The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
To configure an IP address of a real server that a Domain Name System (DNS) server should supply in response to a domain name resolve request, use the lookupcommand in DNS probe configuration mode. To remove an IP address from the expected list, use the no form of this command.
ip-address |
IP address of a real server that a DNS server should supply in response to a domain name resolve request. |
No lookup IP address is configured.
DNS probe configuration (config-slb-probe)
Release |
Modification |
---|---|
12.1(11b)E |
This command was introduced. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
The following example configures a DNS probe named PROBE4, enters DNS probe configuration mode, and specifies 10.1.10.1 as the IP address to resolve:
Router(config)# ip slb probe PROBE4 dns Router(config-slb-probe)# lookup 10.1.10.1
Command |
Description |
---|---|
ip slb probe dns |
Configures a DNS probe name and enters DNS probe configuration mode. |
show ip slb probe |
Displays information about an IOS SLB probe. |
This command has been removed. Its function is now performed by the ip dfp agentglobal configuration command, and by the following DFP agent configuration commands:
See the description of these commands for more information.
To specify the maximum number of IOS Server Load Balancing (IOS SLB) RADIUS and GTP sticky subscribers that can be assigned to an individual virtual server, use the maxclientscommand in real server configuration mode. To remove the limit, use the no form of this command.
maximum-number |
Maximum number of IOS SLB RADIUS and GTP sticky subscribers that can be assigned to an individual virtual server:
By default, there is no limit on the number of IOS SLB RADIUS and GTP sticky subscribers that can be assigned to an individual virtual server. |
There is no limit on the number of IOS SLB RADIUS and GTP sticky subscribers that can be assigned to an individual virtual server.
Real server configuration (config-slb-real)
Release |
Modification |
---|---|
12.1(11b)E |
This command was introduced. |
12.1(12c)E |
This command was modified to support RADIUS load balancing for CDMA2000, a third-generation (3-G) version of Code Division Multiple Access (CDMA). |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
The following example specifies that up to 10 IOS SLB RADIUS sticky subscribers can be assigned to an individual real server:
Router(config-slb-real)# maxclients 10
Command |
Description |
---|---|
ip slb route |
Enables IOS SLB to inspect packets for RADIUS framed-IP sticky routing. |
show ip slb sticky |
Displays the IOS SLB sticky database. |
To limit the number of active datagram connections to the firewall farm, use the maxconns command in firewall farm datagram protocol configuration mode. To restore the default of 4294967295, use the no form of this command.
maximum-number |
Maximum number of simultaneous active datagram connections using the firewall farm. Valid values range from 1 to 4294967295. The default is 4294967295. |
The default maximum number of simultaneous active datagram connections using the firewall farm is 4294967295.
Firewall farm datagram protocol configuration (config-slb-fw-udp)
Release |
Modification |
---|---|
12.1(3a)E |
This command was introduced. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
The following example limits the real server to a maximum of 1000 simultaneous active connections:
Router(config)# ip slb firewallfarm FIRE1 Router(config-slb-fw)# protocol datagram Router(config-slb-fw-udp)# maxconns 1000
Command |
Description |
---|---|
protocol datagram |
Enters firewall farm datagram protocol configuration mode. |
show ip slb firewallfarm |
Displays information about the firewall farm configuration. |
show ip slb reals |
Displays information about the real servers. |
To limit the number of active TCP connections to the firewall farm, use the maxconns command in firewall farm TCP protocol configuration mode. To restore the default of 4294967295, use the no form of this command.
maximum-number |
Maximum number of simultaneous active TCP connections using the firewall farm. Valid values range from 1 to 4294967295. The default is 4294967295. |
The default maximum number of simultaneous active TCP connections using the firewall farm is 4294967295.
Firewall farm TCP protocol configuration (config-slb-fw-tcp)
Release |
Modification |
---|---|
12.1(3a)E |
This command was introduced. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
The following example limits the real server to a maximum of 1000 simultaneous active connections:
Router(config)# ip slb firewallfarm FIRE1 Router(config-slb-fw)# protocol tcp Router(config-slb-fw-tcp)# maxconns 1000
Command |
Description |
---|---|
protocol tcp |
Enters firewall farm TCP protocol configuration mode. |
show ip slb firewallfarm |
Displays information about the firewall farm configuration. |
show ip slb reals |
Displays information about the real servers. |
To limit the number of active connections to the real server, use the maxconns command in SLB server farm configuration mode. To restore the default of 4294967295, use the no form of this command.
maximum-number |
Maximum number of simultaneous active connections on the real server. Valid values range from 1 to 4294967295. The default is 4294967295. |
sticky-override |
(Optional) Allow sticky load balancing to exceed maximum-numberfor this real server. |
The default maximum number of simultaneous active connections on the real server is 4294967295.
SLB server farm configuration (config-slb-real)
Release |
Modification |
---|---|
12.0(7)XE |
This command was introduced. |
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.1(18)E |
The sticky-override keyword was added. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
The following example limits the real server to a maximum of 1000 simultaneous active connections:
Router(config)# ip slb serverfarm PUBLIC Router(config-slb-sfarm)# real 10.10.1.1 Router(config-slb-real)# maxconns 1000
Command |
Description |
---|---|
real (server farm) |
Identifies a real server by IP address and optional port number as a member of a server farm and enters real server configuration mode. |
show ip slb reals |
Displays information about the real servers. |
show ip slb severfarms |
Displays information about the server farm configuration. |
To configure the aging time for flows, use the mls aging slb normalcommand in global configuration mode. To restore the default setting, use the noform of this command.
The default aging idle time is 2000 milliseconds.
Global configuration (config)
Release |
Modification |
---|---|
12.1(8)E |
This command was introduced. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
This command is supported for Catalyst 6000 family switches only.
The following example sets the idle time to 4000 milliseconds:
Router(config)# mls aging slb normal 4000
Command |
Description |
---|---|
ip slb firewallfarm |
Identifies a firewall farm and initiates firewall farm configuration mode. |
ip slb serverfarm |
Associates a real server farm with a virtual server. |
ip slb vserver |
Identifies a virtual server. |
mls aging slb process |
Controls how often the aging process runs. |
To control how often the aging process runs, use the mls aging slb process command in global configuration mode. To restore the default setting, use the noform of this command.
time |
Aging process interval, in milliseconds. The valid range is 1 millisecond to 10000 milliseconds. The default setting is 2000 seconds. |
The default aging process interval is 2000 milliseconds.
Global configuration (config)
Release |
Modification |
---|---|
12.1(8)E |
This command was introduced. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
This command is supported for Catalyst 6000 family switches only.
The following example sets the aging process interval to 4000 milliseconds:
Router(config)# mls aging slb process 4000
Command |
Description |
---|---|
ip slb firewallfarm |
Identifies a firewall farm and initiates firewall farm configuration mode. |
ip slb serverfarm |
Associates a real server farm with a virtual server. |
ip slb vserver |
Identifies a virtual server. |
mls aging slb normal |
Configures the aging time for flows. |
To specify protocol-level purging of MLS entries from active TCP and UDP flow packets, use the mls ip slb purge globalcommand in global configuration mode. To disable purge throttling, use the no form of this command.
This command has no arguments or keywords.
The default setting is for protocol-level purging.
Global configuration (config)
Release |
Modification |
---|---|
12.2(1)SX |
This command was introduced. |
12.2(33)SRD2 |
The command was modified so that the default command no longer appears in the generated configuration. |
12.2(33)SXI2 |
The command was modified so that the default command no longer appears in the generated configuration. |
12.2(18)SXF17 |
The command was modified so that the default command no longer appears in the generated configuration. |
The following example disables purge throttling on TCP and UDP flow packets:
Router(config)# no mls ip slb purge global
The following example returns purge throttling on TCP and UDP flow packets to its default setting:
Router(config)# mls ip slb purge global
To specify the behavior of IOS Server Load Balancing (IOS SLB) wildcard searches, use the mls ip slb search wildcard command in global configuration mode. To restore the default setting, use the no form of this command.
wildcard |
IOS SLB wildcard searches are to be performed by the Policy Feature Card (PFC). This value is the default setting. |
||
pfc |
(Optional) IOS SLB wildcard searches are to be performed by the Policy Feature Card (PFC). This value is the default setting. |
||
rp |
(Optional) IOS SLB wildcard searches are to be performed by the route processor. |
||
icmp |
Disables ICMP handling by IOS SLB. (Pings to IOS SLB virtual IP addresses are still answered.) Use this command to reduce CPU usage when IOS SLB is configured in locations with a high volume of ICMP flows, such as in the network core.
|
The default setting is for the PFC to perform IOS SLB wildcard searches.
Global configuration (config)
Release |
Modification |
---|---|
12.1(7)E |
This command was introduced. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
This command is supported for Catalyst 6500 family switches only.
If you configure IOS SLB and either input ACLs or firewall load balancing on the same Catalyst 6500 Family Switch, you can exceed the capacity of the TCAM on the PFC. To correct the problem, use the mls ip slb search wildcard rp command to reduce the amount of TCAM space used by IOS SLB. However, be aware that this command can result in a slight increase in route processor utilization.
The following example limits wildcard searches to the route processor:
Router(config)# mls ip slb search wildcard rp
Command |
Description |
---|---|
ip slb firewallfarm |
Identifies a firewall by IP address farm and enters firewall farm configuration mode. |
ip slb serverfarm |
Associates a real server farm with a virtual server. |
ip slb vserver |
Identifies a virtual server. |
To configure Cisco IOS Server Load Balancing (IOS SLB) Network Address Translation (NAT) and specify a NAT mode, use the nat command in SLB server farm configuration mode. To remove a NAT configuration, use the no form of this command.
client pool |
Configures the client address in load-balanced packets using addresses from the client address pool. The pool name must match the pool argument from a previous ip slb natpoolcommand. This mode is commonly referred to as directed client NAT , or simply client NAT. |
server |
Configures the destination address in load-balanced packets sent to the real server as the address of the real server chosen by the server farm load-balancing algorithm. This mode is commonly referred to as directed server NAT , or simply server NAT. |
No IOS SLB NAT is configured.
SLB server farm configuration (config-slb-sfarm)
Release |
Modification |
---|---|
12.1(1)E |
This command was introduced. |
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
12.1(2)E |
The client keyword and pool argument were added. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
The no nat command is allowed only if the virtual server was removed from service with the no inservice command.
The following example enters server farm configuration mode and configures NAT mode as server address translation on server farm FARM2:
Router# ip slb serverfarm FARM2 Router(config-slb-sfarm)# nat server
The following example configures the NAT mode on server farm FARM2 to client translation mode and, using the realcommand in server farm configuration mode, configures the real server IP address as 10.3.1.1:
Router(config-slb-sfarm)# nat client web-clients Router(config-slb-sfarm)# real 10.3.1.1
Command |
Description |
---|---|
ip slb serverfarm |
Associates a real server farm with a virtual server. |
real (server farm) |
Identifies a real server by IP address and optional port number as a member of a server farm and enters real server configuration mode. |
show ip slb serverfarms |
Displays information about the server farm configuration. |
To configure a Dynamic Feedback Protocol (DFP) agent password for Message Digest Algorithm Version 5 (MD5) authentication, use the password command in DFP agent configuration mode. To remove the DFP agent password, use the no form of this command.
0 |
(Optional) Indicates that the password is unencrypted. This is the default setting. |
||
7 |
(Optional) Indicates that the password is encrypted. |
||
password |
Password value for MD5 authentication.
|
||
timeout |
(Optional) Delay period, in seconds, during which both the old password and the new password are accepted. The valid range is from 0 to 65535. The default is 180. |
The password encryption default is 0 (unencrypted). The password timeout default is 180 seconds.
DFP agent configuration (config-dfp)
Release |
Modification |
---|---|
12.1(8a)E |
This command was introduced. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.3(4)T |
This command was integrated into Cisco IOS Release 12.3(4)T. |
12.2(18)SXD |
This command was integrated into Cisco IOS Release 12.2(18)SXD. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
The password specified on this command must match the password specified on the DFP manager.
The timeout option allows you to change the password without stopping messages between the DFP agent and its manager. The default value is 180 seconds.
During the timeout, the agent sends packets with the old password (or null, if there is no old password), and receives packets with either the old or new password. After the timeout expires, the agent sends and receives packets only with the new password; received packets that use the old password are discarded.
If you are changing the password for an entire load-balanced environment, set a longer timeout. Setting a longer timeout allows enough time for you to update the password on all agents and servers before the timeout expires. It also prevents mismatches between agents and servers that have begun running the new password and agents, and servers on which you have not yet changed the old password.
If you are running IOS SLB as a DFP manager, and you specify a password on the ip slb dfp command in global configuration mode, the password must match the one specified on the password command in DFP agent configuration mode in the DFP agent.
The following example sets the DFP agent password (unencrypted by default) to Password1 and the timeout to 360 seconds:
Router(config)# ip dfp agent slb Router(config-dfp)# password Password1 360
Command |
Description |
---|---|
agent |
Identifies a DFP agent to which IOS SLB can connect. |
ip dfp agent |
Identifies a DFP agent subsystem and initiates DFP agent configuration mode. |
ip slb dfp |
Configures DFP, supplies an optional password, and initiates DFP configuration mode. |
replicate casa (firewall farm) |
Configures a stateful backup of IOS SLB decision tables to a backup switch. |
replicate casa (virtual server) |
Configures a stateful backup of IOS SLB decision tables to a backup switch. |
To specify the port to which the IOS SLB KeepAlive Application Protocol (KAL-AP) agent is to connect, use the peer portcommand in SLB Content Application Peering Protocol (CAPP) configuration mode. To restore the default settings, use the no form of this command.
ip-address |
(Optional) IP address of the peer KAL-AP manager. |
port |
Content Application Peering Protocol (CAPP) User Datagram Protocol (UDP) port number to which the KAL-AP agent is to connect. Valid port numbers are 1 to 65535. |
If you do not specify a port, the KAL-AP agent connects to port 5002.
SLB CAPP configuration (config-slb-capp)
Release |
Modification |
---|---|
12.2(33)SRC |
This command was introduced. |
Use this command to specify a port number, other than port 5002, to be used by the KAL-AP agent.
You can configure any number of peer portcommands with the ip-addressargument, but only one without the ip-addressargument.
The following example configures the KAL-AP agent to connect to port number 6000:
Router(config-slb-capp)# peer port 6000
Command |
Description |
---|---|
ip capp udp |
Enables the IOS SLB KeepAlive Application Protocol (KAL-AP) agent and enters SLB Content Application Peering Protocol (CAPP) configuration mode. |
To enable Message Digest Algorithm Version 5 (MD5) authentication for the IOS SLB KeepAlive Application Protocol (KAL-AP) agent, use the peer secretcommand in SLB Content Application Peering Protocol (CAPP) configuration mode. To disable MD5 authentication, use the no form of this command.
ip-address |
(Optional) IP address of the peer KAL-AP. |
||
encrypt |
(Optional) Indicates how the secret-string is represented when the configuration is displayed (for example, show run), or how it is written to nonvolatile memory (for example, write memory). The possible values are 0 and 7:
|
||
secret-string |
1- to 64-character clear password value for MD5 authentication. All characters are valid; case is significant. This password must match the password configured on the host agent. The secret-stringis always sent in plain text when the configuration is downloaded. The secret-stringmust match the secret that is specified on the KAL-AP client. |
The KAL-AP agent does not use MD5 authentication with IOS SLB.
SLB CAPP configuration (config-slb-capp)
Release |
Modification |
---|---|
12.2(33)SRC |
This command was introduced. |
You can configure any number of peer secretcommands with the ip-addressargument, but only one without the ip-addressargument.
The following example configures secret string SECRET_STRING for the KAL-AP agent:
Router(config-slb-capp)# peer secret SECRET_STRING
Command |
Description |
---|---|
ip capp udp |
Enables the IOS SLB KeepAlive Application Protocol (KAL-AP) agent and enters SLB Content Application Peering Protocol (CAPP) configuration mode. |
To specify the port to which a custom User Datagram Protocol (UDP) probe is to connect, use the portcommand in custom UDP probe configuration mode. To restore the default settings, use the no form of this command.
port |
UDP port number to which the custom UDP probe is to connect. |
In dispatched mode, the port number is inherited from the virtual server. If port translation is configured for the real server, that port number is used. See the real (server farm) command for more details.
Custom UDP probe configuration (config-slb-probe)
Release |
Modification |
---|---|
12.1(13)E3 |
This command was introduced. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
The following example configures a custom UDP probe named PROBE6, enters custom UDP probe configuration mode, and configures the probe to connect to port number 8:
Router(config)# ip slb probe PROBE6 custom UDP Router(config-slb-probe)# port 8
Command |
Description |
---|---|
ip slb probe custom udp |
Configures a custom User Datagram Protocol (UDP) probe name and enters custom UDP probe configuration mode. |
real (server farm) |
Identifies a real server by IP address and optional port number as a member of a server farm and enters real server configuration mode. |
show ip slb probe |
Displays information about an IOS Server Load Balancing (IOS SLB) probe. |
To define the port number to be used by the Dynamic Feedback Protocol (DFP) manager to connect to the DFP agent, use the portcommand in DFP agent configuration mode. To disable the port number definition and remove existing connections, use the no form of this command.
port-number |
Port number used by a DFP manager to connect to a DFP agent. The valid range is from 1 to 65535. |
No port number is defined.
DFP agent configuration (config-dfp)
Release |
Modification |
---|---|
12.1(8a)E |
This command was introduced. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.3(4)T |
This command was integrated into Cisco IOS Release 12.3(4)T. |
12.2(18)SXD |
This command was integrated into Cisco IOS Release 12.2(18)SXD. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
In the following example, the DFP manager is enabled to connect to the DFP agent using port number 2221:
Router(config)# ip dfp agent slb Router(config-dfp)# port 2221
Command |
Description |
---|---|
agent |
Identifies a DFP agent to which IOS SLB can connect. |
ip dfp agent |
Identifies a DFP agent subsystem and initiates DFP agent configuration mode. |
ip slb dfp |
Configures DFP, supplies an optional password, and initiates DFP configuration mode. |
To specify the port to which an HTTP probe is to connect, use the portcommand in HTTP probe configuration mode. To restore the default settings, use the no form of this command.
port |
TCP or User Datagram Protocol (UDP) port number to which the HTTP probe is to connect. |
In dispatched mode, the port number is inherited from the virtual server. If port translation is configured for the real server, that port number is used. See the real(server farm) command for more details.
HTTP probe configuration (config-slb-probe)
Release |
Modification |
---|---|
12.1(3a)E |
This command was introduced. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
The following example configures an HTTP probe named PROBE2, enters HTTP probe configuration mode, and configures the probe to connect to port number 8:
Router(config)# ip slb probe PROBE2 http Router(config-slb-probe)# port 8
Command |
Description |
---|---|
ip slb probe http |
Configures an HTTP probe name and enters HTTP probe configuration mode. |
real (server farm) |
Identifies a real server by IP address and optional port number as a member of a server farm and enters real server configuration mode. |
show ip slb probe |
Displays information about an IOS SLB probe. |
To specify the port to which a TCP probe is to connect, use the portcommand in TCP probe configuration mode. To restore the default settings, use the no form of this command.
port |
TCP port number to which the TCP probe is to connect. |
In dispatched mode, the port number is inherited from the virtual server. If port translation is configured for the real server, that port number is used. See the real(server farm) command for more details.
TCP probe configuration (config-slb-probe)
Release |
Modification |
---|---|
12.1(11b)E |
This command was introduced. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
The following example configures a TCP probe named PROBE5, enters TCP probe configuration mode, and configures the probe to connect to port number 8:
Router(config)# ip slb probe PROBE5 tcp Router(config-slb-probe)# port 8
Command |
Description |
---|---|
ip slb probe tcp |
Configures a TCP probe name and enters TCP probe configuration mode. |
real (server farm) |
Identifies a real server by IP address and optional port number as a member of a server farm and enters real server configuration mode. |
show ip slb probe |
Displays information about an IOS SLB probe. |
To specify the load-balancing algorithm for selecting a real server in the server farm, use the predictorcommand in SLB server farm configuration mode. To restore the default load-balancing algorithm of weighted round robin, use the no form of this command.
roundrobin |
(Optional) Uses the weighted round robin algorithm for selecting the real server to handle the next new connection for the server farm. See the Weighted Round Robin section for a detailed description of this algorithm. This algorithm is the default value. RADIUS load balancing requires the weighted round robin algorithm. General packet radio service (GPRS) load balancing without GPRS Tunneling Protocol (GTP) cause code inspection enabled requires the weighted round robin algorithm. The Home Agent Director requires the weighted round robin algorithm. |
leastconns |
(Optional) Uses the weighted least connections algorithm for selecting the real server to handle the next new connection for this server farm. See the Weighted Least Connections section for a detailed description of this algorithm. |
route-map mapname |
(Optional) Uses IOS policy-based routing (PBR) for selecting the real server to handle the next new connection for this server farm. The mapname argument identifies the IOS PBR route map to be used. See the Route Map section for a detailed description of this algorithm. The route map algorithm is supported only for RADIUS load balancing accelerated data plane forwarding. |
If you do not enter a predictor command, or if you enter the predictor command without specifying a load-balancing algorithm, the weighted round robin algorithm is used.
SLB server farm configuration (config-slb-sfarm)
Release |
Modification |
---|---|
12.0(7)XE |
This command was introduced. |
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
12.2(33)SRC |
The route-map keyword and mapname argument were added. |
RADIUS load balancing requires the weighted round robin algorithm.
The route map algorithm is supported only for RADIUS load balancing accelerated data plane forwarding. When you specify the predictor route-map command, no further commands in SLB server farm configuration mode or real server configuration mode are allowed.
GPRS load balancing without GTP cause code inspection enabled requires the weighted round robin algorithm. A server farm that uses weighted least connections can be bound to a virtual server providing GPRS load balancing without GTP cause code inspection enabled, but you cannot place the virtual server INSERVICE. If you try to do so, Cisco IOS SLB) issues an error message.
The Home Agent Director requires the weighted round robin algorithm. A server farm that uses weighted least connections can be bound to a Home Agent Director virtual server, but you cannot place the virtual server INSERVICE. If you try to do so, Cisco IOS SLB issues an error message.
The following example specifies the weighted least connections algorithm:
Router(config)# ip slb serverfarm PUBLIC Router(config-slb-sfarm)# predictor leastconns
Command |
Description |
---|---|
show ip slb serverfarms |
Displays information about the server farm configuration. |
weight (server farm) |
Specifies the real server’s capacity, relative to other real servers in the server farm. |
To specify the load-balancing algorithm for selecting a firewall in the firewall farm, use the predictor hash addresscommand in firewall farm configuration mode. To restore the default load-balancing algorithm, use the no form of this command.
port |
(Optional) Uses the source and destination TCP or User Datagram Protocol (UDP) port numbers, in addition to the source and destination IP addresses, when selecting a firewall. |
IOS Server Load Balancing (IOS SLB) uses the source and destination IP addresses when selecting a firewall.
Firewall farm configuration (config-slb-fw)
Release |
Modification |
---|---|
12.1(3a)E |
This command was introduced. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
The following example specifies that source and destination IP addresses are to be used when selecting a firewall:
Router(config)# ip slb firewall FIRE1 Router(config-slb-fw)# predictor hash address
Command |
Description |
---|---|
show ip slb firewallfarm |
Displays information about the firewall farm configuration. |
weight (firewall farm real server) |
Specifies the firewall’s capacity, relative to other firewalls in the firewall farm. |
To associate a probe with a firewall farm, use the probecommand in firewall farm real server configuration mode. To remove the association, use the no form of this command.
probe |
Name of the probe to associate with this firewall farm. |
No probe is associated with a firewall farm.
Firewall farm real server configuration (config-slb-fw-real)
Release |
Modification |
---|---|
12.1(3a)E |
This command was introduced. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
You can configure more than one probe for each firewall in a firewall farm.
If you configure probes in your network, you must also do one of the following:
The following example associates probe FireProbe with server farm FIRE1:
Router(config)# ip slb firewallfarm FIRE1 Router(config-slb-fw-real)# probe FireProbe
Command |
Description |
---|---|
show ip slb firewallfarm |
Displays information about the server farm configuration. |
To associate a probe with a server farm, use the probecommand in server farm configuration mode. To remove the association, use the no form of this command.
probe |
Name of the probe to associate with this server farm. |
No probe is associated with a server farm.
Server farm configuration (config-slb-sfarm)
Release |
Modification |
---|---|
12.1(2)E |
This command was introduced. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
You can configure more than one probe for each server farm.
If you configure probes in your network, you must also do one of the following:
The following example associates probe PROBE1 with server farm PUBLIC:
Router(config)# ip slb serverfarm PUBLIC Router(config-slb-sfarm)# probe PROBE1
Command |
Description |
---|---|
show ip slb serverfarms |
Displays information about the server farm configuration. |
To enter firewall farm datagram protocol configuration mode, use the protocol datagramcommand in firewall farm configuration mode.
This command has no arguments or keywords.
No default behavior or values
Firewall farm configuration (config-slb-fw)
Release |
Modification |
---|---|
12.1(11b)E |
This command was introduced, replacing the udp command. |
12.1(12c)E |
This command was integrated into Cisco IOS Release 12.1(12c)E, replacing the protocol udpcommand. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
Firewall farm datagram protocol configuration applies to the Encapsulation Security Payload (ESP), Generic Routing Encapsulation (GRE), IP in IP encapsulation, and User Datagram Protocol (UDP) protocols.
The following example enters firewall farm datagram protocol configuration mode:
Router(config)# ip slb firewallfarm FIRE1 Router(config-slb-fw)# protocol datagram
Command |
Description |
---|---|
show ip slb firewallfarm |
Displays information about the firewall farm configuration. |
To enter firewall farm TCP protocol configuration mode, use the protocol tcpcommand in firewall farm configuration mode.
This command has no arguments or keywords.
Firewall farm TCP protocol configuration mode is not entered.
Firewall farm configuration (config-slb-fw)
Release |
Modification |
---|---|
12.1(11b)E |
This command was introduced, replacing the tcp command. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
The following example enters firewall farm TCP protocol configuration mode:
Router(config)# ip slb firewallfarm FIRE1 Router(config-slb-fw)# protocol tcp
Command |
Description |
---|---|
show ip slb firewallfarm |
Displays information about the firewall farm configuration. |
To enable IOS SLB firewall load balancing to send purge requests for connections, use the purge connectioncommand in firewall farm configuration mode. To prevent the sending of purge requests, use the no form of this command.
This command has no arguments or keywords.
IOS SLB firewall load balancing sends purge requests for connections.
Firewall farm configuration (config-slb-fw)
Release |
Modification |
---|---|
12.2(33)SRE |
This command was introduced. |
By default, IOS SLB firewall load balancing sends purge requests for connections. However, if a large number of purge requests are sent, the CPU might be impacted. To prevent this problem, use the no form of this command to prevent the sending of purge requests.
The following example prevents the sending of purge requests for connections:
Router(config-slb-fw)# no purge connection
mls ip slb purge global |
Specifies protocol-level purging of MLS entries from active TCP and UDP flow packets. |
purge sticky |
TBD |
To enable IOS SLB to purge entries in the IOS SLB RADIUS framed-ip sticky database upon receipt of an Accounting ON or OFF message, use the purge radius framed-ip acct on-off command in virtual serverconfiguration mode. To disable this behavior, use the no form of this command.
This command has no arguments or keywords.
IOS SLB purges entries in the IOS SLB RADIUS framed-ip sticky database upon receipt of an Accounting ON or OFF message.
Virtual server configuration (config-slb-vserver)
Release |
Modification |
---|---|
12.1(11b)E |
This command was introduced. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
The following example prevents IOS SLB from purging entries in the IOS SLB RADIUS framed-ip sticky database upon receipt of an Accounting ON or OFF message:
Router(config)# ip slb vserver VS1 Router(config-slb-vserver)# no purge radius framed-ip acct on-off
Command |
Description |
---|---|
sticky (virtual server) |
Assigns all connections from a client to the same real server. |
To enable IOS Server Load Balancing to purge entries in the IOS SLB RADIUS framed-ip sticky database upon receipt of an Accounting-Stop message, use the purge radius framed-ip acct stop in virtual serverconfiguration mode. To disable this behavior, use the no form of this command.
attribute-number |
RADIUS attribute number. |
26 |
RADIUS attribute number 26. |
vsa |
Vendor-specific attribute number. |
vendor-ID |
Vendor ID. |
3gpp |
Third Generation Partnership Project (3GPP) vendor ID. |
3gpp2 |
Third Generation Partnership Project 2 (3GPP2) vendor ID. |
sub-attribute-number |
Sub-attribute number. |
IOS SLB purges entries in the IOS SLB RADIUS framed-ip sticky database upon receipt of an Accounting-Stop message.
Virtual server configuration (config-slb-vserver)
Release |
Modification |
---|---|
12.2(14)ZA5 |
This command was introduced. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
The following example prevents IOS SLB from purging entries in the IOS SLB RADIUS framed-ip sticky database upon receipt of an Accounting-Stop message:
Router(config)# ip slb vserver VS1 Router(config-slb-vserver)# no purge radius framed-ip acct stop 44
Command |
Description |
---|---|
sticky (virtual server) |
Assigns all connections from a client to the same real server. |
To enable IOS SLB firewall load balancing to send purge requests for sticky connections when the sticky timer expires, use the purge stickycommand in firewall farm configuration mode. To prevent the sending of purge requests when the timer expires, use the no form of this command.
This command has no arguments or keywords.
IOS SLB firewall load balancing sends purge requests when the sticky timer expires.
Firewall farm configuration (config-slb-fw)
Release |
Modification |
---|---|
12.2(33)SRE |
This command was introduced. |
By default, IOS SLB firewall load balancing sends purge requests for sticky connections when the sticky timer expires. However, large volumes of purge requests can impact the CPU. To prevent this problem, use the no form of this command to prevent the sending of purge requests when the sticky timer expires.
To configure a sticky timer for IOS SLB firewall load balancing, use the sticky command in either firewall farm datagram protocol or firewall farm TCP protocol configuration mode.
The following example prevents the sending of purge requests for sticky connections:
Router(config-slb-fw)# no purge sticky
mls ip slb purge global |
Specifies protocol-level purging of MLS entries from active TCP and UDP flow packets. |
purge connection |
Enables IOS SLB firewall load balancing to send purge requests for connections. |
sticky (firewall farm datagram protocol) |
Assigns all connections from a client to the same firewall. |
sticky (firewall farm TCP protocol) |
Assigns all connections from a client to the same firewall. |
To enable a RADIUS virtual server to acknowledge RADIUS accounting messages, use the radius acct local-ack keycommand in SLB virtual server configuration mode. To restore the default behavior, use the no form of this command.
encrypt |
(Optional) Indicates how the secret-string is represented when the configuration is displayed (for example, show run), or how it is written to nonvolatile memory (for example, write memory). The possible values are 0 and 7:
|
||
secret-string |
1- to 64-character clear password value for MD5 authentication. All characters are valid; case is significant. This password must match the password configured on the host agent. The secret-stringis always sent in plain text when the configuration is downloaded. The secret-stringmust match the secret that is specified on the RADIUS client (for example, the gateway general packet radio service [GPRS] support node [GGSN]). |
By default, this command is not enabled. When this command is enabled, the RADIUS load balancing device, not the real server, acknowledges RADIUS accounting messages. If you configure this command but you do not specify the 7 keyword, the secret-string is stored in the plain text.
SLB virtual server configuration (config-slb-vserver)
Release |
Modification |
---|---|
12.2(33)SRB |
This command was introduced. |
Configure this command only on a RADIUS virtual server.
The following example shows how to enable RADIUS virtual server PUBLIC_RADIUS to acknowledge RADIUS accounting messages with key SECRET_PASSWORD.
Router(config)# ip slb vserver PUBLIC_RADIUS Router(config-slb-vserver)# radius acct local-ack key SECRET_PASSWORD
Command |
Description |
---|---|
ip slb serverfarm |
Identifies a server farm and enters server farm configuration mode. |
show ip slb vservers |
Displays information about the virtual servers defined to IOS Server Load Balancing (IOS SLB). |
virtual |
Configures the virtual server attributes. |
To configure a vendor-specific attribute (VSA) correlation group for an IOS SLB RADIUS load balancing accelerated data plane forwarding accounting virtual server, and to enable Message Digest Algorithm Version 5 (MD5) authentication for VSA correlation, use the radius inject acct keycommand in SLB virtual server configuration mode. To disable VSA correlation on this virtual server, use the no form of this command.
group-number |
VSA correlation group number to be used for VSA correlation in the RADIUS Accounting-Start packets. |
||
encrypt |
(Optional) Indicates how the secret-string is represented when the configuration is displayed (for example, show run), or how it is written to nonvolatile memory (for example, write memory). The possible values are 0 and 7:
|
||
secret-string |
1- to 64-character clear password value for MD5 authentication. All characters are valid; case is significant. This password must match the password configured on the host agent. The secret-stringis always sent in plain text when the configuration is downloaded. |
VSA correlation is disabled on this virtual server.
SLB virtual server configuration (config-slb-vserver)
Release |
Modification |
---|---|
12.2(33)SRC |
This command was introduced. |
This command is valid only for VSA correlation accounting virtual servers.
The following example configures VSA correlation group 1 and configures plain text secret string SECRET_STRING for VSA correlation:
Router(config-slb-vserver)# radius inject acct 1 key 0 SECRET_STRING
Command |
Description |
---|---|
radius inject auth |
Configures a vendor-specific attribute (VSA) correlation group for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server, and specifies whether IOS SLB is to create VSA correlation entries based on RADIUS calling station IDs or RADIUS usernames. |
radius inject auth timer |
Configures a timer for vendor-specific attribute (VSA) correlation for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server. |
radius inject auth vsa |
Buffers vendor-specific attributes (VSAs) for VSA correlation for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server. |
To configure a vendor-specific attribute (VSA) correlation group for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server, and to specify whether IOS SLB is to create VSA correlation entries based on RADIUS calling station IDs or RADIUS usernames, use the radius inject auth command in SLB virtual server configuration mode. To disable VSA correlation on this virtual server, use the no form of this command.
group-number |
VSA correlation group number. |
calling-station-id |
Specifies that IOS SLB is to create VSA correlation entries based on the RADIUS calling station ID attribute in the RADIUS payload when RADIUS Access-Request messages are exchanged. |
username |
Specifies that IOS SLB is to create VSA correlation entries based on the RADIUS username attribute in the RADIUS payload when RADIUS Access-Request messages are exchanged. |
VSA correlation is disabled on this virtual server.
SLB virtual server configuration (config-slb-vserver)
Release |
Modification |
---|---|
12.2(33)SRC |
This command was introduced. |
For a given authentication virtual server, you can configure a single radius inject auth group-number calling-station-id command or a single radius inject auth group-number usernamecommand, but not both.
This command is valid only for VSA correlation authentication virtual servers.
The following example configures VSA correlation group 1 and specifies that IOS SLB is to create VSA correlation entries based on the RADIUS calling station ID attribute:
Router(config-slb-vserver)# radius inject auth 1 calling-station-id
Command |
Description |
---|---|
calling-station-id |
Configures an ASCII regular expression string to be matched against the calling station ID attribute in the RADIUS payload. |
radius inject acct key |
Configures a vendor-specific attribute (VSA) correlation group for an IOS SLB RADIUS load balancing accelerated data plane forwarding accounting virtual server, and enables Message Digest Algorithm Version 5 (MD5) authentication for VSA correlation. |
radius inject auth timer |
Configures a timer for vendor-specific attribute (VSA) correlation for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server. |
radius inject auth vsa |
Buffers vendor-specific attributes (VSAs) for VSA correlation for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server. |
username |
Configures an ASCII regular expression string to be matched against the username attribute in the RADIUS payload. |
To configure a timer for vendor-specific attribute (VSA) correlation for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server, use the radius inject auth timercommand in SLB virtual server configuration mode. To delete the VSA correlation timer from the configuration, use the no form of this command.
seconds |
Time, in seconds, that IOS SLB maintains an entry in the VSA correlation database. Valid range is 1 to 255. |
No VSA correlation timer is configured for the authentication virtual server.
SLB virtual server configuration (config-slb-vserver)
Release |
Modification |
---|---|
12.2(33)SRC |
This command was introduced. |
This command is valid only for VSA correlation authentication virtual servers.
The following example configures a VSA correlation timer of 45 seconds:
Router(config-slb-vserver)# radius inject auth timer 45
Command |
Description |
---|---|
radius inject acct key |
Configures a vendor-specific attribute (VSA) correlation group for an IOS SLB RADIUS load balancing accelerated data plane forwarding accounting virtual server, and enables Message Digest Algorithm Version 5 (MD5) authentication for VSA correlation. |
radius inject auth |
Configures a vendor-specific attribute (VSA) correlation group for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server, and specifies whether IOS SLB is to create VSA correlation entries based on RADIUS calling station IDs or RADIUS usernames. |
radius inject auth vsa |
Buffers vendor-specific attributes (VSAs) for VSA correlation for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server. |
To buffer vendor-specific attributes (VSAs) for VSA correlation for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server, use the radius inject auth vsacommand in SLB virtual server configuration mode.
vendor-id |
VSA to be buffered:
|
VSAs are not buffered.
SLB virtual server configuration (config-slb-vserver)
Release |
Modification |
---|---|
12.2(33)SRC |
This command was introduced. |
This command is valid only for VSA correlation authentication virtual servers.
The following example buffers the Cisco VSA:
Router(config-slb-vserver)# radius inject auth vsa cisco
Command |
Description |
---|---|
radius inject acct key |
Configures a vendor-specific attribute (VSA) correlation group for an IOS SLB RADIUS load balancing accelerated data plane forwarding accounting virtual server, and enables Message Digest Algorithm Version 5 (MD5) authentication for VSA correlation. |
radius inject auth |
Configures a vendor-specific attribute (VSA) correlation group for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server, and specifies whether IOS SLB is to create VSA correlation entries based on RADIUS calling station IDs or RADIUS usernames. |
radius inject auth timer |
Configures a timer for vendor-specific attribute (VSA) correlation for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server. |
To specify the maximum number of connections allowed for a real server in a server farm, use the ratecommand in real server configuration mode. To remove the rate limit, use the no form of this command.
maximum-rate |
Maximum number of connections allowed for the real server. Valid values range from 1 to 4294967295. |
burst burst-rate |
(Optional) Maximum connection burst rate allowed for the real server. Configure a burst rate if you expect the real server to receive connection requests at random intervals. Valid values range from (maximum-rate/10) + 1 to maximum-rate. The default burst rate is (maximum-rate/10) connections per second. We recommend that you specify a burst rate of at least (maximum-rate/4). For example, if maximum-rate is set to 3212, the valid range is 322 to 3212; the default burst rate is (3212/10), or 321 connections per second; and we recommend a burst rate of at least (3212/4), or 803 connections per second. |
There is no limit on the number of connection allowed for the real server. If you do not configure a burst rate, the default burst rate is (maximum-rate/10) connections per second.
Real server configuration (config-slb-real)
Release |
Modification |
---|---|
12.2(33)SRC |
This command was introduced. |
The rate command is valid only for real servers in server farms. It is not valid for real servers in firewall farms.
If the rate limit for a real server is exceeded, and a new connection request is received, IOS SLB assigns the new connection request to the next rate-configured real server in the server farm’s queue. If no other rate-configured real server is available in the server farm, IOS SLB drops the connection request.
The rate limit also applies to sticky connections. That is, if the rate limit for a real server is exceeded, and a new sticky connection request is received, IOS SLB drops the sticky connection request.
IOS SLB uses slow start even if a real server has a rate limit configured.
The following example specifies that up to 100 connections per second are allowed for the real server in a server farm, with a burst rate of 25 burst connections per second:
Router(config-slb-real)# rate 100 burst 25
To identify a firewall as a member of a firewall farm and enter real server configuration mode, use the real command in firewall farm configuration mode. To remove the firewall from the IOS Server Load Balancing (IOS SLB) configuration, use the no form of this command.
ip-address |
Real server IP address. |
No firewall is identified as a member of a firewall farm.
Firewall farm configuration (config-slb-fw)
Release |
Modification |
---|---|
12.1(3a)E |
This command was introduced. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
A firewall farm comprises a number of firewalls. The firewalls are the physical devices that provide the firewall load-balanced services.
The following example identifies a firewall as a member of firewall farm FIRE1:
Router(config)# ip slb firewallfarm FIRE1 Router(config-slb-fw)# real 10.1.1.1
Command |
Description |
---|---|
inservice (firewall farm real server) |
Enables the firewall for use by IOS SLB. |
show ip slb firewallfarm |
Displays information about the firewall farm configuration. |
show ip slb reals |
Displays information about the real servers. |
To identify a real server as a member of a server farm and enter real server configuration mode, use the real command in SLB server farm configuration mode. To remove the real server from the IOS Server Load Balancing (IOS SLB) configuration, use the no form of this command.
ipv4-address |
Real server IPv4 address. |
ipv6 ipv6-address |
(Optional) For dual-stack, real server IPv6 address. |
port |
(Optional) Port translation for the server. Valid values range from 1 to 65535. |
No real server is identified as a member of a server farm.
SLB server farm configuration (config-slb-sfarm)
Release |
Modification |
---|---|
12.0(7)XE |
This command was introduced. |
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
12.1(2)E |
The port argument was added. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
15.0(1)S |
The ipv6 keyword and ipv6-address argument were added. |
A server farm comprises a number of real servers. The real servers are the physical devices that provide the load-balanced services.
In general packet radio service (GPRS) load balancing, this command identifies a gateway GPRS support node (GGSN) that is a member of the server farm. Also, remember that the Cisco GGSN IP addresses are virtual template IP addresses, not real interface IP addresses.
IOS SLB supports GPRS Tunneling Protocol (GTP) v0, v1, and v2 real servers. A GTP v2 real server can be either a Packet Data Network Gateway (PGW) or a serving gateway (SGW).
IOS SLB supports dual-stack addresses for GTP load balancing only. To support dual-stack addresses, you must configure the real server as a dual-stack real server, with the IPv4 and IPv6 addresses, using this command.
In Virtual Private Network (VPN) server load balancing, this command identifies a real server acting as a VPN terminator.
The following example identifies a real server as a member of the server farm:
Router(config)# ip slb serverfarm PUBLIC Router(config-slb-sfarm)# real 10.1.1.1
The following example identifies a dual-stack real server as a member of the server farm:
Router(config)# ip slb serverfarm DUAL-PUBLIC Router(config-slb-sfarm)# real 10.1.1.1 ipv6 12AB:0000:0000:CD31:0000:0000:0000:0000/64
Command |
Description |
---|---|
inservice (server farm real server) |
Enables the real server for use by IOS SLB. |
show ip slb reals |
Displays information about the real servers. |
show ip slb serverfarms |
Displays information about the server farm configuration. |
To configure one or more real servers to use static Network Address Translation (NAT), use the real command in static NAT configuration mode. To restore the default behavior, use the no form of this command.
ip-address |
IP address of the real server that is to use static NAT. |
port |
(Optional) Layer 4 source port number, used by IOS Server Load Balancing (IOS SLB) to differentiate between User Datagram Protocol (UDP) responses from the real server and connections initiated by the real server. |
No real server is configured to use static NAT.
Static NAT configuration (config-slb-static)
Release |
Modification |
---|---|
12.1(11b)E |
This command was introduced. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
If no port number is specified, IOS SLB uses static NAT for all packets outbound from the real server.
The following example configures real server 10.1.1.3 to use static NAT:
Router(config)# ip slb static nat Router(config-slb-static)# real 10.1.1.3
Command |
Description |
---|---|
ip slb static |
Configures a real server’s NAT behavior and enters static NAT configuration mode. |
show ip slb reals |
Displays information about the real servers. |
show ip slb static |
Displays information about the static NAT configuration. |
To specify the threshold of consecutive unacknowledged SYNchronize sequence numbers (SYNs) or Create Packet Data Protocol (PDP) requests that, if exceeded, result in an attempted connection to a different real server, use the reassign command in SLB real server configuration mode. To restore the default reassignment threshold, use the no form of this command.
threshold |
Number of unacknowledged TCP SYNs (or Create PDP requests, in general packet radio service [GPRS] load balancing) that are directed to a real server before the connection is reassigned to a different real server. An unacknowledged SYN is one for which no SYN or ACKnowledgment (ACK) is detected before the next SYN arrives from the client. IOS Server Load Balancing (IOS SLB) allows 30 seconds for the connection to be established or for a new SYN to be received. If neither of these occurs within that time, the connection is removed from the IOS SLB database. The 30-second timer is restarted for each SYN as long as the number of connection reassignments specified in the faildetect numconns (real server)command is not exceeded. See the faildetect numconns (real server) command for more information. Valid threshold values range from one 1 to 4. The default value is 3. |
The default threshold value is 3.
SLB real server configuration (config-slb-real)
Release |
Modification |
---|---|
12.0(7)XE |
This command was introduced. |
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
12.1(9)E |
This command was modified to support general packet radio service (GPRS) load balancing. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(14)SX |
Support for this command was introduced on the Cisco 7600 series routers that are configured with a Supervisor Engine 720. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
This command is not supported on Cisco 7600 series routers that are configured with a Supervisor Engine 2.
IOS SLB does not reassign sticky connections if either of the following conditions is true:
In GPRS load balancing, this command specifies the number of consecutive unacknowledged Create PDP requests (not TCP SYNs) that are directed to a gateway GPRS support node (GGSN) before the connection is reassigned to a different GGSN. You must specify a reassign threshold less than the N3-REQUESTS counter value of the serving GRPS support node (SGSN).
The following example shows how to set the threshold of unacknowledged SYNs to 2:
Router(config)# ip slb serverfarm PUBLIC Router(config-slb-sfarm)# real 10.10.1.1 Router(config-slb-real)# reassign 2
Command |
Description |
---|---|
faildetect numconns |
Specifies the conditions that indicate a server failure. |
inservice (real server) |
Enables the real server for use by the IOS SLB feature. |
real (server farm) |
Identifies a real server by IP address and optional port number as a member of a server farm and enters real server configuration mode. |
show ip slb reals |
Displays information about the real servers. |
show ip slb serverfarms |
Displays information about the server farm configuration. |
To configure a stateful backup of IOS Server Load Balancing (IOS SLB) decision tables to a backup switch, use the replicate casacommand in firewall farm configuration mode. To remove a this configuration, use the no form of this command.
listen-ip |
Listening IP address for state exchange messages that are advertised. |
||
remote-ip |
Destination IP address for all state exchange signals. |
||
port |
TCP or User Datagram Protocol (UDP) port number or port name for all state exchange signals. |
||
interval |
(Optional) Maximum replication delivery interval from 1 to 300 seconds. The default value is 10 seconds.
|
||
password |
(Optional) Specifies the password for Message Digest Algorithm Version 5 (MD5) authentication. |
||
encrypt |
(Optional) Indicates how the secret-string is represented when the configuration is displayed (for example, show run), or how it is written to nonvolatile memory (for example, write memory). The possible values are 0 and 7:
|
||
secret-string |
(Optional) 1- to 64-character clear password value for MD5 authentication. All characters are valid; case is significant. This password must match the password configured on the host agent. The secret-stringis always sent in plain text when the configuration is downloaded. The secret-stringmust match the secret that is specified on the RADIUS client (for example, the gateway general packet radio service [GPRS] support node [GGSN]). |
||
timeout |
(Optional) Delay period, in seconds, during which both the old password and the new password are accepted. The default value is 180 seconds. |
The default interval is 10 seconds. The default password encryption is 0 (unencrypted). The default password timeout is 180 seconds.
Firewall farm configuration (config-slb-fw)
Release |
Modification |
---|---|
12.1(3a)E |
This command was introduced. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
The timeout option allows you to change the password without stopping messages between the backup and primary Layer 3 switches. The default value is 180 seconds.
During the timeout, the backup sends packets with the old password (or null, if there is no old password), and receives packets with either the old or new password. After the timeout expires, the backup sends and receives packets only with the new password.
When setting a new password timeout, remember the following considerations:
If you configure this command but you do not specify the 7 keyword, the secret-string is stored in the plain text.
The following example configures a stateful backup Layer-3 switch with a listening IP address of 10.10.10.11 and a remote IP address of 10.10.11.12 over HTTP port 4231:
Router(config)# ip slb firewallfarm FIRE1 Router(config-slb-fw)# replicate casa 10.10.10.11 10.10.11.12 4231
Command |
Description |
---|---|
show ip slb firewallfarm |
Displays information about the firewall farm configuration. |
show ip slb replicate |
Displays the configuration of IO SLB IP replication. |
To configure a stateful backup of IOS Server Load Balancing (IOS SLB) decision tables to a backup switch, use the replicate casa command in virtual server configuration mode. To remove this configuration, use the no form of this command.
listen-ip |
Listening IP address for state exchange messages that are advertised. |
||
remote-ip |
Destination IP address for all state exchange signals. |
||
port |
TCP or User Datagram Protocol (UDP) port number or port name for all state exchange signals. |
||
interval |
(Optional) Maximum replication delivery interval from 1 to 300 seconds. The default value is 10 seconds.
|
||
password |
(Optional) Specifies the password for Message Digest Algorithm Version 5 (MD5) authentication. |
||
encrypt |
(Optional) Indicates how the secret-string is represented when the configuration is displayed (for example, show run), or how it is written to nonvolatile memory (for example, write memory). The possible values are 0 and 7:
|
||
secret-string |
(Optional) 1- to 64-character clear password value for MD5 authentication. All characters are valid; case is significant. This password must match the password configured on the host agent. The secret-stringis always sent in plain text when the configuration is downloaded. The secret-stringmust match the secret that is specified on the RADIUS client (for example, the gateway general packet radio service [GPRS] support node [GGSN]). |
||
timeout |
(Optional) Delay period, in seconds, during which both the old password and the new password are accepted. The default value is 180 seconds. |
The default interval is 10 seconds. The default password encryption is 0 (unencrypted). The default password timeout is 180 seconds.
Virtual server configuration (config-slb-vserver)
Release |
Modification |
---|---|
12.1(2)E |
This command was introduced. |
12.1(3a)E |
The 0and 7keywords were added. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
The timeout option allows you to change the password without stopping messages between the backup and primary Layer 3 switches. The default value is 180 seconds.
During the timeout, the backup sends packets with the old password (or null, if there is no old password), and receives packets with either the old or new password. After the timeout expires, the backup sends and receives packets only with the new password.
When setting a new password timeout, remember the following considerations:
General packet radio service (GPRS) load balancing without GPRS Tunneling Protocol (GTP) cause code inspection enabled does not support the replicate casacommand in virtual server configuration mode.
The Home Agent Director does not support the replicate casacommand in virtual server configuration mode.
If you configure this command but you do not specify the 7 keyword, the secret-string is stored in the plain text.
The following example configures a stateful backup Layer-3 switch with a listening IP address of 10.10.10.11 and a remote IP address of 10.10.11.12 over HTTP port 4231:
Router(config)# ip slb vserver VS1 Router(config-slb-vserver)# replicate casa 10.10.10.11 10.10.11.12 4231
Command |
Description |
---|---|
show ip slb replicate |
Displays the configuration of IOS SLB IP replication. |
show ip slb vserver |
Displays information about the virtual servers defined to IOS SLB. |
To set the replication delivery interval for an IOS Server Load Balancing (IOS SLB) firewall farm, use the replicate interval command in firewall farm configuration mode. To restore the default interval, use the no form of this command.
interval |
Maximum replication delivery interval, in seconds. Replication updates are sent to the peer device (CASA or slave) when the interval expires, or when the send buffer (1500 bytes) is full. The valid range is 1 to 300 seconds. The default value is 10 seconds. |
The default interval is 10 seconds.
Firewall farm configuration (config-slb-fw)
Release |
Modification |
---|---|
12.2(14)ZA5 |
This command was introduced. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
General packet radio service (GPRS) load balancing without GPRS Tunneling Protocol (GTP) cause code inspection enabled does not support the replicate intervalcommand in firewall farm configuration mode.
The Home Agent Director does not support the replicate intervalcommand in firewall farm configuration mode.
The following example configures a replication interval of 20 seconds:
Router(config)# ip slb firewallfarm FIRE1 Router(config-slb-fw)# replicate interval 20
Command |
Description |
---|---|
ip slb replicate slave rate |
Sets the replication message rate for IOS Server Load Balancing (IOS SLB) slave replication. |
replicate casa (firewall farm) |
Configures a stateful backup of IOS Server Load Balancing (IOS SLB) decision tables to a backup switch |
replicate slave (firewall farm) |
Enables stateful backup of redundant route processors for an IOS Server Load Balancing (IOS SLB) firewall farm. |
show ip slb replicate |
Displays the configuration of IOS Server Load Balancing (IOS SLB) IP replication. |
show ip slb vservers |
Displays information about the virtual servers defined to IOS Server Load Balancing (IOS SLB). |
To set the replication delivery interval for an IOS Server Load Balancing (IOS SLB) virtual server, use the replicate interval command in virtual server configuration mode. To restore the default interval, use the no form of this command.
interval |
Maximum replication delivery interval, in seconds. Replication updates are sent to the peer device (CASA or slave) when the interval expires, or when the send buffer (1500 bytes) is full. The valid range is 1 to 300 seconds. The default value is 10 seconds. |
The default interval is 10 seconds.
Virtual server configuration (config-slb-vserver)
Release |
Modification |
---|---|
12.2(14)ZA5 |
This command was introduced. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
General packet radio service (GPRS) load balancing without GPRS Tunneling Protocol (GTP) cause code inspection enabled does not support the replicate intervalcommand in virtual server configuration mode.
The Home Agent Director does not support the replicate intervalcommand in virtual server configuration mode.
The following example configures a replication interval of 20 seconds:
Router(config)# ip slb vserver VS1 Router(config-slb-vserver)# replicate interval 20
Command |
Description |
---|---|
ip slb replicate slave rate |
Sets the replication message rate for IOS Server Load Balancing (IOS SLB) slave replication. |
replicate casa (virtual server) |
Configures a stateful backup of IOS Server Load Balancing (IOS SLB) decision tables to a backup switch |
replicate slave (virtual server) |
Enables stateful backup of redundant route processors for an IOS Server Load Balancing (IOS SLB) virtual server. |
show ip slb replicate |
Displays the configuration of IOS Server Load Balancing (IOS SLB) IP replication. |
show ip slb vserver |
Displays information about the virtual servers defined to IOS Server Load Balancing (IOS SLB). |
To enable stateful backup of redundant route processors for an IOS Server Load Balancing (IOS SLB) firewall farm, if the slave device is present, use the replicate slavecommand in firewall farm configuration mode. To disable stateful backup of redundant route processors, use the no form of this command.
This command has no arguments or keywords.
Stateful backup of redundant route processors is disabled.
Firewall farm configuration (config-slb-fw)
Release |
Modification |
---|---|
12.2(14)ZA5 |
This command was introduced. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
General packet radio service (GPRS) load balancing without GPRS Tunneling Protocol (GTP) cause code inspection enabled does not support the replicate slavecommand in firewall farm configuration mode.
The Home Agent Director does not support the replicate slavecommand in firewall farm configuration mode.
The following example enables stateful backup of redundant route processors:
Router(config)# ip slb firewallfarm FIRE1 Router(config-slb-fw)# replicate slave
Command |
Description |
---|---|
ip slb replicate slave rate |
Sets the replication message rate for IOS SLB slave replication. |
replicate casa (firewall farm) |
Configures a stateful backup of IOS SLB decision tables to a backup switch |
replicate interval (firewall farm) |
Sets the replication delivery interval for an IOS SLB firewall farm. |
show ip slb replicate |
Displays the configuration of IOS SLB IP replication. |
show ip slb vservers |
Displays information about the virtual servers defined to IOS SLB. |
To enable stateful backup of redundant route processors for an IOS Server Load Balancing (IOS SLB) virtual server, if the slave device is present, use the replicate slave command in virtual server configuration mode. To disable stateful backup of redundant route processors, use the no form of this command.
This command has no arguments or keywords.
Stateful backup of redundant route processors is disabled.
Virtual server configuration (config-slb-vserver)
Release |
Modification |
---|---|
12.2(14)ZA5 |
This command was introduced. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
General packet radio service (GPRS) load balancing without GPRS Tunneling Protocol (GTP) cause code inspection enabled does not support the replicate slavecommand in virtual server configuration mode.
The Home Agent Director does not support the replicate slavecommand in virtual server configuration mode.
If you are using a single Supervisor with replicate slave configured, you might receive out-of-sync messages on the Supervisor.
The following example enables stateful backup of redundant route processors:
Router(config)# ip slb vserver VS1 Router(config-slb-vserver)# replicate slave
Command |
Description |
---|---|
ip slb replicate slave rate |
Sets the replication message rate for IOS SLB slave replication. |
replicate casa (virtual server) |
Configures a stateful backup of IOS SLB decision tables to a backup switch |
replicate interval (virtual server) |
Sets the replication delivery interval for an IOS SLB virtual server. |
show ip slb replicate |
Displays the configuration of IOS SLB IP replication. |
show ip slb vservers |
Displays information about the virtual servers defined to IOS SLB. |
To define the payload of the User Datagram Protocol (UDP) request packet to be sent by a custom UDP probe, use the requestcommand in custom UDP probe configuration mode.
data start-byte |
Identifies the payload offset at which the hex-data-stringis to be placed into the packet. |
data continue |
String of characters represented by the hex-data-stringargument is to be placed after the last defined byte in the request packet. |
hex-data-string |
Payload of the UDP request packet, up to 100 bytes of data in hexadecimal format. |
The payload of the UDP request packet is not defined.
Custom UDP probe configuration (config-slb-probe)
Release |
Modification |
---|---|
12.1(13)E3 |
This command was introduced. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
You can enter more than one request command, to specify the entire UDP payload.
The following example generates custom UDP probe PROBE6, with the specified 119-byte UDP payload.
Router(config)# ip slb probe PROBE6 custom UDP Router(config-slb-probe)# request data 0 05 04 00 77 18 2A D6 CD 0A AD 53 4D F1 29 29 CF C1 96 59 CB Router(config-slb-probe)# request data 20 01 07 63 68 72 69 73 28 06 00 00 00 01 2C 0A 30 30 30 30 30 Router(config-slb-probe)# request data 40 30 30 42 07 06 00 00 00 07 1E 10 63 75 66 66 2E 63 69 73 63 Router(config-slb-probe)# request data 60 6F 2E 63 6F 6D 1F 0C 39 31 39 33 39 32 39 31 36 39 08 06 0A Router(config-slb-probe)# request data 80 0A 01 01 2D 06 00 00 00 01 3D 06 00 00 00 05 05 06 00 00 00 Router(config-slb-probe)# request data 100 00 06 06 00 00 00 02 04 06 0A 0A 18 0A 29 06 00 00 00 00
Command |
Description |
---|---|
ip slb probe custom udp |
Configures the IOS SLB IP probe name. |
response |
Defines the data string to match against custom UDP probe response packets. |
show ip slb probe |
Displays information about an IOS SLB probe. |
To configure an HTTP probe to check the status of the real servers, use the requestcommand in HTTP probe configuration mode. To remove a requestconfiguration, use the no form of this command.
method |
(Optional) Configures the way the data is requested from the server. |
get |
Configures the Get method to request data from the server. |
post |
Configures the Post method to request data from the server. |
head |
Configures the header data type to request data from the server. |
name name |
Configures the name string of the data to send to the servers to request data. The character string is limited to 15 characters. |
url path |
(Optional) Configures the path from the server. |
No HTTP probe is configured to check the status of the real servers.
HTTP probe configuration (config-slb-probe)
Release |
Modification |
---|---|
12.1(2)E |
This command was introduced. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
The request command configures the Cisco IOS Server Load Balancing (Cisco IOS SLB) HTTP probe method used to receive data from the server. Only one Cisco IOS SLB HTTP probe can be configured for each server farm.
If no values are configured following the method keyword, the default is Get.
If no URL path is set to the server, the default is /.
The following example configures an IOS SLB HTTP probe named PROBE2, enters HTTP probe configuration mode, and configures HTTP requests to use the post method and the URL /probe.cgi?all:
Router(config)# ip slb probe PROBE2 http Router(config-slb-probe)# request method post url /probe.cgi?all
Command |
Description |
---|---|
ip slb probe http |
Configures the Cisco IOS SLB IP probe name. |
show ip slb probe |
Displays information about an Cisco IOS SLB probe. |
To define the data string to match against custom User Datagram Protocol (UDP) probe response packets, use the responsecommand in custom UDP probe configuration mode.
clause-number |
Identifies the response clause that is being modified. Up to 8 response clauses can be specified, on individual response commands. |
data start-byte |
Byte in the UDP response packet at which the hex-data-stringis to be matched. |
hex-data-string |
Up to 100 bytes of data, in hexadecimal format, that is to be matched against the UDP response packet payload. If the data does not match, the probe fails. |
The data string to match against custom UDP probe response packets is not defined.
Custom UDP probe configuration (config-slb-probe)
Release |
Modification |
---|---|
12.1(13)E3 |
This command was introduced. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
You can enter up to 8 individual response commands, to parse up to 8 non-contiguous bytes of data.
In the following example, if the 26th and 27th bytes of the response from PROBE6 are not FF FF , and the 44th and 45th bytes are not DD DD , the probe fails.
Router(config)# ip slb probe PROBE6 custom UDP Router(config-slb-probe)# response 1 data 26 FF FF Router(config-slb-probe)# response 2 data 44 DD DD
Command |
Description |
---|---|
ip slb probe custom udp |
Configures the IOS SLB IP probe name. |
request (custom UDP probe) |
Defines the payload of the UDP request packet to be sent by a custom UDP probe. |
show ip slb probe |
Displays information about an IOS SLB probe. |
To specify how long to wait before a new connection is attempted to a failed server, use the retry command in SLB real server configuration mode. To restore the default retry value, use the no form of this command.
retry-value |
Time, in seconds, to wait after the detection of a server failure before a new connection to the server is attempted. If the new connection attempt succeeds, the real server is placed in OPERATIONAL state. If the connection attempt fails, the timer is reset, the connection is reassigned, and the process repeats until it is successful or until the server is placed in the OUTOFSERVICE state by the network administrator. Valid values range from 1 to 3600. The default value is 60 seconds. A value of 0 means do not attempt a new connection to the server when it fails. |
The default retry-value is 60 seconds.
SLB real server configuration (config-slb-real)
Release |
Modification |
---|---|
12.0(7)XE |
This command was introduced. |
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
The following example specifies that 120 seconds must elapse after the detection of a server failure before a new connection is attempted:
Router(config)# ip slb serverfarm PUBLIC Router(config-slb-sfarm)# real 10.10.1.1 Router(config-slb-real)# retry 120
Command |
Description |
---|---|
real (server farm) |
Identifies a real server by IP address and optional port number as a member of a server farm and enters real server configuration mode. |
show ip slb reals |
Displays information about the real servers. |
show ip slb serverfarms |
Displays information about the server farm configuration. |
To associate an IPv4 server farm with a virtual server, and optionally configure an IPv4 backup server farm, an IPv6 server farm and backup server farm, and specify that sticky connections are to be used in the IPv4 backup server farm, use the serverfarm command in SLB virtual server configuration mode. To remove the server farm association from the virtual server configuration, use the no form of this command.
primary-farm |
Name of a primary server farm that has already been defined using the ip slb serverfarmcommand.
|
backup backup-farm |
(Optional) Name of a backup server farm that has already been defined using the ip slb serverfarmcommand.
|
sticky |
(Optional) Specifies that sticky connections are to be used in the backup server farm. |
ipv6-primary ipv6-primary-farm |
(Optional) For dual-stack, name of the primary IPv6 server farm that has already been defined using the ip slb serverfarmcommand. |
ipv6-backup ipv6-backup-farm |
(Optional) For dual-stack, name of the backup IPv6 server farm that has already been defined using the ip slb serverfarmcommand. |
map map-id priority priority |
(Optional) Associates an IOS SLB GPRS Tunneling Protocol (GTP) or RADIUS map with the server farm for general packet radio service (GPRS) or RADIUS load balancing. The map ID identifies a specific map that has already been defined using the ip slb map command. The priority specifies the order of preference of the specified map. A lower number indicates a higher priority. The range of priorities is 1 to 255. Priorities for different maps do not have to be contiguous. That is, you can have three maps with priorities 1, 5, and 10, respectively. When IOS SLB searches for a match, it does so on the basis of both the map ID and the map priority. Each map ID and each map priority must be unique across all server farms associated with the virtual server. That is, you cannot configure more than one map with the same ID or priority. |
No real server farm is associated with a virtual server. If backup backup-farm is not specified, no IPv4 backup server farm is configured. If backup backup-farm is specified but the sticky keyword is not specified, sticky connections are not used in the IPv4 backup server farm. If ipv6-primary ipv6-primary-farm is not specified, no dual-stack backup server farm is configured. If ipv6-backup ipv6-backup-farm is not specified, no dual-stack backup server farm is configured.
SLB virtual server configuration (config-slb-vserver)
Release |
Modification |
---|---|
12.0(7)XE |
This command was introduced. |
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
12.1(8a)E |
The backup and sticky keywords and the backup-farm argument were added. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRB |
The map and priority keywords and the map-id and priorityarguments were added. |
15.0(1)S |
The ipv6-primaryand ipv6-backupkeywords and the ipv6-primary-farmand ipv6-backup-farm arguments were added. |
RADIUS load balancing and the Home Agent Director do not support the sticky keyword.
You can associate more than one server farm with a given virtual server by configuring more than one serverfarm command, each with a unique map ID and a unique priority. (That is, each map ID and each map priority must be unique across all server farms associated with the virtual server.)
For GPRS load balancing, if a real server is defined in two or more server farms, each server farm must be associated with a different virtual server.
IOS SLB supports dual-stack addresses for GTP load balancing only.
All IPv4 or IPv6 server farms that are associated with the same virtual server must have the same NAT configuration.
If you associate a primary server farm with a backup server farm, then all of the server farm maps that use that primary server farm must also be configured to use that same backup serverfarm. You cannot configure a server farm map that uses that primary server farm and no backup server farm.
ip slb vserver RADIUS virtual 2.2.2.2 udp 0 service radius serverfarm SF1 backup SF2 map 1 priority 1 serverfarm SF1 backup SF2 inservice
ip slb vserver RADIUS virtual 2.2.2.2 udp 0 service radius serverfarm SF1 map 1 priority 1 serverfarm SF1 backup SF2 inservice
The following example shows how the ip slb vserver, virtual, and serverfarm commands are used to associate the real server farm named PUBLIC with the virtual server named PUBLIC_HTTP.
Router(config)# ip slb vserver PUBLIC_HTTP Router(config-slb-vserver)# virtual 10.0.0.1 tcp www Router(config-slb-vserver)# serverfarm PUBLIC
Command |
Description |
---|---|
ip slb serverfarm |
Identifies a server farm and enters server farm configuration mode. |
show ip slb vservers |
Displays information about the virtual servers defined to IOS Server Load Balancing (IOS SLB). |
virtual |
Configures the virtual server attributes. |
To display information about the Feature Manager (FM) IOS Server Load Balancing (IOS SLB) counters, use the show fm slb counterscommand in privileged EXEC mode.
This command has no arguments or keywords.
Privileged EXEC (#)
Release |
Modification |
---|---|
12.2(18)SXF5 |
This command was introduced. |
The following sample output from the show fm slb counterscommand shows counter information for virtual server 10.11.11.11:
Router# show fm slb counters
FM SLB Purge Counters:
Global Purges: 0
TCP Purges: 0
UDP Purges: 0
Virtual Purges: 0
Flow Purges: 0
FM SLB Netflow Install Counters
[Slot 6 ] Install Request Sent 3
The table below describes the fields shown in the display.
Field |
Description |
---|---|
Global Purges |
Number of global purges sent by FM IOS SLB. |
TCP Purges |
Number of TCP purges sent by FM IOS SLB. |
UDP Purges |
Number of UDP purges sent by FM IOS SLB. |
Virtual Purges |
Number of virtual purges sent by FM IOS SLB. |
Flow Purges |
Number of flow purges sent by FM IOS SLB. |
Install Request Sent |
Number of install requests sent by IOS SLB. |
Command |
Description |
---|---|
clear fm slb counters |
Clears Feature Manager (FM) IOS Server Load Balancing (IOS SLB) counters. |
To display information about Dynamic Feedback Protocol (DFP) agents and their subsystems, use the show ip dfp command inprivilegedEXEC mode.
agent subsystem-name |
(Optional) Displays information about the specified DFP agent, such as slbfor IOS SLB. |
detail |
(Optional) Displays detailed DFP agent information. |
If no options are specified, the command displays output for all DFP agents identified by ip dfp agentcommands, regardless of whether those agents are currently in service (Inservice: yes) or active (AppActive: yes).
Privileged EXEC (#)
Release |
Modification |
---|---|
12.1(8a)E |
This command was introduced. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.3(4)T |
This command was integrated into Cisco IOS Release 12.3(4)T. |
12.2(18)SXD |
This command was integrated into Cisco IOS Release 12.2(18)SXD. |
Detailed output for the show ip dfp command includes information about all DFP agents configured with ip slb agent commands, regardless of whether those agents are currently in service.
The following example shows basic information for DFP agent slb:
Router# show ip dfp agent slb
Unexpected errors: 0
DFP Agent for service: SLB
Port: 666 Interval: 10
Current passwd: <none> Pending passwd: <none>
Passwd timeout: 0
Inservice: yes AppActive: yes
Manager IP Address Timeout
------------------ -------
172.16.45.27 0
The following example shows detailed information for DFP agent slb:
Router# show ip dfp agent slb detail
Unexpected errors: 0
DFP Agent for service: SLB
Port: 666 Interval: 10
Current passwd: <none> Pending passwd: <none>
Passwd timeout: 0
Inservice: yes AppActive: yes
Manager IP Address Timeout
------------------ -------
172.16.45.27 0
Weight Table Report for Agent SLB
Weights for Port: 80 Protocol: TCP
IP Address Bind ID Weight
--------------- ------- -------
10.1.1.1 0 65535
Weights for Port: 0 (wildcard) Protocol: 0 (wildcard)
IP Address Bind ID Weight
--------------- ------- -------
10.0.0.0 65534 0
Bind ID Table Report for Agent SLB
Bind IDs for Port: 80 Protocol: TCP
Bind ID Client IP Client Mask
------- --------------- ---------------
0 10.0.0.0 0.0.0.0
The table below describes the fields shown in the display.
Field |
Description |
---|---|
Port |
TCP port number of the agent. |
Interval |
Number of seconds to wait before recalculating weights. |
Current passwd |
Current DFP password for Message Digest Algorithm Version 5 (MD5) authentication. |
Pending passwd |
Pending new DFP password for MD5 authentication. |
Passwd timeout |
Delay period, in seconds, during which both the current password and the new password are accepted. |
Inservice |
Indicates whether the DFP agent is enabled for communication with a DFP manager. |
AppActive |
Indicates whether the DFP agent is active. |
Manager IP Address |
IP address of the manager to which weights are being sent. |
Timeout |
Time period, in seconds, during which the DFP manager must receive an update from the DFP agent. A value of 0 means there is no timeout. |
Weights for Port |
Port for which the following weights are reported. 0 indicates a wildcard value. |
Protocol |
Protocol used for the port. 0 indicates a wildcard value. |
IP Address |
IP address for which weight is reported. |
Bind ID |
Bind ID associated with the IP address. |
Weight |
Weight calculated for the IP address. |
Bind IDs for Port |
Port for which the following bind IDs are reported. |
Protocol |
Protocol used for the port. |
Bind ID |
Bind ID of this instance of the real server. |
Client IP |
IP address of client using the virtual server. |
Client Mask |
IP network mask of client using the virtual server. |
Command |
Description |
---|---|
agent |
Identifies a DFP agent to which IOS SLB can connect. |
ip dfp agent |
Identifies a DFP agent subsystem and initiates DFP agent configuration mode. |
ip slb dfp |
Configures DFP, supplies an optional password, and initiates DFP configuration mode. |
To display the active IOS Server Load Balancing (IOS SLB) connections (or sessions, in GPRS load balancing and the Home Agent Director), use the show ip slb connscommand in privileged EXEC mode.
vserver virtual-server |
(Optional) Displays only those connections (or sessions, in GPRS load balancing and the Home Agent Director) associated with the specified virtual server. |
client ip-address |
(Optional) Displays only those connections (or sessions, in GPRS load balancing and the Home Agent Director) associated with the specified client IP address. |
firewall firewall-farm |
(Optional) Displays only those connections (or sessions, in GPRS load balancing and the Home Agent Director) associated with the specified firewall farm. |
detail |
(Optional) Displays detailed information about the connection (or session, in GPRS load balancing and the Home Agent Director). |
Privileged EXEC (#)
Release |
Modification |
---|---|
12.0(7)XE |
This command was introduced. |
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
12.1(7)E |
The firewall keyword and firewall-farm argument were added. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
If no options are specified, the command displays output for all active IOS SLB connections (or sessions, in GPRS load balancing and the Home Agent Director).
The following is sample output from the show ip slb conns command:
Router# show ip slb conns
vserver prot client real state
----------------------------------------------------------------------------
TEST TCP 10.150.72.183:328 10.80.90.25:80 INIT
TEST TCP 10.250.167.226:423 10.80.90.26:80 INIT
TEST TCP 10.234.60.239:317 10.80.90.26:80 ESTAB
TEST TCP 10.110.233.96:747 10.80.90.26:80 ESTAB
TEST TCP 10.162.0.201:770 10.80.90.30:80 CLOSING
TEST TCP 10.22.225.219:995 10.80.90.26:80 CLOSING
TEST TCP 10.2.170.148:169 10.80.90.30:80 ZOMBIE
The table below describes the fields shown in the display.
Field |
Description |
---|---|
vserver |
Name of the virtual server associated with the connection (or session, in GPRS load balancing and the Home Agent Director). |
prot |
Protocol being used by the connection (or session, in GPRS load balancing and the Home Agent Director). |
client |
Client IP address associated with the connection (or session, in GPRS load balancing and the Home Agent Director). |
real |
Real server IP address associated with the connection (or session, in GPRS load balancing and the Home Agent Director). |
state |
Current state of the connection (or session, in GPRS load balancing and the Home Agent Director). |
To display Dynamic Feedback Protocol (DFP) manager and agent information, such as passwords, timeouts, retry counts, and weights, use the show ip slb dfpcommand in privileged EXEC mode.
agent |
(Optional) Displays information about an agent. |
agent-ip |
(Optional) Agent IP address. |
port |
(Optional) Agent TCP or User Datagram Protocol (UDP) port number. |
manager |
(Optional) Displays information about the specified manager. |
manager-ip |
(Optional) Manager IP address. |
detail |
(Optional) Displays all data available. |
weights |
(Optional) Displays information about weights assigned to real servers for load balancing. |
If no options are specified, the command displays summary information.
Privileged EXEC (#)
Release |
Modification |
---|---|
12.0(7)XE |
This command was introduced. |
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
12.1(5a)E |
The manager keyword and manager-ip argument were added. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
If no options are specified, the command displays summary information.
The following sample output from the show ip slb dfp command displays high-level information about all DFP agents and managers:
Router# show ip slb dfp
DFP Manager:
Current passwd:NONE Pending passwd:NONE
Passwd timeout:0 sec
Agent IP Port Timeout Retry Count Interval
---------------------------------------------------------------
172.16.2.34 61936 0 0 180 (Default)
The table below describes the fields shown in the display.
Field |
Description |
---|---|
DFP Manager |
Indicates that the following information applies to the DFP manager. |
Current passwd |
Current password for the DFP manager, if any. |
Pending passwd |
Pending password for the DFP manager, if any. |
Passwd timeout |
For the DFP manager, delay period, in seconds, during which both the current password and the pending password are accepted. |
Agent IP |
IP address of the agent about which information is being displayed. |
Port |
TCP or UDP port number of the agent. The valid range is 1 to 65535. |
Timeout |
Time period, in seconds, during which the DFP manager must receive an update from the DFP agent. A value of 0 means there is no timeout. |
Retry Count |
Number of times the DFP manager attempts to establish the TCP connection to the DFP agent. A value of 0 means there are infinite retries. |
Interval |
Interval, in seconds, between retries. |
The following example displays detailed information about DFP agents and managers:
Router# show ip slb dfp detail
DFP Manager
Current passwd <none> Pending passwd <none>
Passwd timeout 0 sec
Unexpected errors 0
% No DFP Agents configured
The table below describes the fields shown in the display.
Field |
Description |
---|---|
DFP Manager |
Indicates that the following information applies to the DFP manager. |
Current passwd |
Current DFP password for MD5 authentication. |
Pending passwd |
Pending new DFP password for MD5 authentication. |
Passwd timeout |
Delay period, in seconds, during which both the current password and the pending password are accepted. |
Unexpected errors |
Number of unexpected errors encountered by the DFP manager. |
No DFP Agents configured |
Indicates that there are no DFP agents associated with the DFP manager. |
The following example displays detailed information about DFP manager 10.0.0.0:
Router# show ip slb dfp manager 10.0.0.0
DFP Manager 10.0.0.0 Connection state Connected
Timeout = 20
Last message sent 033537 UTC 01/02/00
The table below describes the fields shown in the display.
Field |
Description |
---|---|
DFP Manager |
Indicates that the following information applies to the DFP manager. |
Connection state |
Current connection state of the DFP manager. |
Timeout |
Time period, in seconds, during which the DFP manager must receive an update from the DFP agent. A value of 0 means there is no timeout. |
Last message sent |
Date and time of the last message sent by the DFP manager. |
The following example displays detailed information about weights assigned to real servers for load balancing:
Router# show ip slb dfp weights
Real IP Address 10.0.10.10 Protocol TCP Port 22 Bind_ID 111 Weight 111
Set by Agent 172.16.2.3458490 at 132241 UTC 12/03/99
Real IP Address 10.17.17.17 Protocol TCP Port www Bind_ID 1 Weight 1
Set by Agent 172.16.2.3458490 at 132241 UTC 12/03/99
Real IP Address 10.68.68.68 Protocol TCP Port www Bind_ID 4 Weight 4
Set by Agent 172.16.2.3458490 at 132241 UTC 12/03/99
Real IP Address 10.85.85.85 Protocol TCP Port www Bind_ID 5 Weight 5
Set by Agent 172.16.2.3458490 at 132241 UTC 12/03/99
The table below describes the fields shown in the display.
Field |
Description |
---|---|
Real IP Address |
IP address of the real server for which weight is reported. |
Protocol |
Protocol used for the port. |
Port |
Port for which the following bind ID is being reported. |
Bind_ID |
Bind ID of this instance of the real server. |
Weight |
Weight calculated for the real IP address. |
Set by Agent |
Agent that set the weight, and the date and time the weight was set. |
To display firewall farm information, use the show ip slb firewallfarmcommand in privileged EXEC mode.
detail |
(Optional) Displays detailed information. |
Privileged EXEC (#)
Release |
Modification |
---|---|
12.1(3a)E |
This command was introduced. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
The following is sample output from the show ip slb firewallfarmcommand:
Router# show ip slb firewallfarm
firewall farm hash state reals
------------------------------------------------
FIRE1 IPADDR OPERATIONAL 2
The table below describes the fields shown in the display.
Field |
Description |
---|---|
firewall farm |
Name of the firewall farm. |
hash |
Load-balancing algorithm used to select a firewall for the firewall farm:
See the predictor hash address (firewall farm)command for more details. |
state |
Current state of the firewall farm: |
reals |
Number of firewalls that are members of the firewall farm. |
To display information from the Cisco IOS Server Load Balancing (IOS SLB) fragment database, use the show ip slb fragmentscommand in privileged EXEC mode.
This command has no arguments or keywords.
Privileged EXEC (#)
Release |
Modification |
---|---|
12.1(11b)E |
This command was introduced. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
The following sample output from the show ip slb fragmentscommand shows fragment information for virtual server 10.11.11.11:
Router# show ip slb fragments
ip src id forward src nat dst nat
---------------------------------------------------------------------
10.11.2.128 12 10.11.2.128 10.11.11.11 10.11.2.128
10.11.2.128 13 10.11.2.128 10.11.11.11 10.11.2.128
10.11.2.128 14 10.11.2.128 10.11.11.11 10.11.2.128
10.11.2.128 15 10.11.2.128 10.11.11.11 10.11.2.128
10.11.2.128 16 10.11.2.128 10.11.11.11 10.11.2.128
The table below describes the fields shown in the display.
Field |
Description |
---|---|
ip src |
Source IP address of the fragment. |
id |
IP ID of the fragment, set by the packet originator. |
forward |
IP address to which the fragment is being forwarded. |
src nat |
If using Network Address Translation (NAT), new source IP address after NAT. |
dst nat |
If using NAT, new destination IP address after NAT. |
To display IOS Server Load Balancing (IOS SLB) general packet radio service (GPRS) Tunneling Protocol (GTP) information, use the show ip slb gtpcommand in privileged EXEC mode.
gsn |
(Optional) Displays IOS SLB database information for the specified gateway GPRS support node (GGSN) or serving GPRS support node (SGSN). |
gsn-ip-address |
(Optional) IP address of the GGSN or SGSN for which information is to be displayed. If you do not specify a gsn-ip-address, IOS SLB displays information for all GGSNs and SGSNs. |
nsapi |
(Optional) Displays IOS SLB database information for the specified Network Service Access Point Identifier (NSAPI). |
nsapi-key |
(Optional) Key of the NSAPI for which information is to be displayed. If you do not specify an nsapi-key, IOS SLB displays information for all NSAPIs. |
detail |
(Optional) Displays additional, more detailed information. |
If you specify gsn and you do not specify a gsn-ip-address, IOS SLB displays information for all GGSNs and SGSNs. If you specify nsapi and you do not specify an nsapi-key, IOS SLB displays information for all NSAPIs.
Privileged EXEC (#)
Release |
Modification |
---|---|
12.1(13)E3 |
This command was introduced. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
The following is sample output from the show ip slb gtp gsncommand for a specific GGSN or SGSN:
Router# show ip slb gtp gsn 10.0.0.0
type ip recovery-ie purging
------------------------------------------
SGSN 10.0.0.0 UNKNOWN N
The table below describes the fields shown in the display.
Field |
Description |
---|---|
type |
Type of GSN (either GGSN or SGSN). |
ip |
IP address of the GGSN or SGSN. |
recovery-ie |
Last seen recovery IE for this GGSN or SGSN. |
purging |
Indicates whether Packet Data Protocol (PDP) contexts belonging to this GGSN or SGSN are being purged as a result of path failure: |
The following is sample output from the show ip slb gtp nsapicommand:
Router# show ip slb gtp nsapi
nsapi key real nsapi count session count
-----------------------------------------------------------------
11111111111111F1 172.16.0.0 1 1
The following is sample output from the show ip slb gtp nsapicommand for a specific NSAPI key:
Router# show ip slb gtp nsapi 11111111111111F1
nsapi key real nsapi count session count
-----------------------------------------------------------------
11111111111111F1 172.16.0.0 1 1
The table below describes the fields shown in the display.
Field |
Description |
---|---|
nsapi key |
Key for the session. This is the IMSI. |
real |
Real server to which the session is assigned. |
nsapi count |
Number of NSAPIs bound to the session. This is the number of PDP contexts (mobile sessions) on the GGSN associated with the IMSI. |
session count |
Number of sessions to which the NSAPI is currently bound. Normally, the NSAPI is bound to one session, but it is bound to two sessions in transition during an update. |
The following is sample output from the show ip slb gtp nsapi detailcommand:
Router# show ip slb gtp nsapi detail
IMSI key = 11111111111111F1, real = 172.16.0.1, nsapi count = 1, session count = 1
no vserver key client state seq
---------------------------------------------------------------------------
5 SERVER1 0009E8810009E881 10.0.0.0:2123 GTP_INIT 0
The table below describes the fields shown in the display.
Field |
Description |
---|---|
IMSI key |
IMSI key for the session. |
real |
Real server to which the session is assigned. |
nsapi count |
Number of NSAPIs bound to the session. This is the number of PDP contexts (mobile sessions) on the GGSN associated with this IMSI. |
session count |
Number of sessions to which the NSAPI is currently bound. Normally, the NSAPI is bound to one session, but it is bound to two sessions in transition during an update. |
no |
NSAPI number. |
vserver |
Name of the virtual server. |
key |
Session key. |
client |
SGSN IP address and port number. |
state |
State of the session. Possible states are: |
seq |
Sequence number in the last delete request. |
To display information about IOS SLB protocol maps, use the show ip slb mapcommand in privilegedEXEC mode.
id |
(Optional) Displays information about the specified map. |
Privileged EXEC (#)
Release |
Modification |
---|---|
12.2(33)SRB |
This command was introduced. |
If no ID is specified, the command displays information about all maps.
The following is sample output from the show ip slb mapcommand:
Router# show ip slb map
ID: 1, Service: GTP
APN: Cisco.com, yahoo.com
PLMN ID(s): 11122, 444353
SGSN access list: 100
ID: 2, Service: GTP
PLMN ID(s): 67523, 345222
PDP Type: IPv4, PPP
ID: 3, Service: GTP
PDP Type: IPv6
ID: 4, Service: RADIUS
Calling-station-id: “?919*”
ID: 5, Service: RADIUS
Username: “..778cisco.*”
The table below describes the fields shown in the display.
Field |
Description |
---|---|
ID |
Identifier of the map about which information is being displayed. Information about each map is displayed on a separate line. |
Service |
Protocol associated with the map. Valid protocols are: |
APN |
One or more access point names (APNs) associated with the GTP map |
PLMN ID(s) |
One or more public land mobile networks (PLMNs) associated with the GTP map. |
SGSN access list |
Serving GPRS Support Node (SGSN) access list associated with the GTP map. |
PDP Type |
One or more packet data protocol (PDP) types associated with the GTP map. |
Calling-station-id |
String to be matched against the calling station ID attribute in the RADIUS payload. |
Username |
String to be matched against the username attribute in the RADIUS payload. |
To display the IP Cisco IOS Server Load Balancing (IOS SLB) Network Address Translation (NAT) configuration, use the show ip slb natpoolcommand in privileged EXEC mode.
name pool |
(Optional) Displays the specified NAT pool. |
detail |
(Optional) Lists all the interval ranges currently allocated in the client NAT pool. |
Privileged EXEC (#)
Release |
Modification |
---|---|
12.1(2)E |
This command was introduced. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
The following is sample output from the default show ip slb natpoolcommand:
Router# show ip slb natpool
nat client B 209.165.200.225 1.1.1.6 1.1.1.8 Netmask 255.255.255.0
nat client A 10.1.1.1 1.1.1.5 Netmask 255.255.255.0
The following is sample output from the show ip slb natpoolcommand with the detail keyword:
Router# show ip slb natpool detail
nat client A 1.1.1.1 1.1.1.5 Netmask 255.255.255.0
Start NAT Last NAT Count ALLOC/FREE
-------------------------------------------------------
10.1.1.1:11001 10.1.1.1:16333 0005333 ALLOC
10.1.1.1:16334 10.1.1.1:19000 0002667 ALLOC
10.1.1.1:19001 10.1.1.5:65535 0264675 FREE
nat client B 1.1.1.6 1.1.1.8 Netmask 255.255.255.0
Start NAT Last NAT Count ALLOC/FREE
-------------------------------------------------------
10.1.1.6:11001 10.1.1.6:16333 0005333 ALLOC
10.1.1.6:16334 10.1.1.6:19000 0002667 ALLOC
10.1.1.6:19001 10.1.1.8:65535 0155605 FREE
The table below describes the fields shown in the display.
Field |
Description |
---|---|
Start NAT |
Starting NAT address in a range of addresses in the client NAT pool. |
Last NAT |
Last NAT address in a range of addresses in the client NAT pool. |
Count |
Number of NAT addresses in the range. |
ALLOC/FREE |
Indicates whether the range of NAT addresses has been allocated or is free. |
Command |
Description |
---|---|
ip slb natpool |
Configures the IOS SLB NAT. |
To display information about a Cisco IOS Server Load Balancing (IOS SLB) probe, use the show ip slb probecommand in privileged EXEC mode.
name probe |
(Optional) Displays information about the specified probe. |
detail |
(Optional) Displays detailed information, including the SA Agent operation ID, which you can correlate with the output of the show rtr operational-state command. |
Privileged EXEC (#)
Release |
Modification |
---|---|
12.1(2)E |
This command was introduced. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
The following is sample output from the show ip slb probecommand:
Router# show ip slb probe
Server:Port State Outages Current Cumulative
----------------------------------------------------------------
10.10.4.1:0 OPERATIONAL 0 never 00:00:00
10.10.5.1:0 FAILED 1 00:00:06 00:00:06
The table below describes the fields shown in the display.
Field |
Description |
---|---|
Server:Port |
IP address and port of the real server. |
State |
Operational state of the probe:
For a detailed listing of real server states, see the show ip slb realscommand. |
Outages |
Number of intervals between successful probes. |
Current |
Time since the last probe success. That is, the duration (so far) of the current outage. |
Cumulative |
Total time the real server has been under test by the probe and has failed the probe test. This value is the sum of the Current time plus the total time of all previous outages. |
To display information about the real servers, use the show ip slb realscommand in privileged EXEC mode.
sfarm server-farm |
(Optional) Displays information about those real servers associated with the specified server farm or firewall farm. |
detail |
(Optional) Displays detailed information. |
Privileged EXEC (#)
Release |
Modification |
---|---|
12.0(7)XE |
This command was introduced. |
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
12.1(13)E |
The vserver keyword and virtual-serverargument were replaced with the sfarm keyword and server-farm argument. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
12.2(33)SRC |
The output for the detail keyword for a real server in a server farm was updated to display the configured maximum number of connections allowed (rate). |
15.0(1)S |
The output for the detail keyword for a real server in a server farm was updated to display the real server's IPv4, IPv6, or dual-stack address. |
If no options are specified, the command displays information about all real servers.
In a configuration with stateful backup, if a probe changes state at the same time that the primary IOS SLB device fails over to the backup IOS SLB device, the output from the show ip slb reals command for the backup device displays the state of the probe before the failover, not the actual current state.
The following is sample output from the show ip slb realscommand:
Router# show ip slb reals
real farm name weight state conns
--------------------------------------------------------------------
10.80.2.112 FRAG 8 OUTOFSERVICE 0
10.80.5.232 FRAG 8 OPERATIONAL 0
10.80.15.124 FRAG 8 OUTOFSERVICE 0
10.254.2.2 FRAG 8 OUTOFSERVICE 0
10.80.15.124 LINUX 8 OPERATIONAL 0
10.80.15.125 LINUX 8 OPERATIONAL 0
10.80.15.126 LINUX 8 OPERATIONAL 0
10.80.90.25 SRE 8 OPERATIONAL 220
10.80.90.26 SRE 8 OPERATIONAL 216
10.80.90.27 SRE 8 OPERATIONAL 216
10.80.90.28 SRE 8 TESTING 1
10.80.90.29 SRE 8 OPERATIONAL 221
10.80.90.30 SRE 8 OPERATIONAL 224
10.80.30.3 TEST 100 READY_TO_TEST 0
10.80.30.4 TEST 100 READY_TO_TEST 0
10.80.30.5 TEST 100 READY_TO_TEST 0
10.80.30.6 TEST 100 READY_TO_TEST 0
The table below describes the fields shown in the display.
Field |
Description |
---|---|
real |
IP address of the real server about which information is being displayed. Used to identify each real server. Information about each real server is displayed on a separate line. |
farm name |
Name of the server farm or firewall farm with which the real server is associated. |
weight |
Weight assigned to the real server. The weight identifies the real server’s capacity, relative to other real servers in the server farm. |
state |
Current state of the real server.
|
|
|
conns |
Number of connections associated with the real server. In general packet radio service (GPRS) load balancing, number of sessions associated with the real server. In per-packet server load balancing, number of request packets that have been load balanced to each real server, using the connection count. |
The following is sample output from the show ip slb reals detailcommand for a dual-stack real server in a server farm:
Router# show ip slb reals detail
172.16.88.5, SF1, state = OPERATIONAL, type = server
ipv6 = 2342:2342:2343:FF04:2388:BB03:3223:8912
conns = 0, dummy_conns = 0, maxconns = 4294967295
weight = 8, weight(admin) = 8, metric = 0, remainder = 0
reassign = 3, retry = 60
failconn threshold = 8, failconn count = 0
failclient threshold = 2, failclient count = 0
total conns established = 0, total conn failures = 0
server failures = 0
The following is sample output from the show ip slb reals detailcommand for a real server in a firewall farm:
Router# show ip slb reals detail
10.10.3.2, F, state = OPERATIONAL, type = firewall
conns = 0, dummy_conns = 0, maxconns = 4294967295
weight = 8, weight(admin) = 8, metric = 0, remainder = 0
total conns established = 8377, hash count = 0
server failures = 0
interface FastEthernet1/0, MAC 0000.0c41.1063
The table below describes the fields shown in the above detail displays.
Field |
Description |
---|---|
IPv4 or IPv6 address |
IPv4 or IPv6 address of the real server about which information is being displayed. Used to identify each real server. Information about each real server is displayed on a separate line. |
farm name |
Name of the server farm or firewall farm with which the real server is associated. |
state |
Current state of the real server.
|
type |
Indicates whether the real server is associated with a server farm (server) or firewall farm (firewall). |
ipv6 |
IPv6 address of the real server about which information is being displayed, if dual-stack. |
conns |
Number of connections associated with the real server. In general packet radio service (GPRS) load balancing, number of sessions associated with the real server. In per-packet server load balancing, number of request packets that have been load balanced to each real server, using the connection count. |
dummy_conns |
Internal counter used in debugging. |
maxconns |
Maximum number of active connections allowed on the real server at one time. |
weight |
Weight assigned to the real server. The weight identifies the real server’s capacity, relative to other real servers in the server farm. This value could be changed by DFP. |
weight(admin) |
Configured (or default) weight assigned to the real server. |
metric |
Internal counter used in debugging. |
remainder |
Internal counter used in debugging. |
reassign |
Total number of consecutive unacknowledged SYNchronize sequence numbers (SYNs) or Create Packet Data Protocol (PDP) requests since the last time the clear ip slb counterscommand was issued. |
retry |
Interval, in seconds, to wait between the detection of a failure on the real server and the next attempt to connect to the server. |
rate |
Maximum number of connections per second allowed on the real server. |
failconn threshold |
Maximum number of consecutive connection failures allowed before the real server is considered to have failed. |
failconn count |
Total number of consecutive connection failures since the last time the clear ip slb counterscommand was issued. |
failclient threshold |
Maximum number of unique client connection failures allowed before the real server is considered to have failed. |
failclient count |
Total number of unique client connection failures since the last time the clear ip slb counterscommand was issued. |
total conns established |
Total number of successful connection assignments since the last time the clear ip slb counterscommand was issued. |
total conn failures |
Total number of unsuccessful connection assignments since the last time the clear ip slb counterscommand was issued. |
server failures |
Total number of times this real server has been marked failed. |
hash count |
Total number of times the hash algorithm has been called. |
interface |
Type of interface. |
MAC |
MAC address of the firewall. |
To display the Cisco IOS Server Load Balancing (IOS SLB) replication configuration, use the show ip slb replicatecommand in privileged EXEC mode.
This command has no arguments or keywords.
Privileged EXEC (#)
Release |
Modification |
---|---|
12.1(2)E |
This command was introduced. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(14)ZA5 |
This command was modified to support slave replication. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
The following is sample output from the show ip slb replicatecommand:
Router# show ip slb replicate
VS1, state = NORMAL, interval = 10
Slave Replication: Enabled
Slave Replication statistics:
unsent conn updates: 0
conn updates received: 0
conn updates transmitted: 0
update messages received: 0
update messages transmitted: 0
Casa Replication:
local = 10.1.1.1 remote = 10.2.2.2 port = 1024
current password = <none> pending password = <none>
password timeout = 180 sec (Default)
Casa Replication statistics:
unsent conn updates: 0
conn updates received: 0
conn updates transmitted: 0
update packets received: 0
update packets transmitted: 0
failovers: 0
The table below describes the fields shown in the display.
Field |
Description |
---|---|
state |
Current replication state of the virtual server: |
interval |
Replication buffering interval, in seconds. |
Slave Replication |
Indicates whether Slave Replication is enabled or disabled. |
unsent conn updates |
Number of Slave Replication or CASA Replication connection updates waiting to be sent. |
conn updates received |
Number of Slave Replication or CASA Replication connection updates received. |
conn updates transmitted |
Number of Slave Replication or CASA Replication connection updates sent. |
update packets received |
Number of Slave Replication or CASA Replication connection update packets received. |
update packets transmitted |
Number of Slave Replication or CASA Replication connection update packets sent. |
local |
Listening IP address for CASA Replication state exchange messages that are advertised. |
remote |
Destination IP address for all CASA Replication state exchange signals. |
port |
TCP or User Datagram Protocol (UDP) port number or port name for all CASA Replication state exchange signals. |
current password |
Current CASA Replication password for Message Digest Algorithm Version 5 (MD5) authentication, if any. |
pending password |
Pending CASA Replication password for MD5 authentication, if any. |
failovers |
Number of CASA Replication failovers detected. |
Command |
Description |
---|---|
request (HTTP probe) |
Configures an HTTP probe to check the status of the real servers. |
To display information about the server farms, use the show ip slb serverfarmscommand in privilegedEXEC mode.
name |
(Optional) Displays information about only a particular server farm. |
serverfarm-name |
(Optional) Name of the server farm. |
detail |
(Optional) Displays detailed server farm information. |
Privileged EXEC (#)
Release |
Modification |
---|---|
12.0(7)XE |
This command was introduced. |
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
12.2(33)SRC |
The output for the detail keyword was updated to display RADIUS load balancing enhancements and information about the IOS SLB KeepAlive Application Protocol (KAL-AP) agent. |
15.0(1)S |
The output for the detail keyword was updated to display the real server's IPv4, IPv6, or dual-stack address. |
The following is sample output from the show ip slb serverfarmscommand:
Router# show ip slb serverfarms
server farm predictor nat reals bind id interface(s)
GGSN ROUNDROBIN none 0 0 <any>
GGSN1 ROUNDROBIN S 5 0 <any>
GGSN_IPV6 ROUNDROBIN S 5 0 <any>
The table below describes the fields shown in the display.
Field |
Description |
---|---|
server farm |
Name of the server farm about which information is being displayed. Information about each server farm is displayed on a separate line. |
predictor |
Type of load-balancing algorithm (ROUNDROBIN, LEASTCONNS, or ROUTEMAP) used by the server farm |
nat |
NAT setting for the server farm: |
reals |
Number of real servers configured in the server farm |
bind id |
Bind ID configured on the server farm. |
interface(s) |
Interface used by the server farm |
The following is sample output from the show ip slb serverfarms detailcommand, if RADIUS load balancing is configured with the route map predictor:
Router# show ip slb serverfarms detail
SF1, predictor = ROUNDROBIN, nat =SERVER, interface(s) = Vl88
virtuals inservice: 1, reals = 1, bind id = 0
Real servers:
172.16.88.5, weight = 8, OPERATIONAL, conns = 0
ipv6 = 2342:2342:2343:FF04:2388:BB03:3223:8912
Total connections = 0
For RADIUS load balancing with the route map predictor configured, specifying the detail keyword displays:
The following is sample output from the show ip slb serverfarms detailcommand, if a KAL-AP request was received for this server farm:
SF, predictor = ROUNDROBIN, nat = SERVER, interface(s) = <any> virtuals inservice: 1, reals = 2, bind id = 0 KAL-AP tag: “chicago.com”, farm weight: 400
For the KAL-AP agent, specifying the detail keyword displays:
To display information about sessions handled by Cisco IOS Server Load Balancing (IOS SLB), use the show ip slb sessionscommand in privileged EXEC mode.
asn |
(Optional) Displays information about set of Access Service Network (ASN) gateways sessions being handled by IOS SLB. |
gtp |
(Optional) Displays IPv4 information about general packet radio service (GPRS) Tunneling Protocol (GTP) sessions being handled by IOS SLB. |
ipv6 |
(Optional) Displays detailed information about the IPv6 sessions being handled by GTP load balancing. |
gtp-inspect |
(Optional) Displays information about GTP sessions being handled by IOS SLB that have GTP cause code inspection enabled. |
ipmobile |
(Optional) Displays information about Mobile IP sessions being handled by IOS SLB. |
radius |
(Optional) Displays information about RADIUS sessions being handled by IOS SLB. |
vserver virtual-server |
(Optional) Displays information about sessions being handled by the specified virtual server. |
client ipv4-address ipv4-netmask |
(Optional) Displays information about sessions associated with the specified client IPv4 address or subnet |
detail |
(Optional) Displays detailed information. |
Privileged EXEC (#)
Release |
Modification |
---|---|
12.1(11b)E |
This command was introduced. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.1(13)E3 |
The gtp and gtp-inspect keywords were added. |
12.2(14)ZA2 |
The ipmobile keyword was added. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
12.2(33)SRC1 |
The asnkeyword was added. |
15.0(1)S |
The ipv6keyword was added. |
The following is sample output from the show ip slb sessionscommand for RADIUS sessions:
Router# show ip slb sessions radius
Source Dest Retry
Addr/Port Addr/Port Id Count Real Vserver
------------------------------------------------------------------------------
10.10.11.1/1645 10.10.11.2/1812 15 1 10.10.10.1 RADIUS_ACCT
The table below describes the fields shown in the display.
Field |
Description |
---|---|
Source Addr/Port |
Source IPv4 address and port number for the session. |
Dest Addr/Port |
Destination IPv4 address and port number for the session. |
Id |
RADIUS identifier for the session. |
Retry Count |
Number of times a RADIUS request was sent by a RADIUS client without receiving a response from the RADIUS server (proxy or otherwise). |
Real |
IPv4 address of the SSG RADIUS server (proxy or otherwise). |
Vserver |
Name of the virtual server whose sessions are being monitored and displayed. |
The following example shows GTP IPv4 session data:
Router# show ip slb sessions gtp
vserver key client real state
----------------------------------------------------------------------------------
10.10.10.10 1234567890123456 10.5.5.5 10.10.1.1 GTP_ESTAB
The table below describes the fields shown in the display.
Field |
Description |
---|---|
vserver |
Name of the virtual server whose GTP sessions are being monitored and displayed. Information about each session is displayed on a separate line. |
key |
Network Service Access Point Identifier (NSAPI) key being used by the GTP session. |
client |
Client IPv4 address being used by the GTP session. |
real |
Real IPv4 address of the GTP session. |
state |
Current state of the GTP session:
|
The following example shows GTP IPv6 session data:
Router# show ip slb sessions gtp ipv6
vserver = VS, key = 1112131415180030
client = 3:3:3:3:3:3:3:9
real = 4:4:4:4:4:4:4:4
state = SLB_IPV6_GTP_ESTAB
The following example shows IOS SLB Mobile IP session data:
Router# show ip slb sessions ipmobile
vserver NAI hash client real retries
---------------------------------------------------------------------------
VIRTUAL_HA 0xFFFF 10.1.1.1/434 10.10.1.1 1
The table below describes the fields shown in the display.
Field |
Description |
---|---|
vserver |
Name of the virtual server whose Mobile IP sessions are being monitored and displayed. Information about each session is displayed on a separate line. |
NAI hash |
Network access identifier (NAI) in the Registration Request (RRQ), used by Cisco IOS SLB as a unique identifier. |
client |
Client IPv4 address being used by the Mobile IP session. |
real |
Real IPv4 address of the Mobile IP session. |
retries |
Number of foreign agent retries for the Mobile IP session. |
The following is sample output from the show ip slb sessions asncommand for ASN sessions:
Router# show ip slb sessions asn vserver MSID Base Station real state ------------------------------------------------------------------------------ 10.10.10.10 001646013fc0 5.5.5.5 10.10.1.1 ASN_REQ
The table below describes the fields shown in the display.
Field |
Description |
---|---|
vserver |
Name of the virtual server whose ASN sessions are being monitored and displayed. Information about each session is displayed on a separate line. |
MSID |
Mobile Station Identifier (MSID), used by Cisco IOS SLB as a unique identifier. |
Base Station |
IPv4 address of the base station associated with the ASN session. |
real |
Real IPv4 address of the ASN session. |
state |
Current state of the ASN session:
|
To display the Cisco IOS Server Load Balancing (IOS SLB) server Network Address Translation (NAT) configuration, use the show ip slb staticcommand in privileged EXEC mode.
This command has no arguments or keywords.
The default behavior is to display the entire IOS SLB server NAT configuration.
Privileged EXEC (#)
Release |
Modification |
---|---|
12.1(11b)E |
This command was introduced. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
The following is sample output from the show ip slb staticcommand:
Router# show ip slb static
real action address counter
---------------------------------------------------------------
10.11.3.4 drop 0.0.0.0 0
10.11.3.1 NAT 10.11.11.11 3
10.11.3.2 NAT sticky 10.11.11.12 0
10.11.3.3 NAT per-packet 10.11.11.13 0
The table below describes the fields shown in the display.
Field |
Description |
---|---|
real |
IP address of the real server. |
action |
Action to be taken by the real server:
|
address |
Virtual IP address used by the real server when translating addresses using server NAT. Address 0.0.0.0 means the real server is not configured for server NAT. |
counter |
For actions drop and NAT per-packet, indicates the number of packets processed by the real server. For actions NAT and NAT sticky, indicates the number of packets received by, but not necessarily processed by, the real server. |
To display IOS Server Load Balancing (IOS SLB) statistics, use the show ip slb statscommand in privileged EXEC mode.
kal-ap |
(Optional) Displays information about the IOS SLB KeepAlive Application Protocol (KAL-AP) agent. |
No default behavior or values.
Privileged EXEC (#)
Release |
Modification |
---|---|
12.0(7)XE |
This command was introduced. |
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
12.1(9)E |
This command was modified to support general packet radio service (GPRS) load balancing. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
12.2(33)SRC |
The kal-ap keyword was added, and the output for the command was updated to display correlation inject failures for RADIUS load balancing accelerated data plane forwarding. |
12.2(33)SRC1 |
The output for the command was updated to display packet fragment drops for Access Service Network (ASN) R6 load balancing. |
The following is sample output from the show ip slb statscommand:
Router# show ip slb stats
Pkts via normal switching: 108247
Pkts via special switching: 4307026
Pkts via slb routing: 1376241
Pkts Dropped: 0
Connections Created: 933131
Connections Established: 350042
Connections Destroyed: 639323
Connections Reassigned: 0
Zombie Count: 0
Connections Reused: 0
Connection Flowcache Purges: 2665
Failed Connection Allocs: 0
Failed Real Assignments: 0
RADIUS framed-ip Sticky Count: 524288
RADIUS username Sticky Count: 0
RADIUS cstn-id Sticky Count: 0
GTP imsi Sticky Count: 0
Route Flows Created: 1691177
Failed Route Flow Allocs: 0
Failed Correlation Injects: 0
Pkt fragments drops in ssv: 0
ASN MSID sticky count: 1
The table below describes the fields shown in the display.
Field |
Description |
---|---|
Pkts via normal switching |
Number of packets handled by IOS SLB via normal switching since the last time counters were cleared. Normal switching is when IOS SLB packets are handled on normal IOS switching paths (CEF, fast switching, and process level switching). |
Pkts via special switching |
Number of packets handled by IOS SLB via special switching since the last time counters were cleared. Special switching is when IOS SLB packets are handled on hardware-assisted switching paths. |
Pkts via slb routing |
Number of packets handled by IOS SLB via SLB routing since the last time counters were cleared. |
Pkts dropped |
Number of packets dropped or consumed by IOS SLB since the last time counters were cleared. The Pkts dropped field can increase for one or more of the following reasons:
|
Connections Created |
Number of connections (or sessions, in general packet radio service [GPRS] load balancing and the Home Agent Director) created since the last time counters were cleared. |
Connections Established |
Number of connections (or sessions, in GPRS load balancing and the Home Agent Director) created and that have become established since the last time counters were cleared. |
Connections Destroyed |
Number of connections (or sessions, in GPRS load balancing and the Home Agent Director) destroyed since the last time counters were cleared. |
Connections Reassigned |
Number of connections (or sessions, in GPRS load balancing and the Home Agent Director) reassigned to a different real server since the last time counters were cleared. |
Zombie Count |
Number of connections (or sessions, in GPRS load balancing and the Home Agent Director) that are currently pending destruction (awaiting a timeout or some other condition to be met). |
Connections Reused |
Number of zombie connections (or sessions, in GPRS load balancing and the Home Agent Director) reused since the last time counters were cleared. A zombie connection is reused if it receives a TCP SYNchronize sequence number (SYN) or User Datagram Protocol (UDP) packet and succeeds in connecting to a real server. The zombie connection becomes a real connection and the zombie count is decremented. |
Connection Flowcache Purges |
Number of times the connection flow cache was purged since the last time counters were cleared. |
Failed Connection Allocs |
Number of times the allocation of a connection (or session, in GPRS load balancing) failed since the last time counters were cleared. |
Failed Real Assignments |
Number of times the assignment of a real server failed since the last time counters were cleared. |
RADIUS framed-ip Sticky Count |
Number of entries in the RADIUS framed-IP sticky database. |
RADIUS username Sticky Count |
Number of entries in the RADIUS username sticky database. |
RADIUS cstn-id Sticky Count |
Number of entries in the RADIUS calling-station-ID sticky database. |
GTP imsi Sticky Count |
Number of entries in the GTP IMSI sticky database. |
Route Flows Created |
Number of route flows created. |
Failed Route Flows Allocs |
Number of failed route flow allocations. |
Failed Correlation Injects |
Number of failed correlation injects. |
Pkt fragments drops in ssv |
Number of packet fragments drops in the SSV. |
ASN MSID sticky count |
Number of sticky objects in the ASN MSID sticky database. |
The following is sample output from the show ip slb kal-ap stats kal-apcommand:
Router# show ip slb kal-ap stats kal-ap
KAL-AP Mgr: (default), Socket state: OPEN, Socket retry: 0
KAL-AP Mgr: 2.2.2.2, Socket state: FAILED, Socket retry: 10
UDP Port: 5002, vrf: vrf1
KAL-AP Mgr: 10.77.161.34, Socket state: FAILED, Socket retry: 10
UDP Port: 5002, Secret: test
KAL-AP Packet Statistics:
Packet Received: 84
Bytes Received: 3966
Packet Sent: 30
Bytes Sent: 1080
Encrypt Errors: 0
Recv Failures: 0
Sent Failures: 0
KAL-AP Manager: 2.2.2.2 Secret: Yes
KAL-AP Manager: 3.3.3.3 Secret: Yes
CAPP UDP Port: 5001
Pkt Recd: 100 Bytes Recd: 12345
Pkt Sent: 100 Bytes Sent: 12121
MD5 checksum failed: 0 Error packets: 0
To display the IOS Server Load Balancing (IOS SLB) sticky database, use the show ip slb stickycommand in privileged EXEC mode.
asn msid msid |
(Optional) Displays only those sticky database entries associated with the specified Access Service Network (ASN) Mobile Station ID (MSID). |
asn nai nai |
(Optional) Displays only those sticky database entries associated with the specified ASN network address identifier (NAI). |
client ipv4-address ipv4-netmask |
(Optional) Displays only those sticky database entries associated with the specified client IPv4 address or subnet. |
gtp imsi |
(Optional) Displays only entries associated with the IOS SLB general packet radio service (GPRS) Tunneling Protocol (GTP) International Mobile Subscriber ID (IMSI) sticky database, and shows all of the Network Service Access Point Identifiers (NSAPIs) that the user has used as primary Packet Data Protocols (PDPs). |
ipv6 |
(Optional) Displays only IPv6 entries associated with the IOS SLB GTP IMSI sticky database, and shows all of the NSAPIs that the user has used as primary PDPs. |
id imsi |
(Optional) Displays only those sticky database entries associated with the specified IMSI. |
radius calling-station-id |
(Optional) Displays only entries associated with the IOS SLB RADIUS calling-station-ID sticky database. |
id string |
(Optional) Displays only those sticky database entries associated with the specified calling station ID. |
radius framed-ip |
(Optional) Displays only entries associated with the IOS SLB RADIUS framed-IP sticky database. |
radius username |
(Optional) Displays only entries associated with the IOS SLB RADIUS username sticky database. |
name string |
(Optional) Displays only those sticky database entries associated with the specified username. |
If no options are specified, the command displays information about all virtual servers.
Privileged EXEC (#)
Release |
Modification |
---|---|
12.0(7)XE |
This command was introduced. |
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
12.1(11b)E |
The radius keyword was added. |
12.1(12c)E |
The framed-ip, username, name, netmask, and string keywords and arguments were added. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(14)ZA5 |
The calling-station-idand id keywords and the stringargument were added. |
12.2(18)SXE |
The gtp imsiand id keywords and the imsiargument were added. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
12.2(33)SRE |
The asn, msid, and naikeywords and the msidand naiarguments were added. |
15.0(1)S |
The ipv6keyword was added. The output was updated to display the real server's GTP version and IPv4, IPv6, or dual-stack address. |
The following is sample output from the show ip slb stickycommand:
Router# show ip slb sticky
client netmask group real conns
-----------------------------------------------------------------------
10.10.2.12 255.255.0.0 4097 10.10.3.2 1
The table below describes the fields shown in the display.
Field |
Description |
---|---|
client |
Client IPv4 address or subnet which is bound to this sticky assignment. |
netmask |
IPv4 subnet mask for this sticky assignment. |
group |
Group ID for this sticky assignment. |
real |
Real server used by all clients connecting with the client IPv4 address or subnet detailed on this line. |
conns |
Number of connections currently sharing this sticky assignment. |
The following is sample output from the show ip slb sticky gtp imsicommand:
Router# show ip slb sticky gtp imsi
IMSI Real Ver Group ID vs_index refcount nsapi
----------------------------------------------------------------------
11111111111111FF 10.10.10.1 1 5 10 1 6
11123411111111FF 10.10.10.2 1 5 10 1 9
The table below describes the fields shown in the display.
Field |
Description |
||
---|---|---|---|
IMSI |
IMSI bound to this sticky assignment in the IOS SLB GTP IMSI sticky database. |
||
Real |
IPv4 address of the GTP IMSI real server. |
||
Ver |
GTP version: v0, v1, or v2 |
||
Group ID |
Group ID for this sticky assignment. |
||
vs_index |
Virtual index, out of a maximum of 500. |
||
refcount |
Number of NSAPIs used as primary PDPs. |
||
nsapi |
NSAPI used as a primary PDP.
|
The following is sample output from the show ip slb sticky gtp imsi ipv6command:
Router# show ip slb sticky gtp imsi ipv6
IMSI Real Ver Group Id vs_index refcount NSAPIs
--------------------------------------------------------------------------
11121314151800F0 21.21.21.1 2 4099 7 1 3
2342:2342:2343:FF04:2342:AA03:2323:8912
The following is sample output from the show ip slb sticky radius calling-station-idcommand:
Router# show ip slb sticky radius calling-station-id
calling-station-id group id server real framed-ips
-----------------------------------------------------
6228212 15 10.10.10.1 1
The table below describes the fields shown in the display.
Field |
Description |
---|---|
calling-station-id |
Calling station ID bound to an SSG RADIUS proxy in the IOS SLB RADIUS calling-station-ID sticky database. |
group id |
Group ID for this sticky assignment. |
server real |
IPv4 address of the SSG RADIUS proxy server. |
framed-ips |
Number of IPv4 addresses bound to the SSG RADIUS proxy in the IOS SLB RADIUS framed-IP sticky database. |
The following is sample output from the show ip slb sticky radius framed-ipcommand:
Router# show ip slb sticky radius framed-ip
framed-ip group id server real route i/f
-----------------------------------------------------
1.1.1.1 15 10.10.10.1 <any>
The table below describes the fields shown in the display.
Field |
Description |
---|---|
framed-ip |
IPv4 address bound to a Cisco Service Selection Gateway (SSG) RADIUS proxy in the IOS SLB RADIUS framed-IP sticky database. |
group id |
Group ID for this sticky assignment. |
server real |
IPv4 address of the SSG RADIUS proxy server. |
route i/f |
Route interface. |
The following is sample output from the show ip slb sticky radius usernamecommand:
Router# show ip slb sticky radius username
username group id server real framed-ips
-----------------------------------------------------
9198783355 15 10.10.10.1 1
The table below describes the fields shown in the display.
Field |
Description |
---|---|
username |
Username bound to an SSG RADIUS proxy in the IOS SLB RADIUS username sticky database. |
group id |
Group ID for this sticky assignment. |
server real |
IPv4 address of the SSG RADIUS proxy server. |
framed-ips |
Number of IPv4 addresses bound to the SSG RADIUS proxy in the IOS SLB RADIUS framed-IP sticky database. |
The following is sample output from the show ip slb sticky asncommand:
Router# show ip slb sticky asn
MSID Real Group Id vs_index NAI
-------------------------------------------------------
ABCD.12FE.3467 10.10.10.1 5 10 abc@cisco.com
2247.1130.8642 10.10.10.2 5 10 bcd@abc.com
The table below describes the fields shown in the display.
Field |
Description |
---|---|
MSID |
MSID bound to this sticky assignment in the IOS SLB ASN sticky database. |
Real |
IPv4 address of the ASN real server. |
Group ID |
Group ID for this sticky assignment. |
vs_index |
Virtual index, out of a maximum of 500. |
NAI |
NAI bound to this sticky assignment in the IOS SLB ASN sticky database. |
The following is sample output from the show ip slb sticky asn nai abc@cisco.comcommand:
Router# show ip slb sticky asn nai abc@cisco.com
MSID Real Group Id vs_index NAI
-------------------------------------------------------
ABCD.12FE.3467 10.10.10.1 5 10 abc@cisco.com
The table below describes the fields shown in the display.
Field |
Description |
---|---|
MSID |
MSID bound to this sticky assignment in the IOS SLB ASN sticky database. |
Real |
IPv4 address of the ASN real server. |
Group ID |
Group ID for this sticky assignment. |
vs_index |
Virtual index, out of a maximum of 500. |
NAI |
NAI bound to this sticky assignment in the IOS SLB ASN sticky database. |
To display information about the virtual servers, use the show ip slb vserverscommand in privilegedEXEC mode.
name virtual-server |
(Optional) Displays information about the specified virtual server. |
redirect |
(Optional) Displays information about redirect virtual servers. |
detail |
(Optional) Displays detailed information. |
Privileged EXEC (#)
Release |
Modification |
---|---|
12.0(7)XE |
This command was introduced. |
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(18)SXF |
The output for this command was modified to reflect the GTP sticky query option on the idle (virtual server) command. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
12.2(33)SRC |
The output for the detail keyword was updated to display information about the IOS SLB KeepAlive Application Protocol (KAL-AP) agent. |
12.2(33)SRC1 |
The output for the detail keyword was updated to display information about Access Service Network (ASN) virtual servers. |
15.0(1)S |
The output was updated to display the virtual server's IPv4 or dual-stack address. |
If no options are specified, the command displays information about all virtual servers.
The following is sample output from the show ip slb vserverscommand:
Router# show ip slb vservers
slb vserver prot virtual state conns interface(s)
--------------------------------------------------------------------------------------
GGSN_SERVER1 UDP 4.3.2.1/32:0 OPERATIONAL 0 <any>
2342:2342:2343:FF04:2342:AA03:2323:8912/128
VS1 UDP 4.3.2.2/32:0 OPERATIONAL 0 <any>
2342:2342:2343:FF04:2343:AA03:2323:8912/128
VS2 UDP 4.3.2.3/32:0 OPERATIONAL 0 <any>
2342:2342:2343:FF04:2341:AA03:2323:8912/128
The table below describes the fields shown in the display.
Field |
Description |
---|---|
slb vserver |
Name of the virtual server about which information is being displayed. Information about each virtual server is displayed on a separate line. |
prot |
Protocol being used by the virtual server. |
virtual |
Virtual IPv4 or dual-stack address of the virtual server, including the network mask, if configured. |
state |
Current state of the virtual server:
|
conns |
Number of connections (or sessions, in general packet radio service [GPRS] load balancing and the Home Agent Director) associated with the virtual server. |
interface |
Type of interface. |
The following sample output from the show ip slb vservers detailcommand shows detailed data for a virtual server with route health injection (advertise=TRUE):
Router# show ip slb vservers detail
VS, state = OPERATIONAL, v_index = 7, interface(s) = <any>
virtual = 3.3.3.3/32:2123, UDP, service = GTP, advertise = TRUE
ipv6 = 3:3:3:3:3:3:3:3/128
serverfarm maps:
map 1: priority = 1, serverfarm = SF, backup serverfarm= SF3
ipv6 serverfarm = SF1 ipv6 backup serverfarm = SF2
map 2: priority = 2, serverfarm = SF3, backup serverfarm= SF
ipv6 serverfarm = SF2 ipv6 backup serverfarm = SF1
serverfarm = <not assigned>, backup serverfarm = <not assigned>
backup_serverfarm_hits = 0
delay = 10, idle = 3600
gtp: request idle = 30
slb notification retry = 2
gtp sticky query: <disabled>
max retries: 0
sticky: <none>
group id = 0
synguard counter = 0, synguard period = 0
conns = 0, total conns = 0, syns = 0, syn drops = 0
standby group = None
The following sample output from the show ip slb vservers name detailcommand shows detailed data for virtual server GGSN_SERVER with GTP sticky query enabled:
Router# show ip slb vservers name GGSN_SERVER detail
GGSN_SERVER, state = OPERATIONAL, v_index = 7, interface(s) = <any>
virtual = 10.10.195.1/32:0, UDP, service = GTP, advertise = TRUE
server farm = GGSN, delay = 10, idle = 3600
gtp: request idle = 30, slb notification retry = 2
gtp sticky query: <enabled>, max retries: 3
sticky: <none>
sticky: group id = 4097 <assigned>
synguard counter = 0, synguard period = 0
conns = 0, total conns = 17192, syns = 0, syn drops = 0
standby group = None
The table below describes the fields shown in the display.
Field |
Description |
---|---|
GGSN_SERVER |
Name of the virtual server about which information is being displayed (in this case, GGSN_SERVER). |
state |
Current state of the virtual server: FAILED--Real server represented by this virtual server has been removed from use by the predictor algorithms; retry timer started. OPERATIONAL--Functioning properly. OUTOFSERVICE--Removed from the load-balancing predictor lists. STANDBY--Backup virtual server, ready to become operational if active virtual server fails. |
v_index |
Virtual index, out of a maximum of 500. |
interface(s) |
Type of interface. |
virtual |
Virtual IPv4 or dual-stack address of the virtual server, including the network mask, if configured. |
UDP |
Protocol being used by the virtual server (in this case, UDP). |
service |
Service, such as GTP, HTTP, or Telnet, associated with the virtual server (in this case, GTP). |
advertise |
Current state of host route advertisement for this virtual server: TRUE--Host route is being advertised. FALSE--Host route is not being advertised. |
ipv6 |
For dual-stack, IPv6 address of the virtual server |
server farm |
Name of the server farm associated with the virtual server. |
delay |
Delay timer duration, in seconds, for this virtual server. |
idle |
Idle connection timer duration, in seconds, for this virtual server. |
gtp request idle |
GTP idle connection timer duration in seconds. |
slb notification |
Number of times IOS SLB can reassign a rejected Create PDP Context to a new real Cisco gateway GPRS support node (GGSN). |
gtp sticky query |
For GTP IMSI sticky, indicates whether IOS SLB is to query the GGSN before deleting any GTP IMSI sticky objects. |
max retries |
Maximum number of queries IOS SLB is to send to the GGSN when there is no response from the GGSN. |
sticky |
Indicates whether sticky connections are enabled for this virtual server. |
sticky group id |
Sticky group in which this virtual server is placed, for coupling of services. |
synguard counter |
Number of unacknowledged SYNchronize sequence numbers (SYNs) that are allowed to be outstanding to this virtual server. |
synguard period |
Interval, in milliseconds, for SYN threshold monitoring for this virtual server. |
conns |
Number of active connections currently associated with the virtual server. |
total conns |
Total number of connections that have been associated with the virtual server since coming INSERVICE. |
syns |
Number of SYNs handled by the virtual server in this period. |
syn drops |
Number of SYNs dropped by the virtual server in this period. |
standby group |
Hot Standby Router Protocol (HSRP) group name with which the virtual server is associated. |
The following sample output from the show ip slb vservers name detailcommand shows detailed data for GTP virtual server GGSN_SERVER with maps enabled:
Router# show ip slb vservers name GGSN_SERVER detail
GGSN_SERVER, state = OPERATIONAL, v_index = 9, interface(s) = <any>
virtual = 10.10.10.10/32:0, UDP, service = GTP, advertise = TRUE
serverfarm maps:
map 4: priority = 1, serverfarm = FARM4, backup = <none>
map 1: priority = 3, serverfarm = FARM1, backup = FARM2
map 5: priority = 4, serverfarm = FARM5, backup = <none>
server farm = <not assigned>, delay = 10, idle = 3600
gtp: request idle = 30, slb notification retry = 2
gtp sticky query: <disabled>, max retries: 0
sticky: <none>
sticky: group id = 0
synguard counter = 0, synguard period = 0
conns = 0, total conns = 0, syns = 0, syn drops = 0
standby group = None
The table below describes the fields shown in the display.
Field |
Description |
---|---|
GGSN_SERVER |
Name of the RADIUS virtual server about which information is being displayed (in this case, GGSN_SERVER). |
state |
Current state of the virtual server: FAILED--Real server represented by this virtual server has been removed from use by the predictor algorithms; retry timer started. OPERATIONAL--Functioning properly. OUTOFSERVICE--Removed from the load-balancing predictor lists. STANDBY--Backup virtual server, ready to become operational if active virtual server fails. |
v_index |
Virtual index, out of a maximum of 500. |
interface(s) |
Type of interface. |
virtual |
Virtual IPv4 or dual-stack address of the virtual server, including the network mask, if configured. |
UDP |
Protocol being used by the virtual server (in this case, UDP). |
service |
Service, such as GTP, HTTP, or Telnet, associated with the virtual server (in this case, GTP). |
advertise |
Current state of host route advertisement for this virtual server: TRUE--Host route is being advertised. FALSE--Host route is not being advertised. |
serverfarm maps |
List of IOS SLB server farm maps associated with this virtual server. Information about each map is displayed on a separate line. |
priority |
Priority of the map. |
serverfarm |
Server farm with which the map is associated. |
backup |
Backup server farm, if any. |
server farm |
Name of the server farm associated with the virtual server. Information about each server farm is displayed on a separate line. |
map ID |
Map associated with the server farm. |
priority |
Priority of the map. |
delay |
Delay timer duration, in seconds, for this virtual server. |
idle |
Idle connection timer duration, in seconds, for this virtual server. |
gtp request idle |
GTP idle connection timer duration in seconds. |
slb notification |
Number of times IOS SLB can reassign a rejected Create PDP Context to a new real Cisco gateway GPRS support node (GGSN). |
gtp sticky query |
For GTP IMSI sticky, indicates whether IOS SLB is to query the GGSN before deleting any GTP IMSI sticky objects. |
max retries |
Maximum number of queries IOS SLB is to send to the GGSN when there is no response from the GGSN. |
sticky |
Indicates whether sticky connections are enabled for this virtual server. |
sticky group id |
Sticky group in which this virtual server is placed, for coupling of services. |
synguard counter |
Number of unacknowledged SYNchronize sequence numbers (SYNs) that are allowed to be outstanding to this virtual server. |
synguard period |
Interval, in milliseconds, for SYN threshold monitoring for this virtual server. |
conns |
Number of active connections currently associated with the virtual server. |
total conns |
Total number of connections that have been associated with the virtual server since coming INSERVICE. |
syns |
Number of SYNs handled by the virtual server in this period. |
syn drops |
Number of SYNs dropped by the virtual server in this period. |
standby group |
Hot Standby Router Protocol (HSRP) group name with which the virtual server is associated. |
The following sample output from the show ip slb vservers name detailcommand shows detailed data for an ASN virtual server:
Router# show ip slb vservers name ASN_VSERVER detail
ASN_VSERVER, state = OPERATIONAL, v_index = 10, interface(s) = <any>
virtual = 2.2.2.2/32:0, UDP, service = ASNR6, advertise = TRUE
server farm = SF, delay = 10, idle = 3600
asn: request idle = 90
asn: delete notif recvd = 2, nai-update notif recvd = 2
asn: Notification Errors: Deletes = 1, nai-updates = 0
sticky: <none>
sticky: group id = 4097 <assigned>
synguard counter = 0, synguard period = 0
conns = 0, total conns = 156, syns = 0, syn drops = 0
standby group = None
--------------------------------------------------------
| delete | nai-updates
Real commn: |--------+--------+--------+-------------
port = 63082 | Recv | Errors | Recv | Errors
---------------+--------+--------+--------+-------------
15.15.15.4 1 1 1 0
15.15.15.5 1 0 1 0
The table below describes the fields shown in the display.
Field |
Description |
---|---|
ASN_VSERVER |
Name of the ASN virtual server about which information is being displayed (in this case, ASN_VSERVER). |
state |
Current state of the virtual server: FAILED--Real server represented by this virtual server has been removed from use by the predictor algorithms; retry timer started. OPERATIONAL--Functioning properly. OUTOFSERVICE--Removed from the load-balancing predictor lists. STANDBY--Backup virtual server, ready to become operational if active virtual server fails. |
v_index |
Virtual index, out of a maximum of 500. |
interface(s) |
Type of interface. |
virtual |
Virtual IPv4 or dual-stack address of the virtual server, including the network mask, if configured. |
UDP |
Protocol being used by the virtual server (in this case, UDP). |
service |
Service, such as GTP, HTTP, or Telnet, associated with the virtual server (in this case, ASNR6). |
advertise |
Current state of host route advertisement for this virtual server: TRUE--Host route is being advertised. FALSE--Host route is not being advertised. |
server farm |
Name of the server farm associated with the virtual server. Information about each server farm is displayed on a separate line. |
delay |
Delay timer duration, in seconds, for this virtual server. |
idle |
Idle connection timer duration, in seconds, for this virtual server. |
asn: request idle |
ASN idle connection timer duration in seconds. |
asn: delete notif recvd |
Number of delete notifications received. |
asn: nai-update notif recvd |
Number of NAI-update notifications received. |
asn: Notification Errors: Deletes |
Number of delete notification errors. |
asn: Notification Errors: nai-updates |
Number of NAI-update notification errors. |
sticky |
Indicates whether sticky connections are enabled for this virtual server. |
sticky group id |
Sticky group in which this virtual server is placed, for coupling of services. |
synguard counter |
Number of unacknowledged SYNchronize sequence numbers (SYNs) that are allowed to be outstanding to this virtual server. |
synguard period |
Interval, in milliseconds, for SYN threshold monitoring for this virtual server. |
conns |
Number of active connections currently associated with the virtual server. |
total conns |
Total number of connections that have been associated with the virtual server since coming INSERVICE. |
syns |
Number of SYNs handled by the virtual server in this period. |
syn drops |
Number of SYNs dropped by the virtual server in this period. |
standby group |
Hot Standby Router Protocol (HSRP) group name with which the virtual server is associated. |
Real commn: port |
Port used by the real server. |
To display information about the wildcard representation for irtual servers, use the show ip slb wildcardcommand in privilegedEXEC mode.
This command has no arguments or keywords.
Privileged EXEC (#)
Release |
Modification |
---|---|
12.2(33)SRE |
This command was introduced. |
15.0(1)S |
The output was updated to display the virtual server's IPv4, IPv6, or dual-stack address. |
The following is sample output from the show ip slb wildcardcommand:
Router# show ip slb wildcard
Interface Source Address Port Destination Address Port Prot
ANY 0.0.0.0/0 0 3.3.3.3/32 2123 UDP
ANY 0.0.0.0/0 0 3.3.3.3/32 0 UDP
ANY 0.0.0.0/0 0 0.0.0.0/0 0 ICMP
Interface: ANY
Source Address [Port]: : :/0[0]
Destination Address [Port]: 2342:2342:2343:FF04:2341:AA03:2323:8912/128[0]
Protocol: ICMPV6
Interface: ANY
Source Address [Port]: : :/0[0]
Destination Address [Port]: 2342:2342:2343:FF04:2341:AA03:2323:8912/128[2123]
Protocol: UDP
To enable IOS SLB traps for real- and virtual-server state changes, use the snmp-server enable traps slb command in global configuration mode. To disable the traps use the no form of this command.
real |
Enables traps for real server state changes. |
virtual |
Enables traps for virtual server state changes. |
IOS SLB traps for real- and virtual-server state changes are not enabled.
Global configuration (config)
Release |
Modification |
---|---|
12.1(11b)E |
This command was introduced. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
The following example enables IOS SLB traps for real server state changes:
Router(config)# snmp-server enable traps slb real
To assign all connections from a client to the same firewall, use the sticky command in firewall farm datagram protocol configuration mode. To remove the client/server coupling, use the no form of this command.
seconds |
Sticky timer duration in seconds. Valid values range from 0 to 65535. |
netmask netmask |
(Optional) Places the virtual server as part of a sticky subnet, for coupling of services. |
source |
(Optional) Bases sticky on source IP address. |
destination |
(Optional) Bases sticky on destination IP address. |
Virtual servers are not associated with any groups.
Firewall farm datagram protocol configuration (config-slb-fw-udp)
Release |
Modification |
---|---|
12.1(3a)E |
This command was introduced. |
12.2(12c)E |
The source and destination keywords were added. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
The following example specifies that if a client’s subsequent request for a firewall farm is made within 60 seconds of the previous request, then the same firewall is used for the connection:
Router(config)# ip slb firewallfarm FIRE1 Router(config-slb-fw)# protocol datagram Router(config-slb-fw-udp)# sticky 60
Command |
Description |
---|---|
protocol datagram |
Enters firewall farm datagram protocol configuration mode. |
show ip slb firewallfarm |
Displays information about the firewall farm configuration. |
show ip slb sticky |
Displays information about the IOS SLB database. |
To assign all connections from a client to the same firewall, use the sticky command in firewall farm TCP protocol configuration mode. To remove the client/server coupling, use the no form of this command.
seconds |
Sticky timer duration in seconds. Valid values range from 0 to 65535. |
netmask netmask |
(Optional) Places the virtual server as part of a sticky subnet, for coupling of services. |
source |
(Optional) Bases sticky on source IP address. |
destination |
(Optional) Bases sticky on destination IP address. |
Virtual servers are not associated with any groups.
Firewall farm TCP protocol configuration (config-slb-fw-tcp)
Release |
Modification |
---|---|
12.1(3a)E |
This command was introduced. |
12.2(12c)E |
The source and destination keywords were added. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
The following example specifies that if a client’s subsequent request for a firewall farm is made within 60 seconds of the previous request, then the same firewall is used for the connection:
Router(config)# ip slb firewallfarm FIRE1 Router(config-slb-fw)# protocol tcp Router(config-slb-fw-tcp)# sticky 60
Command |
Description |
---|---|
protocol tcp |
Enters firewall farm TCP protocol configuration mode. |
show ip slb firewallfarm |
Displays information about the firewall farm configuration. |
show ip slb sticky |
Displays information about the IOS SLB database. |
To assign all connections from a client to the same real server, use the sticky command in SLB virtual server configuration mode. To remove the client/server coupling, use the no form of this command.
duration |
Sticky timer duration in seconds. Valid values range from 0 to 65535. |
group group-id |
(Optional) Places the virtual server in the specified sticky group, for coupling of services. All virtual servers that have the same sticky group ID share the sticky entry for a user. In essence, the group keyword and group-id argument tie multiple virtual servers together. Valid values range from 0 to 255. |
netmask netmask |
(Optional) Places the virtual server as part of the specified sticky subnet, for coupling of services. Client sessions whose source IP addresses fall within the netmask are directed to the same real server. |
asn msid |
Enables IOS SLB to load-balance Access Service Network (ASN) sessions to the same real server that processed all previous sessions for a given Mobile Station ID (MSID). |
gtp imsi |
Enables IOS SLB to load-balance general packet radio service (GPRS) Tunneling Protocol (GTP) Packet Data Protocol (PDP) context create requests to the same real server that processed all previous create requests for a given International Mobile Subscriber ID (IMSI). |
radius calling-station-id |
Enables IOS SLB to create the IOS SLB RADIUS calling-station-ID sticky database and direct RADIUS requests from a given calling station ID to the same service gateway. |
radius framed-ip |
Enables IOS Server Load Balancing (IOS SLB) to create the IOS SLB RADIUS framed-IP sticky database and direct RADIUS requests and non-RADIUS flows from a given end user to the same service gateway. |
radius username |
Enables IOS SLB to create the IOS SLB RADIUS username sticky database and direct RADIUS requests from a given end user to the same service gateway. |
msid-cisco |
(Optional) Enables IOS SLB to support Cisco PDSNs that provide MSID-based access (also known as MSID-based access, Cisco variant). |
Sticky connections are not tracked. Virtual servers are not associated with any groups.
SLB virtual server configuration (config-slb-vserver)
Release |
Modification |
---|---|
12.0(7)XE |
This command was introduced. |
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
12.1(2)E |
The netmask keyword and netmask argument were added. |
12.1(11b)E |
The radius framed-ip keywords were added. |
12.1(12c)E |
The radius username and msid-cisco keywords were added. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(14)ZA5 |
The radius calling-station-id keywords were added. |
12.2(18)SXE |
The gtp imsikeywords were added. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
12.2(33)SRE |
The asn msidkeywords were added. |
The last real server that was used for a connection from a client is stored for the set duration seconds. If a new connection from the client to the virtual server is initiated during that time, the same real server that was used for the previous connection is chosen for the new connection. If two virtual servers are placed in the same group, coincident connection requests for those services from the same IP address are handled by the same real server.
In Virtual Private Network (VPN) server load balancing, remember the following requirements:
In general packet radio service (GPRS) load balancing and the Home Agent Director, the stickycommand is not supported.
In RADIUS load balancing, remember the following requirements:
For GTP load balancing:
For ASN load balancing, if you configure the sticky asn msid command, you must also configure the virtual command with the service asnkeywords specified.
The following example specifies that if a client’s subsequent request for a virtual server is made within 60 seconds of the previous request, then the same real server is used for the connection. This example also places the virtual server in group 10.
Router(config)# ip slb vserver VS1 Router(config-slb-vserver)# sticky 60 group 10
Command |
Description |
---|---|
show ip slb sticky |
Displays information about the IOS SLB database. |
show ip slb vservers |
Displays information about the virtual servers defined to IOS SLB. |
virtual |
Configures the virtual server attributes. |
To limit the rate of TCP SYNchronize sequence numbers (SYNs) handled by a virtual server to prevent a SYN flood denial-of-service attack, use the synguard command in SLB virtual server configuration mode. To remove the threshold, use the no form of this command.
syn-count |
Number of unacknowledged SYNs that are allowed to be outstanding to a virtual server. Valid values range from 0 (off) to 4294967295. The default is 0. |
interval |
(Optional) Interval, in milliseconds, for SYN threshold monitoring. Valid values range from 50 to 5000. The default is 100 milliseconds (ms). |
The default number of unacknowledged SYNs that are allowed to be outstanding to a virtual server is 0 (off). The default interval is 100 ms.
SLB virtual server configuration (config-slb-vserver)
Release |
Modification |
---|---|
12.0(7)XE |
This command was introduced. |
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
In general packet radio service (GPRS) load balancing and the Home Agent Director, the synguard command has no meaning and is not supported.
The following example sets the threshold of unacknowledged SYNs to 50:
Router(config)# ip slb vserver PUBLIC_HTTP Router(config-slb-vserver)# synguard 50
Command |
Description |
---|---|
show ip slb vservers |
Displays information about the virtual servers defined to IOS SLB. |
virtual |
Configures the virtual server attributes. |
To set a timeout for custom User Datagram Protocol (UDP) probes, use the timeoutcommand in custom UDP probe configuration mode. To restore the default timeout, use the no form of this command.
seconds |
Time, in seconds, that IOS SLB waits for a response packet from the server after sending a custom UDP probe request packet. Valid range is 1 to 255. The default value is 30 seconds. |
The default custom UDP probe timeout is 30 seconds.
Custom UDP probe configuration
Release |
Modification |
---|---|
12.2(33)SRB |
This command was introduced. |
In the following example the custom UDP probe timeout is set to 20 seconds:
Router(config)# ip slb probe PROBE6 custom udp Router(config-slb-probe)# timeout 20
Command |
Description |
---|---|
ip slb probe custom udp |
Configures a custom User Datagram Protocol (UDP) probe name and enters custom UDP probe configuration mode. |
show ip slb probe |
Displays information about an IOS Server Load Balancing (IOS SLB) probe. |
To specify the URL path that a Wireless Session Protocol (WSP) probe is to request from the server, use the urlcommand in WSP probe configuration mode. To restore the default settings, use the no form of this command.
path |
(Optional) Path from the server. This argument is case-sensitive. |
If no URL path is specified, the default is /.
WSP probe configuration (config-slb-probe)
Release |
Modification |
---|---|
12.1(5a)E |
This command was introduced. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
The following example configures a ping probe named PROBE3, enters WSP probe configuration mode, and configures the probe to request URL path http://localhost/test.txt:
Router(config)# ip slb probe PROBE3 wsp Router(config-slb-probe)# url http://localhost/test.txt
Command |
Description |
---|---|
ip slb probe wsp |
Configures a Wireless Session Protocol (WSP) probe name and enters WSP probe configuration mode. |
show ip slb probe |
Displays information about an IOS Server Load Balancing (IOS SLB) probe. |
To configure an ASCII regular expression string to be matched against the username attribute for RADIUS load balancing, use the username (IOS SLB)command in SLB RADIUS map configuration mode. To delete the username match string, use the no form of this command.
string |
ASCII regular expression string to be matched against the username attribute in the RADIUS payload. For information about regular expressions and how to use them in Cisco IOS software configurations, refer to the Understanding Regular Expressions section of the Using the Cisco IOS Command-Line Interface chapter of the Cisco IOS Configuration Fundamentals Configuration Guide . |
None
SLB RADIUS map configuration (config-slb-radius-map)
Release |
Modification |
---|---|
12.2(33)SRB |
This command was introduced. |
For a given IOS SLB RADIUS map, you can configure a single calling-station-id command or a single username (IOS SLB)command, but not both.
The following example specifies that, for IOS SLB RADIUS map 1, string ...?525* is to be matched against the username attribute in the RADIUS payload:
Router(config)# ip slb map 1 radius Router(config-slb-radius-map)# username ...?525*
Command |
Description |
---|---|
calling-station-id |
Configures an ASCII regular expression string to be matched against the calling station ID attribute in the RADIUS payload. |
ip slb map |
Configures an IOS SLB protocol map and enters SLB map configuration mode. |
show ip slb map |
Displays information about IOS SLB protocol maps. |
To configure virtual server attributes, use the virtual command in SLB virtual server configuration mode. To remove the attributes, use the no form of this command.
ipv4-address |
IPv4 address for this virtual server instance, used by clients to connect to the IPv4 real servers through the IPv4 server farm. |
ipv4-netmask |
(Optional) IPv4 network mask for transparent web cache load balancing. The default is 0.0.0.0 (all subnets). |
group |
(Optional) Allows the virtual subnet to be advertised. If you do not specify the group keyword, the virtual subnet cannot be advertised. |
esp |
Performs load balancing for only Encapsulation Security Payload (ESP) connections. |
gre |
Performs load balancing for only Generic Routing Encapsulation (GRE) connections. |
protocol |
Protocol for which load balancing is performed. The valid range is 2 to 127. |
ipv6 ipv6-address |
(Optional) For dual-stack, IPv6 address for this virtual server instance, used by IPv6 clients to connect to IPv6 real servers through the IPv6 server farm. |
prefix ipv6-prefix |
(Optional) For dual-stack, IPv6 prefix. |
tcp |
Performs load balancing for only TCP connections. |
udp |
Performs load balancing for only User Datagram Protocol (UDP) connections. |
port |
(Optional) IOS Server Load Balancing (IOS SLB) virtual port (the TCP or UDP port number or port name). If specified, only the connections for the specified port on the server are load-balanced. The ports and the valid name or number for the port argument are as follows:
|
port (continued) |
Specify a port number of 0 to configure an all-port virtual server (that is, a virtual server that accepts flows destined for all ports except GTP ports). |
any |
(Optional) Performs load balancing on all ports. |
service service |
(Optional) Couples connections associated with a given service, such as HTTP or Telnet, so all related connections from the same client use the same real server. The following are the valid types of connection coupling:
|
No default behavior or values.
SLB virtual server configuration (config-slb-vserver)
Release |
Modification |
---|---|
12.0(7)XE |
This command was introduced. |
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
12.1(5a)E |
The wsp, wsp-wtp, wsp-wtls, and wsp-wtp-wtls keywords were added. |
12.1(9)E |
The gtp option was added as a new value on the service argument. |
12.1(11b)E |
The following keywords, arguments, and options were added:
The wsp, wsp-wtp, wsp-wtls, and wsp-wtp-wtls keywords were changed to options for the portargument. |
12.1(12c)E |
The group keyword was added. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.1(13)E3 |
The gtp-inspect option was added as a new value on the service argument. |
12.2(14)ZA2 |
The ipmobile option was added as a new value on the service argument. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
12.2(33)SRC |
The asnoption was added on the serviceargument. |
15.0(1)S |
The ipv6 ipv6-address and prefix ipv6-prefix options were added. |
The no virtual command is allowed only if the virtual server was removed from service by the no inservice command.
For some applications, it is not feasible to configure all the virtual server TCP or UDP port numbers for IOS SLB. To support such applications, you can configure IOS SLB virtual servers to accept flows destined for all ports. To configure an all-port virtual server, specify a port number of 0 or any.
Note |
In general, you should use port-bound virtual servers instead of all-port virtual servers. When you use all-port virtual servers, flows can be passed to servers for which no application port exists. When servers reject these flows, IOS SLB might fail the server and remove it from load balancing. |
Specifying port 9201 for connection-oriented WSP mode also activates the Wireless Application Protocol (WAP) finite state machine (FSM), which monitors WSP and drives the session FSM accordingly.
In RADIUS load balancing, IOS SLB maintains session objects in a database to ensure that re-sent RADIUS requests are load-balanced to the same real server.
IOS SLB supports general packet radio service (GPRS) Tunneling Protocol (GTP) v0, v1, and v2 real servers. A GTP v0 or v1 real server cannot manage GTP v2 requests. Therefore, you must configure separate virtual servers for GTPv2 real servers and for GTP v0 or v1 real servers.
IOS SLB supports dual-stack addresses for GTP load balancing only. To support dual-stack addresses:
The following example specifies that the virtual server with the IPv4 address 10.0.0.1 performs load balancing for TCP connections for the port named www. The virtual server processes HTTP requests.
Router(config)# ip slb vserver PUBLIC_HTTP Router(config-slb-vserver)# virtual 10.0.0.1 tcp www
The following example specifies that the virtual server with the IPv4 address 10.0.0.13 performs load balancing for UDP connections for all ports. The virtual server processes HTTP requests.
Router(config)# ip slb vserver PUBLIC_HTTP Router(config-slb-vserver)# virtual 10.0.0.13 udp 0
Command |
Description |
---|---|
ip slb vserver |
Identifies a virtual server. |
show ip slb vservers |
Displays information about the virtual servers defined to IOS Server Load Balancing (IOS SLB). |
To specify a real server’s capacity, relative to other real servers in the firewall farm, use the weight command in firewall farm real server configuration mode. To restore the default weight value, use the no form of this command.
setting |
Weight setting to use for the real server predictor algorithm. Valid settings range from 1 to 255. The default weight setting is 8. |
The default setting to use for the real server predictor algorithm is 8.
Firewall farm real server configuration (config-slb-fw-real)
Release |
Modification |
---|---|
12.1(3a)E |
This command was introduced. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
The following example specifies the relative weights of three real servers as 16, 8 (by default), and 24, respectively:
Router(config)# ip slb firewallfarm FIRE1 Router(config-slb-fw)# real 10.10.1.1 Router(config-slb-fw-real)# weight 16 Router(config-slb-fw-real)# inservice Router(config-slb-fw-real)# exit Router(config-slb-fw)# real 10.10.1.2 Router(config-slb-fw-real)# inservice Router(config-slb-fw-real)# exit Router(config-slb-fw)# real 10.10.1.3 Router(config-slb-fw-real)# weight 24
Command |
Description |
---|---|
real (server farm) |
Identifies a real server by IP address and optional port number as a member of a server farm and enters real server configuration mode. |
show ip slb firewallfarm |
Displays information about the firewall farm configuration. |
show ip slb reals |
Displays information about the real servers. |
To specify a real server’s capacity, relative to other real servers in the server farm, use the weight command in SLB real server configuration mode. To restore the default weight value, use the no form of this command.
setting |
Weight setting to use for the real server predictor algorithm. Valid settings range from 1 to 255. The default weight setting is 8. |
The default setting to use for the real server predictor algorithm is 8.
SLB real server configuration (config-slb-sfarm)
Release |
Modification |
---|---|
12.0(7)XE |
This command was introduced. |
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
The static weights you define using this command are overridden by the weights calculated by Dynamic Feedback Protocol (DFP). If DFP is removed from the network, IOS Server Load Balancing (IOS SLB) reverts to these static weights.
The following example specifies the relative weights of three real servers as 16, 8 (by default), and 24, respectively:
Router(config)# ip slb serverfarm PUBLIC !-----First real server Router(config-slb-sfarm)# real 10.10.1.1 !-----Assigned weight of 16 Router(config-slb-real)# weight 16 !-----Enabled Router(config-slb-real)# inservice Router(config-slb-real)# exit !-----Second real server Router(config-slb-sfarm)# real 10.10.1.2 !-----Enabled with default weight Router(config-slb-real)# inservice Router(config-slb-real)# exit !-----Third real server Router(config-slb-sfarm)# real 10.10.1.3 !-----Assigned weight of 24, not enabled Router(config-slb-real)# weight 24
Command |
Description |
---|---|
real (server farm) |
Identifies a real server by IP address and optional port number as a member of a server farm and enters real server configuration mode. |
show ip slb reals |
Displays information about the real servers. |
show ip slb serverfarms |
Displays information about the server farm configuration. |