSs on which the VIPs reside

As a prerequisite to configuring ASR (requires active-backup VIP redundancy)

To provide active-active CSS behavior (both CSSs processing flows)

Configure interface redundancy:

With VIP redundancy to provide fate sharing

When you need a default gateway for the back-end servers

Instead of VIP redundancy on the client side of the CSS when the VIPs are on a subnet different from the subnet of your uplinks

When to Use ASR

ASR provides session-level redundancy for applications where active flows (including TCP and UDP) must continue without interruption, even if the master CSS fails over to the backup CSS.

Configure ASR:

If you require stateful failover for mission-critical applications (for example, enterprise applications, long-lived flows, such as HTTP or FTP file transfers, and e-commerce)

After you have first configured active-backup VIP and virtual interface redundancy

When to Use Box-to-Box Redundancy

Configure box-to-box redundancy when you:

Expect the behavior of the CSSs to be active/standby (only the master CSS processes flows)

Can configure a dedicated Fast Ethernet (FE) link between the CSSs for the VRRP heartbeat

Do not configure box-to-box redundancy when you:

Expect the behavior of the CSSs to be active-active (both CSSs processing flows). Use VIP redundancy instead.

Cannot configure a dedicated FE link between the CSSs.

Configuring Adaptive Session Redundancy

Configure Adaptive Session Redundancy (ASR) on Cisco 11500 series CSS peers in an active-backup VIP redundancy and virtual interface redundancy environment to provide stateful failover of existing flows. ASR ensures that, if the master CSS fails, the backup CSS has the necessary flow-state information to continue any active flows (including TCP and UDP) without interruption when the backup CSS assumes mastership. "Adaptive" means that you can configure ASR on a per content rule basis.

Use ASR for:

Mission-critical enterprise applications.

Long-lived flows such as FTP and HTTP file transfers.

E-commerce applications, such as online stock trading or banking where users must remain connected to a service for the duration of a transaction even if the master CSS fails.

In an ASR configuration, CSSs replicate flows that are:

Fully-resolved (the master CSS has received a SYN/ACK from a server)

Set up using content rules, services, and source groups that you specify as redundant

Note For implicit or explicit Layer 5 rules, where there is delayed binding, binding is not complete until the CSS processes the SYN/ACK from the server. If a failover occurs in the middle of a spanned content request, the master CSS will not receive the SYN/ACK from the server and the flow will not be replicated on the backup CSS. No data is lost and users can simply refresh their browsers to restart the connection.

Note During an FTP failover, the control channel and/or the data channel need to share information with the backup CSS. If the current state information has not been fully transferred across the ISC link to the backup CSS, then the flow may be lost.

This section includes the following topics:

Stateful Failover

Inter-Switch Communications

Redundant Indexes

Configuration Requirements and Restrictions

ASR Quick Start

Configuring Inter-Switch Communications

Configuring Redundant Services

Configuring Redundant Content Rules

Configuring Redundant Source Groups

Source Group Port-Mapping Behavior in an ASR Configuration

Synchronizing ASR Configurations

Stateful Failover

Active flows that match a redundant content rule, service, or source group on the master CSS are replicated as dormant flows on the backup CSS peer. A dormant flow contains all the flow-state information necessary for the backup CSS to take over the flow if the master CSS fails, including the flow ID assigned by the session processor (SP) that created the flow. If the master CSS fails, the dormant flows on the backup CSS become active when the backup CSS assumes mastership of the VIP. In turn, the active flows on the former master CSS transition to a dormant state to fully back up the active flows on the new master CSS.

A master CSS maps a newly activated TCP flow after it receives the first packet for the flow. If it can resolve a single route back to the source address, a CSS attempts to map a UDP flow when it activates the flow. Otherwise, the CSS maps the UDP flow after it receives the first packet of the flow.

Inter-Switch Communications

In an ASR configuration, CSS peers share redundant flow-state information over a maximum of two private Inter-Switch Communications (ISC) links after booting. ISC is a messaging service used by CSSs to exchange flow-state information. Only one ISC link is active at a time. The other ISC link (if configured) remains in backup mode until needed.

To prevent incorrect flow and port mapping information from being replicated to the backup CSS, a CSS does not activate its ISC link if it detects a mismatched chassis configuration with the other CSS. During its discovery phase and before activating the link, the ISC protocol exchanges chassis information between the two CSSs to ensure that:

The two chassis have the same number of modules session processors (SPs) with the same weights. SCMs have a weight of 4; all other CSS modules have a weight of 6. To display the weights of the modules in your CSS, enter the show chassis session-processors command.

The modules (SPs) are installed in the same order. Skipping slots is permitted provided that the overall order is the same and the CSS can match up all the SPs in both chassis.

For example, Figure 2-1 shows two CSS 11506s with slightly different module installation configurations. Each CSS 11506 has four installed modules, but the CSS-B configuration skips slot 3. As far as ISC is concerned, the configurations match because both CSSs have the same number of SPs with the same weights and installed in the same overall order.

Figure 2-1 Example of CSS 11506 Matching Module Configurations for ISC

To determine if an ISC link is up, a CSS uses a mechanism called LifeTick. LifeTick sends an asynchronous message that contains information about the selected path. If the CSS does not receive a LifeTick message within two seconds, the CSS considers the ISC link to be down. If a second link is configured, the CSS uses that link for ISC.

Note For best results, we recommend that you use the Gigabit Ethernet (GE) ports for the ISC links in all cases. If you are using a CSS 11501, use the GE port for ISC and the Fast Ethernet (FE) ports for normal traffic.

The ISC links use the GE ports or the FE ports on the CSS session processors (SPs) to send ISC messages containing flow-state information. Once you configure the ISC ports, those ports are dedicated to ISC and you cannot use those same ports for non-ISC traffic.

Note You must connect the ISC ports directly to the two CSSs. You cannot use Layer 2 devices on the ISC links between the two CSSs. Also, the ISC links must be dedicated to passing only ISC traffic.

For new flows, CSSs exchange flow states in real time over the ISC links. For existing flows, CSSs exchange flow states at bootup and at VIP redundancy failover.

Redundant Indexes

ASR uses unique global redundant indexes to keep track of content rules, services, and source groups configured on the redundant CSS peers. Set up the redundant indexes in rules, services, and groups using the redundant-index command. You must then configure identical redundant content rules, services, and source groups on CSS peers in the ASR configuration.

Each redundant index that you configure on a rule, service, or group must be unique among all rules, services, or groups configured on a redundant pair of CSSs. For example, if you configure a rule with a redundant index of 1 on a pair of CSSs, you cannot configure an index of 1 on another rule. However, you could configure an index of 1 on a group or service if that value has not already been used on a group or a service.

Note If you run traffic to a configuration that contains discrepancies between the redundant indexes on the two CSSs, the CPU utilization for each processor on the CSS may climb to an abnormal level (at 2000 flows/second, approximately 50 percent utilization for each processor). If you set the logging level to notice-5 or higher, the SCM utilization may peak at approximately 90 percent because each connection generates a redundant index mismatch log entry. For example:
AUG 7 14:12:15 3/1 1124272 SLR-5: Rejected. Redundant global rule index (7) not found.

Configuration Requirements and Restrictions

The following requirements and restrictions apply to both CSS peers in an ASR configuration:

Ensure that both CSSs have the same number of SPs. Otherwise, the CSSs cannot activate the ISC link.

You cannot configure ASR and an SSL module on the same service. ASR does not support the replication of flows to an SSL module in the CSS.

You cannot configure ASR and HTTP compression on the same service. The CSS does not allow you to configure a redundant index on a content rule that has services with compression enabled or to enable compression on a service in a rule that is configured with a redundant index.

Configure VIP and virtual interface redundancy on both CSS peers. For details, refer to Chapter 1, Configuring VIP and Virtual Interface Redundancy.

Configure a redundant VIP in a redundant content rule or source group. To activate a redundant content rule or source group, you must associate the rule or group with a redundant VIP.

Ensure that VIP ranges specified in redundant content rules and source groups are the same as the VIPs associated with virtual routers for VIP redundancy. If the redundant content rule or source group VIPs are a superset, ASR is supported only for the VIPs that are associated with the virtual routers. For the remaining VIPs, the behavior is undefined when a failover occurs, because it is unclear whether those VIPs are mastered on the new master CSS or not.

You cannot configure VIP wildcard or double-wildcard caching rules because they do not require a VIP. For information on wildcard cache rules, refer to the Cisco Content Services Switch Content Load-Balancing Configuration Guide.

Configure ISC on both CSSs. This allows the CSSs to share flow-state information.

Configure a maximum of two ISC ports on a CSS. Multiple ports must reside on the same module in the CSS 11503 or CSS 11506 or on the same CSS 11501. Also, the ports must be of the same type (Gigabit Ethernet or Fast Ethernet) in both CSSs. For best results, we recommend that you use GE ports for the ISC links in all cases.

Ensure that the ISC ports are not configured in any VLANs. If necessary, remove the designated ports from all VLANs before configuring ISC. For details on disabling an interface port from a VLAN, refer to the Content Services Switch Routing and Bridging Configuration Guide.

You must connect the ISC ports directly to the two CSSs. You cannot use Layer 2 devices on the ISC links between the two CSSs. Also, the ISC links must be dedicated to passing only ISC traffic.

If you configure any ISC ports on an SCM, you can have only one SCM installed in the CSS 11506.

The CSS 11501 does not support redundant GE ISC links for ASR because the CSS includes only a single GBIC port.

Ensure that any service configured with connection limits, marked as redundant, and used by at least one redundant content rule is used only by other content rules that are also redundant. If this is not true, there could be redundant and nonredundant flows connected to the service with connection limits.

In case of a failover, no information is available for the nonredundant flows on the backup CSS. Until the server cleans up the nonredundant flow connections, they continue to contribute to the connection limit on the service without the backup CSS having any knowledge of how many such connections exist. Making all flows redundant by imposing the above restrictions eliminates this problem.

When you configure critical services, be sure to change the default keepalive settings to the following recommended settings for ASR. For example, enter: 

service CriticalService

ip address 192.168.2.1 
keepalive frequency 2 
keepalive maxfailure 2 
keepalive retryperiod 2 
active

Note The above keepalive values are a recommended starting point. Some scripted keepalives may take longer than two seconds to run. You may need to adjust your keepalive values so that the CSS detects a failure before your application times out.

Configure as redundant any source groups that you specify in ACL clauses. Otherwise, ASR does not require source groups. It is helpful to configure ACLs similarly on the master and backup CSSs. This ensures that the CSSs share the port-map state during flow setup time, and, at failover time, a CSS finds the same ACL and source group configured on the peer. Otherwise, when a flow fails over to the backup, it is possible that the flow may match on a different ACL clause that has no source group configured or a different source group (possibly a nonredundant one).

Source groups selected by ACL-checking always take precedence over other source group matches for a flow. Therefore, if the master and backup CSSs have different ACL definitions, when a flow fails over to the backup and the source group selected on the master is not found on the backup, the CSS rejects the flow. Also, if the flow matches on a different source group through an ACL, that source group takes precedence over the redundant source group that was sent from the master.

Configure as redundant any preferred service that you configured in an ACL clause.

Configure mutually exclusive port-map ranges on the redundant peers using the global-portmap command to avoid potential network port collisions. Keeping the port-map ranges mutually exclusive on the redundant peer also eliminates the need to dynamically update the global port-map database on the backup CSS. For more information on port mapping, refer to the Cisco Content Services Switch Content Load-Balancing Configuration Guide.

Adaptive Session Redundancy (ASR) imposes restrictions on the number of available and eligible source ports in a source group because of the mapping of resources to the backup CSS with an unknown chassis configuration. For details, see the "Source Group Port-Mapping Behavior in an ASR Configuration" section. For more information about source groups, refer to the Cisco Content Services Switch Content Load-Balancing Configuration Guide.

Do not configure ASR and stateless redundancy failover on the same CSS. Such a configuration is not supported. For details on stateless redundancy failover, refer to Chapter 3, Configuring Box-to-Box Redundancy, in the "Configuring Stateless Redundancy Failover" section.

ASR does not support NAT peering. For details on NAT Peering, refer to the Content Services Switch Content Load-Balancing Configuration Guide.

Upgrading to WebNS Version 7.40 and Higher

To maximize the number of ports available for PAT in an ASR configuration, the CSSs must have similar chassis configurations in terms of the total number of session processors (SPs) and their assigned weights. All CSS module types have the same assigned weights, except for the SCM. The SSL module and the backup SCM in a dual SCM configuration are not considered SPs. Therefore, in an ASR configuration, both CSSs must have the same number of SPs.

If you are upgrading from a version of WebNS software earlier than 7.40, be aware of the following ASR configuration restrictions in WebNS software versions 7.40 and higher:

If your CSSs have mismatched chassis configurations, ASR does not work after the upgrade

If your CSSs meet the ASR requirement of having the same number of SPs in each chassis, you must upgrade both CSSs to WebNS Version 7.40

During the upgrade process, ASR does not work and you lose any sessions that are in progress

ASR Quick Start

Table 2-1 provides a quick overview of the steps required to configure ASR for each CSS in the redundant configuration. Each step includes the CLI command or a reference to the procedure required to complete the task. For a complete description of each feature and all the options associated with the CLI command, see the sections following Table 2-1.

Table 2-1 ASR Configuration Quick Start 

Task and Command Example

1. Enter config mode. 

# config 
(config)#

2. Configure active/backup VIP and virtual interface redundancy. Refer to Chapter 1, Configuring VIP and Virtual Interface Redundancy earlier in this chapter.

3. Configure a maximum of two directly connected (no intervening L2 devices) ISC links on Gigabit Ethernet or Fast Ethernet ports between the two redundant CSSs. See "Configuring Inter-Switch Communications" later in this chapter. 

(config)# interface 1/1

(config-if[ 1/1])# isc-port-one

(config)# interface 1/2

(config-if[ 1/2])# isc-port-two

4. Configure services that are targets of redundant content rules. For more information on services, refer to the Cisco Content Services Switch Content Load-Balancing Configuration Guide. 

(config)# service server1

(config-service[server1])# ip address 192.168.100.100

(config-service[server1])# redundant-index 1

(config-service[server1])# active

5. Configure redundant content rules and add the redundant services. For more information on content rules, refer to the Cisco Content Services Switch Content Load-Balancing Configuration Guide. 

(config)# owner arrowpoint

(config-owner[arrowpoint])# content rule1

(config-owner-content[arrowpoint-rule1]# vip address 192.1.1.100

(config-owner-content[arrowpoint-rule1]# protocol tcp

(config-owner-content[arrowpoint-rule1]# port 80

(config-owner-content[arrowpoint-rule1]# url "/redundant.html"

(config-owner-content[arrowpoint-rule1]# add service server1

(config-owner-content[arrowpoint-rule1]# redundant-index 5

(config-owner-content[arrowpoint-rule1]# active

6. Configure redundant source groups and add the redundant services. For more information on source groups, refer to the Cisco Content Services Switch Content Load-Balancing Configuration Guide. 

(config)# group group1

(config-group[group1])# vip address 192.1.1.100

(config-group[group1])# add service server1

(config-group[group1])# redundant-index 4

(config-group[group1])# active

7. Configure global port mapping (port translation) with mutually exclusive port ranges on the CSS peers to avoid potential port collisions. For more information on CSS port mapping, refer to the Cisco Content Services Switch Content Load-Balancing Configuration Guide.

For example, on one CSS peer, enter: 

(config)# global-portmap base-port 3000 range 30000

On the other CSS peer, enter: 

(config)# global-portmap base-port 33100 range 30000

8. Configure the same redundant services, content rules, and source groups on the other CSS peer (synchronize the configurations).

9. Use the show session-redundant all command to verify your configuration. 

# show session-redundant all

The following running-config example shows the results of entering the commands in Table 2-1 (in bold text) and the commands used to configure VIP and virtual interface redundancy (see Chapter 1, Configuring VIP and Virtual Interface Redundancy). 


!*************************** GLOBAL ***************************

  global-portmap base-port 3000 range 30000 


!************************* INTERFACE *************************

interface  1/1

  isc-port-one 


interface  1/2

  isc-port-two 


interface  2/1

  bridge vlan 2 


!************************** CIRCUIT **************************

circuit VLAN1


  ip address 10.1.1.1 255.255.255.0 

    ip virtual-router 1 priority 101 preempt 

    ip redundant-interface 1 10.1.1.254 

    ip critical-service 1 upstream_downstream 


circuit VLAN2


  ip address 192.1.1.1 255.255.255.0 

    ip virtual-router 2 priority 101 preempt 

    ip redundant-vip 2 192.1.1.100 

    ip critical-service 2 upstream_downstream 


!************************** SERVICE **************************

service server1 

  ip address 10.1.1.50 

  redundant-index 1 

  active 


service upstream_downstream 

  ip address 192.1.1.50 

  keepalive type script ap-kal-pinglist "192.1.1.20 10.1.1.20" 

  keepalive frequency 2 

  keepalive maxfailure 2 

  keepalive retryperiod 2 

  active 


!*************************** OWNER ***************************

owner arrowpoint 


  content rule1 

    vip address 192.1.1.100 

    protocol tcp 

    port 80 

    url "/redundant.html" 

    add service server1 

    redundant-index 5 

    active 


!*************************** GROUP ***************************

group group1 

  vip address 192.1.1.100 

  add service server1 

  redundant-index 4 

  active

Configuring Inter-Switch Communications

Inter-Switch Communications (ISC) is a messaging service that CSS peers use to exchange flow-state information in an ASR configuration. If the master CSS fails, the backup CSS already has the flow-state information necessary to continue the current flows without interruption. Using ISC, CSSs exchange state information:

For existing flows at boot-up time and at VIP redundancy failover

For new flows in real time (after the CSS receives a SYN/ACK from the server)

To prevent incorrect flow and port mapping information from being replicated to the backup CSS, the CSS does not bring up the ISC link if it detects a mismatched chassis configuration with the other CSS. During the discovery phase, the ISC protocol exchanges chassis information between the two CSSs and ensures that both chassis have the same number of SPs before bringing up the link.

To enable ISC between two CSSs in an ASR configuration, use the isc-port-one and isc-port-two commands in interface configuration mode. You can configure a maximum of two ISC ports on each CSS. The two ports must be of the same type (Gigabit Ethernet or Fast Ethernet) and must be on the same module in the CSS 11503 or CSS 11506 or on the same CSS 11501. When you configure two ISC ports, the first port is active and the second port remains in a backup state. The backup link is used only if the active link fails. For best results, we recommend that you configure ISC on the GE ports.

The CSS 11501 does not support redundant GE ISC links for ASR because that CSS model includes only one GE port.

You must connect the ISC ports directly to the two CSSs. You cannot use Layer 2 devices on the ISC links between the two CSSs. Also, the ISC links must be dedicated to passing only ISC traffic.

For example, to enable both ISC ports on a CSS 11506, enter: 

(config)# interface 1/1

(config-if[ 1/1])# isc-port-one

(config-if[ 1/1])# interface 1/2

(config-if[ 1/2])# isc-port-two

To disable both ISC ports on a CSS 11506, enter: 

(config)# interface 1/1

(config-if[ 1/1])# no isc-port-one

(config-if[ 1/1])# interface 1/2

(config-if[ 1/2])# no isc-port-two

Configuring Redundant Services

To configure the global service index for a redundant service, use the redundant-index command. A CSS uses the global service index to keep track of redundant services and associated flow-state information.

The syntax for this service configuration mode command is:

redundant-index index

The variable index is a unique number you assign to a redundant service. Enter a unique integer from 0 to 32767, where a value of 0 disables ASR for a service. The default is 0, but it does not appear in the running-config even if you configure it explicitly.

For example: 

(config-service[server1])# redundant-index 5

To disable ASR for a service, enter: 

(config-service[server1])# no redundant-index

Note If you issue the no redundant-index command on an active redundant service for live redundancy peers, the command automatically suspends the service. Flows already mapped by a CSS are not affected. However, if a failover occurs during the life of an active flow that matches on such a suspended service, the backup CSS cannot map the flow because it cannot find the service with the same global index as that on the original master.

For more information on configuring services, refer to the Cisco Content Services Switch Content Load-Balancing Configuration Guide.

Configuring Redundant Content Rules

To configure the global content index for a redundant content rule, use the redundant-index command. A CSS uses the global content index to keep track of redundant content rules and associated flow-state information.

The syntax for this content configuration mode command is:

redundant-index index

The variable index is a unique number you assign to a redundant content rule. Enter a unique integer from 0 to 32767, where a value of 0 disables ASR on a content rule. The default is 0, but it does not appear in the running-config even if you configure it explicitly.

For example: 

(config-owner-content[arrowpoint-rule1]# redundant-index 1

To disable ASR on a content rule, enter: 

(config-owner-content[arrowpoint-rule1]# no redundant-index

Note If you issue the no redundant-index command on an active redundant content rule for live redundancy peers, the command automatically suspends the content rule. Flows already mapped by a CSS are not affected. However, if a failover occurs during the life of an active flow that matches on such a suspended content rule, the backup CSS cannot map the flow because it cannot find the content rule with the same global index as that on the original master.

For more information on configuring content rules, refer to the Cisco Content Services Switch Content Load-Balancing Configuration Guide.

Configuring Redundant Source Groups

If you configured source groups in ACLs, you must configure those source groups as redundant. Otherwise, ASR does not require source groups. To configure the global source group index for a redundant source group, use the redundant-index command. A CSS uses the global source group index to keep track of redundant content rules and associated flow-state information.

The syntax for this group configuration mode command is:

redundant-index index

The variable index is a number you assign to a redundant source group. Enter a unique integer from 0 to 32767, where a value of 0 disables ASR for a source group. The default is 0, but it does not appear in the running-config even if you configure it explicitly.

For example, to enable ASR for a source group: 

(config-group[group1])# redundant-index 4

To disable ASR for a source group, enter: 

(config-group[group1])# no redundant-index

Note If you issue the no redundant-index command on an active redundant source group on live redundancy peers, the command automatically suspends the source group. Flows already mapped by a CSS are not affected. However, if a failover occurs during the life of an active flow that matches on such a suspended source group, the backup CSS cannot map the flow because it cannot find the source group with the same global index as that on the original master.

For more information on configuring source groups, refer to the Cisco Content Services Switch Content Load-Balancing Configuration Guide.

Source Group Port-Mapping Behavior in an ASR Configuration

Because Adaptive Session Redundancy (ASR) requires that both CSSs have the same number of SPs in each chassis, each CSS uses the same port-selection algorithm in an ASR configuration as in a non-ASR configuration. This behavior means that ASR imposes no further restrictions on source group port mapping. For more information about source groups and port mapping, refer to the Cisco Content Services Switch Content Load-Balancing Configuration Guide.

Synchronizing ASR Configurations

You must synchronize configurations on both CSS peers to ensure that the ASR-specific configurations on the master CSS and the backup CSS are the same. This is critical to the proper functioning of ASR.

For ASR, you must manually configure on each peer:

ISC

Redundant content rules

Redundant services

Redundant source groups

Displaying ASR Information

Use the commands described in the following sections to display information for:

Inter-Switch Communications (ISC)

Dormant flows

ASR status and global redundant indexes

Displaying Inter-Switch Communications Ports

Use the show isc-ports command to display the following information:

Ports configured for ISC on a CSS

Status of the ISC link

Reason the ISC link failed if it is down

Table 2-2 describes the fields in the show isc-ports output.

Table 2-2 Field Descriptions for the show isc-ports Command 

Field
Description

Inter-Switch Communications Configuration

Lists the CSS ports (in slot/port format) configured for ISC port one and ISC port two. If ISC is not configured, the command displays the following messages: Inter-Switch Port One is not configured. Inter-Switch Port Two is not configured.

Inter-Switch Communications Status

Indicates whether ISC is Up or Down and, if Up, on which CSS port ISC is currently active.

Port # Communication Failure Reason

Indicates why the ISC link failed. Use this field to help you troubleshoot the ISC link if it fails. Possible reasons are:

None - ISC link is up.

No Interface Assigned - An interface was not assigned to the ISC port.

No Physical Link - There is no physical link on the ISC port.

No Discovery Response - The remote CSS did not respond to the Hello message from the local CSS during the discovery phase of the ISC protocol.

Wrong Protocol Version - Different ISC protocol versions are running on the two CSSs.

Mismatched Chassis - The CSSs have different chassis configurations (different number of SPs).


Displaying Dormant Flow Information

To display information about the current dormant flows on the backup CSS in an ASR configuration, use the show dormant flows command. Dormant flows are flows on the backup CSS that become active if the master CSS fails and the backup CSS becomes the master.

The syntax for this command is:

show dormant flows {source_address {destination_address}}

The optional variables for this command are:

source_address - Displays dormant flows for the specified source IP address. Enter the IP address in dotted-decimal notation (for example, 192.168.11.1).

destination_address - Displays dormant flows for the specified destination IP address. Enter the IP address in dotted-decimal notation (for example, 192.168.11.1).

Table 2-3 describes the fields in the show dormant flows output.

Table 2-3 Field Descriptions for the show dormant flows Command 

Field
Description

Src Address

The source address for the flow.

SPort

The source port for the flow.

Dst Address

The destination address for the flow.

DPort

The destination port for the flow.

NAT Dst Address

The network address translation (NAT) destination address.

Prt In

Not applicable. A dormant flow does not have a port associated with it.

OutPort

Not applicable. A dormant flow does not have a port associated with it.


To display summary information about redundant dormant flows, use the flow statistics dormant command.

Table 2-4 describes the field in the flow statistics dormant output.

Table 2-4 Field Descriptions for the flow statistics dormant Command 
Field
Description

Redundant Flow Statistics - Slot n, Subslot n

Inactive redundant flow statistics for the module in the specified slot and subslot in the backup CSS.

Dormant Flow Count

Total number of inactive redundant flows in the specified module in the backup CSS.

UDP Flows

Number of inactive redundant UDP flows in the specified module in the backup CSS.

TCP Flows

Number of inactive redundant TCP flows in the specified module in the backup CSS.

Redundant Flow Statistics - Aggregate

Total Inactive redundant flow statistics for all of the modules in the backup CSS.

Total UDP Flows

Total number of inactive redundant UDP flows in the backup CSS.

Total TCP Flows

Total number of inactive redundant TCP flows in the backup CSS.

Total Flows

The total number of inactive redundant flows in the backup CSS from active redundant flows on the master CSS. The dormant flows contain all the flow-state information necessary for the backup CSS to master the flows if the master CSS fails. If the master CSS fails, the backup CSS becomes the master CSS and the dormant flows become active flows.


Displaying ASR Information for Content Rules, Services, and Source Groups

The following sections describe how to display ASR information specific to content rules, services, and source groups.

Displaying ASR Status and Global Index Values

To display information about ASR status and global redundant indexes, use the following commands:

show rule

show service

show group

The relevant fields in the output of these commands are:

Session Redundancy - The state of ASR for the content rule, service, or source group. Possible values are: Enabled or Disabled

Redundancy Global Index - The unique global index value for ASR configured for the content rule, service, or source group using the redundant-index command.

For complete details on the show rule, show service, and show group commands, refer to the Cisco Content Services Switch Content Load-Balancing Configuration Guide.

Displaying Summary ASR Information

To display summary ASR information about redundant content rules, services, and source groups, use the show session-redundant command.

The syntax for this global configuration mode command is:

show session-redundant [rule|service|group|all]

The optional keywords are:

rule - Displays summary ASR information for redundant content rules.

service - Displays summary ASR information for redundant services.

group - Displays summary ASR information for redundant source groups.

all - Displays summary ASR information for content rules, services, and source groups.

For example, to view summary ASR information for redundant content rules, enter: 

(config)# show session-redundant rule

Table 2-5 describes the fields.

Table 2-5 Field Descriptions for the show session-redundant Command
 

Field
Description
Session Redundant Content Rules

Content Rule

The redundant content rule name.

Content Rule State

The current state of the redundant content rule. Possible states are: Active or Suspend.

VIP Address

The virtual IP address of the redundant content rule in dotted decimal notation.

Redundancy Global Index

The ASR global index configured for the redundant content rule.

Redundancy State

The state of the CSS peer: Master, Backup, or Suspend.

Rule Redundant Services 1

The name of the redundant service and its global index value configured on the rule.

Session Redundant Services

Service

The name of the redundant service.

Service State

The current state of the redundant service. Possible states are: Alive, Dying, or Down.

IP Address

The virtual IP address of the redundant service in dotted-decimal notation.

Redundancy Global Index

The ASR global index configured for the redundant service.

Session Redundant Source Groups

Source Group

The name of the redundant source group.

Source Group State

The current state of the redundant source group. Possible states are: Active or Suspend.

VIP Address

The virtual IP address of the redundant source group.

Redundancy Global Index

The ASR global index configured for the redundant source group.

Group Redundant Services

Source Services

The redundant source services configured in this redundant source group, their keepalive state, and global index. If no source services are configured in this source group, the value is NONE.

Destination Services

The redundant destination services configured in this redundant source group and their keepalive state. If no destination services are configured in this source group, the value is NONE.