Document ID: 49841
Contents
Introduction
Prerequisites
Requirements
Components Used
Conventions
Configure
Network Diagram
Configurations
Verify
Troubleshoot
Related Information
Introduction
This document provides a sample configuration for an active-active stateful failover scenario where the two Content Services Switches (CSS) are in one-armed mode. The configuration in this document combines three major components:
-
Active-active failover means that a minimum of two virtual IP addresses are used. Each CSS is the master for one VIP and the backup for the other one.
-
Stateful failover indicates that upon failover there is no traffic interruption. The backup CSS knows from the master CSS which flows it receives in case of failover.
-
One-armed mode failover means that the CSS is connected to a single VLAN. This scenario requires additional configuration to make sure that the server response goes through the CSS. In this configuration, client NAT (source group) is used.
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
The information in this document is based on a CSS 1150x that runs version 7.x.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Conventions
Refer to Cisco Technical Tips Conventions for more information on document conventions.
Configure
In this section, you are presented with the information to configure the features described in this document. For this example, FTP servers are used. They make use of a control channel and data channels. This configuration works for any TCP or UDP traffic.
Network Diagram
This document uses this network setup:
Configurations
This document uses this configuration:
CSS1#show run
!Generated on 03/09/2004 17:02:02
!Active version: sg0720305
configure
!*************************** GLOBAL ***************************
bridge spanning-tree disabled
!--- Portfast is enabled on the switch. Spanning tree
!--- is disabled on the CSS. Spanning tree is not required, and
!--- disabling spanning tree speeds up failover. There is no STP
!--- convergence timeout.
app
app session 192.168.11.9
!--- The app session is used for configuration synchronization.
ip route 0.0.0.0 0.0.0.0 192.168.10.1 1
!************************* INTERFACE *************************
interface 3/1
bridge vlan 499
!--- This is the only link to the switch. This is the one-armed model.
interface 3/8
isc-port-one
!--- This is the primary ASR link to exchange flow information between the two CSSs.
!--- You can also issue the isc-port-two command on a second link,
!--- but this second link serves as a redundant link only.
!************************** CIRCUIT **************************
circuit VLAN499
ip address 192.168.11.8 255.255.254.0
ip virtual-router 7 priority 110 preempt
ip virtual-router 8 priority 90
!--- Active-active scenario. This CSS is the master for virtual router ID 7
!--- and backup for virtual router ID 8.
ip redundant-vip 7 192.168.11.249
ip redundant-vip 8 192.168.11.248
!************************** SERVICE **************************
service bisou
ip address 192.168.11.46
redundant-index 75
!--- Each service needs to be assigned a redundant-index.
!--- This index needs to be the same on both CSSs.
active
service tension
ip address 192.168.10.123
redundant-index 71
active
!*************************** OWNER ***************************
owner MyCompany
content www
vip address 192.168.11.249
protocol tcp
port 80
url "/*"
advanced-balance arrowpoint-cookie
add service tension
redundant-index 72
!--- Each service needs to be assigned a redundant-index.
!--- You do this only for the content rules that need to
!--- be replicated from the master CSS to the backup.
active
content www2
vip address 192.168.11.248
add service bisou
redundant-index 76
protocol tcp
port 21
active
!*************************** GROUP ***************************
group MyCompany-www
vip address 192.168.11.249
add destination service tension
redundant-index 73
active
group MyCompany-www2
vip address 192.168.11.248
add destination service bisou
redundant-index 77
active
CSS2#show run
!Generated on 03/09/2004 17:05:40
!Active version: sg0720305
configure
!*************************** GLOBAL ***************************
no restrict web-mgmt
app-udp
bridge spanning-tree disabled
app
app session 192.168.11.8
ip route 0.0.0.0 0.0.0.0 192.168.10.1 1
!************************* INTERFACE *************************
interface 2/1
bridge vlan 499
phy 100Mbits-FD
interface 2/8
isc-port-one
!************************** CIRCUIT **************************
circuit VLAN499
ip address 192.168.11.9 255.255.254.0
ip virtual-router 7 priority 90
ip virtual-router 8 priority 110 preempt
ip redundant-vip 7 192.168.11.249
ip redundant-vip 8 192.168.11.248
!************************** SERVICE **************************
service tension
ip address 192.168.10.123
redundant-index 71
active
service bisou
ip address 192.168.11.46
redundant-index 75
active
owner MyCompany
content www
vip address 192.168.11.249
advanced-balance arrowpoint-cookie
protocol tcp
port 80
url "/*"
add service tension
redundant-index 72
active
content www2
vip address 192.168.11.248
add service bisou
redundant-index 76
protocol tcp
port 21
active
!*************************** GROUP ***************************
group MyCompany-www
add destination service tension
redundant-index 73
vip address 192.168.11.249
active
group MyCompany-www2
vip address 192.168.11.248
add destination service bisou
redundant-index 77
active
Verify
Use this section to confirm that your configuration works properly.
The Output Interpreter Tool (registered customers only) (OIT) supports certain show commands. Use the OIT to view an analysis of show command output.
-
show isc-ports
-
show virtual-routers
-
show redundant-vip
-
show flows
CSS1#show isc-ports
Inter-Switch Communications Configuration:
Inter-Switch Port One: 3/8
Inter-Switch Port Two is not configured.
Inter-Switch Communications Status:
Inter-Switch Communications Are UP.
Inter-Switch Communications are currently active on 3/8
CSS2#show isc-ports
Inter-Switch Communications Configuration:
Inter-Switch Port One: 2/8
Inter-Switch Port Two is not configured.
Inter-Switch Communications Status:
Inter-Switch Communications Are UP.
Inter-Switch Communications are currently active on
CSS1#show virtual-routers Virtual-Routers: Interface Address: 192.168.11.8 VRID: 7 Priority: 110 Config. Priority: 110 State: Master Master IP: 192.168.11.8 State Changes: 7 Last Change: 03/13/2004 12:06:14 Preempt: True Interface Address: 192.168.11.8 VRID: 8 Priority: 90 Config. Priority: 90 State: Backup Master IP: 192.168.11.9 State Changes: 10 Last Change: 03/13/2004 12:05:54 Preempt: False CSS2#show virtual-routers Virtual-Routers: Interface Address: 192.168.11.9 VRID: 7 Priority: 90 Config. Priority: 90 State: Backup Master IP: 192.168.11.8 State Changes: 16 Last Change: 03/13/2004 12:18:06 Preempt: False Interface Address: 192.168.11.9 VRID: 8 Priority: 110 Config. Priority: 110 State: Master Master IP: 192.168.11.9 State Changes: 7 Last Change: 03/09/2004 17:04:10 Preempt: True
CSS1#show redundant-vips Redundant-Vips: Interface Address: 192.168.11.8 VRID: 8 Redundant Address: 192.168.11.248 Range: 1 State: Backup Master IP: 192.168.11.9 State Changes: 10 Last Change: 03/13/2004 12:05:54 Interface Address: 192.168.11.8 VRID: 7 Redundant Address: 192.168.11.249 Range: 1 State: Master Master IP: 192.168.11.8 State Changes: 7 Last Change: 03/13/2004 12:06:14 CSS2#show redundant-vips Redundant-Vips: Interface Address: 192.168.11.9 VRID: 8 Redundant Address: 192.168.11.248 Range: 1 State: Master Master IP: 192.168.11.9 State Changes: 7 Last Change: 03/09/2004 17:04:10 Interface Address: 192.168.11.9 VRID: 7 Redundant Address: 192.168.11.249 Range: 1 State: Backup Master IP: 192.168.11.8 State Changes: 16 Last Change: 03/13/2004 12:18:06
The show flows command give you the list of active connections that are switched by the CSS. The backup CSS sees flows that actually go through the master CSS. This is the result of the ASR configuration. One difference, however, is that the backup CSS does not show any interface for the input and output ports. These ports are determined if the flows become active (which means the master failed over to the backup).
CSS1#show flows 0.0.0.0 --------------- ----- --------------- ----- --------------- --- ------- ------ Src Address SPort Dst Address DPort NAT Dst Address Prt InPort OutPort --------------- ----- --------------- ----- --------------- --- ------- ------ 192.168.11.9 5001 192.168.11.8 1044 0.0.0.0 TCP 3/1 Ipv4 192.168.11.9 2771 192.168.11.8 5001 0.0.0.0 TCP 3/1 Ipv4 192.168.11.46 21 192.168.11.248 41697 192.168.11.41 TCP - - 192.168.11.41 1601 192.168.11.248 21 192.168.11.46 TCP - - CSS1# CSS2#show flows 0.0.0.0 --------------- ----- --------------- ----- --------------- --- ------- ------ Src Address SPort Dst Address DPort NAT Dst Address Prt InPort OutPort --------------- ----- --------------- ----- --------------- --- ------- ------ 192.168.11.8 5001 192.168.11.9 2771 0.0.0.0 TCP 2/1 Ipv4 192.168.11.46 21 192.168.11.248 41697 192.168.11.41 TCP 2/1 2/1 192.168.11.41 1601 192.168.11.248 21 192.168.11.46 TCP 2/1 2/1 192.168.11.8 1044 192.168.11.9 5001 0.0.0.0 TCP 2/1 Ipv4
Check for what happens after a failover. The first command output shows the status of both CSSs before failover. Disconnect CSS2 from the central switch to simulate the failover. The failover is indicated with the VRRP-4 message on CSS1. The data connection (TCP port 20) is now active on CSS1. CSS1 now lists the input and output ports for this flow. The FTP control channel (TCP port 21) is not yet active on CSS1 however. This is due to the fact that traffic has not been sent. The data session first needs to complete.
CSS2#show flows --------------- ----- --------------- ----- --------------- --- ------- ------ Src Address SPort Dst Address DPort NAT Dst Address Prt InPort OutPort --------------- ----- --------------- ----- --------------- --- ------- ------ 192.168.11.41 1614 192.168.11.248 20 192.168.11.46 TCP 2/1 2/1 192.168.11.46 20 192.168.11.248 51630 192.168.11.41 TCP 2/1 2/1 192.168.11.46 21 192.168.11.248 51628 192.168.11.41 TCP 2/1 2/1 192.168.11.41 1612 192.168.11.248 21 192.168.11.46 TCP 2/1 2/1 CSS1#show flows 0.0.0.0 --------------- ----- --------------- ----- --------------- --- ------- ------ Src Address SPort Dst Address DPort NAT Dst Address Prt InPort OutPort --------------- ----- --------------- ----- --------------- --- ------- ------ 192.168.11.41 1614 192.168.11.248 20 192.168.11.46 TCP - - 192.168.11.46 20 192.168.11.248 51630 192.168.11.41 TCP - - 192.168.11.46 21 192.168.11.248 51628 192.168.11.41 TCP - - 192.168.11.41 1612 192.168.11.248 21 192.168.11.46 TCP - - MAR 9 16:50:56 1/1 85 VRRP-4: Virtual router 8: master on interface 192.168.11.8 CSS1# CSS1# CSS1# CSS1# CSS1#show flows 0.0.0.0 --------------- ----- --------------- ----- --------------- --- ------- ------ Src Address SPort Dst Address DPort NAT Dst Address Prt InPort OutPort --------------- ----- --------------- ----- --------------- --- ------- ------ 192.168.11.41 1614 192.168.11.248 20 192.168.11.46 TCP 3/1 3/1 192.168.11.46 20 192.168.11.248 51630 192.168.11.41 TCP 3/1 3/1 192.168.11.46 21 192.168.11.248 51628 192.168.11.41 TCP - - 192.168.11.41 1612 192.168.11.248 21 192.168.11.46 TCP - -
Troubleshoot
There is currently no specific troubleshooting information available for this configuration.
Related Information
- CSS 11500 Series Content Services Switches Support
- Cisco WebNS CSS11500 Software Downloads (registered customers only)
- Technical Support & Documentation - Cisco Systems
| Updated: Jul 12, 2006 | Document ID: 49841 |