|
|
This chapter describes how to plan for and configure Virtual IP (VIP) and Virtual
IP Interface Redundancy on the CSS. Information in this chapter applies to all CSS models except where noted.
This chapter contains the following sections:
The CSS enables you to configure redundancy for a:
When you configure more than one CSS for processing or forwarding client requests to the same Virtual IP address (VIP), the VIP is considered redundant. A typical use of VIP redundancy would be in a configuration where a master CSS processes all client requests to a VIP using a directly-connected dedicated Web server farm. If the Web server farm becomes unavailable, the backup CSS takes over using its own dedicated Web servers.
To setup CSSs for VIP redundancy, you must configure a virtual router on each CSS that will participate in the redundant configuration. A virtual router is an entity within a CSS to which you associate an existing VIP. A VIP becomes redundant when you associate it with a virtual router. You may configure a maximum of 255 virtual routers for each VLAN. You can only associate a virtual router with a single VLAN.
Virtual routers providing redundancy for an IP address are considered peers. Each virtual router peer has the same identifier and runs on the same VLAN, but runs on a different CSS. Once the virtual routers are configured, the CSSs negotiate for mastership using Virtual Router Redundancy Protocol (VRRP). A virtual router in a redundant VIP configuration that is designated as:
A CSS can serve simultaneously as a master to one virtual router and as a backup to a different virtual router. All redundant VIP addresses will share the state of the virtual router to which it is associated.
Figure 4-1 shows an example of a redundant VIP configuration with:
Figure 4-2 shows an example of a redundant VIP configuration with:
.
Virtual interface redundancy is a form of IP address redundancy that applies only to IP interfaces (not VIPs). A typical interface IP address on a CSS defines the interface in use on a particular VLAN. In this type of configuration, the CSS designated as master maintains control over the interface IP address.
The typical use for virtual interface redundancy is in a configuration where servers are positioned behind a Layer 2 switch and CSSs with the redundant virtual interface are positioned in front of the Layer 2 switch. The servers would be configured with a default route pointing to the redundant virtual interface IP address.
A CSS designated as master of a virtual interface sends out gratuitous ARPs for the virtual interface's IP address. This enables the Layer 2 switch to learn where to forward packets that are directed to the virtual interface. This allows a server's default route to always point to the CSS designated as the master of the virtual interface.
Figure 4-3 shows an example of a virtual interface redundancy configuration with a master CSS and a backup CSS.
 |
Note Interface redundancy does not support shared backup. |
Table 4-1 provides a quick overview of the steps required to configure VIP and virtual interface redundancy for each CSS in the redundant configuration. Each step includes the CLI command required to complete the task. For a complete description of each feature and all the options associated with the CLI command, refer to the sections following Table 4-1.
| Task and Command Example |
|---|
1. Enter into config mode. # config |
2. Enter circuit mode for the desired circuit VLAN.
|
3. Configure a circuit IP address.
|
4. Configure the virtual router. Optionally, you may assign a priority different than the default of 100. Include the preempt keyword when configuring the master virtual router. The master virtual router must have the highest priority among its peers. |
5. Configure the redundant virtual IP interface on the virtual router. |
6. Configure the redundancy VIP on the virtual router. If you defined the content rule VIP using the range option, you must configure an identical range for the redundant VIP.
|
7. Configure the critical service for the virtual router. |
8. Display the configuration (optional). |
Because this chapter is dedicated to configuring VIP and virtual interface redundancy, it contains only those circuit IP commands that pertain to this feature. For a complete description of all circuit IP commands, refer to the Content Services Switch Basic Configuration Guide.
The following sections describe how to configure VIP and virtual IP redundancy. You must configure each CSS in a redundant configuration.
Before you can configure VIP and virtual interface redundancy, you must configure a circuit IP interface and assign it an IP address. To enter a specific circuit configuration mode, enter the circuit command and VLAN as shown in the following example:
(config)# circuit VLAN1
(config-circuit[VLAN1])#
|
Note When you use the circuit command, enter the word "VLAN" in uppercase letters and do not include a space between VLAN and the VLAN number (for example, VLAN1). |
To assign an IP address to a circuit, use the ip address command from the specific circuit mode. Enter the IP address and a subnet mask in CIDR bitcount notation or a mask in dot-decimal notation. The subnet mask range is 8 to 32. For example, to configure an IP address and subnet mask for VLAN1, enter:
(config-circuit[VLAN1])# ip address 192.168.8.1/24
When you specify an IP address, the mode changes to the specific circuit-ip-VLAN-IP address as shown:
(config-circuit-ip[VLAN1-192.168.8.1])#
A virtual router's role as a master or backup is determined during negotiations between all virtual routers with the same ID and on the same VLAN.
The syntax and options for the IP interface command are:
ip virtual-router vrid {priority number} {preempt}
The variables and options are:
Because a virtual router's priority is dependent on the state of the critical services, the priority field status in the show virtual router display may be different than the priority you configured. The priority may be different when you:
For information on configuring critical services, refer to "Configuring IP Critical Services" later in this chapter.
For example:
(config-circuit-ip[VLAN1-192.168.8.1])# ip virtual-router 1 priority 1 preempt
To remove the virtual router from the CSS, enter:
(config-circuit-ip[VLAN1-192.168.8.1])# no ip virtual-router 1
Use the ip redundant-interface command to configure a redundant virtual interface address used for a backend server's default route. Servers use the IP address of the virtual interface as a default route to guarantee packets will be sent to the CSS containing the master virtual router. You may assign a redundant interface with the same virtual router of a VIP that has a rule that refers to the server. This ensures that the master for a VIP is also the CSS that is master for the redundant virtual interface.
The syntax for this IP mode command is:
ip redundant-interface vrid ip_address
The variables are:
For example:
(config-circuit-ip[VLAN1-192.168.8.1])# ip redundant-interface 1 192.168.8.6
To remove an interface from a virtual router, enter:
(config-circuit-ip[VLAN1-192.168.8.1])# no ip redundant-interface 1 192.168.8.6
Use the ip redundant-vip command to associate an existing VIP to a virtual router and if required, configure the virtual router as a shared backup. A shared backup virtual router processes client requests.
|
Note Before you use this command, the VIP must be configured in a minimum of one content rule. Additionally, if you defined the content rule VIP using the range option, you must configure an identical range for the redundant VIP. |
The syntax for this IP mode command is:
ip redundant-vip vrid vip_address {range number} {shared}
The variables and options are:
For example:
(config-circuit-ip[VLAN1-192.168.8.1])# ip redundant-vip 1 192.168.8.10 range 10 shared
To remove a VIP from a virtual router, enter:
(config-circuit-ip[VLAN1-192.168.8.1])# no ip redundant-vip 1 192.168.8.10
Use the ip critical-service command to associate a service with a virtual router. When a critical service goes down, the associated virtual router will also go down. There are three types of critical services that you can configure:
The syntax and options for the IP interface command are:
ip critical-service vrid service_name
The variables are:
For example:
(config-circuit-ip[VLAN1-192.168.8.1])# ip critical-service 1 serv1
To remove a critical service from a virtual router, enter:
(config-circuit-ip[VLAN1-192.168.8.1])# no ip critical-service 1 serv1
The CSS provides show commands to enable you to display redundant VIP and virtual interface configurations. The following sections describe the commands and provide examples of the screen displays and tables describing the screen fields.
Use the show critical-services command to display a list of all critical services configured on the CSS. You may provide an interface IP address option to display only the critical services present on a particular interface. You may also include a VRID to display only the critical service information for a particular virtual router.
The syntax for this command is:
show critical-services {ip_address {vrid}}
The optional variables are:
For example, to view all critical services on the CSS, enter:
# show critical-services
Table 4-2 describes the fields.
| Field | Description |
|---|---|
Interface Address | The IP interface address associated with the virtual router. |
VRID | The assigned identifier associated with the virtual router. |
Service Name | The name of the critical service. |
Service Type | The type of critical service. Possible services are: service type, every type of service other than a scripted service or an uplink service. Typically, this is a Web server service. Script, a service whose state depends upon a running script. Redundancy-up, a service whose state depends upon the state of an ICMP keepalive on a router. |
The syntax for this command is:
show redundant-interfaces {ip_address {vrid}}
The optional variables are:
For example, to view all redundant interfaces on the CSS, enter:
(config) # show redundant-interfaces
Table 4-3 describes the fields.
| Field | Description |
|---|---|
Interface Address | The IP interface address associated with the redundant virtual interface. |
VRID | The assigned identifier associated with the virtual router. |
Redundant Address | The IP address of the redundant virtual interface. |
Range | Not applicable. This field is always set to 1. |
State | Current state of the virtual router. Possible states are: Master, the virtual router is master. Backup, the virtual router is backup. No Service, one or more critical services associated with the virtual router is down. IF Down, the IP interface associated with the virtual router is down. |
Master IP | The IP address of the master virtual router. |
State Changes | The number of times the redundant virtual interface state has changed. |
Last Change | The date and time of the redundant virtual interface state last state change. |
Use the show redundant-vips command to display a list of all redundant VIPs configured on the CSS. You could provide an interface IP address option to display only the VIPs present on a particular interface. You can also include a VRID to display only the VIP information for a particular virtual router.
The syntax for this command is:
show redundant-vips {ip_address {vrid}}
The optional variables are:
For example, to view all redundant VIPs on the CSS, enter:
(config)# show redundant-vips
Table 4-4 describes the fields.
| Field | Description |
|---|---|
Interface Address | The IP interface address associated with the redundant VIP. |
VRID | The assigned identifier associated with the virtual router. |
Redundant Address | The IP address of the VIP. |
Range | The range associated with the VIP. |
State | Current state of the virtual router. Possible states are: Master, the virtual router is master. Backup, the virtual router is backup. No Service, one or more critical services associated with the virtual router is down. IF Down, the IP interface associated with the virtual router is down. |
Master IP | The IP address of the master virtual router. |
State Changes | The number of times the VIP state has changed. |
Last Change | The data and time of the VIP last state change. |
Use the show virtual-routers command to display a list of all virtual routers configured on the CSS. You may provide an interface IP address option to display only the virtual routers present on a particular interface. You may also include a VRID to display only the information for a particular virtual router.
The syntax for this command is:
show virtual-routers {ip_address {vrid}}
The optional variables are:
For example, to view all virtual routers on the CSS, enter:
(config)# show virtual-routers
Table 4-5 describes the fields.
| Field | Description |
|---|---|
Interface Address | The IP interface address associated with the virtual router. |
VRID | The assigned identifier associated with the virtual router. |
Priority | The priority currently being advertised by the virtual router. Because the priority is dependent on the state of the critical services, the priority may be different than the one configured. |
Config. Priority | The configured priority. |
State | Current state of the virtual router. Possible states are: Master, the virtual router is master. Backup, the virtual router is backup. No Service, one or more critical services associated with the virtual router is down. IF Down, the IP interface associated with the virtual router is down. Idle, the virtual router does not have any virtual interfaces or VIPs associated with it. |
Master IP | The IP address of the master virtual router. |
State Changes | The number of times the virtual router state has changed. |
Last Change | The data and time of the virtual router last state change. |
Preempt | True if preemption is enabled for the virtual router; false otherwise. |
The following running-config examples show VIP redundancy configured on two CSSs.
!************************* GLOBAL ************************** !************************ INTERFACE ************************ interface ethernet-1
bridge vlan 1 !************************* CIRCUIT ************************* circuit VLAN1
ip address 192.168.8.1 255.255.255.0
ip virtual-router 1 priority 230 preempt
ip redundant-vip 1 192.168.8.10 shared
ip critical-service 1 serv1 !************************* SERVICE ************************* service serv1
ip address 20.1.1.1
active !************************** OWNER ************************** owner arrow
content L5_1
protocol tcp
vip address 192.168.8.10
port 80
url "/*"
add service serv1
active
!************************** GLOBAL ************************** !************************ INTERFACE ************************ interface ethernet-1
bridge vlan 1 !************************* CIRCUIT ************************* circuit VLAN1
ip address 192.168.8.2 255.255.255.0
ip virtual-router 1 priority 200
ip redundant-vip 1 192.168.8.10 shared
ip critical-service 1 serv2 !************************* SERVICE ************************* service serv2
ip address 20.2.2.2
active !************************** OWNER ************************** owner arrow
content L5_1
protocol tcp
vip address 192.168.8.10
port 80
url "/*"
add service serv2
active
Posted: Tue Dec 12 05:46:31 PST 2000
Copyright 1989-2000©Cisco Systems Inc.