Cisco GSS CLI-Based Global Server Load-Balancing Configuration Guide (Software Version 1.3) - Configuring Answers and Answer Groups [Cisco ACE GSS 4400 Series Global Site Selector Appliances]

Table Of Contents

Configuring Answers and Answer Groups

Configuring and Modifying Answers

Logging in to the CLI and Enabling Privileged EXEC Mode

Configuring a VIP-Type Answer

Configuring KeepAlive VIP Answers

Configuring ICMP Keepalive VIP Answers

Configuring TCP Keepalive VIP Answer Settings

Configuring HTTP HEAD Keepalive VIP Answer Settings

Configuring KAL-AP Keepalive VIP Answer Settings

Configuring Multiple Keepalives for a VIP Answer Type

Configuring a CRA-Type Answer

Configuring a Name Server-Type Answer

Modifying an Answer

Displaying Answer Properties

Suspending an Answer

Reactivating an Answer

Suspending or Reactivating All Answers in a Location

Deleting an Answer

Configuring and Modifying Answer Groups

Creating an Answer Group

Adding Answers to a CRA-Type Answer Group

Adding Answers to an NS-Type Answer Group

Adding Answers to a VIP-Type Answer Group

Modifying an Answer Group

Suspending or Reactivating All Answers in an Answer Group

Suspending or Reactivating an Answer in an Answer Group

Suspending or Reactivating All Answers in Answer Groups Associated with an Owner

Displaying Answer Group Properties

Deleting an Answer Group

Where to Go Next

Configuring Answers and Answer Groups

This chapter describes how to create and configure answers and answer groups for your GSS network. It contains the following major sections:

•Configuring and Modifying Answers

•Configuring and Modifying Answer Groups

•Where to Go Next

Configuring and Modifying Answers

In a GSS network, the term answers refers to the resources that respond to content queries. When you create an answer using the primary GSSM, you are identifying a resource on your GSS network to which queries can be directed. This resource provides the requesting client D-proxy with the address of a valid host to serve their request.

GSS answers include the following:

•VIP—Virtual IP (VIP) addresses associated with an SLB such as the Cisco CSS, Cisco CSM, Cisco IOS-compliant SLB, Cisco LocalDirector, a web server, a cache, or any other geographically dispersed device in a global network deployment.

•Name Server—A configured DNS name server on your network that can answer queries that the GSS cannot resolve.

•CRA—Content routing agents that use a resolution process called DNS race to send identical and simultaneous responses back to a user's D-proxy.

The GSS groups answers together as resource pools, also referred to as answer groups. From the available answer groups, the GSS can use a maximum of three possible response answer group and balance method clauses in a DNS rule to select the most appropriate resource that serves a user request. Each balance method provides a different algorithm for selecting one answer from a configured answer group. Each clause specifies that a particular answer group serve the request and a specific balance method be used to select the best resource from that answer group.

Depending on the type of answer, further intelligence can be applied to DNS queries by the GSS to choose the best host. For example, a request that is routed to a VIP associated with a Cisco CSS is routed to the best resource based on load and availability, as determined by the CSS. A request that is routed to a CRA is routed to the best resource based on proximity, as determined in a DNS race conducted by the GSS.

This section includes the following procedures:

•Logging in to the CLI and Enabling Privileged EXEC Mode

•Configuring a VIP-Type Answer

•Configuring a CRA-Type Answer

•Configuring a Name Server-Type Answer

•Modifying an Answer

•Displaying Answer Properties

•Reactivating an Answer

•Suspending or Reactivating All Answers in a Location

•Deleting an Answer

Logging in to the CLI and Enabling Privileged EXEC Mode

Note To log in and enable privileged EXEC mode in the GSS, you must be a configured user with admin privileges. Refer to the Cisco Global Site Selector Administration Guide for information on creating and managing user accounts.

To log in to the primary GSSM and enable privileged EXEC mode at the CLI:

1. If you are remotely logging in to the primary GSSM through Telnet or SSH, enter the host name or IP address of the GSSM to access the CLI.

Otherwise, if you are using a direct serial connection between your terminal and the GSSM, use a terminal emulation program to access the CLI. For details about making a direct connection to the GSS device using a dedicated terminal and about establishing a remote connection using SSH or Telnet, refer to the Cisco Global Site Selector Getting Started Guide.

2. Specify your GSS administrative username and password to log on to the GSSM. The CLI prompt appears.
gssm1.example.com> 
3. At the CLI prompt, enable privileged EXEC mode as follows:
gssm1.example.com> enable
gssm1.example.com# 
Configuring a VIP-Type Answer

When configuring a VIP-type answer, you have the option to configure one of several different keepalive types or multiple keepalive types to test for that answer. Refer to the "Configuring Multiple Keepalives for a VIP Answer Type" section for more information on configuring multiple keepalives to test for an answer. For a KAL-AP keepalive, configure shared keepalives before you configure your answer. Refer to Chapter 5, Configuring Keepalives for more information on creating shared keepalives.

To configure a VIP-type answer, use the answer vip ip_address command in global server load-balancing configuration mode.

The syntax of this command is:

answer vip ip_address [name name | location name | activate | suspend]

After you enter the answer vip ip_address command, the prompt changes to the answer vip configuration mode where you can optionally specify and configure keepalives for your VIP-type answer.

The options and variables for this command are:

•ip_address—Specifies the VIP address field, enter the VIP address to which the GSS will forward requests. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1).

•name name—(Optional) Specifies a name for the VIP-type answer that you are creating. Enter a unique alphanumeric name, with a maximum of 80 characters. Names that include spaces must be entered in quotes (for example, "name 1").

•location name—(Optional) Specifies an existing location name with which the answer is to be associated. See the "Configuring Owners" section in Chapter 2, Configuring Resources.

•activate—(Optional) Reactivates a suspended VIP answer. This is the default setting.

•suspend—(Optional) Suspends an active VIP answer.

For example, to create a VIP answer called SEC-LONDON1 and associate it with the London location, enter:
gssm1.example.com# config
gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# answer vip 10.86.209.232 name 
SEC-LONDON1 location LONDON
gssm1.example.com(config-ansvip[ans-ip])
To delete a VIP answer, enter:
gssm1.example.com# config
gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# no answer vip 10.86.209.232 name 
SEC-LONDON1 location LONDON
gssm1.example.com(config-gslb)
For more information on modifying existing answers, see the "Modifying an Answer" section.

Configuring KeepAlive VIP Answers

After you create an answer, you can choose to configure one of a variety of different keepalive types or multiple keepalive types to test for that answer. The following sections describe how to configure the properties for the individual VIP keepalives, and includes a section on configuring multiple keepalives for an answer. The default values used for each of the VIP keepalives are determined by the global keepalive property settings previously specified (see Chapter 5, Configuring Keepalives).

•Configuring ICMP Keepalive VIP Answers

•Configuring TCP Keepalive VIP Answer Settings

•Configuring HTTP HEAD Keepalive VIP Answer Settings

•Configuring KAL-AP Keepalive VIP Answer Settings

•Configuring Multiple Keepalives for a VIP Answer Type

Configuring ICMP Keepalive VIP Answers

To define the ICMP keepalives for your VIP answer, use the keepalive type icmp command in answer vip configuration mode. This command sends an ICMP echo message (ping) to the address specified for the VIP answer. The GSS determines the online status by the response received from the device, indicating simple connectivity to the network.

The syntax for this command is:

keepalive type icmp [shared ip_address | retries number | successful-probes number]

The variables and options for this command are:

•shared ip_address—(Optional) Specifies the IP address of an existing ICMP shared keepalive. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1). Refer to Chapter 5, Configuring Keepalives for more information on creating shared keepalives.

•retries number—(Optional) Specifies the number of times the GSS retransmits an ICMP echo request packet before declaring the device offline. As you adjust the retries value, you change the detection time determined by the GSS. By increasing the number of retries, you increase the detection time. Reducing the number of retries has the reverse effect. The valid entries are 1 to 10 retries. The default is 1.

•successful-probes number—(Optional) Specifies the number of consecutive successful ICMP keepalive attempts (probes) that must be recognized by the GSS before bringing an answer back online. The valid entries are 1 to 5 attempts. The default is 1.

For example, to configure an ICMP keepalive for the VIP-type answer servicing VIP address 10.86.209.232, enter:
gssm1.example.com(config-gslb)# answer vip 10.86.209.232
gssm1.example.com(config-ansvip[ans-ip])keepalive type icmp retries 2
gssm1.example.com(config-ansvip[ans-ip])
See the "Configuring Multiple Keepalives for a VIP Answer Type" section for details on configuring multiple keepalives to test for a VIP-type answer.

Configuring TCP Keepalive VIP Answer Settings

To define the TCP keepalive for your VIP answer, use the keepalive type tcp command in answer vip configuration mode. This command sends a TCP handshake to the address specified for the VIP answer and port number of the remote device to determine service viability (three-way handshake and connection termination method), returning the online status of the device.

The syntax for this command is:

keepalive type tcp [shared ip_address | port number | retries number | successful-probes number | termination {graceful | reset}]

The variables and options for this command are:

•shared ip_address—(Optional) Specifies the IP address of an existing TCP shared keepalive. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1). Refer to Chapter 5, Configuring Keepalives for more information on creating shared keepalives.

•port number—(Optional) Specifies the port on the remote device that is to receive the TCP-type keepalive request from the GSS. The valid entries are 1 to 65535. The default port is 80.

•retries number—(Optional) Specifies the number of times the GSS retransmits a TCP packet before declaring the device offline. As you adjust the retries value, you change the detection time determined by the GSS. By increasing the number of retries, you increase the detection time. Reducing the number of retries has the reverse effect. The valid entries are 1 to 10 retries. The default is 1.

•successful-probes number—(Optional) Specifies the number of consecutive successful TCP keepalive attempts (probes) that must be recognized by the GSS before bringing an answer back online. The valid entries are 1 to 5 attempts. The default is 1.

•termination —(Optional) Specifies one of the following TCP keepalive connection termination methods:

–graceful—The GSS initiates the graceful closing of a TCP connection by using the standard three-way connection termination method.

–reset—The GSS immediately terminates the TCP connection by using a hard reset. If you do not specify a connection termination method, the GSS uses this method type.

For example, to configure a TCP keepalive for the VIP-type answer servicing VIP address 192.168.200.1, enter:
gssm1.example.com(config-gslb)# answer vip 192.168.200.1
gssm1.example.com(config-ansvip[ans-ip])keepalive type tcp port 23 
successful-probes 4
gssm1.example.com(config-ansvip[ans-ip])
See the "Configuring Multiple Keepalives for a VIP Answer Type" section for details on configuring multiple keepalives to test for a VIP-type answer.

Configuring HTTP HEAD Keepalive VIP Answer Settings

To define the HTTP HEAD keepalive for your VIP answer, use the keepalive type http-head command in answer vip configuration mode. This command sends a TCP-format HTTP HEAD request to an origin web server at the address specified for the VIP answer. The GSS determines the online status of the device in the form of an HTTP Response Status Code of 200 (for example, HTTP/1.0 200 OK) from the server as well as information on the web page status and content size.

The syntax for this command is:

keepalive type http-head [host-tag domain_name | path path | port number | retries number | shared ip_address | successful-probes number | termination {graceful | reset}]

The variables and options for this command are:

•host-tag domain_name —(Optional) Specifies an optional domain name that is sent to the VIP as part of the HTTP HEAD query. This tag allows an SLB to resolve the keepalive request to a particular website even when multiple sites are represented by the same VIP.

•path path—(Optional) Specifies the server website queried in the HTTP HEAD request (for example, /company/owner). The default path "/" specifies the virtual root of the webserver.

•port number—(Optional) Specifies the port on the remote device that is to receive the HTTP HEAD-type keepalive request from the GSS. The valid entries are 1 to 65535. The default port is 80.

•retries number—(Optional) Specifies the number of times the GSS retransmits a HTTP HEAD packet before declaring the device offline. As you adjust the retries value, you change the detection time determined by the GSS. By increasing the number of retries, you increase the detection time. Reducing the number of retries has the reverse effect. The valid entries are 1 to 10 retries. The default is 1.

•shared ip_address—(Optional) Specifies the IP address of an existing HTTP HEAD shared keepalive. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1). Refer to Chapter 5, Configuring Keepalives for more information on creating shared keepalives.

•successful-probes number—(Optional) Specifies the number of consecutive successful HTTP HEAD keepalive attempts (probes) that must be recognized by the GSS before bringing an answer back online. The valid entries are 1 to 5 attempts. The default is 1.

•termination—(Optional) Specifies one of the following HTTP HEAD keepalive connection termination methods:

–graceful—The GSS initiates the graceful closing of a HTTP HEAD connection by using the standard three-way connection termination method.

–reset—The GSS immediately terminates the TCP-fomatted HTTP HEAD connection by using a hard reset. If you do not specify a connection termination method, the GSS uses this method type.

For example, to configure anHTTP HEAD keepalive for the VIP-type answer servicing VIP address 192.168.200.1, enter:
gssm1.example.com(config-gslb)# answer vip 192.168.200.1
gssm1.example.com(config-ansvip[ans-ip])keepalive type http-head 
host-tag WWW.HOME.COM termination graceful
gssm1.example.com(config-ansvip[ans-ip])
See "Configuring Multiple Keepalives for a VIP Answer Type" for details on configuring multiple keepalives to test for a VIP-type answer.

Configuring KAL-AP Keepalive VIP Answer Settings

To define the KAL-AP keepalive for your VIP answer, use the keepalive type kalap command in answer vip configuration mode. This command sends a detailed query to the Cisco CSS or CSM at the address specified for the VIP answer to extract load and availability. The GSS determines the online status when the SLBs respond with information about a hosted domain name, host VIP address, or a configured tag on a content rule.

The syntax for this command is:

keepalive type kalap {tag ip_address {tag_name} | vip ip_address}}

The variables and options for this command are:

•tag ip_address—Specifies the shared KAL-AP-type keepalive address in the KAL-AP request. The KAL-AP queries the keepalive address to determine the online status. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1).

•tag_name— Specifies an alphanumeric tag associated with the VIP in the KAL-AP request. The tag value is used to match the correct shared keepalive VIP, avoiding confusion that can be caused when probing for the status of a VIP that is located behind a firewall network address translation (NAT). Enter a unique alphanumeric name, with a maximum of 80 characters. Names that include spaces must be entered in quotes (for example, "name 1").

•vip ip_address—Specifies the shared KAL-AP-type keepalive address in the KAL-AP request. The KAL-AP queries the keepalive address to determine the online status. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1).

For example, to configure a KAL-AP keepalive for the VIP-type answer servicing VIP address 192.168.200.1, enter:
gssm1.example.com(config-gslb)# answer vip 192.168.200.1
gssm1.example.com(config-ansvip[ans-ip]) keepalive type kalap tag 
192.168.50.41 TAG1 
gssm1.example.com(config-ansvip[ans-ip])
See the "Configuring Multiple Keepalives for a VIP Answer Type" section for details on cofiguring multiple keepalives to test for a VIP-type answer.

The Content and Application Peering Protocol (CAPP) may not recognize dropped fragments when a KAL-AP keepalive spans multiple datagrams due to large payloads. When the KAL-AP keepalive spans multiple datagrams and one of the spanned packets is dropped, the GSS does not retry the request. Instead, the GSS waits until the next period and sends the packets again. This results in the dropped datagram not getting updated load values on the VIPs that expect them. This behavior typically occurs in situations where the GSS consumes the full datagram (roughly 1.4 K) with tag names or VIP addresses. Otherwise, all data fits perfectly in a single datagram.

To resolve this behavior, use the VIP format for KAL-AP when you need the GSS to send a detailed query on load for hundreds of VIPs configured to a single primary or optional secondary (backup) IP address. Another solution is to use the tag format for KAL-AP, but to limit the length of the tag name to ensure that the packets do not exceed 1.4K.

Configuring Multiple Keepalives for a VIP Answer Type

The primary GSSM supports the assignment of multiple keepalives and/or destination ports for a single VIP answer. You can configure a maximum of five different keepalives for a VIP answer, in a mix and match configuration of ICMP, TCP, HTTP HEAD, and KAL-AP VIP keepalive types. However, the primary GSSM supports only a single usage of a shared keepalive and a single KAL-AP keepalive when specifying multiple keepalive types.

For TCP or HTTP HEAD keepalives, you may also specify different destination ports. The multi-port keepalive capability allows you monitor a single server and check responses from multiple ports. As long as all the keepalives are successful, the GSS device considers the resource active and continues to redirect client traffic to the server. Servers that yield unsuccessful connections are marked as unavailable; subsequent successful connections to the server will reinstate it as available to be used as a resource.

When using multiple keepalive types, the VIP answer status is a logical AND function of all keepalive probes associated with an answer, resulting in a consolidation of results from each answer.

For example, to configure TCP- and HTTP HEAD-type keepalives for multiple ports for the VIP-type answer servicing VIP address 192.168.200.1, enter:
gssm1.example.com(config-gslb)# answer vip 192.168.200.1
gssm1.example.com(config-ansvip[ans-ip])keepalive type tcp port 80
gssm1.example.com(config-ansvip[ans-ip])keepalive type tcp port 443
gssm1.example.com(config-ansvip[ans-ip])keepalive type http-head port 
8080
gssm1.example.com(config-ansvip[ans-ip])exit
gssm1.example.com(config-gslb)# 
To configure TCP- and HTTP HEAD-type keepalives for multiple ports for the VIP-type answer named MPORT_KALE_MIX that services VIP address 192.168.200.1, enter:
gssm1.example.com(config-gslb)# answer vip 192.168.200.1 name 
MPORT_KALE_MIX
gssm1.example.com(config-ansvip[ans-ip])keepalive type tcp port 80
gssm1.example.com(config-ansvip[ans-ip])keepalive type tcp port 443
gssm1.example.com(config-ansvip[ans-ip])keepalive type http-head port 
8080
gssm1.example.com(config-ansvip[ans-ip])exit
gssm1.example.com(config-gslb)# 
Note When configuring multiple keepalives for an answer and you need to use a KAL-AP-type keepalive, you can configure only one KAL-AP-type keepalive and you must specify it as the first keepalive. Refer to the following example.

To configure KAL-AP-, TCP- and HTTP HEAD-type keepalives for the VIP-type answer servicing VIP address 192.168.200.1, enter:
gssm1.example.com(config-gslb)# answer vip 192.168.200.1
gssm1.example.com(config-ansvip[ans-ip]) keepalive type kalap tag 
192.168.50.41 TAG1
gssm1.example.com(config-ansvip[ans-ip]) keepalive type tcp port 80
gssm1.example.com(config-ansvip[ans-ip]) keepalive type tcp port 443
gssm1.example.com(config-ansvip[ans-ip]) keepalive type http-head port 
8080
gssm1.example.com(config-ansvip[ans-ip])exit
gssm1.example.com(config-gslb)# 
Configuring a CRA-Type Answer

The content routing agent (CRA) answer type relies on content routing agents and the GSS to choose a suitable answer for a given query based on the proximity of two or more possible hosts to the requesting D-proxy.

With the CRA-type answer, the requests received from a particular D-proxy are served by the content server that responds first to the request. The response time is measured using a DNS race and is coordinated by the GSS and content routing agents running on each content server. In the race, multiple hosts respond simultaneously to a request. The server with the fastest response time (the shortest network delay between itself and the client's D-proxy) is chosen to serve the content.

The CRA-type answer is designed to work with the GSS when you select the boomerang balance method with a DNS rule (utilizing the boomerang server component of the GSS).

Closeness is determined when multiple hosts reply to the requesting D-proxy simultaneously in what is referred to as a "DNS race." The GSS coordinates the start of the race so that all CRAs initiate their response at the same time. The first DNS reply to reach the D-proxy is chosen by the name server as the host containing the answer.

To configure a CRA-type answer, use the answer cra ip_address command in global server load-balancing configuration mode. The syntax of this command is:

answer cra ip_address [enable | disable | delay number | name name | location name | activate | suspend]

The variables and options for this command are:

•ip_address—Specifies the interface or circuit address of the CRA. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1).

•enable—(Optional) Specifies that the GSS is to perform keepalive checks on the answer. This is the default setting. Use disable if you plan to specify a one-way delay to calculate a static RTT. See the delay option for information on static RTT.

•disable—(Optional) Specifies that the GSS use the one-way delay variable to calculate a static round-trip time (RTT). See the delay option for more information on static RTT.

•delay number—(Optional) Specifies a one-way delay time in milliseconds. This value is used by the GSS to calculate a static round-trip time (RTT), with the one-way delay constituting one-half of the round-trip time that is used for all DNS races involving this answer. Valid entries are 0 to 1000 milliseconds. The default is 0.

•name name—(Optional) Specifies a name for the CRA-type answer. Enter a unique alphanumeric name, with a maximum of 80 characters. Names that include spaces must be entered in quotes (for example, "name 1").

•location name—(Optional) Specifies an existing location name with which the answer is to be associated. See the "Configuring Owners" section in Chapter 2, Configuring Resources.

•activate—(Optional) Reactivates a suspended CRA answer. This is the default setting.

•suspend—(Optional) Suspends an active CRA answer.

For example, to create a CRA-type answer with a one-way delay, enter:
gssm1.example.com# config
gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# answer cra 10.86.209.22 name CRA-ANS1 
delay 3
gssm1.example.com(config-gslb)
To delete a CRA-type answer, enter:
gssm1.example.com(config-gslb)# no answer cra 10.86.209.22 name 
CRA-ANS1 delay 3
gssm1.example.com(config-gslb)
For information on modifying existing answers, see the "Modifying an Answer"section.

Configuring a Name Server-Type Answer

A name server (NS)-type answer specifies the IP address of a DNS name server to which DNS queries are forwarded from the GSS. Using the name server forwarding feature, queries are forwarded to a non-GSS name server for resolution, with the answer passed back to the GSS name server and from there to the requesting D-proxy. The name server-type answer acts as a guaranteed fallback resource. A fallback resource can resolve requests that the GSS cannot resolve itself either because the requested content is unknown to the GSS or because the resources that typically handle such requests are unavailable.

To configure a NS-type answer, use the answer ns ip_address command in global server load-balancing configuration mode. The syntax of this command is:

answer ns ip_address [enable | disable | name name | domain name | location name | activate | suspend]

The variables and options for this command are:

•ip_address—Specifies the name server that the GSS is to forward its requests. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1).

•enable—(Optional) Specifies that the GSS is to perform keepalive checks on the specified name server. The GSS queries the name server IP address to determine online status. This is the default.

•disable—(Optional) Specifies that the GSS disable keepalive checks on the specified name server. The GSS assumes that the name server is always online.

•domain name—(Optional) Specifies the name of the domain name server to which an NS-type keepalive is sent (to determine the online status). Enter the name as an unquoted text string with no spaces and a maximum length of 100 characters. (for example, www.home.com).

Note If no domain is specified, the GSS queries the globally-configured query domain. For instructions on configuring the global query domain, see Chapter 5, Configuring Keepalives.

•name name—(Optional) Specifies a name for the NS-type answer. Enter a unique alphanumeric name, with a maximum of 80 characters. Names that include spaces must be entered in quotes (for example, "name 1").

•location name—(Optional) Specifies an existing location name with which the answer is to be associated. See the "Configuring Owners" section in Chapter 2, Configuring Resources.

•activate—(Optional) Reactivates a suspended NS answer. This is the default setting.

•suspend—(Optional) Suspends an active NS answer.

For example, to create an NS-type answer that specifies a domain name server, enter:
gssm1.example.com# config
gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# answer ns 10.86.209.4 domain 
WWW.HOME.COM enable
gssm1.example.com(config-gslb)
To delete a NS-type answer, enter:
gssm1.example.com(config-gslb)# no answer ns 10.86.209.4 domain 
WWW.HOME.COM enable
gssm1.example.com(config-gslb)
For information on modifying existing answers, see the "Modifying an Answer" section.

Modifying an Answer

Once you have configured your answers, you can modify them at any time. However, once an answer is created and named, you cannot modify its type (for example, from VIP to CRA), its IP address, or its name.

To modify an existing answer:

1. If desired, use the show gslb-config answer command to display the current property settings for answers. See the "Displaying Answer Properties" section for more information.

2. To change settings for an answer, use the answer command in global server load-balancing configuration mode.

The syntax of this command is:

answer {cra | ns | vip}

The options are:

•cra—Specifies a CRA-type answer for modification. Refer to the "Configuring a CRA-Type Answer" section for details on how to modify CRA-type properties.

•ns—Specifies an NS-type answer for modification. Refer to the "Configuring a Name Server-Type Answer" section for details on how to modify NS-type properties.

•vip—Specifies a VIP-type answer for modification. Refer to the "Configuring a VIP-Type Answer" section for details on how to modify VIP-type properties. Also, refer to the "Configuring KeepAlive VIP Answers" section for information on modifying keepalives for VIP-type answers.

For example, to first display the answer property settings, then change the one-way delay time for an existing CRA-type answer, enter:
gssm1.example.com(config-gslb)# show gslb-config answer 
...
answer cra 192.168.50.41 delay 2 activate
answer ns 172.16.27.4 domain EXAMPLE.COM activate
answer vip 172.16.27.6 name ansvip2 activate
		keepalive type tcp port 180 activate
		keepalive type tcp port 88 activate
...
gssm1.example.com(config-gslb)# answer cra 192.168.50.41 delay 5
gssm1.example.com(config-gslb)#
In order to modify a named answer, you must specify its name, type, and IP address. For example, to modify the answer named ANSVIP2, you must enter:
gssm1.example.com(config-gslb)# answer vip 172.16.27.6 name 
ANSVIP2 delay 100
gssm1.example.com(config-gslb)#
Displaying Answer Properties

Use the show gslb-config answer command to display the current property settings for all answer types.

The syntax of this command is:

show gslb-config answer

For example, enter:
gssm1.example.com(config-gslb)# show gslb-config answer 
answer cra 192.168.50.41 delay 2 active
answer ns 172.16.27.4 domain EXAMPLE.COM active
answer vip 172.16.27.6 name ansvip2 active
          keepalive type tcp port 180 active
answer vip 192.168.50.30 active
          keepalive type tcp port 88 active
answer vip 192.168.50.2 name ansvip active
          keepalive type icmp active
          keepalive type tcp port 88 active
          keepalive type tcp port 80 active
gssm1.example.com(config-gslb)# 
To display the property settings based on IP address and answer type, enter:
gssm1.example.com(config-gslb)# show gslb-config answer 172.16.27.6 
vip
answer vip 172.16.27.6 name ansvip2 active
          keepalive type tcp port 180 active
gssm1.example.com(config-gslb)# 
To display the property settings based on an answer name, enter:
gssm1.example.com(config-gslb)# show gslb-config answer ansvip2
answer vip 172.16.27.6 name ansvip2 active
          keepalive type tcp port 180 active
gssm1.example.com(config-gslb)# 
Suspending an Answer

To temporarily stop the GSS from using an active answer, modify the answer by issuing the suspend option for the answer command. Suspending prevents that answer from being used by any of the currently configured DNS rules.

Note You can suspend multiple answers associated with an answer group by using the no activate-all-answers command. See the "Suspending or Reactivating All Answers in an Answer Group" section for details.

To suspend an answer:

1. If desired, use the show gslb-config answer command to display the current answers. See the "Displaying Answer Properties" section for more information.

2. Identify the active answer you want to suspend, then use the answer command with the suspend option to suspend the answer.

For example, to suspend the NS-type answer that queries the domain server at EXAMPLE.COM, enter:
gssm1.example.com(config-gslb)# show gslb-config answer 
...
answer cra 192.168.50.41 delay 2 active
answer ns 172.16.27.4 domain EXAMPLE.COM active
answer vip 172.16.27.6 name ansvip2 active
          keepalive type tcp port 180 active
...
gssm1.example.com(config-gslb)# answer ns 172.16.27.4 domain 
EXAMPLE.COM suspend
gssm1.example.com(config-gslb)#
To reactivate a suspended answer, use the activate feature (see the "Reactivating an Answer" section).

Reactivating an Answer

To reactivate a suspended answer, you modify the specific answer by issuing the activate option (for the answer command).

To reactivate an answer:

1. If desired, use the show gslb-config answer command to display the current answers. See the "Displaying Answer Properties" section for more information.

2. Identify the active answer you want to reactivate, then use the answer command with the activate option to reactivate the answer.

For example, to reactivate the NS-type answer that queries the domain server at EXAMPLE.COM, enter:
gssm1.example.com(config-gslb)# show gslb-config answer 
...
answer cra 192.168.50.41 delay 2 active
answer ns 172.16.27.4 domain EXAMPLE.COM suspend
answer vip 172.16.27.6 name ansvip2 active
          keepalive type tcp port 180 active
...
gssm1.example.com(config-gslb)# answer ns 172.16.27.4 domain 
EXAMPLE.COM activate
gssm1.example.com(config-gslb)#
Suspending or Reactivating All Answers in a Location

You can group and manage answers according to an established GSS location. Using a location to manage your answers makes it easier for you to quickly suspend or activate answers in a particular area of your network, for example, shutting down one or more data centers for the purposes of software upgrades or regular maintenance.

The GSS automatically detects and routes requests around suspended answers.

Note Suspending all answers in a location overrides the active or suspended state of an individual answer.

To suspend or reactivate answers based on their location, use the location command with the suspend-all-answers and activate-all-answers options.

If desired, use the show gslb-config location command to display the currently configured locations. See Chapter 2, Displaying Resource Information, for more information about this command.

For example, to suspend all answers based on the location Normandy, enter:
gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# location Normandy suspend-all-answers
gssm1.example.com(config-gslb)# 
To reactivate all answers based on the location Normandy, enter:
gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# location Normandy activate-all-answers
gssm1.example.com(config-gslb)# 
Deleting an Answer

Caution Deletions of any kind cannot be undone in the primary GSSM. Before deleting any data that you think you might want to use at a later point in time, perform a database backup of your GSSM. Refer to the Global Site Selector Administration Guide for details.

To delete an answer:

1. If desired, use the show gslb-config answer command to display the current answers. See the "Displaying Answer Properties" section for more information.

2. Identify the active answer you want to delete, then use the no form of the answer command to delete the answer.

For example, to delete the VIP-type answer that queries IP address 192.168.50.30 and all keepalives for that answer, enter:
gssm1.example.com(config-gslb)# show gslb-config answer 
...
answer cra 192.168.50.41 delay 2 activate
answer ns 172.16.27.4 domain EXAMPLE.COM activate
answer vip 172.16.27.6 name ansvip2 activate
          keepalive type tcp port 180 activate
answer vip 192.168.50.30 activate
          keepalive type tcp port 88 activate
answer vip 192.168.50.2 name ansvip activate
          keepalive type icmp activate
          keepalive type tcp port 88 activate
          keepalive type tcp port 80 activate
          keepalive type tcp activate
...
gssm1.example.com(config-gslb)# no answer vip 192.168.50.30
gssm1.example.com(config-gslb)#
In order to delete a named answer, you must specify its name, type, and IP address. For example, to delete the answer named ANSVIP2, you must enter:
gssm1.example.com(config-gslb)# no answer vip 172.16.27.6 name 
ANSVIP2
gssm1.example.com(config-gslb)#
Configuring and Modifying Answer Groups

Answer groups are lists of GSS resources that are candidates to respond to DNS queries received from a user for a hosted domain. By using the DNS rules feature, you associate these lists of network resources with a particular balance method that is used to resolve the request.

•For a VIP answer group type, the GSS selects one or more VIPs using the balance method specified in the DNS rule.

•For a CRA answer group type, all CRAs in the answer group are queried and then "race" to respond first to the D-proxy with their IP address.

•For a name server answer group type, the GSS selects a name server using the balance method specified in the DNS rule and forwards the client's request to that name server.

A DNS rule can have a maximim of three balance clauses. Each balance clause specifies a different answer group from which an answer can be chosen after taking load threshold, order, and weight factors into account for each answer.

Before creating your answer groups, configure the answers that make up those groups. See the "Configuring and Modifying Answers" section for more information on creating GSS answers.

This section includes the following procedures:

•Creating an Answer Group

•Modifying an Answer Group

•Suspending or Reactivating All Answers in an Answer Group

•Suspending or Reactivating All Answers in Answer Groups Associated with an Owner

•Displaying Answer Group Properties

•Deleting an Answer Group

Creating an Answer Group

To create an answer group, use the answer-group command in global server load-balancing configuration mode.

The syntax of this command is:

answer-group name {owner name type {cra | ns |vip }}

After you enter the answer-group command, the prompt changes to the answer group configuration mode, where you add previously configured answers to the group.

The variables and options for this command are:

•name—Specifies the name for the answer group. Enter a unique alphanumeric name, with a maximum of 80 characters. Names should not contain spaces.

•owner name—Specifies the name of an existing owner with which the answer group will be associated. For details about creating an owner, refer to Chapter 2, Configuring Resources.

•type—Specifies a type for the answer group. The following options are available:

–cra—The answer group consists of content routing agents (CRAs) for use with the boomerang server component of the GSS.

–ns—The answer group consists of configured name servers.

–vip—The answer group consists of virtual IPs controlled by an SLB device such as a CSS or CSM.

The maximum number of answers that you can place in each of these answer groups is 20 for a CRA answer group, 30 for an NS answer group, and 100 for a VIP answer group.

For example, to create a VIP answer group, enter:
gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# answer-group ANSGRPVIP1 owner 
WEB-SERVICES type vip
gssm1.example.com(config-gslb-agvip[ag-name])# 
For example, to delete a VIP answer group, enter:
gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# no answer-group ANSGRPVIP1 owner 
WEB-SERVICES type vip
gssm1.example.com(config-gslb)# 
Refer to the following sub-sections for instructions on adding answers to an answer group:

•Adding Answers to a CRA-Type Answer Group

•Adding Answers to an NS-Type Answer Group

•Adding Answers to a VIP-Type Answer Group

Adding Answers to a CRA-Type Answer Group

After you create a CRA-type answer group, add previously configured CRA-type answers to the group using the answer-add command in the answer group configuration mode.

The syntax for this command is:

answer-add ip_address [activate | name | suspend]

The variables and options for this command are:

•ip_address—Specifies the IP address of a previously configured CRA-type answer. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1).

•activate—(Optional) Reactivates a suspended CRA answer. This is the default setting.

•name—(Optional) Specifies the name of a previously configured CRA-type answer. Enter a unique alphanumeric name, with a maximum of 80 characters. Names that include spaces must be entered in quotes (for example, "name 1").

•suspend—(Optional) Suspends an active CRA answer.

For example, to add answers to and configure a CRA answer group named ANSGRPCRA3, enter:
gssm1.example.com(config-gslb-agcra[ag-name])# answer-add 192.168.10.1 
name www-boston-1
gssm1.example.com(config-gslb-agcra[ag-name])# answer-add 192.172.24.1 
name www-ny-1
gssm1.example.com(config-gslb-agcra[ag-name])# answer-add 192.186.14.1 
name www-atlanta-1
gssm1.example.com(config-gslb-agcra[ag-name])# 
To delete an answer from a CRA answer group, enter:
gssm1.example.com(config-gslb-agcra[ag-name])# no answer-add 
192.186.14.1 name www-atlanta-1
Adding Answers to an NS-Type Answer Group

After you create an NS-type answer group, add previously configured NS-type answers to the group using the answer-add command in the answer group configuration mode.

The syntax for this command is:

answer-add ip_address [name | order number | weight number | activate | suspend]

The variables and options for this command are:

•ip_address—Specifies the IP address of a previously configured NS-type answer. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1).

•name—(Optional) Specifies the name of a previously configured NS-type answer. Enter a unique alphanumeric name, with a maximum of 80 characters. Names that include spaces must be entered in quotes (for example, "name 1").

•order number—(Optional) Assigns the specified order to the answer that is to be added to the answer group. Specify this option when using an "ordered" balance method type. Valid entries are 0 to 65535.

•weight number—(Optional) Assigns the specified weight to the answer that is to be added to the answer group. Specify this option when using a "weighted round-robin" or "least-loaded" balance method type. Valid entries are 1 to 10.

For more information on the order and weight settings, refer to the "Balance Methods" section in Chapter 1, Introducing the Global Site Selector.

•activate—(Optional) Reactivates a suspended NS answer. This is the default setting.

•suspend—(Optional) Suspends an active NS answer.

For example, to add answers to and configure an NS answer group named ANSGRPNS1, enter:
gssm1.example.com(config-gslb-agns[ag-name])# answer-add 192.168.10.1 
name www-zurich-1 order 10
gssm1.example.com(config-gslb-agns[ag-name])# answer-add 192.172.20.1 
name www-barcelona-1 order 20
gssm1.example.com(config-gslb-agns[ag-name])# answer-add 192.188.30.1 
name www-brussels-30
gssm1.example.com(config-gslb-agns[ag-name])# 
To delete an answer from an NS answer group, enter:
gssm1.example.com(config-gslb-agns[ag-name)# no answer-add 
192.168.10.1 name www-zurich-1 order 10
Adding Answers to a VIP-Type Answer Group

After you create a VIP-type answer group, add previously configured VIP-type answers to the group using the answer-add command in the answer group configuration mode.

The syntax for this command is:

answer-add ip_address [name | load-threshold number | order number | weight number | activate | suspend]

The variables and options for this command are:

•ip_address—Specifies the IP address of a previously configured VIP-type answer. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1).

•name—(Optional) Specifies the name of a previously configured VIP-type answer. Enter a unique alphanumeric name, with a maximum of 80 characters. Names that include spaces must be entered in quotes (for example, "name 1").

•load-threshold number—(Optional) Assigns the specified load threshold to the answer that is to be added to the answer group. Use this option to determine whether an answer is available, regardless of the balance method type. Valid entries are 2 to 254.

•order number—(Optional) Assigns the specified order to the answer that is to be added to the answer group. Specify this option when using an "ordered" balance method type. Valid entries are 0 to 65535.

•weight number—(Optional) Assigns the specified weight to the answer that is to be added to the answer group. Specify this option when using a "weighted round-robin" or "least-loaded" balance method type. Valid entries are 1 to 10.

For more information on the order, weight, and load threshold settings, refer to the "Balance Methods" section in Chapter 1, Introducing the Global Site Selector.

•activate—(Optional) Reactivates a suspended VIP answer. This is the default setting.

•suspend—(Optional) Suspends an active VIP answer.

For example, to add answers to and configure a VIP answer group named ANSGRPVIP1, enter:
gssm1.example.com(config-gslb-agvip[ag-name])# answer-add 192.168.30.1 
name www-hk-1 weight 1
gssm1.example.com(config-gslb-agvip[ag-name])# answer-add 192.174.20.1 
name www-sf-1 weight 2
gssm1.example.com(config-gslb-agvip[ag-name])# answer-add 192.188.40.1 
name www-london-1 weight 4
gssm1.example.com(config-gslb-agvip[ag-name])# 
To delete an answer from a VIP answer group, enter:
gssm1.example.com(config-gslb-agvip[ag-name])# no answer-add 
192.168.30.1 name www-hk-1 weight 1
Modifying an Answer Group

Once you create your answer groups, use the CLI in the primary GSSM to make modifications to their configurations, such as adding and removing answers, or changing the order, weight, and load thresholds of the individual answers. Answers can belong to more than one answer group. However, once you add answers to an answer group, you cannot change the type of an answer group (for example, from VIP to CRA).

To modify an answer group:

1. If desired, use the show gslb-config answer-group command to display the current property settings for answer groups. See the "Displaying Answer Group Properties" section for more information.

2. The commands you use to modify an answer group depend on the changes you need to make. For example, to change the weight assigned to an answer within an answer group, you need to use both the answer-group command and the answer-add command. To change the owner setting for an answer group, you need only use the answer-group command.

–For syntax of the answer-group command, refer to the "Creating an Answer Group" section.

–For syntax of the answer-add command when modifying CRA-type answer groups, refer to the "Adding Answers to a CRA-Type Answer Group" section.

–For syntax of the answer-add command when modifying NS-type answer groups, refer to the "Adding Answers to an NS-Type Answer Group" section.

–For syntax of the answer-add command when modifying VIP-type answer groups, refer to the "Adding Answers to a VIP-Type Answer Group" section.

For example, to change the order setting for an answer in the VIP answer group ANSVIP4, enter:
gssm1.example.com(config-gslb)# answer-group ANSGRPVIP4 owner 
WEB-SERVICES type vip
gssm1.example.com(config-gslb-agvip[ag-name])# answer-add 192.168.30.1 
name www-hk-1 order 10 comments "CHANGED ORDER 12/01/05"
gssm1.example.com(config-gslb-agvip[ag-name])# 
To change the owner of the NS answer group ANSNS2, enter:
gssm1.example.com(config-gslb)# answer-group ANSGRPNS2 owner 
E-COMMERCE type ns
gssm1.example.com(config-gslb-agns[ag-name])#
Suspending or Reactivating All Answers in an Answer Group

To temporarily stop the GSS from using all answers in an active answer group, modify the answer group by issuing the no activate-all-answers command in the answer group configuration mode. Suspending prevents that answer group from being used by any of the currently configured DNS rules. Suspending the answers in one answer group also affects any other answer groups to which those answers belong.

To reactivate the answers in the answer group, use the activate-all-answers command in the answer group configuration mode for a specific answer group.

To suspend all answers in an answer group:

1. If desired, use the show gslb-config answer-group command to display the current answer groups. See the "Displaying Answer Group Properties" section for more information.

2. Identify the active answer group you want to suspend, then use the answer-group command and the no activate-all-answers command to suspend all answers in the group.

For example, to suspend all answers in the vip-type answer group ANSGRPVIP4, enter:
gssm1.example.com(config-gslb)# answer-group ANSGRPVIP4 owner 
WEB-SERVICES type vip
gssm1.example.com(config-gslb-agvip[ag-name])# no 
activate-all-answers
gssm1.example.com(config-gslb-agvip[ag-name])# 
To reactivate all answers in a suspended answer group, use the activate-all-answers command.

For example, enter:
gssm1.example.com(config-gslb)# answer-group ANSGRPVIP4 owner 
WEB-SERVICES type vip
gssm1.example.com(config-gslb-agvip[ag-name])# activate-all-answers
gssm1.example.com(config-gslb-agvip[ag-name])# 
Suspending or Reactivating an Answer in an Answer Group

To temporarily stop the GSS from using an answer in an active answer group, you modify the answer group by issuing the suspend option for the answer-add command in the answer group configuration mode. Suspending prevents that answer in the answer group from being used by any of the currently configured DNS rules.

Note Suspending an answer in one answer group also affects any other answer groups to which the answer belongs.

To reactivate an answer in the answer group, use the active option (for the answer-add command) in the answer group configuration mode.

To suspend an answer in an answer group:

1. If desired, use the show gslb-config answer-group command to display the current answers and answer groups. See the "Displaying Answer Group Properties" section for more information.

2. Identify the active answer that you want to suspend (and its answer group), then use the answer-add command and the suspend option to suspend the answer in the group.

For example, to suspend the answer www-sf-1 in the vip-type answer group ANSGRPVIP4, enter:
gssm1.example.com(config-gslb)# answer-group ANSGRPVIP4 owner 
WEB-SERVICES type vip
gssm1.example.com(config-gslb-agvip[ag-name])# answer-add 192.168.30.1 
suspend
gssm1.example.com(config-gslb-agvip[ag-name])# 
To reactivate a suspended answer in an answer group, use the activate command.

For example, enter:
gssm1.example.com(config-gslb)# answer-group ANSGRPVIP4 owner 
WEB-SERVICES type vip
gssm1.example.com(config-gslb-agvip[ag-name])# answer-add 192.168.30.1 
activate
gssm1.example.com(config-gslb-agvip[ag-name])# 
Suspending or Reactivating All Answers in Answer Groups Associated with an Owner

You can group and manage answers added to answer groups according to GSS owner. Using a GSS owner to manage your answer groups enables you to quickly suspend or activate related answers.

To suspend or reactivate all answers in answer groups associated with a GSS owner, issue the suspend-all-answers and activate-all-answers options (for the owner command).

If desired, use the show gslb-config answer-group command to display the currently configured owners, answers, and answer groups.

For example, to suspend all answers in answer groups associated with the owner WEB-SERVICES, enter:
gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# owner WEB-SERVICES suspend-all-answers
gssm1.example.com(config-gslb)# 
To reactivate all answers in answer groups associated with the owner WEB-SERVICES, enter:
gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# owner WEB-SERVICES 
activate-all-answers
gssm1.example.com(config-gslb)# 
Displaying Answer Group Properties

Use the show gslb-config answer-group command to display the current property settings for all answer groups.

The syntax of this command is:

show gslb-config answer-group

For example, enter:
gssm1.example.com(config-gslb)# show gslb-config answer-group 
...
answer-group AGROUP1 owner "OWNER1" type ns
answer-group AGROUP2 owner "OWNER2" type cra
answer-group AGROUP3 owner System type vip
...
To display the properties for an answer group based on an answer group name, enter:
gssm1.example.com(config-gslb)# show gslb-config answer-group ANGROUP1
answer-group AGROUP1 owner "OWNER1" type ns
Deleting an Answer Group

Caution Deletions of any kind cannot be undone in the primary GSSM. Before deleting any data that you think you might want to use at a later point in time, perform a database backup of your GSSM. Refer to the Global Site Selector Administration Guide for details.

Before deleting an answer group, verify that none of your DNS rules reference the answer group that you are about to delete. If necessary, deselect the answer group from the DNS rule. Refer to Chapter 7, Building and Modifying DNS Rules, for information about modifying a DNS rule.

Deleting an answer group does not delete the answers contained in the answer group.

To delete an answer group:

1. If desired, use the show gslb-config answer-group command to display the current answers. See the "Displaying Answer Group Properties" section for more information.

2. Identify the active answer group you want to delete, then use the no form of the answer-group command to delete the answer.

For example, to delete the VIP-type answer group ANSGRPVIP1, enter:
gssm1.example.com(config-gslb)# show gslb-config answer-group 
answer-group ANSGRPVIP1 owner OWNR1 type vip
answer-group ANSGRPVIP2 owner System type vip
gssm1.example.com(config-gslb)# no answer-group ANSGRPVIP1
gssm1.example.com(config-gslb)# 
Where to Go Next

Chapter 7, Building and Modifying DNS Rules, describes constructing the DNS rules that govern all global server load balancing on your GSS network.

	Cisco GSS CLI-Based Global Server Load-Balancing Configuration Guide (Software Version 1.3)
	Configuring Answers and Answer Groups
Cisco GSS CLI-Based Global Server Load-Balancing Configuration Guide (Software Version 1.3) Index Preface Introducing the Global Site Selector Configuring Resources Configuring Source Address Lists Configuring Domain Lists Configuring Keepalives Configuring Answers and Answer Groups Building and Modifying DNS Rules Configuring DNS Sticky Configuring Network Proximity Creating and Playing GSLB Configuration Files Displaying Global Server Load-Balancing Configuration Information Displaying GSS Global Server Load-Balancing Statistics Primary GSSM Global Server Load-Balancing Error Messages Sticky and Proximity XML Schema Files Glossary	Download this chapter Configuring Answers and Answer Groups Download the complete book Cisco Global Site Selector CLI-Based Global Server Load-Balancing Configuration Guide Book-Length PDF, Software Version 1.3 (PDF - 5 MB) Table Of Contents Configuring Answers and Answer Groups Configuring and Modifying Answers Logging in to the CLI and Enabling Privileged EXEC Mode Configuring a VIP-Type Answer Configuring KeepAlive VIP Answers Configuring ICMP Keepalive VIP Answers Configuring TCP Keepalive VIP Answer Settings Configuring HTTP HEAD Keepalive VIP Answer Settings Configuring KAL-AP Keepalive VIP Answer Settings Configuring Multiple Keepalives for a VIP Answer Type Configuring a CRA-Type Answer Configuring a Name Server-Type Answer Modifying an Answer Displaying Answer Properties Suspending an Answer Reactivating an Answer Suspending or Reactivating All Answers in a Location Deleting an Answer Configuring and Modifying Answer Groups Creating an Answer Group Adding Answers to a CRA-Type Answer Group Adding Answers to an NS-Type Answer Group Adding Answers to a VIP-Type Answer Group Modifying an Answer Group Suspending or Reactivating All Answers in an Answer Group Suspending or Reactivating an Answer in an Answer Group Suspending or Reactivating All Answers in Answer Groups Associated with an Owner Displaying Answer Group Properties Deleting an Answer Group Where to Go Next Configuring Answers and Answer Groups This chapter describes how to create and configure answers and answer groups for your GSS network. It contains the following major sections: •Configuring and Modifying Answers •Configuring and Modifying Answer Groups •Where to Go Next Configuring and Modifying Answers In a GSS network, the term answers refers to the resources that respond to content queries. When you create an answer using the primary GSSM, you are identifying a resource on your GSS network to which queries can be directed. This resource provides the requesting client D-proxy with the address of a valid host to serve their request. GSS answers include the following: •VIP—Virtual IP (VIP) addresses associated with an SLB such as the Cisco CSS, Cisco CSM, Cisco IOS-compliant SLB, Cisco LocalDirector, a web server, a cache, or any other geographically dispersed device in a global network deployment. •Name Server—A configured DNS name server on your network that can answer queries that the GSS cannot resolve. •CRA—Content routing agents that use a resolution process called DNS race to send identical and simultaneous responses back to a user's D-proxy. The GSS groups answers together as resource pools, also referred to as answer groups. From the available answer groups, the GSS can use a maximum of three possible response answer group and balance method clauses in a DNS rule to select the most appropriate resource that serves a user request. Each balance method provides a different algorithm for selecting one answer from a configured answer group. Each clause specifies that a particular answer group serve the request and a specific balance method be used to select the best resource from that answer group. Depending on the type of answer, further intelligence can be applied to DNS queries by the GSS to choose the best host. For example, a request that is routed to a VIP associated with a Cisco CSS is routed to the best resource based on load and availability, as determined by the CSS. A request that is routed to a CRA is routed to the best resource based on proximity, as determined in a DNS race conducted by the GSS. This section includes the following procedures: •Logging in to the CLI and Enabling Privileged EXEC Mode •Configuring a VIP-Type Answer •Configuring a CRA-Type Answer •Configuring a Name Server-Type Answer •Modifying an Answer •Displaying Answer Properties •Reactivating an Answer •Suspending or Reactivating All Answers in a Location •Deleting an Answer Logging in to the CLI and Enabling Privileged EXEC Mode Note To log in and enable privileged EXEC mode in the GSS, you must be a configured user with admin privileges. Refer to the Cisco Global Site Selector Administration Guide for information on creating and managing user accounts. To log in to the primary GSSM and enable privileged EXEC mode at the CLI: 1. If you are remotely logging in to the primary GSSM through Telnet or SSH, enter the host name or IP address of the GSSM to access the CLI. Otherwise, if you are using a direct serial connection between your terminal and the GSSM, use a terminal emulation program to access the CLI. For details about making a direct connection to the GSS device using a dedicated terminal and about establishing a remote connection using SSH or Telnet, refer to the Cisco Global Site Selector Getting Started Guide. 2. Specify your GSS administrative username and password to log on to the GSSM. The CLI prompt appears. gssm1.example.com> 3. At the CLI prompt, enable privileged EXEC mode as follows: gssm1.example.com> enable gssm1.example.com# Configuring a VIP-Type Answer When configuring a VIP-type answer, you have the option to configure one of several different keepalive types or multiple keepalive types to test for that answer. Refer to the "Configuring Multiple Keepalives for a VIP Answer Type" section for more information on configuring multiple keepalives to test for an answer. For a KAL-AP keepalive, configure shared keepalives before you configure your answer. Refer to Chapter 5, Configuring Keepalives for more information on creating shared keepalives. To configure a VIP-type answer, use the answer vip ip_address command in global server load-balancing configuration mode. The syntax of this command is: answer vip ip_address [name name \| location name \| activate \| suspend] After you enter the answer vip ip_address command, the prompt changes to the answer vip configuration mode where you can optionally specify and configure keepalives for your VIP-type answer. The options and variables for this command are: •ip_address—Specifies the VIP address field, enter the VIP address to which the GSS will forward requests. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1). •name name—(Optional) Specifies a name for the VIP-type answer that you are creating. Enter a unique alphanumeric name, with a maximum of 80 characters. Names that include spaces must be entered in quotes (for example, "name 1"). •location name—(Optional) Specifies an existing location name with which the answer is to be associated. See the "Configuring Owners" section in Chapter 2, Configuring Resources. •activate—(Optional) Reactivates a suspended VIP answer. This is the default setting. •suspend—(Optional) Suspends an active VIP answer. For example, to create a VIP answer called SEC-LONDON1 and associate it with the London location, enter: gssm1.example.com# config gssm1.example.com(config)# gslb gssm1.example.com(config-gslb)# answer vip 10.86.209.232 name SEC-LONDON1 location LONDON gssm1.example.com(config-ansvip[ans-ip]) To delete a VIP answer, enter: gssm1.example.com# config gssm1.example.com(config)# gslb gssm1.example.com(config-gslb)# no answer vip 10.86.209.232 name SEC-LONDON1 location LONDON gssm1.example.com(config-gslb) For more information on modifying existing answers, see the "Modifying an Answer" section. Configuring KeepAlive VIP Answers After you create an answer, you can choose to configure one of a variety of different keepalive types or multiple keepalive types to test for that answer. The following sections describe how to configure the properties for the individual VIP keepalives, and includes a section on configuring multiple keepalives for an answer. The default values used for each of the VIP keepalives are determined by the global keepalive property settings previously specified (see Chapter 5, Configuring Keepalives). •Configuring ICMP Keepalive VIP Answers •Configuring TCP Keepalive VIP Answer Settings •Configuring HTTP HEAD Keepalive VIP Answer Settings •Configuring KAL-AP Keepalive VIP Answer Settings •Configuring Multiple Keepalives for a VIP Answer Type Configuring ICMP Keepalive VIP Answers To define the ICMP keepalives for your VIP answer, use the keepalive type icmp command in answer vip configuration mode. This command sends an ICMP echo message (ping) to the address specified for the VIP answer. The GSS determines the online status by the response received from the device, indicating simple connectivity to the network. The syntax for this command is: keepalive type icmp [shared ip_address \| retries number \| successful-probes number] The variables and options for this command are: •shared ip_address—(Optional) Specifies the IP address of an existing ICMP shared keepalive. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1). Refer to Chapter 5, Configuring Keepalives for more information on creating shared keepalives. •retries number—(Optional) Specifies the number of times the GSS retransmits an ICMP echo request packet before declaring the device offline. As you adjust the retries value, you change the detection time determined by the GSS. By increasing the number of retries, you increase the detection time. Reducing the number of retries has the reverse effect. The valid entries are 1 to 10 retries. The default is 1. •successful-probes number—(Optional) Specifies the number of consecutive successful ICMP keepalive attempts (probes) that must be recognized by the GSS before bringing an answer back online. The valid entries are 1 to 5 attempts. The default is 1. For example, to configure an ICMP keepalive for the VIP-type answer servicing VIP address 10.86.209.232, enter: gssm1.example.com(config-gslb)# answer vip 10.86.209.232 gssm1.example.com(config-ansvip[ans-ip])keepalive type icmp retries 2 gssm1.example.com(config-ansvip[ans-ip]) See the "Configuring Multiple Keepalives for a VIP Answer Type" section for details on configuring multiple keepalives to test for a VIP-type answer. Configuring TCP Keepalive VIP Answer Settings To define the TCP keepalive for your VIP answer, use the keepalive type tcp command in answer vip configuration mode. This command sends a TCP handshake to the address specified for the VIP answer and port number of the remote device to determine service viability (three-way handshake and connection termination method), returning the online status of the device. The syntax for this command is: keepalive type tcp [shared ip_address \| port number \| retries number \| successful-probes number \| termination {graceful \| reset}] The variables and options for this command are: •shared ip_address—(Optional) Specifies the IP address of an existing TCP shared keepalive. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1). Refer to Chapter 5, Configuring Keepalives for more information on creating shared keepalives. •port number—(Optional) Specifies the port on the remote device that is to receive the TCP-type keepalive request from the GSS. The valid entries are 1 to 65535. The default port is 80. •retries number—(Optional) Specifies the number of times the GSS retransmits a TCP packet before declaring the device offline. As you adjust the retries value, you change the detection time determined by the GSS. By increasing the number of retries, you increase the detection time. Reducing the number of retries has the reverse effect. The valid entries are 1 to 10 retries. The default is 1. •successful-probes number—(Optional) Specifies the number of consecutive successful TCP keepalive attempts (probes) that must be recognized by the GSS before bringing an answer back online. The valid entries are 1 to 5 attempts. The default is 1. •termination —(Optional) Specifies one of the following TCP keepalive connection termination methods: –graceful—The GSS initiates the graceful closing of a TCP connection by using the standard three-way connection termination method. –reset—The GSS immediately terminates the TCP connection by using a hard reset. If you do not specify a connection termination method, the GSS uses this method type. For example, to configure a TCP keepalive for the VIP-type answer servicing VIP address 192.168.200.1, enter: gssm1.example.com(config-gslb)# answer vip 192.168.200.1 gssm1.example.com(config-ansvip[ans-ip])keepalive type tcp port 23 successful-probes 4 gssm1.example.com(config-ansvip[ans-ip]) See the "Configuring Multiple Keepalives for a VIP Answer Type" section for details on configuring multiple keepalives to test for a VIP-type answer. Configuring HTTP HEAD Keepalive VIP Answer Settings To define the HTTP HEAD keepalive for your VIP answer, use the keepalive type http-head command in answer vip configuration mode. This command sends a TCP-format HTTP HEAD request to an origin web server at the address specified for the VIP answer. The GSS determines the online status of the device in the form of an HTTP Response Status Code of 200 (for example, HTTP/1.0 200 OK) from the server as well as information on the web page status and content size. The syntax for this command is: keepalive type http-head [host-tag domain_name \| path path \| port number \| retries number \| shared ip_address \| successful-probes number \| termination {graceful \| reset}] The variables and options for this command are: •host-tag domain_name —(Optional) Specifies an optional domain name that is sent to the VIP as part of the HTTP HEAD query. This tag allows an SLB to resolve the keepalive request to a particular website even when multiple sites are represented by the same VIP. •path path—(Optional) Specifies the server website queried in the HTTP HEAD request (for example, /company/owner). The default path "/" specifies the virtual root of the webserver. •port number—(Optional) Specifies the port on the remote device that is to receive the HTTP HEAD-type keepalive request from the GSS. The valid entries are 1 to 65535. The default port is 80. •retries number—(Optional) Specifies the number of times the GSS retransmits a HTTP HEAD packet before declaring the device offline. As you adjust the retries value, you change the detection time determined by the GSS. By increasing the number of retries, you increase the detection time. Reducing the number of retries has the reverse effect. The valid entries are 1 to 10 retries. The default is 1. •shared ip_address—(Optional) Specifies the IP address of an existing HTTP HEAD shared keepalive. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1). Refer to Chapter 5, Configuring Keepalives for more information on creating shared keepalives. •successful-probes number—(Optional) Specifies the number of consecutive successful HTTP HEAD keepalive attempts (probes) that must be recognized by the GSS before bringing an answer back online. The valid entries are 1 to 5 attempts. The default is 1. •termination—(Optional) Specifies one of the following HTTP HEAD keepalive connection termination methods: –graceful—The GSS initiates the graceful closing of a HTTP HEAD connection by using the standard three-way connection termination method. –reset—The GSS immediately terminates the TCP-fomatted HTTP HEAD connection by using a hard reset. If you do not specify a connection termination method, the GSS uses this method type. For example, to configure anHTTP HEAD keepalive for the VIP-type answer servicing VIP address 192.168.200.1, enter: gssm1.example.com(config-gslb)# answer vip 192.168.200.1 gssm1.example.com(config-ansvip[ans-ip])keepalive type http-head host-tag WWW.HOME.COM termination graceful gssm1.example.com(config-ansvip[ans-ip]) See "Configuring Multiple Keepalives for a VIP Answer Type" for details on configuring multiple keepalives to test for a VIP-type answer. Configuring KAL-AP Keepalive VIP Answer Settings To define the KAL-AP keepalive for your VIP answer, use the keepalive type kalap command in answer vip configuration mode. This command sends a detailed query to the Cisco CSS or CSM at the address specified for the VIP answer to extract load and availability. The GSS determines the online status when the SLBs respond with information about a hosted domain name, host VIP address, or a configured tag on a content rule. The syntax for this command is: keepalive type kalap {tag ip_address {tag_name} \| vip ip_address}} The variables and options for this command are: •tag ip_address—Specifies the shared KAL-AP-type keepalive address in the KAL-AP request. The KAL-AP queries the keepalive address to determine the online status. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1). •tag_name— Specifies an alphanumeric tag associated with the VIP in the KAL-AP request. The tag value is used to match the correct shared keepalive VIP, avoiding confusion that can be caused when probing for the status of a VIP that is located behind a firewall network address translation (NAT). Enter a unique alphanumeric name, with a maximum of 80 characters. Names that include spaces must be entered in quotes (for example, "name 1"). •vip ip_address—Specifies the shared KAL-AP-type keepalive address in the KAL-AP request. The KAL-AP queries the keepalive address to determine the online status. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1). For example, to configure a KAL-AP keepalive for the VIP-type answer servicing VIP address 192.168.200.1, enter: gssm1.example.com(config-gslb)# answer vip 192.168.200.1 gssm1.example.com(config-ansvip[ans-ip]) keepalive type kalap tag 192.168.50.41 TAG1 gssm1.example.com(config-ansvip[ans-ip]) See the "Configuring Multiple Keepalives for a VIP Answer Type" section for details on cofiguring multiple keepalives to test for a VIP-type answer. The Content and Application Peering Protocol (CAPP) may not recognize dropped fragments when a KAL-AP keepalive spans multiple datagrams due to large payloads. When the KAL-AP keepalive spans multiple datagrams and one of the spanned packets is dropped, the GSS does not retry the request. Instead, the GSS waits until the next period and sends the packets again. This results in the dropped datagram not getting updated load values on the VIPs that expect them. This behavior typically occurs in situations where the GSS consumes the full datagram (roughly 1.4 K) with tag names or VIP addresses. Otherwise, all data fits perfectly in a single datagram. To resolve this behavior, use the VIP format for KAL-AP when you need the GSS to send a detailed query on load for hundreds of VIPs configured to a single primary or optional secondary (backup) IP address. Another solution is to use the tag format for KAL-AP, but to limit the length of the tag name to ensure that the packets do not exceed 1.4K. Configuring Multiple Keepalives for a VIP Answer Type The primary GSSM supports the assignment of multiple keepalives and/or destination ports for a single VIP answer. You can configure a maximum of five different keepalives for a VIP answer, in a mix and match configuration of ICMP, TCP, HTTP HEAD, and KAL-AP VIP keepalive types. However, the primary GSSM supports only a single usage of a shared keepalive and a single KAL-AP keepalive when specifying multiple keepalive types. For TCP or HTTP HEAD keepalives, you may also specify different destination ports. The multi-port keepalive capability allows you monitor a single server and check responses from multiple ports. As long as all the keepalives are successful, the GSS device considers the resource active and continues to redirect client traffic to the server. Servers that yield unsuccessful connections are marked as unavailable; subsequent successful connections to the server will reinstate it as available to be used as a resource. When using multiple keepalive types, the VIP answer status is a logical AND function of all keepalive probes associated with an answer, resulting in a consolidation of results from each answer. For example, to configure TCP- and HTTP HEAD-type keepalives for multiple ports for the VIP-type answer servicing VIP address 192.168.200.1, enter: gssm1.example.com(config-gslb)# answer vip 192.168.200.1 gssm1.example.com(config-ansvip[ans-ip])keepalive type tcp port 80 gssm1.example.com(config-ansvip[ans-ip])keepalive type tcp port 443 gssm1.example.com(config-ansvip[ans-ip])keepalive type http-head port 8080 gssm1.example.com(config-ansvip[ans-ip])exit gssm1.example.com(config-gslb)# To configure TCP- and HTTP HEAD-type keepalives for multiple ports for the VIP-type answer named MPORT_KALE_MIX that services VIP address 192.168.200.1, enter: gssm1.example.com(config-gslb)# answer vip 192.168.200.1 name MPORT_KALE_MIX gssm1.example.com(config-ansvip[ans-ip])keepalive type tcp port 80 gssm1.example.com(config-ansvip[ans-ip])keepalive type tcp port 443 gssm1.example.com(config-ansvip[ans-ip])keepalive type http-head port 8080 gssm1.example.com(config-ansvip[ans-ip])exit gssm1.example.com(config-gslb)# Note When configuring multiple keepalives for an answer and you need to use a KAL-AP-type keepalive, you can configure only one KAL-AP-type keepalive and you must specify it as the first keepalive. Refer to the following example. To configure KAL-AP-, TCP- and HTTP HEAD-type keepalives for the VIP-type answer servicing VIP address 192.168.200.1, enter: gssm1.example.com(config-gslb)# answer vip 192.168.200.1 gssm1.example.com(config-ansvip[ans-ip]) keepalive type kalap tag 192.168.50.41 TAG1 gssm1.example.com(config-ansvip[ans-ip]) keepalive type tcp port 80 gssm1.example.com(config-ansvip[ans-ip]) keepalive type tcp port 443 gssm1.example.com(config-ansvip[ans-ip]) keepalive type http-head port 8080 gssm1.example.com(config-ansvip[ans-ip])exit gssm1.example.com(config-gslb)# Configuring a CRA-Type Answer The content routing agent (CRA) answer type relies on content routing agents and the GSS to choose a suitable answer for a given query based on the proximity of two or more possible hosts to the requesting D-proxy. With the CRA-type answer, the requests received from a particular D-proxy are served by the content server that responds first to the request. The response time is measured using a DNS race and is coordinated by the GSS and content routing agents running on each content server. In the race, multiple hosts respond simultaneously to a request. The server with the fastest response time (the shortest network delay between itself and the client's D-proxy) is chosen to serve the content. The CRA-type answer is designed to work with the GSS when you select the boomerang balance method with a DNS rule (utilizing the boomerang server component of the GSS). Closeness is determined when multiple hosts reply to the requesting D-proxy simultaneously in what is referred to as a "DNS race." The GSS coordinates the start of the race so that all CRAs initiate their response at the same time. The first DNS reply to reach the D-proxy is chosen by the name server as the host containing the answer. To configure a CRA-type answer, use the answer cra ip_address command in global server load-balancing configuration mode. The syntax of this command is: answer cra ip_address [enable \| disable \| delay number \| name name \| location name \| activate \| suspend] The variables and options for this command are: •ip_address—Specifies the interface or circuit address of the CRA. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1). •enable—(Optional) Specifies that the GSS is to perform keepalive checks on the answer. This is the default setting. Use disable if you plan to specify a one-way delay to calculate a static RTT. See the delay option for information on static RTT. •disable—(Optional) Specifies that the GSS use the one-way delay variable to calculate a static round-trip time (RTT). See the delay option for more information on static RTT. •delay number—(Optional) Specifies a one-way delay time in milliseconds. This value is used by the GSS to calculate a static round-trip time (RTT), with the one-way delay constituting one-half of the round-trip time that is used for all DNS races involving this answer. Valid entries are 0 to 1000 milliseconds. The default is 0. •name name—(Optional) Specifies a name for the CRA-type answer. Enter a unique alphanumeric name, with a maximum of 80 characters. Names that include spaces must be entered in quotes (for example, "name 1"). •location name—(Optional) Specifies an existing location name with which the answer is to be associated. See the "Configuring Owners" section in Chapter 2, Configuring Resources. •activate—(Optional) Reactivates a suspended CRA answer. This is the default setting. •suspend—(Optional) Suspends an active CRA answer. For example, to create a CRA-type answer with a one-way delay, enter: gssm1.example.com# config gssm1.example.com(config)# gslb gssm1.example.com(config-gslb)# answer cra 10.86.209.22 name CRA-ANS1 delay 3 gssm1.example.com(config-gslb) To delete a CRA-type answer, enter: gssm1.example.com(config-gslb)# no answer cra 10.86.209.22 name CRA-ANS1 delay 3 gssm1.example.com(config-gslb) For information on modifying existing answers, see the "Modifying an Answer"section. Configuring a Name Server-Type Answer A name server (NS)-type answer specifies the IP address of a DNS name server to which DNS queries are forwarded from the GSS. Using the name server forwarding feature, queries are forwarded to a non-GSS name server for resolution, with the answer passed back to the GSS name server and from there to the requesting D-proxy. The name server-type answer acts as a guaranteed fallback resource. A fallback resource can resolve requests that the GSS cannot resolve itself either because the requested content is unknown to the GSS or because the resources that typically handle such requests are unavailable. To configure a NS-type answer, use the answer ns ip_address command in global server load-balancing configuration mode. The syntax of this command is: answer ns ip_address [enable \| disable \| name name \| domain name \| location name \| activate \| suspend] The variables and options for this command are: •ip_address—Specifies the name server that the GSS is to forward its requests. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1). •enable—(Optional) Specifies that the GSS is to perform keepalive checks on the specified name server. The GSS queries the name server IP address to determine online status. This is the default. •disable—(Optional) Specifies that the GSS disable keepalive checks on the specified name server. The GSS assumes that the name server is always online. •domain name—(Optional) Specifies the name of the domain name server to which an NS-type keepalive is sent (to determine the online status). Enter the name as an unquoted text string with no spaces and a maximum length of 100 characters. (for example, www.home.com). Note If no domain is specified, the GSS queries the globally-configured query domain. For instructions on configuring the global query domain, see Chapter 5, Configuring Keepalives. •name name—(Optional) Specifies a name for the NS-type answer. Enter a unique alphanumeric name, with a maximum of 80 characters. Names that include spaces must be entered in quotes (for example, "name 1"). •location name—(Optional) Specifies an existing location name with which the answer is to be associated. See the "Configuring Owners" section in Chapter 2, Configuring Resources. •activate—(Optional) Reactivates a suspended NS answer. This is the default setting. •suspend—(Optional) Suspends an active NS answer. For example, to create an NS-type answer that specifies a domain name server, enter: gssm1.example.com# config gssm1.example.com(config)# gslb gssm1.example.com(config-gslb)# answer ns 10.86.209.4 domain WWW.HOME.COM enable gssm1.example.com(config-gslb) To delete a NS-type answer, enter: gssm1.example.com(config-gslb)# no answer ns 10.86.209.4 domain WWW.HOME.COM enable gssm1.example.com(config-gslb) For information on modifying existing answers, see the "Modifying an Answer" section. Modifying an Answer Once you have configured your answers, you can modify them at any time. However, once an answer is created and named, you cannot modify its type (for example, from VIP to CRA), its IP address, or its name. To modify an existing answer: 1. If desired, use the show gslb-config answer command to display the current property settings for answers. See the "Displaying Answer Properties" section for more information. 2. To change settings for an answer, use the answer command in global server load-balancing configuration mode. The syntax of this command is: answer {cra \| ns \| vip} The options are: •cra—Specifies a CRA-type answer for modification. Refer to the "Configuring a CRA-Type Answer" section for details on how to modify CRA-type properties. •ns—Specifies an NS-type answer for modification. Refer to the "Configuring a Name Server-Type Answer" section for details on how to modify NS-type properties. •vip—Specifies a VIP-type answer for modification. Refer to the "Configuring a VIP-Type Answer" section for details on how to modify VIP-type properties. Also, refer to the "Configuring KeepAlive VIP Answers" section for information on modifying keepalives for VIP-type answers. For example, to first display the answer property settings, then change the one-way delay time for an existing CRA-type answer, enter: gssm1.example.com(config-gslb)# show gslb-config answer ... answer cra 192.168.50.41 delay 2 activate answer ns 172.16.27.4 domain EXAMPLE.COM activate answer vip 172.16.27.6 name ansvip2 activate keepalive type tcp port 180 activate keepalive type tcp port 88 activate ... gssm1.example.com(config-gslb)# answer cra 192.168.50.41 delay 5 gssm1.example.com(config-gslb)# In order to modify a named answer, you must specify its name, type, and IP address. For example, to modify the answer named ANSVIP2, you must enter: gssm1.example.com(config-gslb)# answer vip 172.16.27.6 name ANSVIP2 delay 100 gssm1.example.com(config-gslb)# Displaying Answer Properties Use the show gslb-config answer command to display the current property settings for all answer types. The syntax of this command is: show gslb-config answer For example, enter: gssm1.example.com(config-gslb)# show gslb-config answer answer cra 192.168.50.41 delay 2 active answer ns 172.16.27.4 domain EXAMPLE.COM active answer vip 172.16.27.6 name ansvip2 active keepalive type tcp port 180 active answer vip 192.168.50.30 active keepalive type tcp port 88 active answer vip 192.168.50.2 name ansvip active keepalive type icmp active keepalive type tcp port 88 active keepalive type tcp port 80 active gssm1.example.com(config-gslb)# To display the property settings based on IP address and answer type, enter: gssm1.example.com(config-gslb)# show gslb-config answer 172.16.27.6 vip answer vip 172.16.27.6 name ansvip2 active keepalive type tcp port 180 active gssm1.example.com(config-gslb)# To display the property settings based on an answer name, enter: gssm1.example.com(config-gslb)# show gslb-config answer ansvip2 answer vip 172.16.27.6 name ansvip2 active keepalive type tcp port 180 active gssm1.example.com(config-gslb)# Suspending an Answer To temporarily stop the GSS from using an active answer, modify the answer by issuing the suspend option for the answer command. Suspending prevents that answer from being used by any of the currently configured DNS rules. Note You can suspend multiple answers associated with an answer group by using the no activate-all-answers command. See the "Suspending or Reactivating All Answers in an Answer Group" section for details. To suspend an answer: 1. If desired, use the show gslb-config answer command to display the current answers. See the "Displaying Answer Properties" section for more information. 2. Identify the active answer you want to suspend, then use the answer command with the suspend option to suspend the answer. For example, to suspend the NS-type answer that queries the domain server at EXAMPLE.COM, enter: gssm1.example.com(config-gslb)# show gslb-config answer ... answer cra 192.168.50.41 delay 2 active answer ns 172.16.27.4 domain EXAMPLE.COM active answer vip 172.16.27.6 name ansvip2 active keepalive type tcp port 180 active ... gssm1.example.com(config-gslb)# answer ns 172.16.27.4 domain EXAMPLE.COM suspend gssm1.example.com(config-gslb)# To reactivate a suspended answer, use the activate feature (see the "Reactivating an Answer" section). Reactivating an Answer To reactivate a suspended answer, you modify the specific answer by issuing the activate option (for the answer command). To reactivate an answer: 1. If desired, use the show gslb-config answer command to display the current answers. See the "Displaying Answer Properties" section for more information. 2. Identify the active answer you want to reactivate, then use the answer command with the activate option to reactivate the answer. For example, to reactivate the NS-type answer that queries the domain server at EXAMPLE.COM, enter: gssm1.example.com(config-gslb)# show gslb-config answer ... answer cra 192.168.50.41 delay 2 active answer ns 172.16.27.4 domain EXAMPLE.COM suspend answer vip 172.16.27.6 name ansvip2 active keepalive type tcp port 180 active ... gssm1.example.com(config-gslb)# answer ns 172.16.27.4 domain EXAMPLE.COM activate gssm1.example.com(config-gslb)# Suspending or Reactivating All Answers in a Location You can group and manage answers according to an established GSS location. Using a location to manage your answers makes it easier for you to quickly suspend or activate answers in a particular area of your network, for example, shutting down one or more data centers for the purposes of software upgrades or regular maintenance. The GSS automatically detects and routes requests around suspended answers. Note Suspending all answers in a location overrides the active or suspended state of an individual answer. To suspend or reactivate answers based on their location, use the location command with the suspend-all-answers and activate-all-answers options. If desired, use the show gslb-config location command to display the currently configured locations. See Chapter 2, Displaying Resource Information, for more information about this command. For example, to suspend all answers based on the location Normandy, enter: gssm1.example.com(config)# gslb gssm1.example.com(config-gslb)# location Normandy suspend-all-answers gssm1.example.com(config-gslb)# To reactivate all answers based on the location Normandy, enter: gssm1.example.com(config)# gslb gssm1.example.com(config-gslb)# location Normandy activate-all-answers gssm1.example.com(config-gslb)# Deleting an Answer Caution Deletions of any kind cannot be undone in the primary GSSM. Before deleting any data that you think you might want to use at a later point in time, perform a database backup of your GSSM. Refer to the Global Site Selector Administration Guide for details. To delete an answer: 1. If desired, use the show gslb-config answer command to display the current answers. See the "Displaying Answer Properties" section for more information. 2. Identify the active answer you want to delete, then use the no form of the answer command to delete the answer. For example, to delete the VIP-type answer that queries IP address 192.168.50.30 and all keepalives for that answer, enter: gssm1.example.com(config-gslb)# show gslb-config answer ... answer cra 192.168.50.41 delay 2 activate answer ns 172.16.27.4 domain EXAMPLE.COM activate answer vip 172.16.27.6 name ansvip2 activate keepalive type tcp port 180 activate answer vip 192.168.50.30 activate keepalive type tcp port 88 activate answer vip 192.168.50.2 name ansvip activate keepalive type icmp activate keepalive type tcp port 88 activate keepalive type tcp port 80 activate keepalive type tcp activate ... gssm1.example.com(config-gslb)# no answer vip 192.168.50.30 gssm1.example.com(config-gslb)# In order to delete a named answer, you must specify its name, type, and IP address. For example, to delete the answer named ANSVIP2, you must enter: gssm1.example.com(config-gslb)# no answer vip 172.16.27.6 name ANSVIP2 gssm1.example.com(config-gslb)# Configuring and Modifying Answer Groups Answer groups are lists of GSS resources that are candidates to respond to DNS queries received from a user for a hosted domain. By using the DNS rules feature, you associate these lists of network resources with a particular balance method that is used to resolve the request. •For a VIP answer group type, the GSS selects one or more VIPs using the balance method specified in the DNS rule. •For a CRA answer group type, all CRAs in the answer group are queried and then "race" to respond first to the D-proxy with their IP address. •For a name server answer group type, the GSS selects a name server using the balance method specified in the DNS rule and forwards the client's request to that name server. A DNS rule can have a maximim of three balance clauses. Each balance clause specifies a different answer group from which an answer can be chosen after taking load threshold, order, and weight factors into account for each answer. Before creating your answer groups, configure the answers that make up those groups. See the "Configuring and Modifying Answers" section for more information on creating GSS answers. This section includes the following procedures: •Creating an Answer Group •Modifying an Answer Group •Suspending or Reactivating All Answers in an Answer Group •Suspending or Reactivating All Answers in Answer Groups Associated with an Owner •Displaying Answer Group Properties •Deleting an Answer Group Creating an Answer Group To create an answer group, use the answer-group command in global server load-balancing configuration mode. The syntax of this command is: answer-group name {owner name type {cra \| ns \|vip }} After you enter the answer-group command, the prompt changes to the answer group configuration mode, where you add previously configured answers to the group. The variables and options for this command are: •name—Specifies the name for the answer group. Enter a unique alphanumeric name, with a maximum of 80 characters. Names should not contain spaces. •owner name—Specifies the name of an existing owner with which the answer group will be associated. For details about creating an owner, refer to Chapter 2, Configuring Resources. •type—Specifies a type for the answer group. The following options are available: –cra—The answer group consists of content routing agents (CRAs) for use with the boomerang server component of the GSS. –ns—The answer group consists of configured name servers. –vip—The answer group consists of virtual IPs controlled by an SLB device such as a CSS or CSM. The maximum number of answers that you can place in each of these answer groups is 20 for a CRA answer group, 30 for an NS answer group, and 100 for a VIP answer group. For example, to create a VIP answer group, enter: gssm1.example.com(config)# gslb gssm1.example.com(config-gslb)# answer-group ANSGRPVIP1 owner WEB-SERVICES type vip gssm1.example.com(config-gslb-agvip[ag-name])# For example, to delete a VIP answer group, enter: gssm1.example.com(config)# gslb gssm1.example.com(config-gslb)# no answer-group ANSGRPVIP1 owner WEB-SERVICES type vip gssm1.example.com(config-gslb)# Refer to the following sub-sections for instructions on adding answers to an answer group: •Adding Answers to a CRA-Type Answer Group •Adding Answers to an NS-Type Answer Group •Adding Answers to a VIP-Type Answer Group Adding Answers to a CRA-Type Answer Group After you create a CRA-type answer group, add previously configured CRA-type answers to the group using the answer-add command in the answer group configuration mode. The syntax for this command is: answer-add ip_address [activate \| name \| suspend] The variables and options for this command are: •ip_address—Specifies the IP address of a previously configured CRA-type answer. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1). •activate—(Optional) Reactivates a suspended CRA answer. This is the default setting. •name—(Optional) Specifies the name of a previously configured CRA-type answer. Enter a unique alphanumeric name, with a maximum of 80 characters. Names that include spaces must be entered in quotes (for example, "name 1"). •suspend—(Optional) Suspends an active CRA answer. For example, to add answers to and configure a CRA answer group named ANSGRPCRA3, enter: gssm1.example.com(config-gslb-agcra[ag-name])# answer-add 192.168.10.1 name www-boston-1 gssm1.example.com(config-gslb-agcra[ag-name])# answer-add 192.172.24.1 name www-ny-1 gssm1.example.com(config-gslb-agcra[ag-name])# answer-add 192.186.14.1 name www-atlanta-1 gssm1.example.com(config-gslb-agcra[ag-name])# To delete an answer from a CRA answer group, enter: gssm1.example.com(config-gslb-agcra[ag-name])# no answer-add 192.186.14.1 name www-atlanta-1 Adding Answers to an NS-Type Answer Group After you create an NS-type answer group, add previously configured NS-type answers to the group using the answer-add command in the answer group configuration mode. The syntax for this command is: answer-add ip_address [name \| order number \| weight number \| activate \| suspend] The variables and options for this command are: •ip_address—Specifies the IP address of a previously configured NS-type answer. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1). •name—(Optional) Specifies the name of a previously configured NS-type answer. Enter a unique alphanumeric name, with a maximum of 80 characters. Names that include spaces must be entered in quotes (for example, "name 1"). •order number—(Optional) Assigns the specified order to the answer that is to be added to the answer group. Specify this option when using an "ordered" balance method type. Valid entries are 0 to 65535. •weight number—(Optional) Assigns the specified weight to the answer that is to be added to the answer group. Specify this option when using a "weighted round-robin" or "least-loaded" balance method type. Valid entries are 1 to 10. For more information on the order and weight settings, refer to the "Balance Methods" section in Chapter 1, Introducing the Global Site Selector. •activate—(Optional) Reactivates a suspended NS answer. This is the default setting. •suspend—(Optional) Suspends an active NS answer. For example, to add answers to and configure an NS answer group named ANSGRPNS1, enter: gssm1.example.com(config-gslb-agns[ag-name])# answer-add 192.168.10.1 name www-zurich-1 order 10 gssm1.example.com(config-gslb-agns[ag-name])# answer-add 192.172.20.1 name www-barcelona-1 order 20 gssm1.example.com(config-gslb-agns[ag-name])# answer-add 192.188.30.1 name www-brussels-30 gssm1.example.com(config-gslb-agns[ag-name])# To delete an answer from an NS answer group, enter: gssm1.example.com(config-gslb-agns[ag-name)# no answer-add 192.168.10.1 name www-zurich-1 order 10 Adding Answers to a VIP-Type Answer Group After you create a VIP-type answer group, add previously configured VIP-type answers to the group using the answer-add command in the answer group configuration mode. The syntax for this command is: answer-add ip_address [name \| load-threshold number \| order number \| weight number \| activate \| suspend] The variables and options for this command are: •ip_address—Specifies the IP address of a previously configured VIP-type answer. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1). •name—(Optional) Specifies the name of a previously configured VIP-type answer. Enter a unique alphanumeric name, with a maximum of 80 characters. Names that include spaces must be entered in quotes (for example, "name 1"). •load-threshold number—(Optional) Assigns the specified load threshold to the answer that is to be added to the answer group. Use this option to determine whether an answer is available, regardless of the balance method type. Valid entries are 2 to 254. •order number—(Optional) Assigns the specified order to the answer that is to be added to the answer group. Specify this option when using an "ordered" balance method type. Valid entries are 0 to 65535. •weight number—(Optional) Assigns the specified weight to the answer that is to be added to the answer group. Specify this option when using a "weighted round-robin" or "least-loaded" balance method type. Valid entries are 1 to 10. For more information on the order, weight, and load threshold settings, refer to the "Balance Methods" section in Chapter 1, Introducing the Global Site Selector. •activate—(Optional) Reactivates a suspended VIP answer. This is the default setting. •suspend—(Optional) Suspends an active VIP answer. For example, to add answers to and configure a VIP answer group named ANSGRPVIP1, enter: gssm1.example.com(config-gslb-agvip[ag-name])# answer-add 192.168.30.1 name www-hk-1 weight 1 gssm1.example.com(config-gslb-agvip[ag-name])# answer-add 192.174.20.1 name www-sf-1 weight 2 gssm1.example.com(config-gslb-agvip[ag-name])# answer-add 192.188.40.1 name www-london-1 weight 4 gssm1.example.com(config-gslb-agvip[ag-name])# To delete an answer from a VIP answer group, enter: gssm1.example.com(config-gslb-agvip[ag-name])# no answer-add 192.168.30.1 name www-hk-1 weight 1 Modifying an Answer Group Once you create your answer groups, use the CLI in the primary GSSM to make modifications to their configurations, such as adding and removing answers, or changing the order, weight, and load thresholds of the individual answers. Answers can belong to more than one answer group. However, once you add answers to an answer group, you cannot change the type of an answer group (for example, from VIP to CRA). To modify an answer group: 1. If desired, use the show gslb-config answer-group command to display the current property settings for answer groups. See the "Displaying Answer Group Properties" section for more information. 2. The commands you use to modify an answer group depend on the changes you need to make. For example, to change the weight assigned to an answer within an answer group, you need to use both the answer-group command and the answer-add command. To change the owner setting for an answer group, you need only use the answer-group command. –For syntax of the answer-group command, refer to the "Creating an Answer Group" section. –For syntax of the answer-add command when modifying CRA-type answer groups, refer to the "Adding Answers to a CRA-Type Answer Group" section. –For syntax of the answer-add command when modifying NS-type answer groups, refer to the "Adding Answers to an NS-Type Answer Group" section. –For syntax of the answer-add command when modifying VIP-type answer groups, refer to the "Adding Answers to a VIP-Type Answer Group" section. For example, to change the order setting for an answer in the VIP answer group ANSVIP4, enter: gssm1.example.com(config-gslb)# answer-group ANSGRPVIP4 owner WEB-SERVICES type vip gssm1.example.com(config-gslb-agvip[ag-name])# answer-add 192.168.30.1 name www-hk-1 order 10 comments "CHANGED ORDER 12/01/05" gssm1.example.com(config-gslb-agvip[ag-name])# To change the owner of the NS answer group ANSNS2, enter: gssm1.example.com(config-gslb)# answer-group ANSGRPNS2 owner E-COMMERCE type ns gssm1.example.com(config-gslb-agns[ag-name])# Suspending or Reactivating All Answers in an Answer Group To temporarily stop the GSS from using all answers in an active answer group, modify the answer group by issuing the no activate-all-answers command in the answer group configuration mode. Suspending prevents that answer group from being used by any of the currently configured DNS rules. Suspending the answers in one answer group also affects any other answer groups to which those answers belong. To reactivate the answers in the answer group, use the activate-all-answers command in the answer group configuration mode for a specific answer group. To suspend all answers in an answer group: 1. If desired, use the show gslb-config answer-group command to display the current answer groups. See the "Displaying Answer Group Properties" section for more information. 2. Identify the active answer group you want to suspend, then use the answer-group command and the no activate-all-answers command to suspend all answers in the group. For example, to suspend all answers in the vip-type answer group ANSGRPVIP4, enter: gssm1.example.com(config-gslb)# answer-group ANSGRPVIP4 owner WEB-SERVICES type vip gssm1.example.com(config-gslb-agvip[ag-name])# no activate-all-answers gssm1.example.com(config-gslb-agvip[ag-name])# To reactivate all answers in a suspended answer group, use the activate-all-answers command. For example, enter: gssm1.example.com(config-gslb)# answer-group ANSGRPVIP4 owner WEB-SERVICES type vip gssm1.example.com(config-gslb-agvip[ag-name])# activate-all-answers gssm1.example.com(config-gslb-agvip[ag-name])# Suspending or Reactivating an Answer in an Answer Group To temporarily stop the GSS from using an answer in an active answer group, you modify the answer group by issuing the suspend option for the answer-add command in the answer group configuration mode. Suspending prevents that answer in the answer group from being used by any of the currently configured DNS rules. Note Suspending an answer in one answer group also affects any other answer groups to which the answer belongs. To reactivate an answer in the answer group, use the active option (for the answer-add command) in the answer group configuration mode. To suspend an answer in an answer group: 1. If desired, use the show gslb-config answer-group command to display the current answers and answer groups. See the "Displaying Answer Group Properties" section for more information. 2. Identify the active answer that you want to suspend (and its answer group), then use the answer-add command and the suspend option to suspend the answer in the group. For example, to suspend the answer www-sf-1 in the vip-type answer group ANSGRPVIP4, enter: gssm1.example.com(config-gslb)# answer-group ANSGRPVIP4 owner WEB-SERVICES type vip gssm1.example.com(config-gslb-agvip[ag-name])# answer-add 192.168.30.1 suspend gssm1.example.com(config-gslb-agvip[ag-name])# To reactivate a suspended answer in an answer group, use the activate command. For example, enter: gssm1.example.com(config-gslb)# answer-group ANSGRPVIP4 owner WEB-SERVICES type vip gssm1.example.com(config-gslb-agvip[ag-name])# answer-add 192.168.30.1 activate gssm1.example.com(config-gslb-agvip[ag-name])# Suspending or Reactivating All Answers in Answer Groups Associated with an Owner You can group and manage answers added to answer groups according to GSS owner. Using a GSS owner to manage your answer groups enables you to quickly suspend or activate related answers. To suspend or reactivate all answers in answer groups associated with a GSS owner, issue the suspend-all-answers and activate-all-answers options (for the owner command). If desired, use the show gslb-config answer-group command to display the currently configured owners, answers, and answer groups. For example, to suspend all answers in answer groups associated with the owner WEB-SERVICES, enter: gssm1.example.com(config)# gslb gssm1.example.com(config-gslb)# owner WEB-SERVICES suspend-all-answers gssm1.example.com(config-gslb)# To reactivate all answers in answer groups associated with the owner WEB-SERVICES, enter: gssm1.example.com(config)# gslb gssm1.example.com(config-gslb)# owner WEB-SERVICES activate-all-answers gssm1.example.com(config-gslb)# Displaying Answer Group Properties Use the show gslb-config answer-group command to display the current property settings for all answer groups. The syntax of this command is: show gslb-config answer-group For example, enter: gssm1.example.com(config-gslb)# show gslb-config answer-group ... answer-group AGROUP1 owner "OWNER1" type ns answer-group AGROUP2 owner "OWNER2" type cra answer-group AGROUP3 owner System type vip ... To display the properties for an answer group based on an answer group name, enter: gssm1.example.com(config-gslb)# show gslb-config answer-group ANGROUP1 answer-group AGROUP1 owner "OWNER1" type ns Deleting an Answer Group Caution Deletions of any kind cannot be undone in the primary GSSM. Before deleting any data that you think you might want to use at a later point in time, perform a database backup of your GSSM. Refer to the Global Site Selector Administration Guide for details. Before deleting an answer group, verify that none of your DNS rules reference the answer group that you are about to delete. If necessary, deselect the answer group from the DNS rule. Refer to Chapter 7, Building and Modifying DNS Rules, for information about modifying a DNS rule. Deleting an answer group does not delete the answers contained in the answer group. To delete an answer group: 1. If desired, use the show gslb-config answer-group command to display the current answers. See the "Displaying Answer Group Properties" section for more information. 2. Identify the active answer group you want to delete, then use the no form of the answer-group command to delete the answer. For example, to delete the VIP-type answer group ANSGRPVIP1, enter: gssm1.example.com(config-gslb)# show gslb-config answer-group answer-group ANSGRPVIP1 owner OWNR1 type vip answer-group ANSGRPVIP2 owner System type vip gssm1.example.com(config-gslb)# no answer-group ANSGRPVIP1 gssm1.example.com(config-gslb)# Where to Go Next Chapter 7, Building and Modifying DNS Rules, describes constructing the DNS rules that govern all global server load balancing on your GSS network.
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.