Table Of Contents
Configuring Keepalives
Logging in to the CLI and Enabling Privileged EXEC Mode
Modifying Global Keepalive Properties
Default Global Keepalive Properties and Settings
Modifying ICMP Global Keepalive Settings
Modifying TCP Global Keepalive Settings
Modifying HTTP HEAD Global Keepalive Settings
Modifying KAL-AP Global Keepalive Settings
Modifying ICMP Global Keepalive Settings
Modifying Scripted Keepalive Global Keepalive Settings
Modifying CRA Global Keepalive Settings
Modifying Name Server Global Keepalive Settings
Displaying Global Keepalive Properties
Configuring Shared VIP Keepalives
Configuring ICMP Shared Keepalives
Configuring TCP Shared Keepalives
Configuring HTTP HEAD Shared Keepalives
Configuring KAL-AP Shared Keepalives
Configuring Scripted Keepalive Shared Keepalives
Deleting a Shared Keepalive
Displaying Shared Keepalive Properties
Where to Go Next
Configuring Keepalives
This chapter describes how to configure keepalives on your GSS network. A keepalive is a method by which the GSS periodically checks to see if a resource associated with an answer is still active.
The GSS uses keepalives to collect and track information from the simple online status of VIPs to services and applications running on a server. You can configure a keepalive to continually monitor the online status of a resource and report that information to the primary GSSM.
Depending on the type of answer being tracked, the GSS also monitors load and connection information on server load balancers (SLBs) and then uses this information to perform load-based redirection.
This chapter contains the following major sections:
•
Logging in to the CLI and Enabling Privileged EXEC Mode
•Modifying Global Keepalive Properties
•Displaying Global Keepalive Properties
•Configuring Shared VIP Keepalives
•Deleting a Shared Keepalive
•Displaying Shared Keepalive Properties
•Where to Go Next
Logging in to the CLI and Enabling Privileged EXEC Mode
Note To log in and enable privileged EXEC mode in the GSS, you must be a configured user with admin privileges. See the Cisco Global Site Selector Administration Guide for information on creating and managing user accounts.
To log in to the primary GSSM and enable privileged EXEC mode at the CLI, perform the following steps:
1. If you are remotely logging in to the primary GSSM through Telnet or SSH, enter the hostname or IP address of the GSSM to access the CLI.
If you are using a direct serial connection between your terminal and the GSSM, use a terminal emulation program to access the CLI. For details about making a direct connection to the GSS device using a dedicated terminal and about establishing a remote connection using SSH or Telnet, see the Cisco Global Site Selector Getting Started Guide.
2. Specify your GSS administrative username and password to log in to the GSSM. The CLI prompt appears.
3. At the CLI prompt, enable privileged EXEC mode as follows:
gssm1.example.com> enable
If you are accessing the GSS remotely using Telnet or SSH, the CLI prompts you for the enable password. The default password is default. For more information about the enable password and configuring a new password, see the Cisco Global Site Selector Getting Started Guide.
The prompt changes from the user-level EXEC right angle bracket (>) prompt to the privileged-level EXEC pound sign (#).
Modifying Global Keepalive Properties
The GSS includes a set of global keepalive properties that function as the default (or minimum) values used by the GSS. If desired, you can modify the global keepalive properties for the GSS by entering CLI commands in the global server load-balancing configuration mode. Changing a global keepalive property and applying that change immediately modifies the default values of the keepalives currently in use by the GSS. For example, if a VIP answer uses a TCP keepalive with all of its associated defaults and you change the default port value from port 80 to port 23, port 23 automatically becomes the default for the TCP keepalive.
Note You can also modify keepalive properties associated with an answer by changing keepalive properties in the answer configuration mode. See the "Configuring and Managing Answers" section in Chapter 6, Configuring Answers and Answer Groups for more information.
You can modify keepalive properties by using the keepalive-properties command in global server load-balancing configuration mode.
The syntax of this command is as follows:
keepalive-properties {cra | http-head | icmp | kalap | scripted-kal | ns | tcp}
Specify the appropriate keepalive option type (cra, http-head, icmp, kalap, scripted-kal, ns, and tcp) to modify keepalive settings. This section provides detailed information about modifying and displaying global keepalive settings and contains the following topics:
•Default Global Keepalive Properties and Settings
•Modifying ICMP Global Keepalive Settings
•Modifying TCP Global Keepalive Settings
•Modifying HTTP HEAD Global Keepalive Settings
•Modifying KAL-AP Global Keepalive Settings
•Modifying ICMP Global Keepalive Settings
•Modifying Scripted Keepalive Global Keepalive Settings
•Modifying CRA Global Keepalive Settings
•Modifying Name Server Global Keepalive Settings
Default Global Keepalive Properties and Settings
lists the GSS keepalive properties for all keepalive types and provides their default global settings. Where applicable, both Standard and Fast failure detection mode default settings are provided. The default Standard settings provide a keepalive failure detection time of 60 seconds. The default Fast settings provide a keepalive failure detection time of 4 seconds.
Table 5-1 Default Global Keepalive Properties and Settings
ICMP Global Keepalive Properties—Standard Failure Detection Mode
|
Property
|
Default Global Setting
|
min-interval
|
40 seconds
|
ICMP Global Keepalive Properties—Fast Failure Detection Mode
|
Property
|
Default Global Setting
|
retries
|
1
|
successful probes
|
1
|
TCP Global Keepalive Properties—Standard Failure Detection Mode
|
Property
|
Default Global Setting
|
port
|
80
|
termination
|
reset
|
timeout
|
20 seconds
|
min-interval
|
40 seconds
|
TCP Global Keepalive Properties—Fast Failure Detection Mode
|
Property
|
Default Global Setting
|
port
|
80
|
termination
|
reset
|
retries
|
1
|
successful probes
|
1
|
HTTP HEAD Global Keepalive Properties—Standard Failure Detection Mode
|
Property
|
Default Global Setting
|
port
|
80
|
path
|
/
|
termination
|
reset
|
timeout
|
20 seconds
|
min-interval
|
40 seconds
|
HTTP HEAD Global Keepalive Properties—Fast Failure Detection Mode
|
Property
|
Default Global Setting
|
port
|
80
|
path
|
"/"
|
termination
|
reset
|
retries
|
1
|
successful probes
|
1
|
KAL-AP Global Keepalive Properties—Standard Failure Detection Mode
|
Property
|
Default Global Setting
|
capp-key
|
hash-not-set
|
min-interval
|
40 seconds
|
KAL-AP Global Keepalive Properties—Fast Failure Detection Mode
|
Property
|
Default Global Setting
|
capp-key
|
hash-not-set
|
retries
|
1
|
successful probes
|
1
|
Scripted Keepalive Global Keepalive Properties—Standard Failure Detection Mode
|
Property
|
Default Global Setting
|
min-interval
|
40 seconds
|
Scripted Keepalive Global Keepalive Properties—Fast Failure Detection Mode
|
Property
|
Default Global Setting
|
retries
|
1
|
successful probes
|
1
|
CRA Global Keepalive Properties
|
Property
|
Default Global Setting
|
cra-timing-decay
|
2
|
min-interval
|
10 seconds
|
Name Server Global Keepalive Properties
|
Property
|
Default Global Setting
|
query-domain
|
"."
|
min-interval
|
10 seconds
|
Modifying ICMP Global Keepalive Settings
To modify the ICMP global keepalive configuration settings, perform the following steps. See the "Default Global Keepalive Properties and Settings" section for a list of all default global keepalive settings.
1. Display the current property settings and failure detection mode for existing keepalives by entering the show gslb-config keepalive-properties command. See the "Displaying Global Keepalive Properties" section for more information.
You can modify an ICMP keepalive properties by changing either the Standard or Fast failure detection mode properties. The requirements for your network should determine which failure detection mode (Fast or Standard) properties to modify.
Note The GSS supports a maximum of 750 ICMP keepalives when using the Standard detection method and a maximum of 150 ICMP keepalives when using the Fast detection method.
For more information on the keepalive detection time, see the "Keepalives"section in Chapter 1, Introducing the Global Site Selector.
2. Change the ICMP Standard settings by entering the keepalive-properties icmp standard min-interval command in global server load-balancing configuration mode.
The syntax of this command is as follows:
keepalive-properties icmp standard min-interval number
The min-interval number keyword and argument specify the minimum frequency with which the GSS attempts to schedule ICMP keepalives. The valid entries are 40 to 255 seconds. The default is 40.
For example, enter:
gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# keepalive-properties icmp standard
min-interval 60
To reset the keepalive properties to the default settings, enter:
gssm1.example.com(config-gslb)# no keepalive-properties icmp
standard min-interval 60
3. Change the ICMP Fast settings by entering the keepalive-properties icmp fast command in global server load-balancing configuration mode.
The syntax of this command is as follows:
keepalive-properties icmp fast {retries number | successful-probes number}
The keywords and arguments are as follows:
•retries number—Specifies the number of times that the GSS retransmits an ICMP echo request packet before declaring the device offline. As you adjust the retries value, you change the detection time determined by the GSS. By increasing the number of retries, you increase the detection time. Reducing the number of retries has the reverse effect. The valid entries are 1 to 10 retries. The default is 1.
•successful-probes number—Specifies the number of consecutive successful ICMP keepalive attempts (probes) that must be recognized by the GSS before bringing an answer back online. The valid entries are 1 to 5 attempts. The default is 1.
For example, enter:
gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# keepalive-properties icmp fast
retries 3 successful-probes 2
To reset the keepalive properties to the default settings, enter:
gssm1.example.com(config-gslb)# no keepalive-properties icmp fast
retries 3 successful-probes 2
Modifying TCP Global Keepalive Settings
To modify the TCP global keepalive configuration settings, perform the following steps. See the "Default Global Keepalive Properties and Settings" section for a list of all default global keepalive settings.
1. Display the current property settings and failure detection mode for existing keepalives by entering the show gslb-config keepalive-properties command. See the "Displaying Global Keepalive Properties" section for more information.
You can modify TCP keepalive properties by changing either the Standard or Fast failure detection mode properties. The requirements for your network should determine which failure detection mode (Fast or Standard) properties to modify.
Note The GSS supports a maximum of 1500 TCP keepalives when using the standard detection method and a maximum of 150 TCP keepalives when using the Fast detection method.
For more information on the keepalive detection time, see the "Keepalives"section in Chapter 1, Introducing the Global Site Selector.
2. Change the TCP Standard settings by entering the keepalive-properties tcp standard command in global server load-balancing configuration mode.
The syntax of this command is as follows:
keepalive-properties tcp standard {min-interval number} | port number | termination {graceful | reset} | timeout number}
The keywords and arguments are as follows:
•min-interval number—Specifies the minimum frequency with which the GSS attempts to schedule TCP keepalives. The valid entries are 40 to 255 seconds. The default is 40.
•port number—Specifies the port on the remote device that is to receive the TCP-type keepalive request from the GSS. The valid entries are 1 to 65535. The default port is 80.
•termination—Specifies one of the following TCP keepalive connection termination methods:
–graceful—The GSS initiates the graceful closing of a TCP connection by using the standard three-way connection termination method.
–reset—The GSS immediately terminates the TCP connection by using a hard reset. If you do not specify a connection termination method, the GSS uses this method type.
•timeout number—Specifies the length of time allowed before the GSS retransmits data to a device that is not responding to a request. The valid entries are 20 to 60 seconds. The default is 20.
For example, enter:
gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# keepalive-properties tcp standard
min-interval 60 timeout 25
To reset the keepalive properties to the default settings, enter:
gssm1.example.com(config-gslb)# no keepalive-properties tcp
standard min-interval 60 timeout 25
3. Change the TCP Fast settings by entering the keepalive-properties tcp fast command in global server load-balancing configuration mode.
The syntax of this command is as follows:
keepalive-properties tcp fast {port number | retries number | successful-probes number | termination {graceful | reset}}
The keywords and arguments are as follows:
•port number—Specifies the port on the remote device that is to receive the TCP-type keepalive request from the GSS. The valid entries are 1 to 65535. The default port is 80.
•retries number—Specifies the number of times that the GSS retransmits a TCP packet before declaring the device offline. As you adjust the retries value, you change the detection time determined by the GSS. By increasing the number of retries, you increase the detection time. Reducing the number of retries has the reverse effect.
In those instances when the GSS is transmitting numerous TCP keepalives using port 23, be sure to change the value of the retries option. Valid entries range from 1 to 10, with a default of 1.
Note When using Graceful termination, two packets require acknowledgement: SYN and FIN.
•successful-probes number—Specifies the number of consecutive successful TCP keepalive attempts (probes) that must be recognized by the GSS before bringing an answer back online. The valid entries are 1 to 5 attempts. The default is 1.
•termination—Specifies one of the following TCP keepalive connection termination methods:
–graceful—The GSS initiates the graceful closing of a TCP connection by using the standard three-way connection termination method.
–reset—The GSS immediately terminates the TCP connection by using a hard reset. If you do not specify a connection termination method, the GSS uses this method type.
For example, enter:
gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# keepalive-properties tcp fast
retries 3 successful-probes 2 termination graceful
To reset the keepalive properties to the default settings, enter:
gssm1.example.com(config-gslb)# no keepalive-properties tcp fast
retries 3 successful-probes 2 termination graceful
Modifying HTTP HEAD Global Keepalive Settings
To modify the HTTP HEAD global keepalive configuration settings, perform the following steps. See the "Default Global Keepalive Properties and Settings" section for a list of all default global keepalive settings.
1. Display the current property settings and failure detection mode for existing keepalives by entering the show gslb-config keepalive-properties command. See the "Displaying Global Keepalive Properties" section for more information.
You can modify an HTTP HEAD keepalive properties by changing either the Standard or Fast failure detection mode properties. The requirements for your network should determine which failure detection mode (Fast or Standard) properties to modify.
Note The GSS supports a maximum of 500 HTTP HEAD keepalives when using the standard detection method and a maximum of 100 HTTP HEAD keepalives when using the fast detection method.
For more information on keepalive detection time, see the "Keepalives"section in Chapter 1, Introducing the Global Site Selector.
2. Change the HTTP HEAD Standard settings by entering the keepalive-properties http-head standard command in global server load-balancing configuration mode.
The syntax of this command is as follows:
keepalive-properties http-head standard {min-interval number} | path path | port number | termination {graceful | reset} | timeout number
The keywords and arguments are as follows:
•min-interval number—Specifies the minimum frequency with which the GSS attempts to schedule HTTP HEAD keepalives. The valid entries are 40 to 255 seconds. The default is 40.
•path path—Specifies the server website queried in the HTTP HEAD request (for example, /company/owner). The default path / specifies the virtual root of the webserver.
•port number—Specifies the port on the remote device that is to receive the HTTP HEAD-type keepalive request from the GSS. The valid entries are 1 to 65535. The default port is 80.
•termination—Specifies one of the following HTTP HEAD keepalive connection termination methods:
–graceful—The GSS initiates the graceful closing of an HTTP HEAD connection by using the standard three-way connection termination method.
Caution When using the graceful termination method and the server packets arrive at the GSS out of order (for example, the FIN packets arrive before the HTTP data), the GSS does not buffer or acknowledge receipt of the out-of-order packets and drops them. If the server does not retransmit the unacknowledged packets, the HTTP HEAD keepalive may place the answer in an offline state.
–reset—The GSS immediately terminates the TCP-formatted HTTP HEAD connection by using a hard reset. If you do not specify a connection termination method, the GSS uses this method type.
•timeout number—Specifies the length of time allowed before the GSS retransmits data to a device that is not responding to a request. The valid entries are 20 to 60 seconds. The default is 20.
For example, enter:
gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# keepalive-properties http-head
standard min-interval 60 path /COMPANY/OWNER
To reset the keepalive properties to the default settings, enter:
gssm1.example.com(config-gslb)# no keepalive-properties http-head
standard min-interval 60 path /COMPANY/OWNER
3. Change the HTTP HEAD Fast settings by entering the keepalive-properties http-head fast command in global server load-balancing configuration mode.
The syntax of this command is as follows:
keepalive-properties http-head fast {path path | port number | retries number | successful-probes number | termination {graceful | reset}}
The keywords and arguments are as follows:
•path path—Specifies the server website queried in the HTTP HEAD request (for example, /company/owner). The default path "/" specifies the virtual root of the webserver.
•port number—Specifies the port on the remote device that is to receive the HTTP HEAD-type keepalive request from the GSS. The valid entries are 1 to 65535. The default port is 80.
•retries number—Specifies the number of times that the GSS retransmits an HTTP HEAD packet before declaring the device offline. As you adjust the retries value, you change the detection time determined by the GSS. By increasing the number of retries, you increase the detection time. Reducing the number of retries has the reverse effect. The valid entries are 1 to 10 retries. The default is 1.
Note When using graceful termination, three packets require acknowledgement: SYN, HEAD, and FIN.
•successful-probes number—Specifies the number of consecutive successful HTTP HEAD keepalive attempts (probes) that must be recognized by the GSS before bringing an answer back online. The valid entries are 1 to 5 attempts. The default is 1.
•termination—Specifies one of the following HTTP HEAD keepalive connection termination methods:
–graceful—The GSS initiates the graceful closing of an HTTP HEAD connection by using the standard three-way connection termination method.
Caution When using the graceful termination method and the server packets arrive at the GSS out of order (for example, the FIN packets arrive before the HTTP data), the GSS does not buffer or acknowledge receipt of the out-of-order packets and drops them. If the server does not retransmit the unacknowledged packets, the HTTP HEAD keepalive may place the answer in an offline state.
–reset—The GSS immediately terminates the TCP-formatted HTTP HEAD connection by using a hard reset. If you do not specify a connection termination method, the GSS uses this method type.
For example, enter:
gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# keepalive-properties http-head
fast path /COMPANY/OWNER retries 2 successful-probes 2
To reset the keepalive properties to the default settings, enter:
gssm1.example.com(config-gslb)# no keepalive-properties http-head
fast path /COMPANY/OWNER retries 2 successful-probes 2
Modifying KAL-AP Global Keepalive Settings
To modify the KAL-AP global keepalive configuration settings, perform the following steps. See the "Default Global Keepalive Properties and Settings" section for a list of all global keepalive settings.
1. Display the current property settings and failure detection mode for existing keepalives by entering the show gslb-config keepalive-properties command. See the Displaying Global Keepalive Properties section for more information.
You can modify an KAL-AP keepalive properties by changing either the Standard or Fast failure detection mode properties. The requirements for your network should determine which failure detection mode (Fast or Standard) properties to modify.
Note The GSS supports a maximum of 128 primary and 128 secondary KAL-AP keepalives when using the standard detection method and a maximum of 40 primary and 40 secondary KAL-AP keepalives when using the fast detection method.
For more information on keepalive detection time, see the "Keepalives"section in Chapter 1, Introducing the Global Site Selector.
2. Change the KAL-AP Standard settings by entering the keepalive-properties kalap standard command in global server load-balancing configuration mode.
The syntax of this command is as follows:
keepalive-properties kalap standard {capp-key key | min-interval number}
The keywords and arguments are as follows:
•capp-key key—Specifies the secret key to be used for Content and Application Peering Protocol (CAPP) encryption. The alphanumeric string you enter is used to encrypt interbox communications using CAPP. You must also configure the same encryption value on the Cisco CSS or CSM.
•min-interval number—Specifies the minimum frequency with which the GSS attempts to schedule KAL-AP keepalives. The valid entries are 40 to 255 seconds. The default is 40.
For example, enter:
gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# keepalive-properties kalap
standard capp-key SECRET-KEY-101 min-interval 80
To reset the keepalive properties to the default settings, enter:
gssm1.example.com(config-gslb)# no keepalive-properties kalap
standard capp-key SECRET-KEY-101 min-interval 80
3. Change the KAL-AP Fast settings by entering the keepalive-properties kalap fast command in global server load-balancing configuration mode.
The syntax of this command is as follows:
keepalive-properties kalap fast {capp-key key | retries number | successful-probes number}
The keywords and arguments are as follows:
•capp-key key—Specifies the secret key to be used for Content and Application Peering Protocol (CAPP) encryption. The alphanumeric string you enter is used to encrypt interbox communications using CAPP. You must also configure the same encryption value on the Cisco CSS or CSM.
•retries number—Specifies the number of times that the GSS retransmits an KAL-AP packet before declaring the device offline. As you adjust the retries value, you change the detection time determined by the GSS. By increasing the number of retries, you increase the detection time. Reducing the number of retries has the reverse effect. The valid entries are 1 to 10 retries. The default is 1.
•successful-probes number—Specifies the number of consecutive successful KAL-AP keepalive attempts (probes) that must be recognized by the GSS before bringing an answer back online. The valid entries are 1 to 5 attempts. The default is 1.
For example, enter:
gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# keepalive-properties kalap fast
capp-key SECRET-KEY-101 retries 5 successful-probes 2
To reset the keepalive properties to the default settings, enter:
gssm1.example.com(config-gslb)# no keepalive-properties kalap fast
capp-key SECRET-KEY-101 retries 5 successful-probes 2
Modifying ICMP Global Keepalive Settings
To modify the ICMP global keepalive configuration settings, perform the following steps. See "Default Global Keepalive Properties and Settings" for a list of all default global keepalive settings.
1. Display the current property settings and failure detection mode for existing keepalives by entering the show gslb-config keepalive-properties command. See the "Displaying Global Keepalive Properties" section for more information.
You can modify an ICMP keepalive properties by changing either the Standard or Fast failure detection mode properties. The requirements for your network should determine which failure detection mode (Fast or Standard) properties to modify.
Note The GSS supports a maximum of 750 ICMP keepalives when using the standard detection method and a maximum of 150 ICMP keepalives when using the fast detection method.
For more information on keepalive detection time, see the "Keepalives"section in Chapter 1, Introducing the Global Site Selector.
2. Change the ICMP Standard settings by entering the keepalive-properties icmp standard min-interval command in global server load-balancing configuration mode.
The syntax of this command is as follows:
keepalive-properties icmp standard min-interval number
The min-interval number keyword and argument specify the minimum frequency with which the GSS attempts to schedule ICMP keepalives. The valid entries are 40 to 255 seconds. The default is 40.
For example, enter:
gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# keepalive-properties icmp standard
min-interval 60
To reset the keepalive properties to the default settings, enter:
gssm1.example.com(config-gslb)# no keepalive-properties icmp
standard min-interval 60
3. Change the ICMP Fast settings by entering the keepalive-properties icmp fast command in global server load-balancing configuration mode.
The syntax of this command is as follows:
keepalive-properties icmp fast {retries number | successful-probes number}
The keywords and arguments are as follows:
•retries number—Specifies the number of times that the GSS retransmits an ICMP echo request packet before declaring the device offline. As you adjust the retries value, you change the detection time determined by the GSS. By increasing the number of retries, you increase the detection time. Reducing the number of retries has the reverse effect. The valid entries are 1 to 10 retries. The default is 1.
•successful-probes number—Specifies the number of consecutive successful ICMP keepalive attempts (probes) that must be recognized by the GSS before bringing an answer back online. The valid entries are 1 to 5 attempts. The default is 1.
For example, enter:
gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# keepalive-properties icmp fast
retries 3 successful-probes 2
To reset the keepalive properties to the default settings, enter:
gssm1.example.com(config-gslb)# no keepalive-properties icmp fast
retries 3 successful-probes 2
Modifying Scripted Keepalive Global Keepalive Settings
To modify the Scripted keepalive global keepalive configuration settings, perform the following steps. See "Default Global Keepalive Properties and Settings" for a list of all default global keepalive settings.
1. Display the current property settings and failure detection mode for existing keepalives by entering the show gslb-config keepalive-properties command. See the "Displaying Global Keepalive Properties" section for more information.
You can modify Scripted keepalive properties by changing either Standard or Fast failure detection mode properties. The requirements for your network should determine which failure detection mode (Fast or Standard) properties to modify.
Note In the standard detection method, the GSS supports 256 Scripted keepalives if the Scripted keepalive is scalar and 128 if it is non-scalar. In the fast detection method, the GSS supports 60 Scripted keepalives if the Scripted keepalive is scalar and 30 if it is non-scalar.
For more information on keepalive detection time, see the "Keepalives"section in Chapter 1, Introducing the Global Site Selector.
2. Change Scripted keepalive Standard settings by entering the keepalive-properties scripted-kal standard command in global server load-balancing configuration mode.
The syntax of this command is as follows:
keepalive-properties scripted-kal standard min-interval number
The keywords and arguments are as follows:
•min-interval number—Specifies the minimum frequency with which the GSS attempts to schedule Scripted keepalives. The valid entries are 40 to 255 seconds, with a default of 40.
For example, enter:
gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# keepalive-properties scripted-kal
standard min-interval 60
To reset the keepalive properties to the default settings, enter:
gssm1.example.com(config-gslb)# no keepalive-properties
scripted-kal standard min-interval 60
3. Change Scripted keepalive Fast settings by using the keepalive-properties scripted-kal fast retries command in global server load-balancing configuration mode.
The syntax of this command is as follows:
keepalive-properties scripted-kal fast retries number | successful-probes number
The keywords and arguments are as follows:
•fast retries number—Specifies the number of times that the GSS retransmits a Scripted keepalive packet before declaring the device offline. As you adjust the retries value, you change the detection time determined by the GSS. By increasing the number of retries, you increase the detection time. Reducing the number of retries has the reverse effect. The valid entries here are 1 to 5 attempts, with a default of 1.
•successful-probes number—Specifies the number of consecutive successful Scripted keepalive attempts (probes) that must be recognized by the GSS before bringing an answer back online. The valid entries are 1 to 5 attempts, with a default of 1.
For example, enter:
gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# keepalive-properties scripted-kal
fast retries 3 successful-probes 2
To reset the keepalive properties to the default settings, enter:
gssm1.example.com(config-gslb)# no keepalive-properties
scripted-kal fast retries 3 successful-probes 2
Modifying CRA Global Keepalive Settings
To modify the CRA global keepalive configuration settings, perform the following steps. See the "Default Global Keepalive Properties and Settings" section for a list of all global keepalive settings.
1. Display the current property settings for existing keepalives by entering the show gslb-config keepalive-properties command. See the "Displaying Global Keepalive Properties" section for more information.
2. Change the CRA settings by entering the keepalive-properties cra command in global server load-balancing configuration mode.
The syntax of this command is as follows:
keepalive-properties cra {min-interval number} | timing-decay number}
The keywords and arguments are as follows:
•min-interval number—Specifies the minimum frequency with which the GSS attempts to schedule CRA keepalives. The valid entries are 1 to 60 seconds. The default is 10.
•timing-decay number—Specifies how heavily the GSS should weigh recent DNS Round Trip Time (RTT) probe results relative to earlier RTT metrics. A setting of 1 indicates that recent results should not be weighed any more than previous RTT results. The valid entries are 1 to 10. The default is 2.
For example, enter:
gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# keepalive-properties cra
min-interval 60 timing-decay 1
To reset the keepalive properties to the default settings, enter:
gssm1.example.com(config-gslb)# no keepalive-properties cra
min-interval 60 timing-decay 1
Modifying Name Server Global Keepalive Settings
To modify the Name Server (NS) global keepalive configuration settings, perform the following steps. See the "Default Global Keepalive Properties and Settings" section for a list of all global keepalive settings.
1. Display the current property settings for existing keepalives by entering the show gslb-config keepalive-properties command. See the Displaying Global Keepalive Properties section for more information.
2. Change the NS settings by entering the keepalive-properties ns command in global server load-balancing configuration mode.
The syntax of this command is as follows:
keepalive-properties ns {min-interval number} | query-domain domain_name}
The keywords and arguments are as follows:
•min-interval number—Specifies the minimum frequency with which the GSS attempts to schedule NS keepalives. The valid entries are 40 to 255 seconds. The default is 40.
•query-domain domain_name—Specifies the name of the domain name server to which an NS-type keepalive is sent. Enter the name as an unquoted text string with no spaces and a maximum length of 100 characters. The default domain "." specifies the root of the domain name server.
For example, enter:
gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# keepalive-properties ns
min-interval 60 query-domain WWW.HOME.COM
To reset the keepalive properties to the default settings, enter:
gssm1.example.com(config-gslb)# no keepalive-properties ns
min-interval 60 query-domain WWW.HOME.COM
Displaying Global Keepalive Properties
You can use the show gslb-config keepalive-properties command to display the current property settings for all keepalives types.
The syntax of this command is as follows:
show gslb-config keepalive-properties
For example, enter:
gssm1.example.com# config
gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# show gslb-config keepalive-properties
keepalive-properties scripted-kal standard min-interval 40
keepalive-properties icmp standard min-interval 40
keepalive-properties tcp fast retries 1 successful-probes 1
keepalive-properties http-head standard min-interval 40 port 80
termination reset timeout 20 path /
keepalive-properties kalap fast retries 1 successful-probes 1
keepalive-properties cra timing-decay 2 interval 10
keepalive-properties ns query-domain . interval 40
Configuring Shared VIP Keepalives
The GSS supports the use of shared keepalives to minimize traffic between the GSS and the SLBs that it is monitoring. A shared keepalive identifies a common IP address or resource that provides status for multiple answers. Shared keepalives periodically provide state information (online, offline) to the GSS for multiple VIP answer types. Once created, you can associate the shared keepalives with VIPs when you create a VIP answer type.
Note Shared keepalives are not used with name server or CRA answers.
All answers are validated by configured keepalives and are not returned if the keepalive indicates that the answer is not viable. If a shared keepalive fails to return a status, the GSS assumes that all VIPs associated with that shared keepalive are offline.
If you intend to use the KAL-AP keepalive method with a VIP answer, you must configure a shared keepalive. The use of shared keepalives is an option for the ICMP, TCP, HTTP HEAD, and Scripted keepalive types.
This section contains the following topics:
• Configuring ICMP Shared Keepalives
•Configuring TCP Shared Keepalives
•Configuring HTTP HEAD Shared Keepalives
•Configuring KAL-AP Shared Keepalives
•Configuring Scripted Keepalive Shared Keepalives
Configuring ICMP Shared Keepalives
You can configure an ICMP shared keepalive by using the shared-keepalive icmp command in global server load-balancing configuration mode. Use the no form of the command to remove a shared keepalive.
The syntax of this command is as follows:
shared-keepalive icmp ip_address
The ip_address argument specifies the IP address used to test the online status for the linked VIPs.
For example, enter:
gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# shared-keepalive icmp 192.168.1.47
gssm1.example.com(config-gslb)#
If you need to delete a shared keepalive from your GSS network and that shared keepalive is in use by the GSS, you must first disassociate any answers that are using the keepalive. See the "Configuring Scripted Keepalive Shared Keepalives" section for more details.
Configuring TCP Shared Keepalives
You can configure a TCP shared keepalive by using the shared-keepalive tcp command in global server load-balancing configuration mode. Use the no form of the command to remove a shared keepalive.
The syntax of this command is as follows:
shared-keepalive tcp ip_address [port port_number | termination {graceful | reset}]
The keywords and arguments for this command are as follows:
•ip_address—IP address used to test the online status for the linked VIPs.
•port port_number—(Optional) Specifies the port on the remote device that is to receive the TCP keepalive request. The port range is 1 to 65535. If you do not specify a destination port, the GSS uses the globally configured setting.
•termination—(Optional) Specifies one of the following TCP keepalive connection termination methods. If you do not specify a connection termination method, the GSS uses the globally configured setting.
–graceful—The GSS initiates the graceful closing of a HTTP HEAD connection by using the standard three-way connection termination method.
–reset—The GSS immediately terminates the TCP connection by using a hard reset.
For example, enter:
gssm1.example.com# config
gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# shared-keepalive tcp 192.168.1.46 port
23 termination graceful
Configuring HTTP HEAD Shared Keepalives
You can configure an HHTP HEAD shared keepalive by using the shared-keepalive http-head command in global server load-balancing configuration mode. Use the no form of the command to remove a shared keepalive.
The syntax of this command is as follows:
shared-keepalive http-head ip_address [port port_number | host-tag domain_name | path path | termination {graceful | reset}]
The keywords and arguments for this command are as follows:
•ip_address—IP address used to test the online status for the linked VIPs.
•port port_number—(Optional) Specifies the port on the remote device that is to receive the HHTP HEAD-type keepalive request. The port range is 1 to 65535. If you do not specify a destination port, the GSS uses the globally configured value.
•host-tag domain_name—(Optional) Specifies an optional domain name that is sent to the VIP as part of the HTTP HEAD query. This tag allows an SLB to resolve the keepalive request to a particular website even when multiple sites are represented by the same VIP.
•path path—(Optional) Specifies the path that is relative to the server website being queried in the HTTP HEAD request. If you do not specify a default path, the GSS uses the globally configured value. The default path "/" specifies the virtual root of the webserver.
•termination—Specifies one of the following HTTP HEAD keepalive connection termination methods:
–graceful—The GSS initiates the graceful closing of an HTTP HEAD connection by using the standard three-way connection termination method.
Caution When using the graceful termination method and the server packets arrive at the GSS out of order (for example, the FIN packets arrive before the HTTP data), the GSS does not buffer or acknowledge receipt of the out-of-order packets and drops them. If the server does not retransmit the unacknowledged packets, the HTTP HEAD shared keepalive may place the answer in an offline state.
–reset—The GSS immediately terminates the TCP-formatted HTTP HEAD connection by using a hard reset. If you do not specify a connection termination method, the GSS uses this method type.
For example, enter:
gssm1.example.com# config
gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# shared-keepalive http-head
192.168.1.48 port 23 host-tag WWW.HOME.COM
Configuring KAL-AP Shared Keepalives
You can configure a KAL-AP shared keepalive by using the shared-keepalive kalap command in global server load-balancing configuration mode. Use the no form of the command to remove a shared keepalive.
The syntax of this command is as follows:
shared-keepalive kalap ip_address [secondary ip_address | capp-secure enable [key secret] | retries number | successful-probes number]
The keywords and arguments for this command are as follows:
•ip_address—IP address used to test the online status for the linked VIPs.
•secondary ip_address—(Optional) Specifies that the P address is to query a second Cisco CSS or CSM in a virtual IP (VIP) redundancy and virtual interface redundancy configuration.
•capp-secure enable—(Optional) Specifies that you wish to use Content and Application Peering Protocol (CAPP) encryption. If you do not specify an optional key (see below), the GSS uses the globally configured setting.
•key secret—(Optional) Specifies an encryption key that is used to encrypt interbox communications using CAPP. You must also configure the same encryption key on the Cisco CSS or CSM. Enter an unquoted alphanumeric text string with a maximum of 31 characters. If you do not specify a key, the GSS uses the globally configured setting.
If the KAL-AP global keepalive configuration is set to the Fast KAL Type, you can specify these parameters:
•retries number—(Optional) Specifies the number of times that the GSS retransmits a KAL-AP packet before declaring the device offline. As you adjust the retries value, you change the detection time determined by the GSS. By increasing the number of retries, you increase the detection time. Reducing the number of retries has the reverse effect. The valid entries are 1 to 10 retries. If you do not specify a value, the GSS uses the globally configured setting.
For more information on keepalive detection time, see the "Keepalives"section in Chapter 1, Introducing the Global Site Selector.
•successful-probes number—(Optional) Specifies the number of consecutive successful KAL-AP keepalive attempts (probes) that must be recognized by the GSS before bringing an answer back online (and reintroducing it into the GSS network). The valid entries are 1 to 5. If you do not specify a value, the GSS uses the globally configured setting.
For example, enter:
gssm1.example.com# config
gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# shared-keepalive kalap 192.168.1.40
secondary 192.168.1.42 retries
Configuring Scripted Keepalive Shared Keepalives
You can configure a Scripted keepalive shared keepalive by using the shared-keepalive scripted-kal command in global server load-balancing configuration mode. Use the no form of the command to remove a shared keepalive.
The syntax of this command is as follows:
shared-keepalive scripted-kal ip_address kal-name name
[csm [community community_name] | css [community community_name] |
ios-slb [community community_name] |
snmp-mib-indexed-by-vip [community community_name | load-filter string | oid oid | return-load | return-offline-value offline_value | return-online-value online_value] |
snmp-mib-not-indexed-by-vip [address-filter string | community community_name | load-filter string | oid oid | return-load | return-offline-value offline_value | return-online-value online_value] |
snmp-scalar [community community_name | oid oid | return-load | return-offline-value offline_value | return-online-value online_value] |
[retries number] | [successful-probes number]]
The keywords and arguments for this command are as follows:
•ip_address—IP address of the target device.
•kal-name name—Specifies the name of the applicable KAL. The answer attaches a Scripted keepalive to it.
•csm—(Optional) Specifies a Cisco CSM performing server load balancing.
•css—(Optional) Specifies a Cisco CSS performing server load balancing.
•ios-slb—(Optional) Specifies a Cisco IOS performing server load balancing.
•community community_name—Specifies the SNMP community name.
Note To probe non-Cisco SLBs, you need to populate the OID, filter-string, and OID type.
•snmp-mib-indexed-by-vip community—(Optional) Configures the OID, community, and filter strings to select the load metric from a remote machine's MIB (indexed by a VIP address). You also configure the answer online and offline values. Configure the following optional parameters:
–community community_name—Specifies the SNMP community name.
–load-filter string—Specifies the load filter string.
–oid oid—Specifies the OID.
–return-load—Specifies the OID return load value.
–return-offline-value offline_value—Specifies the OID return offline value. The answer is offline if the returned value matches the specified offline value. The answer is online if the returned value does not match.
–return-online-value online_value—Specifies the OID return online value. The answer is online if the returned value matches the specified online value. The answer is offline if the returned value does not match.
•snmp-mib-not-indexed-by-vip—(Optional) Configures the OID, community, and filter strings to select the load metric from a remote machine. You also configure the answer online and offline values. Configure the following optional parameters:
–address-filter string—Specifies the address filter string.
–community community_name—Specifies the SNMP community name.
–load-filter string—Specifies the load filter string.
–oid oid—Specifies the OID.
–return-load—Specifies the OID return load value.
–return-offline-value offline_value—Specifies the OID return offline value. The answer is offline if the returned value matches the specified offline value. The answer is online if the returned value does not match.
–return-online-value online_value—Specifies the OID return online value. The answer is online if the returned value matches the specified online value. The answer is offline if the returned value does not match.
•snmp-scalar—(Optional) Configures the OID and community to obtain a load from the target device and configures the online and offline return values. Configure the following parameters:
–community community_name—Specifies the SNMP community name.
–oid oid—Specifies the OID.—(Optional) Configures the OID and community to obtain a load from the target device.
–return-load—Specifies the OID return load value.
–return-offline-value offline_value—Specifies the OID return offline value. The answer is offline if the returned value matches the specified offline value. The answer is online if the returned value does not match.
–return-online-value online_value—Specifies the OID return online value. The answer is online if the returned value matches the specified online value. The answer is offline if the returned value does not match.
•retries number—(Optional) Specifies the number of times that the GSS retransmits a Scripted keepalive packet before declaring the device offline. As you adjust the retries value, you change the detection time determined by the GSS. By increasing the number of retries, you increase the detection time. Reducing the number of retries has the reverse effect. The valid entries are 1 to 5 retries. If you do not specify a value, the GSS uses the globally configured setting.
This parameter requires that the Scripted keepalive global keepalive configuration is set to the Fast Scripted keepalive type. For more information on the keepalive detection time, see the "Keepalives"section in Chapter 1, Introducing the Global Site Selector.
•successful-probes number—(Optional) Specifies the number of consecutive successful Scripted keepalive attempts (probes) that must be recognized by the GSS before bringing an answer back online (and reintroducing it into the GSS network). The valid entries are 1 to 5. If you do not specify a value, the GSS uses the globally configured setting.
This parameter requires that the Scripted keepalive global keepalive configuration is set to the Fast Scripted keepalive type. For more information on the keepalive detection time, see the "Keepalives"section in Chapter 1, Introducing the Global Site Selector.
Table 5-1 lists the wrappers, OIDs, address, and load filters that are appropriate for different SLB devices.
Note You are not required to use these OIDs and filter IDs. If you have the necessary information, you can use any other MIB. However, only the MIB and OIDs listed in Table 5-1 have been tested and certified by Cisco Systems.
Table 5-1 MIBs, OIDs, and Filter IDs for Scripted Keepalive Types
Device
|
Scripted Keepalive Types
|
OID
|
Address Filter
|
Load Filter
|
Recommended Software Version
|
CSS
|
CSS wrapper
|
*
|
*
|
*
|
SLB: 7.40.0.04
|
SNMP_mib_not_index_by_vip
|
1.3.6.1.4.1.9.9.368.1.16.4
|
1.4
|
1.65
|
CSM
|
CSM wrapper
|
*
|
*
|
*
|
IOS: 12.2
CSM: 4.2(1)
|
SNMP_mib_not_index_by_vip
|
1.3.6.1.4.1.9.9.161.1.4.1
|
1.4
|
1.17
|
IOS-
SLB
|
IOS-SLB wrapper
|
*
|
*
|
*
|
IOS: 12.2
|
SNMP_mib_not_index_by_vip
|
1.3.6.1.4.1.9.9.161.1.4.1
|
1.4
|
1.17
|
F5
|
SNMP_mib_index_by_vip
|
1.3.6.1.4.1.3375.2.2.10.11.3
|
**N/A
|
1.11
|
SLB: 9.2.0 Build167.4
|
|
|
You can also configure Scripted keepalives with any OID that represents load information on an SLB. Depending on the type of table, that is whether the load information is scalar, indexed by VIP, or not indexed by VIP, address and load filters may be required. Figure 5-1 shows a configuration example using a CSS MIB tree.
Figure 5-1 CSS MIB Tree
In this tree, the OIDs are not indexed by VIP. One of the CSS tables that stores load information is apCntTable and the corresponding OID is 1.3.6.1.4.1.9.9.368.1.16.4. From Figure 5-1, you can see that the IP address of the pertinent VIP is referenced by the object apCntIPAddress (OID.1.4) and the load pertaining to this VIP is referenced by the object apCntAvgLocalLoad (OID.1.65). Thus, the IP address obtained here should populate the Address Filter, while the load information populates the Load Filter.
Note If the load information in a MIB table is indexed by VIP, the only required filter is the load filter. Scalars will have neither address or load filters since there is no table associated with the OID.
For example, enter:
gssm1.example.com# config
gssm1.example.com(config)# gslb
gssm1.example.com(config-gslb)# shared-keepalive scripted-kal
192.168.1.46 kal-name samplekal ios-slb community samplecommunity
Deleting a Shared Keepalive
To delete a shared keepalive that is in use by the GSS, you must first remove it from any answers that are using the keepalive.
Caution Deletions of any kind cannot be undone in the primary GSSM. Before deleting any data that you think you might want to use at a later point in time, perform a database backup of your GSSM. See the
Global Site Selector Administration Guide for details.
To delete a shared keepalive, perform the following steps:
1. Display the current property settings for existing answers and keepalives by entering the show gslb-config command.
2. Identify the shared keepalive that you want to delete and the answer to which it is associated.
3. Enter the IP address and answer name (if the answer has a name) to access the answer vip configuration mode by using the answer vip command.
4. Remove the keepalive associated with the answer by entering the no keepalive type command in answer vip configuration mode.
5. Delete the shared keepalive by entering the no shared-keepalive command in global server load-balancing configuration mode.
For example, enter:
gssm1.example.com(config-gslb)# show gslb-config
answer cra 192.168.50.41 delay 2 active
answer ns 172.16.27.4 DOMAIN EXAMPLE.COM active
answer vip 172.16.27.6 name ANSVIP2 active
keepalive type tcp port 180 active
keepalive type tcp port 88 active
gssm1.example.com(config-gslb)# answer vip 172.16.27.6 name ANSVIP2
gssm1.example.com(config-ansvip)# no keepalive type tcp port 88 active
gssm1.example.com(config-ansvip)# exit
gssm1.example.com(config-gslb)# no shared-keepalive tcp 172.16.27.6
gssm1.example.com(config-gslb)#
Displaying Shared Keepalive Properties
You can use the show gslb-config shared-keepalive command to display information about the shared keepalives currently configured for the GSS.
For example, enter:
gssm1.example.com(config-gslb)# show gslb-config shared-keepalive
shared-keepalive kalap 192.168.1.47 capp-secure enable
shared-keepalive tcp 192.168.1.46 termination graceful
shared-keepalive tcp 192.168.1.40
To display shared keepalive information for a specific IP address, enter:
gssm1.example.com(config-gslb)# show gslb-config shared-keepalive 192.168.1.47
shared-keepalive kalap 192.168.1.47 capp-secure enable
Where to Go Next
Chapter 6, Configuring Answers and Answer Groups, describes how to create and configure GSS answers and answer groups. Answers refer to resources to which the GSS resolves DNS requests that it receives. Once created, answers are grouped together as resource pools called answer groups.
