Cisco CSS-to-ACE Conversion Tool User Guide

Table Of Contents

Cisco CSS-to-ACE Conversion Tool User Guide

Accessing the CSS-to-ACE Conversion Tool

Using the CSS-to-ACE Conversion Tool

Verifying and Modifying the Converted Configuration

Copying and Pasting the Converted Configuration File to the ACE

Example of a Copied Configuration File for Use By the ACE

Unsupported CSS Commands

ACE Appliance Documentation

Obtaining Documentation, Obtaining Support, and Security Guidelines

Cisco CSS-to-ACE Conversion Tool User Guide

---

This document describes how to use the CSS-to-ACE conversion tool to migrate Cisco Content Services Switches (CSS) running-configuration or startup-configuration files to the Cisco 4700 Series Application Control Engine (ACE) appliance. It describes how to access the conversion tool, use the tool to convert a CSS configuration to an ACE configuration, and copy the converted configuration to the ACE. This document also includes a summary of the CSS commands that are not supported by the conversion tool.

This document contains the following sections:

•Accessing the CSS-to-ACE Conversion Tool

•Using the CSS-to-ACE Conversion Tool

•Verifying and Modifying the Converted Configuration

•Copying and Pasting the Converted Configuration File to the ACE

•Unsupported CSS Commands

•ACE Appliance Documentation

•Obtaining Documentation, Obtaining Support, and Security Guidelines

Accessing the CSS-to-ACE Conversion Tool

The conversion tool is included as part of the ACE software image and is accessible from the Cisco ACE Appliance web page using HTTP. To access the conversion tool, perform the following steps:

---

Step 1 Log in to your default ACE admin account.

Step 2 Create a Layer 3 and Layer 4 management policy. Ensure that, at a minimum, you permit HTTP traffic in the management policy to enable remote access to the Cisco ACE Appliance web page. The following configuration example shows how to enable web access to the ACE to access the ACE web page. For details on enabling remote access to the ACE, see the Cisco 4700 Series Application Control Engine Appliance Administration Guide.

class-map type management match-any L4_REMOTE-ACCESS_CLASS

  description Enable remote access traffic to the ACE and the Cisco ACE Appliance web page

  2 match protocol xml-https any

  4 match protocol icmp any

  5 match protocol telnet any

  6 match protocol ssh any

  7 match protocol http any

  8 match protocol https any

policy-map type management first-match L4_REMOTE-ACCESS_MATCH

  class L4_REMOTE-ACCESS_CLASS

    permit

interface vlan 10

  ip address 192.168.215.134 255.255.255.0

  service-policy input L4_REMOTE-ACCESS_MATCH

  no shutdown

ip route 0.0.0.0 0.0.0.0 192.168.215.1

Step 3 Open your preferred Internet web browser application, such as Microsoft Internet Explorer or Netscape Navigator.

Step 4 Specify the HTTP address of your ACE in the address field:

http://ace_ip_address

The Login dialog box appears.

Step 5 Enter your ACE default admin username and password in the fields provided, then click OK. The ACE web page appears (Figure 1).

Figure 1 Cisco ACE Appliance Web Page

Step 6 Click the CSS2ACE conversion tool link in the Tools section of the ACE web page. The CSS-to-ACE conversion tool appears (Figure 2). Proceed to the "Using the CSS-to-ACE Conversion Tool" section.

Figure 2 CSS-to-ACE Conversion Tool

---

Using the CSS-to-ACE Conversion Tool

You can convert a CSS startup- or running-config to an equivalent ACE startup- or running-config by using one of the following methods:

•Copying and pasting the contents from a saved CSS configuration file or from the CSS show running-config or show startup-config command output to the conversion tool `

•Uploading a saved CSS configuration file to the conversion tool

To use the conversion tool to convert a CSS configuration, perform the following steps:

---

Step 1 By default, the Admin context is always assumed as the target virtual context on the ACE. To migrate a CSS configuration to a different virtual context (for example, C1), specify a different virtual context name in the User Context Name: text box (see Figure 3). The conversion tool generates the corresponding ACE configuration for the Admin context to create the requested virtual context.

Step 2 Add the contents from a saved CSS configuration file or from the CSS show running-config or show startup-config command output by copying and pasting the complete configuration into the text area of the Paste CSS Commands: section of the conversion tool (Figure 3). Proceed to Step 4.

Figure 3 Pasting the Content of a CSS Configuration into the CSS-to-ACE Conversion Tool

Step 3 Click Browse to select a CSS configuration file to upload to the conversion tool. Navigate to the CSS configuration file that you want to convert, then click Open. The CSS configuration file appears in the Upload CSS Command File: section of the conversion tool (Figure 4). Proceed to Step 4.

Figure 4 Uploading a CSS Configuration File

Step 4 Click Get ACE Commands to convert the CSS commands. The tool converts the CSS startup- or running-config to an equivalent ACE startup- or running-config (Figure 5).

Figure 5 Converted CSS Commands to ACE Commands Example

In addition, the conversion tool lists the CSS commands from the original configuration file (Figure 6).

Figure 6 Summary of Converted CSS Commands Example

The conversion tool also includes a list of any unsupported CSS commands (Figure 7). The Notes section provides additional information, as necessary. Proceed to the "Verifying and Modifying the Converted Configuration" section.

Figure 7 Unsupported CSS Commands

---

Verifying and Modifying the Converted Configuration

Before you copy and paste the converted CSS configuration to the ACE CLI, we recommend that you first carefully review the converted configuration in a text file and make the appropriate content changes based on your network topology and deployment. This step helps you to avoid potential issues or conflicts before you copy the converted CSS configuration text file to the ACE CLI prompt.

Follow these configuration guidelines when verifying and modifying the converted CSS configuration:

•The CSS does not display default values in the running configuration or startup configuration file even if you manually enter those values. The CSS default settings for probes (keepalives), such as retryperiod, frequency and expect status, are automatically converted by the conversion tool to the ACE configuration. However, you must review, edit, and test the other the areas in the converted configuration to ensure any additional CSS defaults are properly ported to the ACE configuration before deployment.

•For the purpose of applying the Network Address Translation (NAT)-related CSS configurations, the least numbered VLAN is assumed to be the client-side VLAN and the next higher numbered VLAN is assumed to be the server-side VLAN. If you want to apply the NAT configurations to a different interface VLAN, manually make this change in the configuration. See the Cisco 4700 Series Application Control Engine Appliance Routing and Bridging Configuration Guide for background details.

•The keepalive hash command of the service configuration mode uses a default hash value if the hash string provided is not equal to 32 bits.

•The keepalive type script command of the service configuration mode is currently not supported. You must manually configure each of these scripted keepalives using the Toolkit Command Language (TCL) scripts on the ACE. See the Cisco 4700 Series Application Control Engine Appliance Server Load-Balancing Configuration Guide for background details.

•Service policies are added to only a single interface VLAN. If you want to apply the service policy to a different interface VLAN, manually make this change in the configuration. See the Cisco 4700 Series Application Control Engine Appliance Routing and Bridging Configuration Guide for background details.

•All SSL certificates must be imported into the associated context on the ACE before you apply the SSL-related configurations. See the Cisco 4700 Series Application Control Engine Appliance SSL Configuration Guide for background details.

•The conversion tool does not convert the range option of the ip address command in service configuration mode; only the first IP address is converted. You must create individual real servers for each of the remaining IP addresses specified in the range option, and then add these real servers to the appropriate server farm. See the Cisco 4700 Series Application Control Engine Appliance Server Load-Balancing Configuration Guide for background details.

•The conversion tool creates default interface gigabitEthernet configurations in the output and adds the VLAN numbers from the CSS configuration. Manually modify these configurations to suit your network topology or deployment. See the Cisco 4700 Series Application Control Engine Appliance Routing and Bridging Configuration Guide for background details.

•The conversion tool creates separate Layer 7 policy maps for each CSS content rule. The Layer 7 policy maps are created separately even when multiple content rules share the same VIP, which results in only one of the policy maps taking effect. Manually combine these Layer 7 policy maps in order to share the same VIP. See the Cisco 4700 Series Application Control Engine Appliance Server Load-Balancing Configuration Guide for background details.

See the"Unsupported CSS Commands" section for a list of the CSS CLI commands that are not supported during the conversion.

To verify the converted output configuration, perform the following steps:

---

Step 1 Copy the complete converted configuration listed in the ACE Commands: section of the conversion tool (see Figure 5) to a text file. Save this text file as an appropriately named configuration file.

Step 2 Review the output configuration in the text file and make the appropriate changes in this text file based on your network topology and deployment.

Step 3 Save your modifications in the configuration text file.

Step 4 Copy the contents of the modified configuration text file directly to the ACE CLI prompt as described in the "Copying and Pasting the Converted Configuration File to the ACE" section.

---

Copying and Pasting the Converted Configuration File to the ACE

To copy and paste the converted configuration directly to the ACE CLI prompt, perform the following steps:

---

Step 1 Log in to the ACE by entering the login username and password at the following prompt:

switch login: xxxxxx

Password: yyyyyy

By default, both the username and password are admin.

The prompt changes as follows:

switch/Admin# 

Step 2 Access configuration mode as follows:

switch/Admin# configure

Enter configuration commands, one per line. End with CNTL/Z

The prompt changes as follows:

switch/Admin(config)#

Step 3 Copy the complete contents of the Admin Context: section of the converted configuration (as illustrated in Figure 5). Paste the copied Admin Context: content at the configuration mode prompt of the ACE CLI. If you are operating in multiple contexts, this step automatically creates the new virtual context identified in the User Context Name: text box of the conversion tool.

For example, enter:

switch/Admin(config)# resource-class RC1

switch/Admin(config-resource)# limit-resource sticky minimum 10 maximum unlimited

switch/Admin(config-resource)# context C1

switch/Admin(config-context)#   member RC1

switch/Admin(config-context)#

Step 4 If you are operating in multiple contexts, observe the CLI prompt to verify that you are operating in the desired context. If necessary, change to the correct context by using the changeto command in Exec mode.

switch/Admin(config-context)# exit

switch/Admin(config)# 

switch/Admin(config)# exit

switch/Admin# changeto C1

switch/C1# configure

Enter configuration commands, one per line. End with CNTL/Z

switch/C1(config)# 

Step 5 Copy the complete contents of the Configuration Commands for xx Context: section of the converted configuration (as illustrated in Figure 5). Paste the copied Configuration Commands for xx Context: content at the configuration mode prompt of the ACE CLI.

For example, to copy the converted configuration to the C1 context, enter:

switch/C1(config)# probe http Server1_PROBE

switch/C1(config-probe-http)#   request method head url "/"

switch/C1(config-probe-http)# probe http Server2_PROBE

switch/C1(config-probe-http)#   request method head url "/"

switch/C1(config-probe-http)# probe http Server3_PROBE

switch/C1(config-probe-http)#   request method head url "/"

switch/C1(config-probe-http)#

switch/C1(config-probe-http)# rserver host Server1

switch/C1(config-rserver-host)#   inservice

switch/C1(config-rserver-host)#   ip address 10.1.1.1

switch/C1(config-rserver-host)#   probe Server1_PROBE

switch/C1(config-rserver-host)# rserver host Server2

switch/C1(config-rserver-host)#   inservice

switch/C1(config-rserver-host)#   ip address 10.1.1.2

switch/C1(config-rserver-host)#   probe Server2_PROBE

switch/C1(config-rserver-host)# rserver host Server3

switch/C1(config-rserver-host)#   ip address 10.1.1.3

switch/C1(config-rserver-host)#   probe Server3_PROBE

switch/C1(config-rserver-host)#   weight 5

switch/C1(config-rserver-host)#

switch/C1(config-rserver-host)# serverfarm host L3_LeastConnections

switch/C1(config-sfarm-host)#   predictor leastconns

switch/C1(config-sfarm-host)#   rserver Server1

switch/C1(config-sfarm-host-rs)#   rserver Server2

switch/C1(config-sfarm-host-rs)#   rserver Server3

switch/C1(config-sfarm-host-rs)# serverfarm host L3_RoundRobin

switch/C1(config-sfarm-host)#   rserver Server1

switch/C1(config-sfarm-host-rs)#   rserver Server2

switch/C1(config-sfarm-host-rs)#   rserver Server3

switch/C1(config-sfarm-host-rs)#     inservice

switch/C1(config-sfarm-host-rs)# serverfarm host L5_ACA

.

Step 6 (Optional) Save the updated contents of the running- or startup-configuration file as follows:

•To merge the contents of the startup-config file into the running-config file, use the copy startup-config running-config command.

•To copy the contents of the running-config file to the startup-config file in Flash memory, use the copy running-config startup-config command.

Proceed to the "Example of a Copied Configuration File for Use By the ACE" section.

---

Example of a Copied Configuration File for Use By the ACE

After you copy the contents of the converted CSS-to-ACE configuration to the ACE, use the following commands to view the updated content of either the running- or startup-config file:

•To view the running-config file, use the show running-config command.

•To view the startup-config file, use the show startup-config command.

The following example is from the show running-config command output. This example includes hypertext cross-references to the applicable chapters in the ACE documentation set that you can refer to for the configuration details. You can click the URLs located above the command output for the configuration details. Use the ACE CLI commands to make modifications to the configuration, as needed.

switch/C1# show running-config

Generating configuration....

! http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/slb/guide/probe.html

probe http Server1_PROBE

  request method head

probe http Server2_PROBE

  request method head

probe http Server3_PROBE

  request method head

! http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/slb/guide/rsfarms.html

rserver host Server1

  ip address 10.1.1.1

  probe Server1_PROBE

  inservice

rserver host Server2

  ip address 10.1.1.2

  probe Server2_PROBE

  inservice

rserver host Server3

  ip address 10.1.1.3

  probe Server3_PROBE

  weight 5

! http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/slb/guide/rsfarms.html

serverfarm host L3_LeastConnections

  predictor leastconns

  rserver Server1

  rserver Server2

  rserver Server3

serverfarm host L3_RoundRobin

  rserver Server1

  rserver Server2

  rserver Server3

    inservice

serverfarm host L5_ACA

  rserver Server1

  rserver Server2

  rserver Server3

serverfarm host L5_WeightedRR

  rserver Server1

  rserver Server2

  rserver Server3

! http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/slb/guide/classlb.html

class-map match-all L3_LeastConnections_CLASS

  2 match virtual-address 10.1.1.100 any

class-map match-all L3_RoundRobin_CLASS

  2 match virtual-address 10.1.1.100 any

class-map match-all L5_ACA_CLASS

  2 match port tcp eq www

class-map type http loadbalance match-all L5_ACA_CLASSURL

  2 match http url /*.html

class-map match-all L5_WeightedRR_CLASS

  2 match port tcp eq www

class-map type http loadbalance match-all L5_WeightedRR_CLASSURL

  2 match http url /*.gif

!http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/administration/guide/access.html

class-map type management match-any TO-CP-POLICY

  2 match protocol http any

  3 match protocol icmp any

  4 match protocol telnet any

  5 match protocol snmp any

  6 match protocol ssh any

!http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/administration/guide/access.html

policy-map type management first-match TO-CP-POLICY

  class TO-CP-POLICY

    permit

! http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/slb/guide/classlb.html

policy-map type loadbalance first-match L3_LeastConnections_POLICY

  class class-default

    serverfarm L3_LeastConnections

policy-map type loadbalance first-match L3_RoundRobin_POLICY

  class class-default

    serverfarm L3_RoundRobin

policy-map type loadbalance first-match L5_ACA_POLICY

  class L5_ACA_CLASSURL

    serverfarm L5_ACA

policy-map type loadbalance first-match L5_WeightedRR_POLICY

  class L5_WeightedRR_CLASSURL

    serverfarm L5_WeightedRR

policy-map multi-match POLICY

  class L5_WeightedRR_CLASS

  class L5_ACA_CLASS

  class L3_LeastConnections_CLASS

    loadbalance vip inservice

    loadbalance policy L3_LeastConnections_POLICY

    loadbalance vip icmp-reply active

  class L3_RoundRobin_CLASS

    loadbalance vip inservice

    loadbalance policy L3_RoundRobin_POLICY

    loadbalance vip icmp-reply active

! http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/slb/guide/classlb.html

interface vlan 10

  ip address 192.168.10.50 255.255.255.0

  service-policy input TO-CP-POLICY

  service-policy input POLICY

  no shutdown

! http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/slb/guide/rsfarms.html

domain foo.com

  add-object serverfarm L3_LeastConnections

  add-object serverfarm L3_RoundRobin

  add-object serverfarm L5_ACA

  add-object serverfarm L5_WeightedRR

  add-object rserver Server1

  add-object rserver Server2

  add-object rserver Server3

Unsupported CSS Commands

The tool converts the majority of the CSS commands to comparable ACE commands. The converted output includes a list of the commands that are not supported by the tool during the conversion process (Figure 8).

Figure 8 Unsupported CSS Commands Area of the CSS-to-ACE Conversion Tool

Table 1 summarizes the CSS commands and command options that do not have an equivalent function in the ACE and are not supported by the conversion tool. The unsupported CSS commands are listed by global configuration mode.

Table 1 List of CSS Commands Not Supported in the ACE 

CSS Command
Global Configuration Mode
bypass persistence flow permanent port flow persist-span-ooo flow set-port-zero flow-state port_number flow-state flow-disable timeout flow tcp-reset-on-vip-unavailable http-method parse http-redirect-option	persistence reset, the remap option restrict ftp slowstart rate snmp trap-source sshd, the server-keybits option tacacs-server frequency tcp-ip-fragment-enabled udp-ip-fragment-enabled
Content Configuration Mode Commands
The following add commands: •add dns •add location-service •add sasp-agent The following options of the advanced-balance command: •cookieurl •sip-call-id •ssl •ssl-l4-fallback •url •wap-msisdn The following options of the application command: •realaudio-control •sip •ssl The following options of the balance command: •aca •domain •url	dnsbalance dns-disable-local failover flow-reset-reject hotlist load-threshold persistent sticky-serverdown-failover string-prefix url eql url dql url urql vip-ping-response
Header-Field Group Configuration Mode
header-field1
Interface Configuration Mode Commands
max-idle phy 1Gbits-FD-asym	phy 1Gbits-FD-sym phy 1Gbits-FD-no-pause
Keepalive Configuration Mode Commands
active	suspend
Owner Configuration Mode Commands
The following owner commands: •address •billing-info •case •content	•description •dns •dnsbalance •email-address
Reporter Configuration Mode Commands
All commands
RMON Alarm Configuration Mode Commands
All commands
RMON Event Configuration Mode Commands
All commands
RMON History Configuration Mode Commands
All commands
Service Configuration Mode Commands
access ftp bypass-hosttag cache-bypass compress, the tcp option ip address, the range number option keepalive type script protocol publisher string subscriber transparent-hosttag	The following options of the type command: •nci-direct-return •nci-info-only •proxy-cache •redundancy-up •rep-cache-redir •rep-store •rep-store-redir
SSL-Proxy-List Configuration Mode Commands
ssl-server number http-header	ssl-server number tcp

1 The ACE supports the majority of the field-type variables except for the following selections: custom, msisdn, and request-line. The ACE supports the conversion of the majority of the operator variables except for the not-equal, not-exist and not-contain operators.

ACE Appliance Documentation

You can access the ACE appliance documentation on www.cisco.com at:

http://www.cisco.com/en/US/products/ps7027/tsd_products_support_series_home.html

To familiarize yourself with the ACE appliance, refer to the following documentation:

•Release Note for the Cisco 4700 Series Application Control Engine Applicance

•Cisco 4710 Application Control Engine Appliance Hardware Installation Guide

•Cisco 4700 Series Application Control Engine Appliance Administration Guide

•Cisco 4700 Series Application Control Engine Appliance Application Acceleration and Optimization Configuration Guide

•Cisco 4700 Series Application Control Engine Appliance CLI Quick Configuration Guide

•Cisco 4700 Series Application Control Engine Appliance Command Reference

•Cisco 4700 Series Application Control Engine Appliance Device Manager GUI Configuration Guide

•Cisco 4700 Series Application Control Engine Appliance Device Manager GUI Quick Configuration Note

•Cisco 4700 Series Application Control Engine Appliance Routing and Bridging Configuration Guide

•Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide

•Cisco 4700 Series Application Control Engine Appliance Server Load-Balancing Configuration Guide

•Cisco 4700 Series Application Control Engine Appliance SSL Configuration Guide

•Cisco 4700 Series Application Control Engine Appliance System Message Guide

•Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide

Obtaining Documentation, Obtaining Support, and Security Guidelines

For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

CCDE, CCVP, Cisco Eos, Cisco StadiumVision, the Cisco logo, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn is a service mark; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0801R)

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

Cisco CSS-to-ACE Conversion Tool User Guide
Copyright © 2007, Cisco Systems, Inc. All rights reserved.