Table Of Contents
Catalyst 6000 Family Content Switching Module Installation and Configuration Note
Client-to-CSM-to-Server Traffic Flow
Installing the Content Switching Module
Using the Command-Line Interface
Upgrading to a New Software Release
Upgrading from the Supervisor Engine Bootflash
Configuring the Content Switching Module
Configuring Dynamic Feedback Protocol
Configuring Redirect Virtual Servers
Writing and Restoring Configurations
Single Subnet (Bridge) Mode Configuration
Secure (Router) Mode Configuration
Configuring Probes for Health Monitoring
Commands Available to all Probe Configurations
Configuring Route Health Injection
Routing to VIP Addresses Without RHI
Routing to VIP Addresses With RHI
Understanding How the CSM Determines VIP Availability
Understanding Propagation of VIP Availability Information
Configuring RHI for Virtual Servers
Regulatory Standards Compliance
Safety Information Referral Warning
Blank Faceplate Installation Requirement Warning
Obtaining Technical Assistance
Contacting TAC by Using the Cisco TAC Website
Catalyst 6000 Family Content Switching Module Installation and Configuration Note
Product Number: WS-X6066-SLB-APC
This publication contains the procedures for installing and configuring the Catalyst 6000 family Content Switching Module (CSM).
This publication does not contain the instructions to install the Catalyst 6000 family switch chassis. For information on installing the switch chassis, refer to the Catalyst 6000 Family Installation Guide.
Note
For translations of the warnings in this publication, see the "Translated Safety Warnings" section.
Contents
This publication consists of these sections:
•
•
•
•
•
•
•
•
Overview
The CSM provides high-performance connections between network devices and server farms (groups of real servers) based on Layer 4 through 7 packet information. Clients connect to the CSM by supplying the virtual IP address (VIP) of the virtual server. The CSM is configured to handle VIP address connections. When a client initiates a connection to the virtual server, the CSM chooses a real server (a physical device that is assigned to a server farm) for the connection based on configured load-balancing algorithms and policies.
Representing server farms as virtual servers facilitates scalability and availability. The addition of new servers and the removal or failure of existing servers can occur at any time without affecting the virtual server's availability.
Sticky connections limit traffic to individual servers. These connections are configured so that multiple connections from the same client are stuck to the same real server using source IP addresses, source IP subnets, cookies, secure socket layer (SSL), or redirected using the Hypertext Transfer Protocol (HTTP) requests. Policies manage traffic by defining where to send client requests for information Configuring server load balancing requires that you know the following:
•
•
•
•
Note
Note
Caution
Caution
These sections describe the CSM:
•
Features
Table 1 describes the features of the CSM.
Table 1 Content Switching Module Features
Management
Standard Cisco IOS command-line interface
Management interface integrated with host platform
Load-Balancing Algorithms
Weighted round-robin
Weighted least connections
Connection high/low watermarks
Source address-based hashing algorithm
Flow and URL Identification
URL regular expression match
Cookie regular expression match
SSL1 session ID match
Source IP address
Standard ACLs
Security
Source IP address and URL expression match and AC entry match
Statistics
Packets through normal and special switching
Connections created, established, destroyed, current, and timed out
Failed server connections
Layer 4 load-balanced decisions and rejected connections
Layer 7 load-balanced decisions and rejected connections
Layer 4 and Layer 7 rejected connections
Checksum failures
Redirect and FTP connections
MAC frames
Health Monitoring
TCP, HTTP, ICMP, Telnet, FTP
Other Features
SSL session ID, cookie and source IP address-based sticky connections
Fragmented IP frames support
MTU2 of 9000
Load and availability reporting supporting remote monitoring and management
High availability preventing service disruptions
Redundant modules configured for fault-tolerance support
1 SSL = Secure Socket Layer
2 MTU = Maximum Transmission Unit
Front Panel Description
The CSM front panel features are shown in Figure 1.
Figure 1 Content Switching Module Front Panel
Note
Status LED
When the CSM powers up, it initializes various hardware components and communicates with the supervisor engine. The Status LED on the CSM shows the dialog with the supervisor engine and the results of the initialization.
Note
During the normal initialization sequence, the status LED changes from Off to Red, Orange, and then Green. Table 2 describes the status LED operation.
Table 2 Content Switching Module Status LED
Off
•
•
•
–
–
Red
•
•
Orange
•
•
•
•
Green
•
Green to Orange
•
1 Enter the show environment temperature mod command to display the temperature of each of four sensors on the CSM.
2 CLI = command-line interface.
RJ-45 Connector
The RJ-45 connector on the front panel provides a connection point for a management station or test device. The RJ-45 connector is covered by a removable plate. Typically, this connector is used by field engineers to perform testing and to obtain dump information.
Operation Mode
Clients and servers communicate through the CSM using Layer 2 and Layer 3 technology in a specific VLAN configuration. (See Figure 2.) Clients connect to the client side VLAN and servers connect to the server side VLAN. Servers and clients can exist on different subnets. Servers can also be located one or more Layer 3 hops away and connect to the server-side VLAN through routers.
A client sends a request that arrives on one of the module's VIP addresses. The CSM forwards this request to a server that can satisfy the request. The server then forwards the response to the CSM. The CSM forwards the response to the client.
When the client-side and server-side VLANs are on the same subnets, you can configure the CSM in single subnet (bridge) mode. For more information, see the "Single Subnet (Bridge) Mode Configuration" section.
When the client- and server-side VLANs are on different subnets, you can configure the CSM to operate in a secure (router) mode. For more information, see the "Secure (Router) Mode Configuration" section.
You can set up a fault-tolerant configuration in either the secure (router) or single subnet (bridged) mode using redundant CSMs. For more information, see the "Fault-Tolerant Configuration" section. Using multiple VLANs, single subnet (bridge) mode and secure (router) mode can coexist in the same CSM.
Figure 2 Content Switching Module and Servers
Client-to-CSM-to-Server Traffic Flow
This section describes how the traffic flows between the client and server in a CSM environment. (See Figure 3.)
Figure 3 Client-to-Content Switching Module-to-Server Traffic Flow
Note
When you enter a request for information by entering a URL, the traffic flow is as follows:
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Safety Overview
Safety warnings appear throughout this publication in procedures that, if performed incorrectly, may harm you. A warning symbol precedes each warning statement.
Warning
Waarschuwing
Dit waarschuwingssymbool betekent gevaar. U verkeert in een situatie die lichamelijk letsel kan veroorzaken. Voordat u aan enige apparatuur gaat werken, dient u zich bewust te zijn van de bij elektrische schakelingen betrokken risico's en dient u op de hoogte te zijn van standaard maatregelen om ongelukken te voorkomen. Voor vertalingen van de waarschuwingen die in deze publicatie verschijnen, kunt u het gedeelte "Translated Safety Warnings" (Vertalingen van veiligheidsvoorschriften) raadplegen in dit document.
Varoitus
Tämä varoitusmerkki merkitsee vaaraa. Olet tilanteessa, joka voi johtaa ruumiinvammaan. Ennen kuin työskentelet minkään laitteiston parissa, ota selvää sähkökytkentöihin liittyvistä vaaroista ja tavanomaisista onnettomuuksien ehkäisykeinoista. Tässä julkaisussa esiintyvien varoitusten käännökset löydät tämän asiakirjan "Translated Safety Warnings" (käännetyt turvallisuutta koskevat varoitukset).
Attention
Ce symbole d'avertissement indique un danger. Vous vous trouvez dans une situation pouvant causer des blessures ou des dommages corporels. Avant de travailler sur un équipement, soyez conscient des dangers posés par les circuits électriques et familiarisez-vous avec les procédures couramment utilisées pour éviter les accidents. Pour prendre connaissance des traductions d'avertissements figurant dans cette publication, consultez la section « Translated Safety Warnings » (Traduction des avis de sécurité) de ce document.
Warnung
Dieses Warnsymbol bedeutet Gefahr. Sie befinden sich in einer Situation, die zu einer Körperverletzung führen könnte. Bevor Sie mit der Arbeit an irgendeinem Gerät beginnen, seien Sie sich der mit elektrischen Stromkreisen verbundenen Gefahren und der Standardpraktiken zur Vermeidung von Unfällen bewußt. Übersetzungen der in dieser Veröffentlichung enthaltenen Warnhinweise finden Sie im Abschnitt "Translated Safety Warnings" (Übersetzung der Warnhinweise) in diesem Dokument.
Avvertenza
Questo simbolo di avvertenza indica un pericolo. La situazione potrebbe causare infortuni alle persone. Prima di lavorare su qualsiasi apparecchiatura, occorre conoscere i pericoli relativi ai circuiti elettrici ed essere al corrente delle pratiche standard per la prevenzione di incidenti. La traduzione delle avvertenze riportate in questa pubblicazione si trova nella documento "Translated Safety Warnings" (Traduzione delle avvertenze di sicurezza) nel presente documento.
Advarsel
Dette varselsymbolet betyr fare. Du befinner deg i en situasjon som kan føre til personskade. Før du utfører arbeid på utstyr, må du vare oppmerksom på de faremomentene som elektriske kretser innebærer, samt gjøre deg kjent med vanlig praksis når det gjelder å unngå ulykker. Hvis du vil se oversettelser av de advarslene som finnes i denne publikasjonen, kan du se i avsnittet "Translated Safety Warnings" [Oversatte sikkerhetsadvarsler] i dette dokumentet.
Aviso
Este símbolo de aviso indica perigo. Encontra-se numa situação que lhe poderá causar danos físicos. Antes de começar a trabalhar com qualquer equipamento, familiarize-se com os perigos relacionados com circuitos eléctricos, e com quaisquer práticas comuns que possam prevenir possíveis acidentes. Para ver as traduções dos avisos que constam desta publicação, consulte a secção "Translated Safety Warnings" - "Traduções dos Avisos de Segurança" neste documento.
¡Advertencia!
Este símbolo de aviso significa peligro. Existe riesgo para su integridad física. Antes de manipular cualquier equipo, considerar los riesgos que entraña la corriente eléctrica y familiarizarse con los procedimientos estándar de prevención de accidentes. Para ver una traducción de las advertencias que aparecen en esta publicación, consultar la sección titulada "Translated Safety Warnings" que aparece en este documento.
Varning!
Denna varningssymbol signalerar fara. Du befinner dig i en situation som kan leda till personskada. Innan du utför arbete på någon utrustning måste du vara medveten om farorna med elkretsar och känna till vanligt förfarande för att förebygga skador. Om du vill se översättningar av de varningar som visas i denna publikation, se avsnittet "Translated Safety Warnings" [Översatta säkerhetsvarningar] i detta dokument.
Warning
Warning
System Requirements
Before you install the CSM into the Catalyst 6000 family switch, make sure your Catalyst 6000 family switch meets the hardware and software requirements listed in this section.
Caution
Caution
Memory Requirements
The CSM memory is not configurable.
Hardware Supported
Before you can use the CSM, you must have a Supervisor Engine 1A with an MSFC and a Policy Feature Card (PFC), or a Supervisor Engine 2 with an MSFC, and any module with ports to connect server and client networks. The PFC is required for the VLAN access control list (VACL) capture functionality.
Caution
Environmental Requirements
The CSM operates in temperatures from 0o to 40o C (32o to 104o F). The module can withstand, without damage, nonoperating temperatures from -40o to 70o C (-40o to 158o F).
The CSM can operate in relative humidity from 10 to 90 percent (noncondensing) and can withstand, without damage, nonoperating relative humidity of 5 to 95 percent (noncondensing).
Power Requirements
You can place the CSM in any slot in the Catalyst 6000 family chassis except for the slots occupied by the supervisor engine and the standby supervisor engine. The CSM operates on power supplied by the chassis.
Note
Software Requirements
Catalyst 6000 family CSM software release 1.1(1) requires Cisco IOS Release 12.1(6)E or 12.1(7)E.
Catalyst 6000 family CSM software release 1.2(1) requires Cisco IOS Release 12.1(8a)E or later only.
Required Tools
This section describes the tools and requirements you need to install the CSM.
Note
These tools are required to install the CSM into the Catalyst 6000 family switch:
•
•
•
Caution
Installing the Content Switching Module
To install the CSM into the Catalyst 6000 family switch, perform the steps in the following sections:
Preparing to Install the CSM
Before installing the CSM, make sure that the following are available:
•
•
•
Installing the CSM
This section describes how to install the CSM into the Catalyst 6000 family switch.
Note
To install the CSM into the Catalyst 6000 family switch, perform these steps:
Step 1
Warning
Step 2
Note
Figure 4 Slot Numbers on Catalyst 6000 Family Switches
Step 3
Note
Warning
Step 4
Step 5
Step 6
Step 7
Figure 5 Installing Modules in the Catalyst 6000 Family Switch
Step 8
Figure 6 Ejector Levers and Captive Installation Screws
Step 9
Caution
Note
Step 10
This completes the CSM installation procedure.
Verifying the Installation
When you install the CSM into the Catalyst 6000 family switch, the module goes through a boot sequence that requires no intervention. At the successful conclusion of the boot sequence, the green status LED will illuminate and remain on.
Using the Command-Line Interface
The software interface for the CSM is the Cisco IOS interface. To understand the Cisco IOS command-line interface and Cisco IOS command modes, refer to Chapter 2 in the Catalyst 6000 Family IOS Software Configuration Guide.
Note
Router(config-slb-vlan-server)# may appear as Router(config-slb-vlan-serve)#
Accessing Online Help
In any command mode, you can get a list of available commands by entering a question mark (?) as follows:
Router> ?or
Router(config)# ip slb ?
Note
Upgrading to a New Software Release
This section describes the three methods on how to upgrade the CSM:
•
Note
During the upgrade, enter all commands on a console connected to the supervisor engine. Enter each configuration command on a separate line. To complete the upgrade, enter the exit command to return to the supervisor engine prompt.
Caution
Upgrading from the Supervisor Engine Bootflash
Upgrade the CSM from the supervisor engine bootflash as follows:
Note
Step 1
Router>Router> enableRouter# conf tRouter(config)# tftp-server sup-bootflash:c6slb-apc.revision-num.binRouter(config)Step 2
Router# session CSM-slot-number 0Step 3
CSM> upgrade 127.0.0.zz c6slb-apc.revision-num.binwhere
zz = 12 if the supervisor engine is installed in chassis slot 1
zz = 22 if the supervisor engine is installed in chassis slot 2
Note
Step 4
Router# config tRouter(config)# power cycle module slot-number
Upgrading from a PCMCIA Card
Upgrade the CSM from a removable Flash (PCMCIA) card inserted in the supervisor engine as follows:
Step 1
Router>Router> enableRouter# conf tRouter(config)# tftp-server slotx:c6slb-apc.revision-num.binwhere
x = 0 if the PCMCIA card is installed in supervisor engine PCMCIA slot 0.
Step 2
Router# session CSM-slot-number 0Step 3
CSM> upgrade slot0: c6slb-apc.revision-num.bin
Note
Step 4
router# config tRouter (config)# power cycle module slot-number
Upgrading Over the Network
Upgrade the CSM from an external TFTP server as follows:
Step 1
Note
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Configuring the Content Switching Module
This section describes how to configure load balancing on the CSM. Before you configure the CSM, the switch must meet these prerequisites:
Caution
•
•
This example shows how to enable the csm mode:
Router(config)# ip slb mode ?csm SLB in Application Processor Complex boardrp SLB in IOS systemRouter(config)# ip slb mode csm•
This example shows how to configure VLANs:
Router>Router> enableRouter# vlan databaseRouter(vlan)# vlan 130VLAN 130 added:Name: VLAN130Router(vlan)# vlan 150VLAN 150 added:Name: VLAN150Router(vlan)# exit•
This example shows how to configure a physical interface as a Layer 2 interface and assign it to a VLAN:
Router>Router> enableRouter# configRouter(config)# interface 3/1Router(config-if)# switchportRouter(config-if)# switchport access vlan 150Router(config-if)# no shutdownRouter(vlan)# exitIf the Multilayer Switch Function Card (MSFC) is used on the next hop router on either the client or the server side VLAN, then the corresponding Layer 3 VLAN interface must be configured.
Caution
This example shows how to configure the Layer 3 VLAN interface:
Router>Router> enableRouter# configRouter(config)# interface vlan 130Router(config-if)# ip address 10.10.1.10 255.255.255.0Router(config-if)# no shutdownRouter(vlan)# exitFigure 7 shows an overview of the configuration process. Required and optional operations are shown.
Note
Figure 7 Configuration Overview
Configure the required parameters in the following sections:
After you configure the required load-balancing parameters on the CSM, you may configure the optional parameters in the following sections:
•
•
To save or restore your configurations or to work with advanced configurations, refer to the following sections:
•
•
•
Configuring VLANs
The CSM requires configuration for client-side and server-side VLANs when you install the module in a Catalyst 6500 series switch.
Note
The CSM dynamically allocates one client gateway to the active router for a total of two client gateways for an HSRP group. You can configure a maximum of three HSRP groups on the client side of the CSM; fewer if other routers exist on the client-side.
You need to create both a client- and server-side VLAN. (See Figure 8.)
Figure 8 Configuring VLANs
See Figure 8 for the following notes:
Note
Note
Configuring Client-Side VLANs
To configure client-side VLANs, perform this task:
Caution
Step 1
Configure the client-side VLANs and enter the client VLAN mode1 .
Step 2
Configure an IP address to the CSM used by probes and ARP requests on this particular VLAN2 .
Step 3
Configure the gateway IP address. Enter this command only in the client submode.
1 Enter the exit command to leave a mode or submode. Enter the end command to return to the menu's top level.
2 The no form of this command restores the defaults.
This example shows how to configure the CSM for client-side VLANs:
Router(config)# ip slb vlan 130 clientRouter(config-slb-vlan-client)# ip addr 123.44.50.6 255.255.255.0Router(config-slb-vlan-client)# gateway 123.44.50.1Router(config-slb-vlan-client)# exitRouter# show ip slb VLANConfiguring Server-Side VLANs
To configure server-side VLANs, perform this task:
Step 1
Configure the server-side VLANs and enter the server VLAN mode1 .
Step 2
Configure a static route to reach the real servers in case they are more than one Layer 3 hop away from the CSM.
Step 3
Optionally, you can configure multiple IP addresses to the CSM to place the module in a different IP network than real servers without using a router. Use this command only in the server submode.
Step 4
Configure an IP address for the server VLAN2 .
Step 5
Display the client-side and server-side VLAN configurations.
1 Enter the exit command to leave a mode or submode. Enter the end command to return to the menu's top level.
2 The no form of this command restores the defaults.
This example shows how to configure the CSM for server-side VLANs:
Router(config)# ip slb vlan 150 serverRouter(config-slb-vlan-server)# ip addr 123.46.50.6 255.255.255.0Router(config-slb-vlan-server)# route 123.50.0.0 255.255.0.0 gateway 123.44.50.1Router(config-slb-vlan-server)# alias 123.60.7.6 255.255.255.0Router(config-slb-vlan-server)# exitConfiguring Server Farms
A server farm or server pool is a collection of servers that contain the same content. You specify the server farm name when you configure the server farm and add servers to it, and when you bind the server farm to a virtual server. Configuring server farms requires naming the server farm, configuring a load-balancing algorithm (predictor) and other attributes of the farm, setting or specifying a set of real servers (see the "Configuring Real Servers" section), and setting or specifying the attributes of the real servers.
When you configure server farms, you must perform the following:
•
•
•
•
To configure server farms, perform this task:
Step 1
Create and name a server farm and enter the server farm configuration mode1 2 .
Step 2
Configure the load-balancing prediction algorithm2. If not specified, the default is roundrobin.
Step 3
Enable the NAT mode, client2. Refer to the "Configuring Client NAT Pools" section3 .
Step 4
Associate the server farm to a probe that can be defined by the probe command2, 3.
Step 5
Bind a single physical server to multiple server farms and report a different weight for each one2. The bindid is used by DFP3.
Step 6
Display information about one or all server farms.
1 Enter the exit command to leave a mode or submode. Enter the end command to return to the menu's top level.
2 The no form of this command restores the defaults.
3 This step is optional.
This example shows how to configure a server farm, named p1_nat, using the least-connections (leastconns) algorithm. The least-connections algorithm specifies which real server handles the next new connection for this server farm.
Router(config)# ip slb serverfarm pl_natRouter(config-slb-sfarm)# predictor leastconnsConfiguring Real Servers
Real servers are physical devices assigned to a server farm. Real servers provide the services that are load balanced. When the server receives a client request, it pulls matching information from a disk and sends it to the CSM for forwarding to the client.
You configure the real server in the real server configuration mode by specifying the server IP address and port when you assign it to a server farm. You enter the real server configuration mode from the serverfarm mode where you are adding the real server.
To configure real servers, perform this task:
Step 1
Identify a real server as a member of the server farm and enter the real server configuration mode. An optional translation port can also be configured1 , 2 .
Step 2
(Optional) Set the weighting value for the virtual server predictor algorithm to assign the server's workload capacity relative to the other servers in the server farm if the round robin or least connection is selected2.
Step 3
(Optional) Set the maximum number of active connections on the real server2. When the specified maximum is reached, no more new connections are sent to that real server until the number of active connections drops below the minimum threshold.
Step 4
(Optional) Set the minimum connection threshold2.
Step 5
Enable the real server for use by the CSM2.
Note
Step 6
(Optional) Display information about configured real servers. The vserver option limits the display to real servers associated with a particular virtual server. The detail option displays detailed real server information.
Step 7
Display active connections to the CSM. The sfarm option limits the display to connections associated with a particular server farm. The client option limits the display to connections for a particular client. The detail option displays detailed connection information.
1 Enter the exit command to leave a mode or submode. Enter the end command to return to the menu's top level.
2 The no form of this command restores the defaults.
This example shows how to create real servers:
Router(config)# ip slb serverfarm serverfarmRouter(config-slb-sfarm)# real 10.8.0.7Router(config-slb-real)# inserviceRouter(config-slb-sfarm)# real 10.8.0.8Router(config-slb-real)# inserviceRouter(config-slb-sfarm)# real 10.8.0.9Router(config-slb-real)# inserviceRouter(config-slb-sfarm)# real 10.8.0.10Router(config-slb-real)# inserviceRouter(config-slb-real)# endRouter# show ip slb real detailRouter# show ip slb conns detailConfiguring Policies
Policies are access rules that traffic must match when balancing to a server farm. They provide the means for the CSM to balance Layer 7 traffic. Multiple policies can be assigned to one virtual server, creating multiple access rules for that virtual server. When configuring policies, you first specify access rules by URL maps, client-groups, and sticky groups, and then you combine these access rules under a particular policy.
Note
When the CSM is able to match policies, it selects the policy that appears first in the policy list. Policies are located in the policy list in the sequence in which they were bound to the virtual server. You can reorder the policies in the list by removing policies and reentering them in the correct order. Enter the no slb-policy policy name and the slb-policy policy name commands in the ip slb vserver submode to remove and enter policies.
Caution
To configure load-balancing policies, perform this task:
Guest
