The Cisco IOS® Server Load Balancing (SLB) feature is a Cisco IOS-based solution that provides server load balancing. This feature allows you to define a virtual server that represents a cluster of real servers, known as a server farm. When a client initiates a connection to the virtual server, the IOS SLB load balances the connection to a chosen real server, depending on the configured load-balance algorithm or predictor.
IOS SLB can be configured to operate in the following two modes.
dispatched mode—In this mode, the virtual server address is known to the real servers. You must configure each of the real servers with loopback addresses for their unique loopback interface. This is necessary to give each machine in the server farm the same IP address as the actual virtual server. The destination real server will then be allowed to respond directly to clients using the loopback address, just as it would for its own IP address. IOS SLB redirect packets to the real server at Layer 2 at the media access control (MAC) layer. Since the virtual server IP address is not modified in dispatched mode, the real servers must be Layer 2-adjacent to IOS SLB, or intervening routers might not be able to route to the chosen real server.
directed mode—In this mode, the virtual server can be assigned to a IP address that is unknown to the real servers. IOS SLB translates packets exchanged between a client and real server, translating the virtual server IP address to a real server address through Network Address Translation (NAT). To use the directed mode, add the nat server command to the server farm.
There are no specific requirements for this document.
The information in this document is based on these software and hardware versions:
Catalyst 6000 family Supervisor IOS Release 12.1(6)E for Supervisor Engine 1 with MSFC1 (c6sup11-jsv-mz.121-6.E1)
Microsoft Windows 2000/IIS Web Servers
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Refer to the Cisco Technical Tips Conventions for more information on document conventions.
IOS SLB supports Hypertext Transfer Protocol (HTTP) probes, ping probes, and Wireless Session Protocol (WSP) probes. You can use the HTTP probe method to verify connectivity and to monitor the real servers being load balanced. Probes determine the status of each real server in the server farm. In this example, HTTP probes are configured using TCP port 80. The HTTP probes are configured to connect every eight seconds and to request a method get command, looking for a 200 response code from the server. These configurations are all default values.
This document uses this network setup:
|IOS SLB Configuration Using Catalyst 6509|
Current configuration: version 12.1 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname cat6 ! boot buffersize 126968 boot system flash slot0:c6sup11-jsv-mz.121-6.E1.bin ! redundancy main-cpu auto-sync standard ip subnet-zero ! no ip finger no ip domain-lookup ! ip slb probe KEEPALIVE http ! ip slb serverfarm SERVERS probe KEEPALIVE ! real 10.1.1.3 inservice ! real 10.1.1.5 inservice ! ip slb vserver WEBSITE virtual 172.17.63.215 tcp www serverfarm SERVERS inservice ! cns event-service server ! interface GigabitEthernet1/1 no ip address shutdown ! interface GigabitEthernet1/2 no ip address shutdown ! interface FastEthernet2/1 no ip address switchport switchport access vlan 100 switchport mode access ! interface FastEthernet2/2 no ip address shutdown ! interface FastEthernet2/3 no ip address switchport switchport access vlan 200 switchport mode access ! interface FastEthernet2/4 no ip address switchport switchport access vlan 200 switchport mode access ! interface FastEthernet2/5 no ip address shutdown ! interface FastEthernet2/48 no ip address shutdown ! interface Vlan1 no ip address shutdown ! interface Vlan100 ip address 172.17.63.211 255.255.255.192 ! interface Vlan200 ip address 10.1.1.250 255.255.255.0 ! ip default-gateway 172.17.63.193 ip classless ip route 0.0.0.0 0.0.0.0 172.17.63.193 no ip http server ! line con 0 transport input none line vty 0 4 password cisco login ! end
The show ip slb mode command displays the status of the SLB mode.
cat6#show ip slb mode SLB forwarding mode = rp (default) SLB configured mode = rp (default)
To run Cisco IOS SLB software, you must configure the mode using the show ip slb mode [csm | rp] command before any configuration. In the show ip slb mode command, the rp argument is default. You can only configure csm argument if you have the Content Switching Module (CSM). The CSM provides high-performance connections between network devices server farms based on Layer 4 through 7 information packets. You can represent a group of real servers (server farm) as a single server instance (virtual server), balance the traffic to the server farm by selecting one of the real servers (server load balancing), and limit traffic to individual servers (sticky connections) and server farms (policies). For more information, see Configuring Secure (Router) Mode on the Content Switching Module.
The show ip slb vserver command displays the virtual server information. Below you also see the state of the virtual server and how many connections there are:
cat6#show ip slb vserver slb vserver protocol virtual state conns ------------------------------------------------------------------------ WEBSITE TCP 172.16.63.215/32:80 OPERATIONAL 0
The show ip slb reals command displays information for each real server, such as the server farm where each server resides, the servers' states, thresholds, and connections.
cat6#show ip slb reals real server farm weight state conns ------------------------------------------------------------------- 10.1.1.5 SERVERS 8 OPERATIONAL 0 10.1.1.3 SERVERS 8 OPERATIONAL 0
The show ip slb serverfarms command displays the server farm information. This command shows the predictor used for load balancing. In this example round robin, which is default, is being used. You will see "none" under NAT because the device is in dispatched mode.
cat6#show ip slb serverfarm server farm predictor nat reals redirect bind id -------------------------------------------------------------------------- SERVERS roundrobin none 2 0 0
The show ip slb conns [vserver virtual_server-name | client ip-address | firewall firewallfarm-name] [detail] command displays the active connections.
vserver - Displays only those connections connected to a particular virtual server.
virtualserver-name - Name of the virtual server.
client - Displays connections with a particular client IP address.
ip-address - IP address of the client.
detail - Displays detailed connection information.
If no options are specified, the show ip slb conns command displays the output for all active IOS SLB connections.
cat6#show ip slb conns vserver prot client real state nat ----------------------------------------------------------------------- --------------- WEBSITE TCP 10.21.188.123:2187 10.1.1.5 ESTAB none WEBSITE TCP 10.21.188.123:2190 10.1.1.5 CLOSING none WEBSITE TCP 10.21.188.123:2192 10.1.1.3 ESTAB none WEBSITE TCP 10.21.188.123:2197 10.1.1.3 CLOSING none WEBSITE TCP 10.21.188.123:2200 10.1.1.5 SYNCLIENT none WEBSITE TCP 10.21.188.123:2201 10.1.1.5 SYNCLIENT none cat6#show ip slb conns detail WEBSITE, client = 10.21.188.123:2187 state = ESTAB, real = 10.1.1.5, nat = none v_ip = 172.17.63.215:80, TCP, service = NONE client_syns = 1, sticky = FALSE, flows attached = 0 WEBSITE, client = 10.21.188.123:2205 state = CLOSING, real = 10.1.1.5, nat = none v_ip = 172.17.63.215:80, TCP, service = NONE client_syns = 3, sticky = FALSE, flows attached = 0 WEBSITE, client = 10.21.188.123:2206 state = ESTAB, real = 10.1.1.5, nat = none v_ip = 172.17.63.215:80, TCP, service = NONE client_syns = 2, sticky = FALSE, flows attached = 0
The show ip slb probe command displays information about an IOS SLB.
There are three operational states of the probe:
FAILED - The probe has currently failed.
OPERATIONAL - The probe is functioning normally.
TESTING - The probe never succeeded, due to no response. IOS SLB keeps no counters or timers for this state.
The other information displayed is the following:
Outages - The number of intervals between successful probes.
Current - The time since the last probe success. That is, the duration (so far) of the current outage.
Cumulative - The total time the real server has been under the probe test and has failed. This value is the sum of the Current time plus the total time of all previous Outages.
cat6#show ip slb probe Server:Port State Outages Current Cumulative ----------------------------------------------------------------------- 10.1.1.3:80 OPERATIONAL 1 never 00:05:22 10.1.1.5:80 OPERATIONAL 0 never 00:00:00
After you have configured the SLB feature on the Catalyst 6500, you must configure each real server with a loopback device/interface. Configure the virtual server's IP address as the loopback IP address, with a netmask of 255.0.0.0.
Route Table ======================================================================= ==== Interface List 0x1 ........................... MS TCP Loopback interface 0x2 ...00 60 b0 87 dc 1a ...... AMD PCNET Family Ethernet Adapter 0x1000004 ...02 00 4c 4f 4f 50 ...... MS LoopBack Driver ======================================================================= ==== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.1.1.250 10.1.1.3 1 10.1.1.0 255.255.255.0 10.1.1.3 10.1.1.3 1 10.1.1.3 255.255.255.255 127.0.0.1 127.0.0.1 1 10.255.255.255 255.255.255.255 10.1.1.3 10.1.1.3 1 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 172.17.63.215 255.255.255.255 127.0.0.1 127.0.0.1 1 220.127.116.11 18.104.22.168 10.1.1.3 10.1.1.3 1 22.214.171.124 126.96.36.199 172.17.63.215 172.17.63.215 1 255.255.255.255 255.255.255.255 10.1.1.3 10.1.1.3 1 ======================================================================= ====
Examine the network address in each row of the table, where you see the loopback address appears. For the servers to communicate properly, you need a reference to a well-known multicast network address. This is in the eighth row of the example, so you need to delete the extra default-route. This is the one whose network address begins with the same first digit as the cluster address, and is followed by three zeroes. In the example above, the extra route is in the second row.
The following are well-known multicast network addresses:
188.8.131.52 184.108.40.206 172.17.63.215 172.17.63.215 1
The following are automatically-installed default routes removed from the above table:
0.0.0.0 0.0.0.0 172.17.63.193 172.17.63.215 1
You must delete the extra route to allow proper communication with the SLB virtual server.
There is currently no verification procedure available for this configuration.
There is currently no specific troubleshooting information available for this configuration.
The Cisco Support Community is a forum for you to ask and answer questions, share suggestions, and collaborate with your peers.
Refer to Cisco Technical Tips Conventions for information on conventions used in this document.