Table Of Contents
Product Bulletin No. 1928
Cisco Content Switching Module Software Version 3.1(1) for the Cisco Catalyst 6500 Switch and the
Cisco 7600 Internet Router
New features of the Cisco CSM Software Version 3.1(1) Content Switching Module for the Cisco Catalyst® 6500 Switch and the Cisco 7600 Internet Router include the following:
•Virtual IP (VIP) connection watermarks—The VIP connection watermark feature allows the Web-hosting provider to limit the number of connections going through a particular virtual server or set of virtual servers. By using this feature, the network administrator allows a fair distribution of connection resources among all virtual servers. When a virtual server reaches the configured maximum connection limit, no new connections are established to that virtual server until it drops below the connection watermark again. This feature allows Cisco CSM customers to have a shared CSM environment, whether between multiple customers or many departments with an enterprise, without fear that one group will consume all the resources. This feature also can be configured to protect against denial-of-service (DoS) attacks.
•Backup server farm—The backup server farm feature allows the administrator to specify one or more backup servers that will be used when all primary servers in a server farm are unavailable because of health probes or connection thresholds. If configured, when the Cisco CSM receives a connection that matches a policy associated with a server farm in which all the servers are currently down, the CSM load balances this connection to the configured backup server farm. The backup server farm also can be configured to be a Hypertext Transfer Protocol (HTTP) redirect so that clients are redirected to a remote location.
•Optional port for health probing—Some of the Cisco CSM supported health probes require that the CSM probe real servers on a specific TCP or User Datagram Protocol (UDP) port. In earlier implementations of Cisco CSM Software, the network administrator cannot explicitly specify a server port when configuring a health probe. Instead, the port is inherited from the virtual servers that are using the server farm with which the probe is associated. This feature allows the administrator to override the real and virtual server port information by explicitly specifying a port to probe in the health probe configuration.
•IP reassembly—In Cisco CSM 1.x Software releases, all IP fragments are dropped by the CSM. In Cisco CSM 2.x Software releases, the UDP fragments of a datagram are reassembled as long as the first fragment of the datagram is received by the Cisco CSM before all other fragments. In 3.1(1), the Cisco CSM can handle UDP fragments and assemble them, regardless of the order in which they were received.
•Toolkit Command Language (TCL) scripting—To support more flexible health-probing functionality, this feature gives the administrator the ability to upload and execute TCL scripts on the Cisco CSM. The administrator can create a "script probe" that the Cisco CSM periodically executes for each real server in any server farm associated with the probe. Depending upon the exit code of such a script, the real server is considered healthy, suspect, or failed. A wide variety of probing functions are possible using the flexibility of the TCL scripting environment. The Cisco CSM also supports execution of custom TCL scripts that are not directly associated with a particular server health probe. A "standalone script" dynamically executes a task at a specified interval.
•Extended Markup Language application programming interface (XML API) configuration—Users can now automate programmatic configuration of the Cisco CSM via a documented XML API. When the network administrator enables this feature, a network management device may connect to the CSM and "push" new configurations to it. The network management device pushes configuration commands to the Cisco CSM using the standard HTTP protocol by sending an XML document in the data portion of an HTTP POST. The full Document Type Definition (DTD) can be found documented in the appendix of the Cisco CSM Installation and Configuration Guide.
•Simple Network Management Protocol/Management Information Base (SNMP/MIB)—The Cisco CSM now has full SNMP/MIB support. In this release, the Cisco CSM supports two Read Only MIBs: CISCO-SLB-MIB and CISCO-SLB-EXT-MIB, which are available at ftp://ftp.cisco.com/pub/mibs/. Traps can be sent based on real server, virtual server, and fault tolerant state changes.
•Global server load balancing (GSLB)—GSLB has increased in popularity as a method for disaster recovery. In this release the Cisco CSM supports GSLB in which the CSM can be configured to act as an authoritative Domain Name System (DNS) server. The Cisco CSM then collects load information from other Cisco CSMs in the network and load balances incoming traffic across these geographically dispersed CSMs.
•Resource usage display—A show command has been added to the Cisco CSM that includes multiple parameters for determining how loaded the CSM is at a given moment. The output of this command indicates the CPU usage on each of the processing modules within the Cisco CSM hardware, memory usage, and other related information.
•HTTP method parsing—Every HTTP request contains an HTTP method, a URL, and other information such as HTTP headers. This new feature allows the user not only to match HTTP headers, but also to configure policies that match particular HTTP "methods," such as GET, HEAD, and POST, and to make a load-balancing decision based on this information.
•Real server names—The real server configuration on the Cisco CSM now includes assigning an ASCII string name in addition to the current options of IP address and port. This creates a friendlier way to reference real servers, mapping an IP address to a name. It also allows all instances of the real server to be removed from service on a global level with one command, regardless of how many server farms to which a real server belongs.
•Non-TCP connection state redundancy—The Cisco CSM currently supports connection state redundancy for TCP protocols. This functionality has been extended to include non-TCP protocols.
•Reverse sticky—In a firewall load-balancing environment, this feature allows multiple connections between the same two devices to be stuck to the same firewall based on the IP addresses of the first incoming connection, regardless of the load-balancing algorithm used and regardless of which of the two devices originated the connection. This feature is especially important for firewall load-balancing scenarios where the load balancers on the two sides of the "sandwich" are not both Cisco CSMs. As an example, when using Cisco IOS® SLB on one side of the sandwich and the Cisco CSM on the other, the hash algorithms are not the same; therefore, new connections originated by the receiving device might not be load balanced to the same firewall from which the first connection was received. With the Cisco CSM reverse sticky feature configured, the receiving Cisco CSM sets up a sticky entry for connections opened in the opposite direction. This way, after the first connection between two specific devices has been set up on the two Cisco CSMs in the firewall load-balancing sandwich, all subsequent connections are load balanced to the same firewall, regardless of which of the two devices originates them.
•Unidirectional idle timeout—This feature allows the user to configure unidirectional timers for specific virtual servers; for flows matching those virtual servers, the Cisco CSM monitors only one direction of the flow. This feature is particularly useful in UDP streaming environments, where unidirectional flows are common and long idle timers are not optimal; unidirectional timers for this kind of flows allow the Cisco CSM to ignore the silent direction of the flow and time out the flow based on only the other direction.
•SSL service module ID—The Cisco CSM now has a configurable sticky option that allows the CSM to continue to provide stickiness based on Secure Sockets Layer (SSL) ID, even during SSL ID renegotiation when the Cisco CSM is paired with the SSL Services Module for the Cisco Catalyst 6500. Though the renegotiation process is encrypted, usually making it impossible to use SSL ID effectively for stickiness, the Cisco CSM is able to work in conjunction with the Cisco SSL Services Module, when this feature is configured. This ensures that the stickiness is not broken, even if a SSL ID renegotiation occurs. The result is that the same SSL Service Module is always selected for the same client.
Orderable Product Numbers
Table 1 gives part numbers for ordering Cisco CSM Software.
Table 1 Cisco CSM Part Numbers
Download the software release at:
Cisco CSM Data Sheet:
Cisco CSM Installation and Configuration Guide:
Software Version 3.1(1) Release Notes:
Cisco CSM alias, email@example.com
Dyan Gray, Product Manager, firstname.lastname@example.org
Stefano Testa, Technical Marketing Engineer, email@example.com