Document ID: 12644
Updated: Jan 30, 2006
Contents
Introduction
This document provides a sample configuration for front ending a Web farm using the Content Services Switch (CSS) 11000.
Before You Begin
Conventions
For more information on document conventions, see the Cisco Technical Tips Conventions.
Prerequisites
There are no specific prerequisites for this document.
Components Used
The information in this document is based on the CSS 11100 and CSS 11800 content services switches, and Cisco WebNS Software Release 2.06 and later.
The information presented in this document was created from devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If you are working in a live network, ensure that you understand the potential impact of any command before using it.
Configure
In this section, you are presented with the information to configure the features described in this document.
If your goal is to off-load requests for static content to the caches so that the servers do not become overwhelmed, you can configure a cache to receive hits for cacheable content before hitting your local web farm. The cache must be a reverse proxy cache, and the CSS should direct requests to it based on the file extensions. The origin servers must have Internet routeable addresses. This configuration requires two Virtual IPs (VIPs), one for requests from the client base, the second for requests from the cache.
There would be two content rules for the first VIP, one that directs cacheable content to the cache(s), the other to direct all other content to the origin servers. The cache(s) are configured as local services so that when it makes requests for content to the second VIP, the requests do not bypass the content rule, which is the default behavior if configured as either a type transparent-cache or proxy-cache. The cache(s) have to be capable of being configured as reverse proxy cache(s), so that you can program the VIP where you want the cache(s) to retrieve data.
A second VIP is necessary if you want the cache(s) to load balance its requests across the origin servers. If you wanted the cache to only make requests to one server, the second VIP is not necessary. When configuring a cache rule, we typically leave out the VIP and simply have a port 80 rule to grab all port 80 traffic, however in this case, the first VIP is necessary because without it, the content rule for the cache(s) would never be hit because a content rule with a VIP has higher precedence over a similar rule with no VIP.
The origin servers each need two services created for them, one as type local and one as type redirect. The local services are load balanced for both cache requests and client requests, but the redirect services are used if the cache(s) fail. If all local services on a rule fail, the CSS round robins HTTP redirects to the IP addresses of the redirect services.
| Reverse Proxy-Cache 1 |
|---|
configure
!*************************** GLOBAL ***************************
persistence reset remap
ip route 0.0.0.0 0.0.0.0 10.200.255.1
!************************** CIRCUIT **************************
circuit VLAN1
ip address 210.200.255.28 255.255.255.0
!************************** SERVICE **************************
service Cache1
ip address 210.200.255.37
active
service Cache2
ip address 210.200.255.38
active
service Server1
ip address 210.200.255.11
active
service Server1-redirect
ip address 210.200.255.11
type redirect
active
service Server2
ip address 210.200.255.12
active
service Server2-redirect
ip address 210.200.255.12
type redirect
active
service Server3
ip address 210.200.255.13
active
service Server3-redirect
ip address 210.200.255.13
type redirect
active
service Server4
ip address 210.200.255.14
active
service Server4-redirect
ip address 210.200.255.14
type redirect
active
service Server5
ip address 210.200.255.15
active
service Server5-redirect
ip address 210.200.255.15
type redirect
active
service Server6
ip address 210.200.255.16
active
service Server6-redirect
ip address 210.200.255.16
type redirect
active
!**************************** EQL ****************************
eql cacheable
description "This EQL contains extensions of cacheable content"
extension pdf "Acrobat"
extension fdf "Acrobat Forms Document"
extension au "Sound audio/basic"
extension bmp "Bitmap Image"
extension z "Compressed data application/x-compress"
extension gif "GIF Image image/gif"
extension html "Hypertext Markup Language text/html"
extension htm
extension js "Java script application/x-javascript"
extension mocha
extension jpeg "JPEG image image/jpeg"
extension jpg
extension jpe
extension jfif
extension pjpeg
extension pjp
extension mp2 "MPEG Audio audio/x-mpeg"
extension mpa
extension abs
extension mpeg "MPEG Video video/mpeg"
extension mpg
extension mpe
extension mpv
extension vbs
extension m1v
extension pcx "PCX Image"
extension txt "Plain text text/plain"
extension text
extension mov "QuickTime video/quicktime"
extension tiff "TIFF Image image/tiff"
extension tar "Unix Tape Archive application/x-tar"
extension avi "Video for Windows video/x-msvideo"
extension wav "Wave File audio/x-wav"
extension gz "application/x-gzip"
extension zip "ZIP file application/x-zip-compressed"
!*************************** OWNER ***************************
owner www.whatever.com
content Reverse_Proxy_Rule
vip address 210.200.255.10
protocol tcp
port 80
url "/*" eql Cacheable
add service Cache1
add service Cache2
add service Server1-redirect
add service Server2-redirect
add service Server3-redirect
add service Server4-redirect
add service Server5-redirect
add service Server6-redirect
active
content Web_Server_Rule
vip address 210.200.255.10
protocol tcp
port 80
url "/*"
add service Server1
add service Server2
add service Server3
add service Server4
add service Server5
add service Server6
active
content Cache_Request_Rule
vip address 210.200.255.20
protocol tcp
port 80
add service Server1
add service Server2
add service Server3
add service Server4
add service Server5
add service Server6
active
|
The configuration below uses the redirect service with a domain string. Use this type of configuration when services have non-routable IP addresses.
| Reverse Proxy-Cache 2 |
|---|
configure
!*************************** GLOBAL ***************************
persistence reset remap
ip route 0.0.0.0 0.0.0.0 10.200.255.1
!************************** CIRCUIT **************************
circuit VLAN1
ip address 210.200.255.28 255.255.255.0
!************************** SERVICE **************************
service Cache1
ip address 210.200.255.37
active
service Cache2
ip address 210.200.255.38
active
service Server1
ip address 210.200.255.11
active
service Server2
ip address 210.200.255.12
active
service Server3
ip address 210.200.255.13
active
service Server4
ip address 210.200.255.14
active
service Server5
ip address 210.200.255.15
active
service Server6
ip address 210.200.255.16
active
service Web_Farm_VIP
type redirect
domain 210.200.255.20
active
!**************************** EQL ****************************
eql cacheable
description "This EQL contains extensions of cacheable content"
extension pdf "Acrobat"
extension fdf "Acrobat Forms Document"
extension au "Sound audio/basic"
extension bmp "Bitmap Image"
extension z "Compressed data application/x-compress"
extension gif "GIF Image image/gif"
extension html "Hypertext Markup Language text/html"
extension htm
extension js "Java script application/x-javascript"
extension mocha
extension jpeg "JPEG image image/jpeg"
extension jpg
extension jpe
extension jfif
extension pjpeg
extension pjp
extension mp2 "MPEG Audio audio/x-mpeg"
extension mpa
extension abs
extension mpeg "MPEG Video video/mpeg"
extension mpg
extension mpe
extension mpv
extension vbs
extension m1v
extension pcx "PCX Image"
extension txt "Plain text text/plain"
extension text
extension mov "QuickTime video/quicktime"
extension tiff "TIFF Image image/tiff"
extension tar "Unix Tape Archive application/x-tar"
extension avi "Video for Windows video/x-msvideo"
extension wav "Wave File audio/x-wav"
extension gz "application/x-gzip"
extension zip "ZIP file application/x-zip-compressed"
!*************************** OWNER ***************************
owner www.whatever.com
content Reverse_Proxy_Rule
vip address 210.200.255.10
protocol tcp
port 80
url "/*" eql Cacheable
add service Cache1
add service Cache2
add service Web_Farm_VIP
active
content Web_Server_Rule
vip address 210.200.255.10
protocol tcp
port 80
url "/*"
add service Server1
add service Server2
add service Server3
add service Server4
add service Server5
add service Server6
active
content Cache_Request_Rule
vip address 210.200.255.20
protocol tcp
port 80
add service Server1
add service Server2
add service Server3
add service Server4
add service Server5
add service Server6
active
|
Verify
There is currently no verification procedure available for this configuration.
Troubleshoot
There is currently no specific troubleshooting information available for this configuration.
Related Information
Open a Support Case 
(Requires a Cisco Service Contract.)
Related Cisco Support Community Discussions
The Cisco Support Community is a forum for you to ask and answer questions, share suggestions, and collaborate with your peers.
Refer to Cisco Technical Tips Conventions for information on conventions used in this document.