The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This appendix describes the Content Switching Module (CSM) commands that are unique to server load-balancing (SLB) and Layer 3 switching.
The following commands allow you to set up and monitor SLB on the CSM:
|
|
---|---|
Use the dfp command to enter the DFP submode and configure DFP. Use the no form of this command to remove the DFP configuration.
dfp [password password [timeout]]
no dfp
The default timeout value is 180 seconds.
Module CSM configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
The timeout option allows you to change the password without stopping messages between the DFP agent and its manager.
During a timeout, the agent sends packets with the old password (or null, if there is no old password), and receives packets with either the old or new password. After a timeout expires, the agent sends and receives packets with only the new password; received packets that use the old password are discarded.
If you are changing the password for an entire load-balanced environment, set a longer timeout. The extended timeout allows enough time for you to update the password on all agents and servers before the timeout expires. It also prevents mismatches between agents and servers that have the new password and agents and servers that have the old password.
This example shows how to initiate DFP agent configuration mode, configure DFP, set the password to flounder, and configure a 60-second timeout:
SLB-Switch(config-module-csm)# dfp password flounder 60
Use the agent command in the SLB DFP submode to configure the DFP agent to which the CSM is going to communicate. Use the no form of this command to remove the agent configuration.
agent ip-address port [keepalive-timeout [retry-count [retry-interval]]]
no agent ip-address port
The keepalive-timeout default is 0 (no keepalive message).
Retry count default is 0 seconds (the default allows infinite retries).
The retry-interval default is 180 seconds.
SLB DFP configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to initiate the DFP agent, configure a 350-second timeout, and configure the number of retries to 270:
SLB-Switch(config-slb-dfp)# agent 111.101.90.10 2 350 270
Use the manager command in SLB DFP submode to set the port where an external DFP can connect to the CSM. Use the no form of this command to remove the manager configuration.
manager port
no manager
port |
Port number. |
This command has no default settings.
SLB DFP configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
This command enables the CSM to listen to DFP connections from an external DFP manager.
This example shows how to set the DFP manager port:
SLB-Switch(config-slb-dfp)# manager 4
Use the ft group command to enter the fault-tolerant configuration submode and configure fault tolerance. Use the no form of this command to remove the fault-tolerant configuration.
ft group group-id vlan vlan-id
no ft group
This command has no default settings.
Module CSM configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
A fault-tolerant group is comprised of two Catalyst 6500 series switches each containing a CSM configured for fault-tolerant operation. Each fault-tolerant group appears to network devices as a single device. A network may have more than one fault-tolerant group.
This example shows how to configure a fault-tolerant group named 123 on VLAN 5:
SLB-Switch(config-module-csm)# ft group 123 vlan 5
failover
heartbeat-time
preempt
priority
show module csm ft
Use the failover command in the SLB fault-tolerant configuration submode to set the time for a standby CSM to wait before becoming an active CSM. Use the no form of this command to remove the failover configuration.
failover failover-time
no failover
failover-time |
Amount of time the CSM must wait after the last heartbeat message is received before assuming the other CSM is not operating; the range is from 1 to 65535. |
The default failover time is 3 seconds.
SLB fault-tolerant configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to set a failover period of 6 seconds:
SLB-Switch(config-slb-ft)# failover 6
Use the heartbeat-time command in the SLB fault-tolerant configuration submode to set the time before heartbeat messages are transmitted by the CSM. Use the no form of this command to restore the default heartbeat interval.
heartbeat-time heartbeat-time
no heartbeat-time
heartbeat-time |
Time interval between heartbeat transmissions in seconds; the range is from 1 to 65535. |
The default heartbeat time is 1 second.
SLB fault-tolerant configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to set the heartbeat time to 2 seconds:
SLB-Switch(config-slb-ft)# heartbeat-time 2
Use the preempt command in the SLB fault-tolerant configuration submode to allow a higher priority CSM to take control of a fault-tolerant group when it comes online. Use the no form of this command to restore the preempt default value.
preempt
no preempt
This command has no arguments or keywords.
The default value is that preempt is not specified.
SLB fault-tolerant configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
When you enable preempt, the higher priority CSM preempts the other CSM in the fault-tolerant group when the higher priority CSM comes online. When you enable no preempt, the current primary CSM remains the primary CSM when the next CSM comes online.
Note You must set both members of the fault-tolerant CSM pair to preempt for this feature to work.
This example shows how to set the fault-tolerance mode to preempt:
SLB-Switch(config-slb-ft)# preempt
ft group
priority
show module csm ft
Use the priority command in the SLB fault-tolerant configuration submode to set the priority of the CSM. Use the no form of this command to restore the priority default value.
priority value
no priority
value |
Priority of a CSM; the range is from 1 to 254. |
The default priority value is 10.
SLB fault-tolerant configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
The CSM with the largest priority value is the primary CSM in the fault-tolerant pair when the modules are both operating.
This example shows how to set the priority value to 12:
SLB-Switch(config-slb-ft)# priority 12
ft group
preempt
show module csm ft
Use the ip slb mode command to configure the switch to operate as a CSM load-balancing device instead of a Cisco IOS SLB load-balancing device. Use the no form of this command to remove the mode configuration.
ip slb mode {csm | rp}
no ip slb mode
Note Specifying the no ip slb mode command is the same as specifying the rp mode.
The default is the rp mode.
Global configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
2.1(1) |
This command now enables module csm commands for the rp mode. |
This command allows you to change from the Cisco IOS SLB load-balancing mode to the CSM load-balancing mode.
Note In csm mode, all ip slb commands apply to a CSM module; Cisco IOS SLB is not available. In rp mode (the default), ip slb commands apply to Cisco IOS SLB; the module csm commands are available to configure multiple CSMs.
This example shows how to configure the switch mode:
SLB-Switch(config)# ip slb mode csm
module csm
show ip slb mode
Use the map cookie command to create a cookie map and enter the cookie map configuration submode for specifying cookie match rules. Use the no form of this command to remove the cookie maps from the configuration.
map cookie-map-name cookie
no map cookie-map-name
cookie-map-name |
Cookie map instance; the character string is limited to 15 characters. |
cookie |
Keyword to enter the cookie map submode. |
This command has no default settings.
Module CSM configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to create a cookie map:
SLB-Switch(config-module-csm)# map upnready cookie
cookie-map (SLB policy configuration submode)
match protocol http cookie
show module csm map
Use the match protocol http cookie command in SLB cookie map configuration submode to add cookies to a cookie map. Multiple match rules can be added to a cookie map. Use the no form of this command to remove the cookie map name from the cookie map.
match protocol http cookie cookie-name cookie-value cookie-value-expression
This command has no default settings.
SLB cookie map configuration submode.
Cookie regular expressions are based on the UNIX filename specification. URL expressions are stored in a cookie map in the form cookie-name = cookie-value-expression. Cookie expressions allow spaces provided they are escaped or quoted. You must match all cookies in the cookie map.
"*" means zero or more characters
"?" means exactly one character—the [Ctrl + V] key combination must be entered
"\" means escaped character
Bracketed range (for example, [0-9]) means matching any single character from the range
A leading ^ in a range means do not match any in the range
".\a" means alert (ASCII 7)
".\b" means backspace (ASCII 8
".\f" means form-feed (ASCII 12)
".\n" means newline (ASCII 10)
".\r" means carriage return (ASCII 13)
".\t" means tab (ASCII 9)
".\v" means vertical tab (ASCII 11)
".\0" means null (ASCII 0)
".\\" means backslash
".\x##" means any ASCII character as specified in two-digit hexadecimal notation
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to add cookies to a cookie map:
SLB-Switch(config-slb-map-cookie)# match protocol http cookie albert cookie-value 4*
cookie-map (SLB policy configuration submode)
map cookie
show module csm map
Use the map dns command to enter the SLB DNS map mode and configure a DNS map. Use the no form of this command to remove the DNS map from the configuration.
map dns-map-name dns
no map dns-map-name
dns-map-name |
Name of an SLB dns map; the character string range is from 1 to |
This command has no default settings.
SLB DNS map configuration submode.
|
|
---|---|
3.1(1) |
This command was introduced. |
Any match of a DNS regular expression in the DNS map results in a successful match. A maximum of 1023 DNS domains can be configured to a map.
This example shows how to group DNS domains:
SLB-Switch(config-module-csm)# map m1 dns
SLB-Switch(config-slb-map-url)# exit
SLB-Switch(config)
match protocol dns domain
show module csm map
Use the match protocol dns domain command in the SLB DNS map configuration submode to add a DNS domain to a DNS map. Use the no form of this command to remove the DNS domain from the URL map.
match protocol dns domain name
no match protocol dns domain name
name |
Names the DNS domain being mapped.. |
This command has no default settings.
SLB DNS map configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
3.1(1) |
HTTP method parsing support was introduced. |
This example shows how to adds URL expressions to a URL map:
SLB-Switch(config-slb-map-url)# match protocol http url Host header-value XYZ
Use the map header command to create a map group for specifying HTTP headers and enter the header map configuration submode. Use the no form of this command to remove the HTTP header group from the configuration.
map name header
no map name
name |
Map instance; the character string is from 1 to 15 characters. |
This command has no default settings.
Module CSM configuration submode.
|
|
---|---|
2.1(1) |
This command was introduced. |
This example shows how to group HTTP headers and associate them with a Content Switching policy:
SLB-Switch(config-module-csm)# map upnready header
SLB-Switch(config-slb-map-header)# match protocol http header Accept header-value *jpeg*
SLB-Switch(config-slb-map-header)# match protocol http header User-Agent header-value *NT*
SLB-Switch(config-slb-map-header)# match protocol http header Host header-value www.myhome.com
SLB-Switch(config-slb-map-header)# exit
header-map (SLB policy configuration submode)
match protocol http header
show module csm map
Use the match protocol http header command in SLB header map configuration submode to specify header fields and values for the CSM to search for when receiving a request. Multiple match rules can be added to a header map. Use the no form of this command to remove the header match rule from the header map.
match protocol http header field header-value expression
no match protocol http header field
This command has no default settings.
SLB header map configuration submode.
There are predefined fields, for example Accept-Language, User-Agent, or Host.
Header regular expressions are based on the UNIX filename specification. URL expressions are stored in a header map in the form header-name = expression. Header expressions allow spaces provided that they are escaped or quoted. All headers in the header map must be matched.
"*" means zero or more characters
"?" means exactly one character—the [Ctrl + V] key combination must be entered
"\" means escaped character
Bracketed range (for example, [0-9]) means matching any single character from the range
A leading ^ in a range means don't match any in the range
".\a" means alert (ASCII 7)
".\b" means backspace (ASCII 8
".\f" means form-feed (ASCII 12)
".\n" means newline (ASCII 10)
".\r" means carriage return (ASCII 13)
".\t" means tab (ASCII 9)
".\v" means vertical tab (ASCII 11)
".\0" means null (ASCII 0)
".\\" means backslash
".\x##" means any ASCII character as specified in two-digit hexadecimal notation
|
|
---|---|
2.1(1) |
This command was introduced. |
This example shows how to specify header fields and values to search upon a request:
SLB-Switch(config-slb-map-header)# match protocol http header Host header-value XYZ
header-map (SLB policy configuration submode)
map header
show module csm map
Use the map retcode command to enable return error code checking and enter the return error code map submode. Use the no form of this command to remove the return code error checking from the configuration.
map name retcode
no map name
name |
Return error code map instance; the character string is limited to 15 characters. |
retcode |
Keyword to enter the return error code map submode. |
This command has no default settings.
Global configuration submode.
|
|
---|---|
2.2(1) |
This command was introduced. |
This example shows how to enable return error code checking:
SLB-Switch(config-module-csm)# map upnready retcode
cookie-map (SLB policy configuration submode)
match protocol http cookie
show module csm map
Use the match protocol http retcode command in SLB return code map configuration submode to specify return code thresholds, count and log return codes, and send syslog messages for return code events received from the servers. Use the no form of this command to remove the return code thresholds.
match protocol http retcode min max action {count | log | remove} threshold [reset seconds]
no match protocol http retcode min max
This command has no default settings.
SLB return code map configuration submode.
The threshold and reset values are not configurable for the count action. These commands only are available for the log and remove actions.
|
|
---|---|
2.2(1) |
This command was introduced. |
This example shows how to specify return codes values to search for in an HTTP request:
SLB-Switch(config-slb-map-retcode)# match protocol http quigly retcode 30 50 action log 400 reset 30
map retcode (SLB policy configuration submode
Use the map url command to enter the SLB URL map mode and configure a URL map. Use the no form of this command to remove the URL map from the configuration.
map url-map-name url
no map url-map-name
url-map-name |
Name of an SLB URL map; the character string range is from 1 to |
This command has no default settings.
SLB URL map configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
Any match of a URL regular expression in the URL map results in a successful match. A maximum of 1023 URLs can be configured to a map.
This example shows how to group URLs and associate them with a Content Switching policy:
SLB-Switch(config-module-csm)# map m1 url
SLB-Switch(config-slb-map-url)# match protocol http url /index.html
SLB-Switch(config-slb-map-url)# match protocol http url /stocks/csco/
SLB-Switch(config-slb-map-url)# match protocol http url *gif
SLB-Switch(config-slb-map-url)# match protocol http url /st*
SLB-Switch(config-slb-map-url)# exit
SLB-Switch(config)
match protocol http url
url-map (SLB policy configuration submode)
show module csm map
Use the match protocol http url command in the SLB URL map configuration submode to add a URL regular expression to a URL map. Multiple match rules can be added to a URL map. Use the no form of this command to remove the URL regular expression from the URL map.
match protocol http [method method-expression] url url-expression
no match protocol http url [method method-expression] url url-expressionn
This command has no default settings.
SLB URL map configuration submode.
URL regular expressions are based on the UNIX filename specification. URL expressions are stored in a cookie map in the form urln. URL expressions do not allow spaces and only one of the URLs in the map must be matched.
"*" means zero or more characters
"?" means exactly one character—the [Ctrl + V] key combination must be entered
"\" means escaped character
Bracketed range (for example, [0-9]) means matching any single character from the range
A leading ^ in a range means don't match any in the range
".\a" means alert (ASCII 7)
".\b" means backspace (ASCII 8
".\f" means form-feed (ASCII 12)
".\n" means newline (ASCII 10)
".\r" means carriage return (ASCII 13)
".\t" means tab (ASCII 9)
".\v" means vertical tab (ASCII 11)
".\0" means null (ASCII 0)
".\\" means backslash
".\x##" means any ASCII character as specified in two-digit hexadecimal notation
The method expression may be either one of the standard HTTP 1.1 method names (OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, or CONNECT) or a string you specify that must be matched exactly (PROTOPLASM).
|
|
---|---|
1.1(1) |
This command was introduced. |
3.1(1) |
HTTP method parsing support was introduced. |
This example shows how to adds URL expressions to a URL map:
SLB-Switch(config-slb-map-url)# match protocol http url Host header-value XYZ
map url
url-map (SLB policy configuration submode)
show module csm map
Use the module csm command to allow the association of load-balancing commands to a specific CSM module and enter the CSM module configuration submode for the specified slot. Use the no form of this command to remove the module csm configuration.
Note The module ContentSwitching Module slot command is the full syntax; the module csm slot command is a valid shortcut.
module csm slot-number
no module csm slot-number
slot-number |
Slot number where the CSM resides. |
This command has no default settings.
Global configuration submode.
|
|
---|---|
2.1(1) |
This command was introduced. |
If you want to use the new multiple module configuration, you must change the ip slb mode command to rp. An existing CSM configuration is migrated to the new configuration when you change the mode from csm to rp. A prompt appears requesting a slot number. Migrating from a multiple module configuration to a single module configuration is supported. Migrating the Cisco IOS SLB configuration to the CSM configuration is not supported.
This example shows how to configure a CSM:
SLB-Switch(config)# module csm 5
SLB-Switch(config-module-csm)# vserver VS1
Use the natpool command in module CSM configuration submode to configure NAT and create a client address pool. Use the no form of this command to remove a natpool configuration.
natpool pool-name start-ip end-ip {netmask netmask | prefix-length leading_1_bits}
no natpool pool-name
This command has no default settings.
Module CSM configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
If you want to use client NAT, you must create at least one client address pool.
A maximum of 255 NAT pool addresses are available for any CSM.
This example shows how to configure a pool of addresses with the name web-clients, an IP address range from 128.3.0.1 through 128.3.0.254, and a subnet mask of 255.255.0.0:
SLB-Switch(config-module-csm)# natpool web-clients 128.3.0.1 128.3.0.254 netmask
255.255.0.0
nat client (SLB serverfarm configuration submode)
show module csm natpool
Use the owner command in module CSM configuration submode to configure an owner object. Use the no form of this command to remove an owner configuration.
owner name
no owner
name |
Name of the object owner. |
This command has no default settings.
Module CSM configuration submode.
|
|
---|---|
3.1(1) |
This command was introduced. |
You can define more than one virtual server with the same virtual IP address (VIP) and set the VIP connection watermark level to apply to a single VIP, which may correspond to multiple virtual servers. With the owner command, any virtual server has either zero or one owners. A particular owner can be associated with multiple virtual servers (typically, but not necessarily, with the same VIP). The VIP connection watermark applies to a specific owner. Once the sum of the number of open connections to all virtual servers in a particular owner reaches the VIP connection watermark level for that owner, new connections to any of these virtual servers are rejected by the CSM.
This example shows how to configure an owner object:
SLB-Switch(config-module-csm)# owner sequel
address
billing-info
contact-info
maxconns
Use the address command in the owner configuration submode to configure the address information for an owner object. Use the no form of this command to remove the address from the configuration.
address street-address-information
no address
street-address-information |
The owner's street address. |
This command has no default settings.
Module CSM configuration submode.
|
|
---|---|
3.1(1) |
This command was introduced. |
This example shows how to configure an owner object:
SLB-Switch(config-owner)# address 125 marmalade street
Use the billing-info command in the owner configuration submode to configure billing information for an owner object. Use the no form of this command to remove an billing information from the configuration.
billing-info billing-address-information
no billing-info
billing-info |
Keyword to specify the owner's billing address. |
billing-address-information |
The owner's billing address. |
This command has no default settings.
Module CSM configuration submode.
|
|
---|---|
3.1(1) |
This command was introduced. |
This example shows how to configure an owner object:
SLB-Switch(config-owner)# billing-info 300 cordera avenue
Use the contact-info command in owner configuration submode to configure an email address for an owner object. Use the no form of this command to remove the contact information from the owner configuration.
contact-info string
no contact-info
string |
The owner's information. |
This command has no default settings.
Module CSM configuration submode.
|
|
---|---|
3.1(1) |
This command was introduced. |
This example shows how to configure an owner object:
SLB-Switch(config-owner)# contact-info shaggy@angel.net
Use the maxconns command in owner configuration submode to configure the maximum number of connections allowed for an owner object. Use the no form of this command to remove the maximum connections from the owner configuration.
maxconns number
no email-address
number |
The number of maximum connections to the owner object. |
This command has no default settings.
Module CSM configuration submode.
|
|
---|---|
3.1(1) |
This command was introduced. |
This example shows how to configure an owner object:
SLB-Switch(config-owner)# maxconns 300
owner
address
billing-info
contact-info
Use the policy command to configure policies, associate attributes to a policy, and enter the policy configuration submode. In this submode, you can configure the policy attributes. The policy is associated with a virtual server in virtual server submode. Use the no form of this command to remove a policy.
policy policy-name
no policy policy-name
policy-name |
Name of an slb-policy instance; the character string is limited to 15 characters. |
This command has no default settings.
Module CSM configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
Policies establish rules for balancing connections to servers. They can contain URL maps, cookie maps, header maps, client groups, sticky groups, DSCP values, and server farms. The order in which policies are linked to a virtual server determines the precedence of the policy. When two or more policies match a requested URL, the policy with the highest precedence is selected.
You can create up to 12287 SLB policies for a given CSM module.
Note All policies should be configured with a server farm.
This example shows how to configure a policy named policy_content:
SLB-Switch(config-module-csm)# policy policy_content
SLB-Switch(config-slb-policy)# serverfarm new_serverfarm
SLB-Switch(config-slb-policy)# url-map url_map_1
SLB-Switch(config-slb-policy)# exit
slb-policy (SLB virtual server configuration submode)
show module csm owner
Use the client-group command in SLB policy configuration submode to associate an access list with the policy. Use the no form of this command to remove access list from the policy.
client-group {1-99 | std-access-list-name}
no client-group
1-99 |
Standard IP access list number. |
std-access-list-name |
Standard access list name. |
This command has no default settings.
SLB policy configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
Only client groups created with the ip access-list standard command can be associated with an SLB policy. Only one client-group can be associated with a given SLB policy.
This example shows how to configure a client group:
SLB-Switch(config-slb-policy)# client-group 44
SLB-Switch(config-slb-policy)# exit
policy
ip access-list standard
show module csm owner
Use the cookie-map command in SLB policy configuration submode to associate a list of cookies with a policy. Use the no form of this command to remove a cookie map.
cookie-map cookie-map-name
no cookie-map
cookie-map-name |
Name of the cookie list associated with a policy. |
This command has no default settings.
SLB policy configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
Only one cookie map can be associated with a policy. Cookie maps are configured using the map cookie command. The cookie map name must match the name specified in the map cookie command.
This example shows how to configure a cookie-based SLB policy named policy_content:
SLB-Switch(config-module-csm)# policy policy_content
SLB-Switch(config-slb-policy)# serverfarm new_serverfarm
SLB-Switch(config-slb-policy)# cookie-map cookie-map-1
SLB-Switch(config-slb-policy)# exit
SLB-Switch(config)
policy
map cookie
show module csm owner
Use the header-map command in SLB policy configuration submode to specify the HTTP header criteria to include in a policy. Use the no form of this command to remove a header map.
Note If any HTTP header information is matched, the policy rule is satisfied.
header-map name
no header-map
name |
Name of the previously configured HTTP header expression group. |
This command has no default settings.
SLB policy configuration submode.
|
|
---|---|
2.1(1) |
This command was introduced. |
Only one header map can be associated with a policy. The header map name must match the name specified in the map header command on page A-18.
This example shows how to configure a header-based policy named policy_content:
SLB-Switch(config-module-csm)# policy policy_content
SLB-Switch(config-slb-policy)# serverfarm new_serverfarm
SLB-Switch(config-slb-policy)# header-map header-map-1
SLB-Switch(config-slb-policy)# exit
policy
map header
show module csm owner
Use the reverse-sticky command to ensure that the CSM switches connections in the opposite direction back to the original source. Use the no form of this command to remove the reverse-sticky option from the policy or the default-policy of a virtual server.
reverse-sticky group-id
no reverse-sticky
group-id |
Number identifying the sticky group to which the virtual server belongs; the range is from 0 to 255. |
The default is no reverse-sticky. Sticky connections are not tracked.
The group ID default is 0. The sticky feature is not used for other virtual servers.
The network default is 255.255.255.255.
SLB virtual server configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
3.1(1) |
The IP reverse-sticky command is introduced. |
This example shows how to set the IP reverse-sticky feature:
SLB-Switch(config-module-csm)# vserver PUBLIC_HTTP
SLB-Switch(config-slb-vserver)# reverse-sticky 60
sticky
sticky-group (SLB policy submode)
show module csm sticky
show module csm vserver redirect
Use the serverfarm command in the SLB policy configuration submode to associate a server farm with a policy. Use the no form of this command to remove the server farm from the policy.
serverfarm primary-serverfarm [backup sorry-serverfarm [sticky]]
no serverfarm
This command has no default settings.
SLB policy configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
3.1(1) |
The sorry server (backup server) option was added to this command. |
Use the serverfarm command to configure the server farm. Only one server farm can be configured per policy. The server farm name must match the name specified in the serverfarm module CSM configuration submode command. By default, the sticky option does not apply to the backup serverfarm. To remove the backup serverfarm, you can either use the serverfarm command without the backup option or use the no serverfarm command.
This example shows how to associate a server farm named central with a policy:
SLB-Switch(config-module-csm)# policy policy
SLB-Switch(config-slb-policy)# serverfarm central backup domino sticky
policy
reverse-sticky (module CSM configuration submode)
show module csm owner
Use the set ip dscp command in the SLB policy configuration submode to mark packets that match the policy with a DSCP value. Use the no form of this command to stop marking packets.
set ip dscp dscp-value
no set ip dscp
dscp-value |
The range is from 0 to 63. |
The default is that the CSM does not store DSCP values.
SLB policy configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to mark packets to match a policy named policy_content:
SLB-Switch(config-module-csm)# policy policy_content
SLB-Switch(config-slb-policy)# set ip dscp 22
Use the sticky-group command in the SLB policy configuration submode to associate a sticky group and the sticky group attributes to the policy. Use the no form of this command to remove the sticky group from the policy.
sticky-group group-id
no sticky-group
group-id |
ID of the sticky group to be associated with a policy. |
The default is 0, which means that no connections are sticky.
SLB policy configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
The group-id must match the ID specified in the sticky command; the range is from 1 to 255.
This example shows how to configure a sticky group:
SLB-Switch(config-module-csm)# policy policy1
SLB-Switch(config-slb-policy)# sticky-group 5
policy
sticky
show module csm owner
show module csm sticky
Use the url-map command in SLB policy configuration submode to associate a list of URLs with the policy. Use the no form of this command to remove the URL map from the policy.
url-map url-map-name
no url-map
url-map-name |
Name of the URL list to be associated with a policy. |
The default is no URL map.
SLB policy configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
Only one URL map can be associated with a policy. URL maps are configured using the map url command.
This example shows how to associate a list of URLs with a policy named assembly:
SLB-Switch(config-module-csm)# policy policy
SLB-Switch(config-slb-policy)# url-map assembly
policy
map url
show module csm owner
Use the probe command to configure a probe and probe type for health monitoring and to enter the probe configuration submode. Use the no form of this command to remove a probe from the configuration.
probe probe-name {http | icmp | telnet | tcp | ftp | smtp | dns | kal-ap-upd}
no probe probe-name
This command has no default settings.
Module CSM configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
A probe can be assigned to a server farm in serverfarm submode.
When configuring kal-ap-udp type probes, the port submode command is not used to specify the destination UDP port to query. Use theCSM environment variable GSLB_KALAP_UDP_PORT instead. The default is port 5002.
Also, to specify probe frequency and the number of retries for KAL-AP, ICMP, HTTP and DNS probes when associated with a GSLB serverfarm environment, the following variables must be used instead of the probe submode commands:
GSLB_KALAP_PROBE_FREQ 10
GSLB_KALAP_PROBE_RETRIES 3
GSLB_ICMP_PROBE_FREQ 10
GSLB_ICMP_PROBE_RETRIES 3
GSLB_HTTP_PROBE_FREQ 10
GSLB_HTTP_PROBE_RETRIES 2
GSLB_DNS_PROBE_FREQ 10
GSLB_DNS_PROBE_RETRIES 3
This example shows how to configure an HTTP probe named TREADER:
SLB-Switch(config-module-csm)# probe TREADER http
probe (SLB serverfarm configuration submode)
show module csm probe
Use the address command in SLB DNS probe configuration submode to specify an IP address of the real server used by DNS to resolve requests. Use the no form of this command to remove the address.
address ip-address
no address ip-address
ip-address |
Real server IP address. |
This command has no default settings.
SLB DNS probe configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
Multiple addresses can be configured for a DNS probe.
This example shows how to configure an IP address of the DNS server:
SLB-Switch(config-slb-probe-dns)# address 101.23.45.36
probe
address (icmp)
show module csm probe
Use the address command in SLB ICMP probe configuration submode to specify a destination IP address for health monitoring. Use the no form of this command to remove the address.
address ip-address
no address
ip-address |
Real server IP address. |
This command has no default settings.
SLB ICMP probe configuration submode.
|
|
---|---|
2.1(1) |
This command was introduced. |
One address can be configured for an ICMP probe.
This example shows how to configure an IP address of the real server:
SLB-Switch(config-slb-probe-icmp)# address 101.23.45.36
probe
address (dns)
show module csm probe
Use the credentials command in the SLB HTTP probe configuration submode to configure basic authentication values for an HTTP probe. Use the no form of this command to remove the credentials configuration.
credentials username [password]
no credentials
username |
Name that appears in the HTTP header. |
password |
(Optional) Password that appears in the HTTP header. |
This command has no default settings.
SLB HTTP probe configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
This command is for HTTP probes.
This example shows how to configure authentication for an HTTP probe:
SLB-Switch(config-slb-probe-http)# credentials seamless abercrombie
Use the expect status command in the SLB HTTP/FTP/Telnet/SMTP probe configuration submode to configure a status code for the probe. Use the no form of this command to remove the status code from the configuration.
expect status min-number [max-number]
no expect status min-number [max-number]
min-number |
Single status code if max-number is not specified. |
max-number |
(Optional) Maximum status code in a range. |
The default range is 0 to 999 (any response from the server is valid). Both min-number and max-number can be any number between 0 and 999, as long as max-number is not lower than min-number.
For example:
expect status 5 is the same as expect status 5 5
expect status 0 specifies a range of 0 to 4
expect status 900 999 specifies a range of 900 to 999.
You can specify many expected status ranges.
SLB HTTP/FTP/Telnet/SMTP probe configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
This command is for HTTP, FTP, Telnet, and SMTP probes. You can specify multiple status code ranges with this command by entering one command at a time. If you specify the max-number value, this number is used as the minimum status code of a range. If you specify no maximum number, this command uses a single number (min-number). If you specify both min-number and max-number values, this command uses the range between the numbers.
Note When you remove the expect status, you cannot set the range of numbers to 0 or as a range of numbers that includes the values you set for the expect status. The expect status state becomes invalid and does not restore the default range of 0 through 999. To remove the expect status, remove each set of numbers using the no expect status command. For example, enter the no expect status 0 3 command and then enter the no expect status 34 99 command.
This example shows how to configure an HTTP probe with multiple status code ranges:
SLB-Switch(config-slb-probe-http)# expect status 34 99
SLB-Switch(config-slb-probe-http)# expect status 0 33
SLB-Switch(config-slb-probe-http)#
Use the failed command in the SLB probe configuration submode to set the time to wait before probing a failed server. Use the no form of this command to reset the time to wait before probing a failed server to default.
failed failed-interval
no failed
failed-interval |
Time in seconds before retrying a failed server; the range is from 2 to 65535. |
The default value for the failed interval is 300 seconds.
SLB probe configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
This command is used for all probe types.
This example shows how to configure a failed server probe for 200 seconds:
SLB-Switch(config-slb-probe-http)# failed 200
Use the header command in the SLB HTTP probe configuration submode to configure a header field for the HTTP probe. Use the no form of this command to remove the credentials configuration.
header field-name [field-value]
no header field-name
field-name |
Name for the header being defined. |
field-value |
(Optional) Content for the header. |
This command has no default settings.
SLB HTTP probe configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
You can configure multiple headers for each HTTP probe. The length of the field-name value plus the length of the field-value value plus 4 (for ":", space, and CRLF) cannot exceed 255 characters. This command is for HTTP probes.
This example shows how to configure a header field for the HTTP probe:
SLB-Switch(config-slb-probe-http)# header abacadabra
Use the interval command in the SLB probe configuration submode to set the time interval between probes. Use the no form of this command to reset the time interval between probes to default.
interval seconds
no interval
seconds |
Number of seconds to wait between probes from the end of the previous probe to the beginning of the next probe; the range is from 2 to 65535. |
The default value for the interval between probes is 120 seconds.
SLB probe configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
This command is used for all probe types.
This example shows how to configure a probe interval of 150 seconds:
SLB-Switch(config-slb-probe-http)# interval 150
Use the kal-ap-udp command in the SLB probe configuration submode to set a probe for a Global Server Load Balancing (GSLB) target for load information. Use the no form of this command to remove the GSLB probe.
kal-ap-udp seconds
no kal-ap-udp
seconds |
Number of seconds to wait between probes from the end of the previous probe to the beginning of the next probe; the range is from 2 to 65535. |
The default value for the interval between probes is 120 seconds.
SLB probe configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
This command is used for all probe types.
This example shows how to configure a probe interval of 150 seconds:
SLB-Switch(config-slb-probe-http)# interval 150
Use the name command in the SLB DNS probe configuration submode to configure a domain name for the DNS probe. Use the no form of this command to remove the name from the configuration.
name domain-name
no name
domain-name |
Domain name that the probe sends to the DNS server. |
This command has no default settings.
SLB DNS probe configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to specify the probe name that is resolved by the DNS server:
SLB-Switch(config-slb-probe-dns)# name astro
Use the port command in the SLB probe configuration submode to configure an optional port for the DNS probe. Use the no form of this command to remove the port from the configuration.
port port-number
no port
port-number |
Sets the port number. |
The default value for the port number is 0.
This command is available in all SLB probe configuration submodes except ICMP.
|
|
---|---|
3.1(1) |
This command was introduced. |
When the port of a health probe is specified as 0, the health probe uses the configured port number from the real server (if a real server is configured) or the configured port number from the virtual server (if a virtual server is configured and no port is configured for the real server). The default port value is 0. For the ICMP probes, where there is no port number, the port value is ignored. The port command is available for all probe types except ICMP.
This example shows how to specify the port for the DNS server:
SLB-Switch(config-slb-probe-dns)# port 63
Use the open command in the SLB HTTP/TCP/FTP/Telnet/SMTP probe configuration submode to set the time to wait for a TCP connection. Use the no form of this command to reset the time to wait for a TCP connection to default.
open open-timeout
no open
open-timeout |
Maximum number of seconds to wait for the TCP connection; the range is from 1 to 65535. |
The default value for the open timeout is 10 seconds.
SLB HTTP/TCP/FTP/Telnet/SMTP probe configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
This command is not used for any non-TCP probes, for example, ICMP or DNS.
Note There are two different timeout values: open and receive. The open timeout specifies how many seconds to wait for the connection to open (that is, how many seconds to wait for SYN ACK after sending SYN). The receive timeout specifies how many seconds to wait for data to be received (that is, how many seconds to wait for an HTTP reply after sending a GET/HHEAD request). Because TCP probes close as soon as they open without sending any data, the receive timeout is not used.
This example shows how to configure a time to wait for a TCP connection of 5 seconds:
SLB-Switch(config-slb-probe-http)# open 5
Use the receive command in the SLB probe configuration submode to set the time to wait for a reply from a server. Use the no form of this command to reset the time to wait for a reply from a server to default.
receive receive-timeout
no receive
receive-timeout |
Number of seconds to wait for reply from a server; the range is from 1 to 65535. |
The default value for a receive timeout is 10 seconds.
SLB probe configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
This command is available for all probe types, except TCP.
Note There are two different timeout values: open and receive. The open timeout specifies how many seconds to wait for the connection to open (that is, how many seconds to wait for SYN ACK after sending SYN). The receive timeout specifies how many seconds to wait for data to be received (that is, how many seconds to wait for an HTTP reply after sending a GET/HHEAD request). Because TCP probes close as soon as they open without sending any data, the receive timeout is not used.
This example shows how to configures a time to wait for a reply from a server to 5 seconds:
SLB-Switch(config-slb-probe-http)# receive 5
Use the request command in the SLB HTTP probe configuration submode to configure the request method used by the HTTP probe. Use the no form of this command to remove the request method from the configuration.
request [method {get | head}]] [url path]
no request [method {get | head}] [url path]
The default path is /.
The default method is get.
SLB HTTP probe configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
The CSM supports only the get and head request methods. It does not support post and other methods. This command is for HTTP probes.
This example shows how to configure a request method for the probe configuration:
SLB-Switch(config-slb-probe-http)# request method head
Use the retries command in the SLB probe configuration submode to set the number of failed probes that are allowed before marking the server failed. Use the no form of this command to reset the number of failed probes allowed before marking a server as failed to default.
retries retry-count
no retries
retry-count |
Number of probes to wait before marking a server as failed; the range is from 0 to 65535. |
The default value for retries is 3.
SLB probe configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
This command is used for all probe types.
Note Set retries to 2 or more. If retries are set to 1, a single dropped probe packet will bring down the server. A setting of 0 places no limit on the number of probes that are sent. Retries are sent until the system reboots.
This example shows how to configure a retry count of 3:
SLB-Switch(config-slb-probe-http)# retries 3
Use the probe probe-name script command to create a script probe and enter the probe script configuration submode. Use the no form of this command to remove the probe from the configuration.
probe probe_name script
no probe probe_name script
probe_name |
Names the probe script |
script |
Keyword that specifies the creation of a probe script. |
This command has no default settings.
SLB probe script configuration submode.
This command enters a probe sub-mode that is similar to the existing CSM health probe sub-modes (such as HTTP, TCP, DNS, and SMTP). The script probe sub-mode contains the existing probe sub-mode commands failed, interval, open, receive, and retries.
|
|
---|---|
3.1(1) |
This command was introduced. |
This example shows how to create a script probe:
SLB-Switch(config-module-csm)# ip slb script file tftp://192.168.10.102/csmScripts
SLB-Switch(config-probe-script)# script echoProbe.tcl
SLB-Switch(config-probe-script)# interval 10
SLB-Switch(config-probe-script)# retries 1
SLB-Switch(config-probe-script)# failed 30
probe
script
failed
interval
open
receive
retries
show module csm probe
Use the script script-name [arg1 [arg2...]] command to create a script probe. Use the no form of this command to remove the probe from the configuration.
script script_name [arg1 [arg2...]]
no script script_name [arg1 [arg2...]]
script-name |
Names the probe script |
arg1, arg2 |
Keyword that specifies ??? |
This command has no default settings.
SLB probe script configuration submode.
This command enters a probe sub-mode that is similar to the existing CSM health probe sub-modes (such as HTTP, TCP, DNS, and SMTP). The script probe sub-mode contains the existing probe sub-mode commands failed, interval, open, receive, and retries.
|
|
---|---|
3.1(1) |
This command was introduced. |
This example shows how to create a script probe:
SLB-Switch(config-module-csm)# ip slb script file tftp://192.168.10.102/csmScripts
SLB-Switch(config-probe-script# script echoProbe.tcl
SLB-Switch(config-probe-script# interal 10
SLB-Switch(config-probe-script# retries 1
SLB-Switch(config-probe-script# failed 30
probe
failed
interval
open
receive
retries
show module csm probe
Use the failed command in the SLB probe scirpt configuration submode to set the time to wait before probing a failed server. Use the no form of this command to reset the time to wait before probing a failed server to default.
failed failed-interval
no failed
failed-interval |
Time in seconds before retrying a failed server; the range is from 2 to 65535. |
The default value for the failed interval is 300 seconds.
SLB probe script configuration submode.
|
|
---|---|
3.1(1) |
This command was introduced. |
This command is used for all probe types.
This example shows how to configure a failed server probe for 200 seconds:
SLB-Switch(config-slb-probe-http)# failed 200
probe
script
interval
open
receive
retries
show module csm probe
Use the interval command in the SLB probe script configuration submode to set the time interval between probes. Use the no form of this command to reset the time interval between probes to default.
interval seconds
no interval
seconds |
Number of seconds to wait between probes from the end of the previous probe to the beginning of the next probe; the range is from 2 to 65535. |
The default value for the interval between probes is 120 seconds.
SLB probe script configuration submode.
|
|
---|---|
3.1(1) |
This command was introduced. |
This command is used for all probe types.
This example shows how to configure a probe interval of 150 seconds:
SLB-Switch(config-slb-probe-http)# interval 150
probe
script
failed
open
receive
retries
show module csm probe
Use the open command in the SLB probe script configuration submode to set the time to wait for a reply from a server. Use the no form of this command to reset the time to wait for a reply from a server to default.
open open-timeout
no open
open-timeout |
Number of seconds to wait for reply from a server; the range is from 1 to 65535. |
The default value for a receive timeout is 10 seconds.
SLB probe script configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
This command is available for all probe types, except TCP.
Note There are two different timeout values: open and receive. The open timeout specifies how many seconds to wait for the connection to open (that is, how many seconds to wait for SYN ACK after sending SYN). The receive timeout specifies how many seconds to wait for data to be received (that is, how many seconds to wait for an HTTP reply after sending a GET/HHEAD request). Because TCP probes close as soon as they open without sending any data, the receive timeout is not used.
This example shows how to configures a time to wait for a reply from a server to 5 seconds:
SLB-Switch(config-slb-probe-http)# open 5
probe
script
failed
interval
receive
retries
show module csm probe
Use the receive command in the SLB probe configuration submode to set the time to wait for a reply from a server. Use the no form of this command to reset the time to wait for a reply from a server to default.
receive receive-timeout
no receive
receive-timeout |
Number of seconds to wait for reply from a server; the range is from 1 to 65535. |
The default value for a receive timeout is 10 seconds.
SLB probe configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
This command is available for all probe types, except TCP.
Note There are two different timeout values: open and receive. The open timeout specifies how many seconds to wait for the connection to open (that is, how many seconds to wait for SYN ACK after sending SYN). The receive timeout specifies how many seconds to wait for data to be received (that is, how many seconds to wait for an HTTP reply after sending a GET/HHEAD request). Because TCP probes close as soon as they open without sending any data, the receive timeout is not used.
This example shows how to configures a time to wait for a reply from a server to 5 seconds:
SLB-Switch(config-slb-probe-http)# receive 5
probe
script
failed
interval
open
retries
show module csm probe
Use the retries command in the SLB probe script configuration submode to set the number of failed probes that are allowed before marking the server failed. Use the no form of this command to reset the number of failed probes allowed before marking a server as failed to default.
retries retry-count
no retries
retry-count |
Number of probes to wait before marking a server as failed; the range is from 0 to 65535. |
The default value for retries is 3.
SLB probe script configuration submode.
|
|
---|---|
3.1(1) |
This command was introduced. |
This command is used for all probe types.
Note Set retries to 2 or more. If retries are set to 1, a single dropped probe packet will bring down the server. A setting of 0 places no limit on the number of probes that are sent. Retries are sent until the system reboots.
This example shows how to configure a retry count of 3:
SLB-Switch(config-slb-probe-script)# retries 3
probe
script
failed
interval
open
receive
show module csm probe
Use the real command in the SLB serverfarm configuration submode to identify a real server that is a member of the server farm and enter the real server configuration submode. Use the no form of this command to remove the real server from the configuration.
real ip-address [port]
no real ip-address [port]
ip-address |
Real server IP address. |
port |
(Optional) Port translation for the real server; the range is from 1 to 65535. |
The default is no port translation for the real server.
SLB serverfarm configuration submode.
Use this command to identify a real server that is a member of the server farm and enter the real server configuration submode.
Note The IP address that you supply provides a load-balancing target for the CSM. This target can be any IP addressable object. For example, the IP addressable object may be a real server, a firewall, or an alias IP address of another CSM.
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to identify a real server and enter the real server submode:
SLB-Switch(config-slb-sfarm)# real 102.43.55.60
SLB-Switch(config-slb-real)#
serverfarm
show module csm real
show module csm serverfarm
Use the inservice command in the SLB real server configuration submode to enable the real servers. Use the no form of this command to remove a real server from service.
inservice
no inservice
This command has no arguments or keywords.
The default for a real server is no inservice.
SLB real server configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to enable a real server:
SLB-Switch(config-slb-sfarm)# real 10.2.2.1
SLB-Switch(config-slb-real)# inservice
real (SLB serverfarm submode)
show module csm real
Use the maxconns command in the SLB real server configuration submode to limit the number of active connections to the real server. Use the no form of this command to change the maximum number of connections to its default value.
maxconns max-conns
no maxconns
max-conns |
Maximum number of active connections on the real server at any one point in time; the range is from 1 to 4294967295. |
The default value is the maximum value or infinite (not monitored).
SLB real server configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
When you specify minconns, you must also specify the maxconns command.
This example shows how to limit the connections to a real server:
SLB-Switch(config-slb-sfarm)# real 10.2.2.1
SLB-Switch(config-slb-real)# maxconns 4000
minconns (real server submode)
real (serverfarm submode)
show module csm real
Use the minconns command in the SLB real server configuration submode to establish a minimum connection threshold for the real server. Use the no form of this command to change the minimum number of connections to the default value.
minconns min-cons
no minconns
min-cons |
Minimum number of connections allowed on the real server; the range is from 0 to 4294967295. |
The default value is no minconns.
SLB real server configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
When the maxconns threshold is exceeded, the CSM stops sending connections until the number of connections falls below the minconns threshold. This value must be lower than the maximum number of connections configured by the maxconns command. When you specify minconns, you must also specify the maxconns command.
This example shows how to establish a minimum connection threshold for a server:
SLB-Switch(config-slb-sfarm)# real 102.2.2.1
SLB-Switch(config-slb-real)# minconns 4000
maxconns (real server submode)
real (serverfarm submode)
show module csm real
Use the probe command in the SLB real server configuration submode to configure a probe for the real server. Use the no form of this command to remove the probe from the configuration.
probe probe-name tag string
no probe
probe-name |
Names the probe. |
tag |
Keyword to specify a tag for the probe. |
string |
Specifies a string to identify the probe. |
This command has no default values.
SLB real server configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to configurre a probe for a server:
SLB-Switch(config-slb-sfarm)# real 102.2.2.1
SLB-Switch(config-slb-real)# probe mission tag 12345678
real (serverfarm submode)
show module csm real
Use the redirect-vserver command in the SLB real server configuration submode to configure a real server to receive traffic redirected by a redirect virtual server. Use the no form of this command to specify that traffic is not redirected to the real server.
redirect-vserver name
no redirect-vserver
name |
Name of the virtual server that has its requests redirected. |
The default is no redirect-vserver.
SLB real server configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
Mapping real servers to redirect virtual servers provides persistence for clients to real servers across TCP sessions. Before using this command, you must create the redirect virtual server in serverfarm submode with the redirect-vserver command.
This example shows how to map a real server to a virtual server:
SLB-Switch(config-slb-sfarm)# real 10.2.2.1
SLB-Switch(config-slb-real)# redirect-vserver timely
real (SLB serverfarm configuration submode)
redirect-vserver (SLB serverfarm configuration submode)
show module csm real
show module csm vserver redirect
Use the weight command in the SLB real server configuration submode to configure the capacity of the real servers in relation to the other real servers in the server farm. Use the no form of this command to change the server's weight to its default capacity.
weight weighting-value
no weight
weighting-value |
Value to use for the server farm predictor algorithm; the range is from 1 to 100. |
The weighting value default is 8.
SLB real server configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to configure the weight of a real server:
SLB-Switch(config-slb-sfarm)# real 10.2.2.1
SLB-Switch(config-slb-real)# weight 8
predictor (SLB serverfarm submode)
real (SLB serverfarm submode)
show module csm real
Use the redirect-vserver command to specify the name of a virtual server to receive traffic redirected by the server farm and enter redirect virtual server configuration submode. Use the no form of this command to remove the redirect virtual server.
redirect-vserver name
no redirect-vserver name
name |
Name of the virtual server to receive traffic redirected by the server farm; the virtual server name can be no longer than 15 characters. |
This command has no default settings.
SLB serverfarm configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to name the virtual server:
SLB-Switch(config-slb-sfarm)# redirect-vserver quantico
real (SLB serverfarm submode)
redirect-vserver (SLB real server submode)
serverfarm
show module csm serverfarm
show module csm vserver redirect
Use the advertise command in the SLB redirect virtual server configuration mode to allow the CSM to advertise the IP address of the virtual server as host-route. Use the no form of this command to stop advertising the host-route for this virtual server.
advertise [active]
no advertise
active |
(Optional) Keyword to allow the CSM to advertise the IP address of the virtual server as host-route. |
The default for network mask is 255.255.255.255 if the network mask is not specified.
SLB redirect virtual server configuration submode.
Without the active option, the CSM always advertises the virtual server IP address whether or not there is any active real server attached to this virtual server.
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to restrict a client from using the redirect virtual server:
SLB-Switch(config-slb-redirect-vs)# advertise 10.5.2.1 exclude
vserver
show module csm vserver redirect
Use the client command in the SLB redirect virtual server configuration mode to restrict which clients are allowed to use the redirect virtual server. Use the no form of this command to remove the client definition from the configuration.
client ip-address [network-mask] [exclude]
no client ip-address [network-mask]
ip-address |
Client's IP address. |
network-mask |
(Optional) Client's IP mask. |
exclude |
(Optional) Keyword to specify that the IP address is disallowed. |
The default for network mask is 255.255.255.255 if the network mask is not specified.
SLB redirect virtual server configuration submode.
The network mask is applied to the source IP address of incoming connections and the result must match the IP address before the client is allowed to use the virtual server. If you do not specify exclude, the IP address and network mask combination is allowed.
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to restrict a client from using the redirect virtual server:
SLB-Switch(config-slb-redirect-vs)# client 10.5.2.1 exclude
client-group (SLB policy submode)
vserver
show module csm vserver redirect
Use the idle command in the SLB redirect virtual server configuration submode to specify the connection idle timer duration. Use the no form of this command to disable the idle timer.
idle duration
no idle
duration |
SLB connection idle timer in seconds; the range is from 4 to 65535. |
The default is 3600.
SLB redirect virtual server configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to specify the connection idle timer duration:
SLB-Switch(config-slb-redirect-vs)# idle 7
redirect-vserver (SLB serverfarm submode)
show module csm vserver redirect
Use the inservice command in the SLB redirect virtual server configuration submode to enable the real server for use by the CSM. If this command is not specified, the virtual server is defined but not used. Use the no form of this command to disable the virtual server.
inservice
no inservice
This command has no arguments or keywords.
The default is no inservice.
SLB redirect virtual server configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to enable a redirect virtual server for use by the CSM:
SLB-Switch(config-slb-redirect-vs)# inservice
redirect-vserver (SLB serverfarm submode)
show module csm vserver redirect
Use the replicate csrp command in the SLB redirect virtual server configuration submode to enable connection redundancy. Use the no form of this command to remove connection redundancy.
replicate csrp
no replicate csrp
This command has no keywords or arguments.
The default is no replicate csrp.
SLB virtual server configuration submode.
|
|
---|---|
2.1(1) |
This command was introduced. |
This example shows how to enable connection redundancy:
SLB-Switch(config-slb-redirect-vs)# replicate csrp
vserver
show module csm vserver redirect
Use the ssl command in the SLB redirect virtual server configuration submode to redirect an HTTP request to either HTTPS (SSL)_ or the FTP service. Use the no form of this command to reset the redirect of an HTTP request to an HTTP service.
ssl {https | ftp | ssl-port-number}
no ssl
ssl-port-number |
SSL port number; the range is from 1 to 65535. |
The default is no ssl forwarding.
SLB redirect virtual server configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to enable SSL forwarding:
SLB-Switch(config-slb-redirect-vs)# ssl 443
redirect-vserver (SLB serverfarm submode)
show module csm vserver redirect
Use the virtual command in SLB redirect virtual server configuration submode to specify the virtual server's IP address, the protocol used for traffic, and the port the protocol is using. Use the no form of this command to reset the virtual server to its defaults.
virtual v_ipaddress tcp port
no virtual v_ipaddress
v_ipaddress |
Redirect virtual server's IP address. |
tcp |
Keyword to specify the protocol used for redirect virtual server traffic. |
port |
Port number used by the protocol. |
The default IP address is 0.0.0.0, which prevents packet forwarding.
SLB redirect virtual server configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to specify the virtual server's IP address, the protocol for redirect virtual server traffic, and the port number used by the protocol:
SLB-Switch(config-slb-redirect)# virtual 130.32.44.50 tcp 80
redirect-vserver (SLB serverfarm submode)
show module csm vserver redirect
Use the vlan command in the SLB redirect virtual server submode to define which source VLANs can be accessed on the redirect virtual server. Use the no form of this command to remove the VLAN.
vlan {vlan-number | all}
no vlan
vlan-number |
VLAN the virtual server may access. |
all |
(Optional) Keyword to specify all VLANs are accessed by the virtual server. |
The default is all VLANs.
SLB virtual server configuration submode.
|
|
---|---|
2.1(1) |
This command was introduced. |
This example shows how to specify a VLAN for redirect virtual server access:
SLB-Switch(config-slb-redirect-vs)# vlan 5
sticky
sticky-group (SLB policy submode)
show module csm sticky
show module csm vserver redirect
Use the webhost backup command in SLB redirect virtual server configuration submode to specify a backup string sent in response to HTTP requests. Use the no form of this command to disable the backup string.
webhost backup backup-string [301 | 302]
webhost backup
The default status code is 302.
SLB redirect virtual server configuration submode.
This command is used in situations where the redirect virtual server has no available real servers. 301 or 302 is used to specify the redirect code. The backup string may include a %p at the end to indicate inclusion of the path in the HTTP redirect location statement field.
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to specify a backup string that is sent in response to HTTP requests:
SLB-Switch(config-slb-redirect-vs)# webhost backup www.mybackup.com%p 301
redirect-vserver (SLB serverfarm submode)
show module csm vserver redirect
Use the webhost relocation command in the SLB redirect virtual server configuration submode to specify a relocation string sent in response to HTTP requests. Use the no form of this command to disable the relocation string.
webhost relocation relocation string [301 | 302]
no webhost relocation
The default status code is 302.
SLB redirect virtual server configuration submode.
The backup string may include a %p at the end to indicate inclusion of the path in the HTTP redirect location statement field.
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to specify a relocation string that is sent in response to HTTP requests:
SLB-Switch(config-slb-redirect-vs)# webhost relocation www.myhome1.com%p 301
redirect-vserver (SLB serverfarm submode)
show module csm vserver redirect
Use the script file command to load scripts into a script file. Use the no form of this command to remove the script file command from the configuration.
script file file-url
no script file
file-url |
Sets the standard Cisco IOS file name, such as bootflash:webprobe.tcl. |
This command has no default settings.
Module CSM configuration submode.
The file-url is a standard Cisco IOS file name such as bootflash:webprobe.tcl.
|
|
---|---|
3.1(1) |
This command was introduced. |
This example shows how to load scripts into a script file:
SLB-Switch(config-module-csm)# script file file-url
Use the script task command to run a standalone task. Use the no form of this command to remove the standalone task from the configuration.
script task script-index script-name [arg1 [arg2...]]
no script task script-index
This command has no default settings.
Module CSM configuration submode.
|
|
---|---|
3.1(1) |
This command was introduced. |
This example shows how to run a standalone script:
SLB-Switch(config-module-csm)# script task 30 filerun
Use the serverfarm command to identify a server farm and enter the serverfarm configuration submode. Use the no form of this command to remove the server farm from the configuration.
serverfarm serverfarm-name
no serverfarm serverfarm-name
serverfarm-name |
Character string used to identify the server farm; the character string is limited to 15 characters. |
This command has no default settings.
Module CSM configuration submode.
Use this command to enter the server farm configuration submode to configure the load-balancing algorithm (predictor), a set of real servers, and the attributes (NAT, probe, and bindings) of the real servers.
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to identify a server farm named PUBLIC and change the CLI to server farm configuration mode:
SLB-Switch(config-module-csm)# serverfarm PUBLIC
reverse-sticky (SLB policy configuration submode)
serverfarm (SLB virtual server configurations submode)
show module csm serverfarm
Use the bindid command in the SLB serverfarm configuration submode to assign a unique ID to allow the DFP agent to differentiate a real server in one server farm versus another server farm. Use the no form of this command to disable the bindid.
bindid [bind-id]
no bindid
bind-id |
(Optional) Identification number for each binding; the range is from 0 to 65533. |
The default is 0.
SLB serverfarm configuration submode.
The single real server is represented as multiple instances of itself, each having a different bind identification. DFP uses this identification to identify a given weight for each instance of the real server.
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to bind a server to multiple virtual servers:
SLB-Switch(config-slb-sfarm)# bindid 7
dfp
serverfarm
show module csm serverfarm
Use the failaction purge command in the SLB serverfarm configuration submode to set the behavior of connections to real servers that have failed. Use the no form of this command to disable the behavior of connections to real servers that have failed.
failaction purge
no failaction purge
This command has no arguments or keywords.
The default is no failaction purge.
SLB serverfarm configuration submode.
With this command enabled, connections to a real server in the server farm are purged when the real server goes down. This feature is required for VPN load balancing.
|
|
---|---|
2.1(1) |
This command was introduced. |
This example shows how to set the behavior of connections to real servers that have failed:
SLB-Switch(config-slb-sfarm)# failaction purge
dfp
serverfarm
show module csm serverfarm
Use the health command in the SLB serverfarm configuration submode to set the retry attempts to real servers that have failed. Use the no form of this command to disable the retries or the time to wait for connections to real servers that have failed.
health retries count failed seconds
no health
There are no default settings.
SLB serverfarm configuration submode.
|
|
---|---|
2.2(1) |
This command was introduced. |
This example shows how to set the behavior of connections to real servers that have failed:
SLB-Switch(config-slb-sfarm)# health retries 20 failed 200
dfp
serverfarm
show module csm serverfarm
Use the nat client command in SLB serverfarm configuration submode to specify a set of client NAT pool addresses that should be used to perform the NAT function on clients connecting to this server farm. Use the no form of this command to remove the NAT pool from the configuration.
nat client client-pool-name
no nat client
client-pool-name |
Client pool name. |
This command has no default settings.
SLB serverfarm configuration submode.
Use this command to enable client NAT. If client NAT is configured, the client address and port number in load-balanced packets are replaced with an IP address and port number from the specified client NAT pool. This client pool name must match the pool name entered from a previous natpool command.
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to specify NAT on the client:
SLB-Switch(config-slb-sfarm)# nat client whishers
natpool
serverfarm
nat server
predictor
show module csm serverfarm
Use the nat server command in SLB serverfarm configuration submode to specify NAT to servers in this server farm. Use the no form of this command to disable server NAT.
nat server
no nat server
This command has no arguments or keywords.
Server NAT is enabled by default.
SLB server farm configuration submode.
Use this command to enable server NAT. If server NAT is configured, the server address and port number in load-balanced packets are replaced with an IP address and port number of one of the real servers in the server farm.
Note The nat server command has no effect when predictor forward is configured, because no servers can be configured.
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to specify NAT on the server:
SLB-Switch(config-slb-sfarm)# nat server
serverfarm
nat client
predictor
show module csm serverfarm
Use the predictor command in the SLB serverfarm configuration submode to specify the load-balancing algorithm for the server farm. Use the no form of this command to remove the load-balancing algorithm.
predictor {roundrobin | leastconns | hash url | hash address [source | destination] [ip-netmask] | forward}]
no predictor
The default algorithm is round robin.
SLB serverfarm configuration submode.
Use this command to define the load-balancing algorithm used in choosing a real server in the server farm. If you do not specify the predictor command, the default algorithm is roundrobin. Using the no form of this command changes the predictor algorithm to the default algorithm.
Note The nat server command has no effect when predictor forward is configured, because no servers can be configured.
The portion of the URL to hash is based on the expressions configured for the virtual server submode command url-hash.
No real servers are needed. The server farm is actually a route forwarding policy with no real servers associated with it.
This example shows how to specify the load-balancing algorithm for the server farm:
SLB-Switch(config-module-csm)# serverfarm PUBLIC
SLB-Switch(config-slb-sfarm)# predictor leastconns
nat client
nat server
maxconns
minconns
serverfarm
show module csm serverfarm
serverfarm (SLB virtual server configuration submode)
Use the probe command in the SLB serverfarm configuration submode to associate a probe with a server farm. Use the no form of this command to disable a specific probe.
probe probe-name
no probe probe-name
probe-name |
Probe name associated with the server farm. |
This command has no default settings.
SLB serverfarm configuration submode.
Each server farm can be associated with multiple probes of the same or different protocols. Protocols supported by the CSM include HTTP, ICMP, TCP, FTP, SMTP, Telnet, and DNS.
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to associate a probe with a server farm:
SLB-Switch(config-slb-sfarm)# probe general
probe (Module CSM configuration submode)
serverfarm
show module csm probe
show module csm serverfarm
Use the retcode-map command in the SLB serverfarm configuration submode to assign a return code map to a server farm. Use the no form of this command to disable a specific probe.
retcode-map retcodemap_name
no retcode-map
retcodemap_name |
Return code map name associated with the server farm. |
This command has no default settings.
SLB serverfarm configuration submode.
|
|
---|---|
2.2(1) |
This command was introduced. |
This example shows how to associate a probe with a server farm:
SLB-Switch(config-slb-sfarm)# retcode-map return_stats
map retcode (Module CSM configuration submode)
serverfarm
show module csm serverfarm
Use the show module csm slot arp command to display the CSM ARP cache.
show module csm slot arp
slot |
Slot where the CSM resides. |
This command has no default settings.
Privileged EXEC.
|
|
---|---|
1.1(1) |
This command was introduced as show ip slb arp. |
2.1(1) |
This command was changed to show module csm slot (for ip slb mode rp only). |
This example shows how to display the CSM ARP cache:
SLB-Switch# show module csm 4 arp
Internet Address Physical Interface VLAN Type Status
--------------------------------------------------------------------
10.10.3.100 00-01-64-F9-1A-02 0 VSERVER local
10.10.3.1 00-D0-02-58-B0-00 11 GATEWAY up(0 misses)
10.10.3.2 00-30-F2-71-6E-10 11/12 --SLB-- local
10.10.3.10 00-D0-B7-82-38-97 12 REAL up(0 misses)
10.10.3.20 00-D0-B7-82-38-97 12 REAL up(0 misses)
10.10.3.30 00-D0-B7-82-38-97 12 REAL up(0 misses)
10.10.3.40 00-00-00-00-00-00 12 REAL down(1 misses)
Use the show module csm slot conns command to display active connections.
show module csm slot conns [vserver virtserver-name] [client ip-address] [detail]
If no options are specified, the command displays output for all active connections.
Privileged EXEC.
|
|
---|---|
1.1(1) |
This command was introduced as show ip slb conns. |
2.1(1) |
This command was changed to show module csm slot (for ip slb mode rp only). |
This example shows how to display active connection data:
SLB-Switch# show module csm 4 conns
prot vlan source destination state
----------------------------------------------------------------------
In TCP 11 100.100.100.2:1754 10.10.3.100:80 ESTAB
Out TCP 12 100.100.100.2:1754 10.10.3.20:80 ESTAB
In TCP 11 100.100.100.2:1755 10.10.3.100:80 ESTAB
Out TCP 12 100.100.100.2:1755 10.10.3.10:80 ESTAB
SLB-Switch# show module csm 4 conns detail
prot vlan source destination state
----------------------------------------------------------------------
In TCP 11 100.100.100.2:1754 10.10.3.100:80 ESTAB
Out TCP 12 100.100.100.2:1754 10.10.3.20:80 ESTAB
vs = WEB_VIP, ftp = No, csrp = False
In TCP 11 100.100.100.2:1755 10.10.3.100:80 ESTAB
Out TCP 12 100.100.100.2:1755 10.10.3.10:80 ESTAB
vs = WEB_VIP, ftp = No, csrp = False
Use the show module csm slot dfp command to display DFP agent and manager information, such as passwords, timeouts, retry counts, and weights.
show module csm slot dfp [agent [detail | ip-address port] | manager [ip_addr] | detail | weights]
If no options are specified, the command displays summary information.
Privileged EXEC.
This example shows all available DFP data:
SLB-Switch# show module csm 4 dfp detail
This example shows information about weights:
SLB-Switch# show module csm 4 dfp weights
This example, with no options specified, shows summary information:
SLB-Switch# show module csm 4 dfp
dfp
agent (SLB DFP configuration submode)
manager (SLB DFP configuration submode)
Use the show module csm slot ft command to display statistics and counters for the CSM fault-tolerant pair.
show module csm slot ft [detail]
detail |
(Optional) Keyword to display more detailed information. |
No values are displayed.
Privileged EXEC.
|
|
---|---|
1.1(1) |
This command was introduced as show ip slb ft. |
2.1(1) |
This command was changed to show module csm slot (for ip slb mode rp only). |
This example shows how to display the statistics and counters for the CSM fault-tolerant pair:
SLB-Switch# show module csm 4 ft
FT group 2, vlan 30
This box is active
priority 10, heartbeat 1, failover 3, preemption is off
Use the show module csm slot map command to display information about URL maps.
show module csm slot map [url | cookie | header | retcode] [name map-name] [detail]
This command has no default settings.
Privileged EXEC.
This example shows how to display URL maps associated with a Content Switching policy:
SLB-Switch# show module csm 4 map url
URL map UHASH_UMAP
COOKIE map UHASH_CMAP1
COOKIE map UHASH_CMAP2
6k#show ip slb map detail
URL map UHASH_UMAP rules:
*aabb*
COOKIE map UHASH_CMAP1 rules:
name:foo value:*asdgjasgdkjsdkgjsasdgsg*
COOKIE map UHASH_CMAP2 rules:
name:bar value:*asdgjasgdkjsdkgjsasdgsg*
This example shows how to display return code maps:
SLB-Switch#show module csm 5 map retcode detail
RETCODE map HTTPCODES rules:
return codes:401 to 401 action:log threshold:5 reset:120
return codes:402 to 415 action:count threshold:0 reset:0
return codes:500 to 500 action:remove threshold:3 reset:0
return codes:503 to 503 action:remove threshold:3 reset:0
Use the show module csm slot memory command to display information about memory use.
show module csm slot memory [vserver vserver-name] [detail]
slot |
Slot where the CSM resides. |
vserver |
(Optional) Keyword to specify the virtual server configuration. |
vserver-name |
(Optional) Option to restrict output to the named virtual server. |
This command has no default settings.
Privileged EXEC.
This example shows how to display the memory usage of virtual servers:
SLB-Switch# show module csm 4 memory
slb vserver total bytes memory by type
-----------------------------------------------------------------------
WEB_VIP 0 0 0
FTP_VIP 0 0 0
Total(s): 0 0
Out of Maximum: 261424 261344
parse-length (SLB virtual server configuration submode)
Use the show module csm slot natpool command to display NAT configurations.
show module csm slot natpool [name pool-name] [detail]
This command has no default settings.
Privileged EXEC.
|
|
---|---|
1.1(1) |
This command was introduced as show ip slb natpool. |
2.1(1) |
This command was changed to show module csm slot (for ip slb mode rp only). |
This example shows how to display results of the default show module csm slot natpool command:
SLB-Switch# show module csm 4 natpool
nat client B 1.1(1).6 1.1(1).8 Netmask 255.255.255.0
nat client A 1.1(1).1 1.1(1).5 Netmask 255.255.255.0
This example shows how to display results of the show module csm slot natpool command with the detail variable:
SLB-Switch# show module csm 4 natpool detail
nat client A 1.1(1).1 1.1(1).5 Netmask 255.255.255.0
Start NAT Last NAT Count ALLOC/FREE
-------------------------------------------------------
1.1(1).1:11001 1.1(1).1:16333 0005333 ALLOC
1.1(1).1:16334 1.1(1).1:19000 0002667 ALLOC
1.1(1).1:19001 1.1(1).5:65535 0264675 FREE
Use the show module csm slot owner command to display the current connections count for the specified owner objects.
show module csm slot owner [name owner-name] [detail]
This command has no default settings.
Privileged EXEC.
|
|
---|---|
3.1(1) |
This command was introduced. |
Detailed information about an owner object lists the virtual servers in that group with each virtual server's state and current connections count.
The MAXCONNS state is displayed for a virtual server when the current connections counter is equal to the configured maxconns value. Counters for the number of connections dropped due to the virtual server being in this state are added. The show module csm slot stats and show module csm slot vserver detail command output displays these counters on a global and per-virtual server basis, respectively.
This example shows how to display results of the default show module csm slot owner command:
SLB-Switch# show module csm 4 owner
This example shows how to display results of the show module csm slot owner command with the detail variable:
SLB-Switch# show module csm 4 owner detail
Use the show module csm slot policy command to display a policy configuration.
show module csm slot policy [name policy-name]
slot |
Slot where the CSM resides. |
name |
(Optional) Keyword to display a specific policy. |
policy-name |
(Optional) Policy name string to display. |
This command has no default settings.
Privileged EXEC.
|
|
---|---|
1.1(1) |
This command was introduced as show ip slb policy. |
2.1(1) |
This command was changed to show module csm slot (for ip slb mode rp only). |
This example shows how to display a policy configuration:
SLB-Switch# show module csm 4 policy
policy: PC1_UHASH_T1
sticky group: 20
serverfarm: SF_UHASH_T1
policy: PC1_UHASH_T2
sticky group: 30
serverfarm: SF_UHASH_T2
policy: PC1_UHASH_T3
url map: UHASH_UMAP
serverfarm: SF_UHASH_T3
policy: PC1_UHASH_T4
cookie map: UHASH_CMAP1
serverfarm: SF_UHASH_T4
policy: PC2_UHASH_T4
cookie map: UHASH_CMAP2
serverfarm: SF_UHASH_T4
SLB-Switch#
Use the show module csm slot probe command to display HTTP or ping probe data.
show module csm slot probe [http | icmp | telnet | tcp | ftp | smtp | dns] [name probe_name] [detail]
This command has no default settings.
Privileged EXEC.
|
|
---|---|
1.1(1) |
This command was introduced as show ip slb probe. |
2.1(1) |
This command was changed to show module csm slot (for ip slb mode rp only). |
This example shows how to display probe data:
SLB-Switch# show module csm 4 probe
probe type interval retries failed open receive
--------------------------------------------------------------------
PB_ICMP1 icmp 60 1 5 10
PB_HTTP1 http 60 1 10 10 10
PB_TCP1 tcp 60 1 10 10 10
PB_FTP1 ftp 60 1 10 10 10
PB_TELNET1 telnet 60 1 10 10 10
PB_SMTP1 smtp 60 1 10 10 10
Use the show module csm slot probe script [name probe -name] [detail] command to display probe script data.
show module csm slot probe script [name probe -name] [detail]
This command has no default settings.
Privileged EXEC.
|
|
---|---|
3.1(1) |
This command was introduced. |
This example shows how to display probe data:
SLB-Switch# show module csm 4 probe script detail
Use the show module csm slot real command to display information about real servers.
show module csm slot real [sfarm sfarm-name] [detail]
If no options are specified, the command displays information about all real servers.
Privileged EXEC.
|
|
---|---|
1.1(1) |
This command was introduced as show ip slb real. |
2.1(1) |
This command was changed to show module csm slot (for ip slb mode rp only). |
This example shows Cisco IOS SLB real server data:
SLB-Switch# show module csm 4 real
real server farm weight state conns
-------------------------------------------------------------------
10.10.3.10 FARM1 20 OPERATIONAL 0
10.10.3.20 FARM1 16 OUTOFSERVICE 0
10.10.3.30 FARM1 10 OPERATIONAL 0
10.10.3.40 FARM1 10 FAILED 0
SLB-Switch# show mod csm 5 real detail
10.1.0.102, FARM1, state = OPERATIONAL
Inband health:remaining retries = 3
conns = 0, maxconns = 4294967295, minconns = 0
weight = 8, weight(admin) = 8, metric = 0, remainder = 0
total conns established = 0, total conn failures = 0
10.1.0.101, FARM1, state = OPERATIONAL
Inband health:remaining retries = 3
conns = 0, maxconns = 4294967295, minconns = 0
weight = 8, weight(admin) = 8, metric = 0, remainder = 0
total conns established = 0, total conn failures = 0
10.1.0.101, FARM2, state = OPERATIONAL
conns = 2, maxconns = 4294967295, minconns = 0
weight = 8, weight(admin) = 8, metric = 0, remainder = 2
total conns established = 7, total conn failures = 0
Table A-1 describes the fields in the display.
real (SLB serverfarm configuration submode)
Use the show module csm slot real retcode command to display information about the return code configuration.
show module csm slot real retcode [sfarm sfarm-name] [detail]
If no options are specified, the command displays information about all real servers.
Privileged EXEC.
|
|
---|---|
2.2.1 |
This command was introduced. |
This example shows Cisco IOS SLB real server return code data:
SLB-Switch# show module csm 5 real retcode
10.1.0.101, FARM2, state = OPERATIONAL
retcode-map = HTTPCODES
retcode action count reset-seconds reset-count
------------------------------------------------------
401 log 3 0 1
404 count 62 0 0
500 remove 1 0 0
real (SLB serverfarm configuration submode)
Use the show module csm slot script command to display the contents of all loaded scripts.
show module csm slot script [name full_file_URL] [code]
This command has no default settings.
Privileged EXEC.
|
|
---|---|
3.1(1) |
This command was introduced. |
This example shows how to display script file contents:
SLB-Switch# show module csm slot script [name script-name] [code]
Use the show module csm slot script task command to display all loaded scripts.
show module csm slot script task [index script-index] [detail]
This command has no default settings.
Privileged EXEC.
|
|
---|---|
3.1(1) |
This command was introduced. |
This example shows how to display A running script:
SLB-Switch# show module csm slot script
script file
script task
show module csm script
Use the show module csm slot serverfarm command to display information about a server farm.
show module csm slot serverfarms [name serverfarm-name] [detail]
This command has no default settings.
Privileged EXEC.
|
|
---|---|
1.1(1) |
This command was introduced as show ip slb serverfarm. |
2.1(1) |
This command was changed to show module csm slot (for ip slb mode rp only). |
This example shows how to display server farm data:
SLB-Switch# show module csm 4 serverfarm
server farm predictor nat reals redirect bind id
-------------------------------------------------------------
FARM1 RoundRobin S 4 0 0
VIDEO_FARM RoundRobin S 5 0 0
AUDIO_FARM RoundRobin S 2 0 0
FTP RoundRobin S 3 0 0
Table A-2 describes the fields in the display.
This example shows how to display only the details for one server farm:
SLB-Switch# show mod csm 5 serverfarm detail
FARM1, predictor = RoundRobin, nat = SERVER, CLIENT(CLNAT1)
virtuals inservice:4, reals = 2, bind id = 0, fail action = none
inband health config:retries = 3, failed interval = 200
retcode map = <none>
Real servers:
10.1.0.102, weight = 8, OPERATIONAL, conns = 0
10.1.0.101, weight = 8, OPERATIONAL, conns = 0
Total connections = 0
FARM2, predictor = RoundRobin, nat = SERVER, CLIENT(CLNAT1)
virtuals inservice:2, reals = 1, bind id = 0, fail action = none
inband health config:<none>
retcode map = HTTPCODES
Real servers:
10.1.0.101, weight = 8, OPERATIONAL, conns = 2
Total connections = 2
Use the show module csm slot static command to display information about server NAT configurations.
show module csm slot static [drop | nat {ip-address | virtual}]
This command has no default settings.
Privileged EXEC.
|
|
---|---|
1.1(1) |
This command was introduced as show ip slb static. |
2.1(1) |
This command was changed to show module csm slot (for ip slb mode rp only). |
This example shows how to display static data:
SLB-Switch# show module csm 4 static nat
static
real (SLB static NAT configuration submode)
Use the show module csm slot static server command to display information about actual servers that are having NAT performed.
show module csm slot static server [ip-address] [drop | nat {ip-address | virtual} | pass-through]
This command has no default settings.
Privileged EXEC.
|
|
---|---|
1.1(1) |
This command was introduced as show ip slb static server. |
2.1(1) |
This command was changed to show module csm slot (for ip slb mode rp only). |
This example shows how to display static server data:
SLB-Switch# show module csm 4 static server
Server NAT Type
----------------------------------------------
10.10.3.10 NAT to 100.100.100.100
10.10.3.20 No NAT
10.10.3.30 NAT to 100.100.100.100
10.10.3.40 No NAT
Cat6k-1#
static
real (SLB static NAT configuration submode)
Use the show module csm slot stats command to display SLB statistics.
show module csm slot stats
slot |
Slot where the CSM resides. |
This command has no default settings.
Privileged EXEC.
|
|
---|---|
1.1(1) |
This command was introduced as show ip slb stats. |
2.1(1) |
This command was changed to show module csm slot (for ip slb mode rp only). |
This example shows how to display SLB statistics:
SLB-Switch# show module csm 4 stats
Connections Created: 180
Connections Destroyed: 180
Connections Current: 0
Connections Timed-Out: 0
Connections Failed: 0
L4 Load-Balanced Decisions:180
L4 Rejected Connections: 0
L7 Load-Balanced Decisions:0
L7 Rejected Connections:
Total:0, Parser:0,
Reached max parse len:0, Cookie out of mem:0,
Cfg version mismatch:0, Bad SSL2 format:0
L4/L7 Rejected Connections:
No policy:0, No policy match 0,
No real:0, ACL denied 0,
Server initiated:0
Checksum Failures: IP:0, TCP:0
Redirect Connections:0, Redirect Dropped:0
FTP Connections: 0
MAC Frames:
Tx:Unicast:1506, Multicast:0, Broadcast:50898,
Underflow Errors:0
Rx:Unicast:2385, Multicast:6148349, Broadcast:53916,
Overflow Errors:0, CRC Errors:0
Table A-3 describes the fields in the display.
Use the show module csm slot status command to display if the CSM is online. If the CSM is online, this command shows the CSM chassis slot location and indicates if the configuration download is complete.
show module csm slot status
slot |
Slot where the CSM resides. |
This command has no default settings.
Privileged EXEC.
|
|
---|---|
1.1(1) |
This command was introduced as show ip slb status. |
2.1(1) |
This command was changed to show module csm slot (for ip slb mode rp only). |
This example shows how to display CSM status:
SLB-Switch# show module csm 4 status
SLB Module is online in slot 4.
Configuration Download state:COMPLETE, SUCCESS
Use the show module csm slot sticky command to display the sticky database.
show module csm slot sticky [groups | client ip_address]
If no options are specified, the command displays information about all clients.
Privileged EXEC.
|
|
---|---|
1.1(1) |
This command was introduced as show ip slb sticky. |
2.1(1) |
This command was changed to show module csm slot (for ip slb mode rp only. |
This command only displays the database of clients using IP stickiness; it does not show cookie or SSL.
This example shows how to display the sticky database:
SLB-Switch# show module csm 4 sticky groups
Group Timeout Type
------------------------------------------------------------
20 100 netmask 255.255.255.255
30 100 cookie foo
sticky
sticky (SLB virtual server configuration submode)
Use the show module csm slot tech-script command to display the status of a script.
show module csm slot tech-script
slot |
Slot where the CSM resides. |
If no options are specified, the command displays all information.
Privileged EXEC.
|
|
---|---|
3.1(1) |
This command was introduced. |
This example shows how to display the technical support information for the CSM:
SLB-Switch# show module csm 4 tech-script
Use the show module csm slot tech-support command to display technical support information for the CSM.
show module csm slot tech-support [all | processor num | redirect | slowpath | probe | fpga | core-dump]
If no options are specified, the command displays all information.
Privileged EXEC.
|
|
---|---|
1.1(1) |
This command was introduced as show ip slb tech-support. |
2.1(1) |
This command was changed to show module csm slot (for ip slb mode rp only). |
This example shows how to display the technical support information for the CSM:
SLB-Switch# show module csm 4 tech-support ?
all All tech output
core-dump Most recent core dump
fpga FPGA info output
ft Fault Tolerance info output
probe Probe info output
processor Processor info output
redirect HTTP redirect info output
slowpath Slowpath info output
SLB-Switch# show module csm 4 tech-support processor 2
--------------------------------------------------------------
----------------------- TCP Statistics -----------------------
--------------------------------------------------------------
Aborted rx 3350436013 66840864
New sessions rx 180 0
Total Packets rx 16940 0
Total Packets tx 0 0
Packets Passthrough 697 0
Packets Dropped 0 0
Persistent OOO Packets Dropped 0 0
Persistent Fastpath Tx 0 0
Total Persistent Requests 0 0
Persistent Same Real 0 0
Persistent New Real 0 0
Data Packets rx 877 0
L4 Data Packets rx 877 0
L7 Data Packets rx 0 0
Slowpath Packets rx 7851 0
Relinquish Requests rx 8031 0
TCP xsum failures 0 0
Session Mismatch 0 0
Session Reused while valid 0 0
Unexpected Opcode rx 0 0
Unsupported Proto 0 0
Session Queue Overflow 0 0
Control->Term Queue Overflow 0 0
t_fifo Overflow 0 0
L7 Analysis Request Sent 0 0
L7 Successful LB decisions 0 0
L7 Need More Data decisions 0 0
L7 Unsuccessful LB decisons 0 0
L4 Analysis Request Sent 180 0
L4 Successful LB decisions 180 0
L4 Unsuccessful LB decisons 0 0
Transmit:
SYN 0 0
SYN/ACK 0 0
ACK 0 0
RST/ACK 0 0
data 0 0
Retransmissions: 0 0
Receive:
SYN 180 0
SYN/ACK 0 0
ACK 340 0
FIN 0 0
FIN/ACK 340 0
RST 17 0
RST/ACK 0 0
data 0 0
Session Redundancy Standby:
Rx Fake SYN 0 0
Rx Repeat Fake SYN 0 0
Rx Fake Reset 0 0
Fake SYN Sent to NAT 0 0
Tx Port Sync 0 0
Encap Not Found 0 0
Fake SYN, TCP State Invalid 0 0
Session Redundancy Active:
L4 Requests Sent 0 0
L7 Requests Sent 0 0
Persistent Requests Sent 0 0
Rx Fake SYN 0 0
Fake SYN Sent to NAT 0 0
Session's torn down 180 0
Rx Close session 1 0
Slowpath(low pri) buffer allocs 7843 0
Slowpath(high pri) buffer allocs 8 0
Small buffer allocs 180 0
Medium buffer allocs 0 0
Large buffer allocs 0 0
Session table allocs 180 0
Slowpath(low pri) buffer alloc failures 0 0
Slowpath(high pri) buffer alloc failures 0 0
Small buffer allocs failures 0 0
Medium buffer allocs failures 0 0
Large buffer allocs failures 0 0
Session table allocs failures 0 0
Outstanding slowpath(low pri) buffers 0 0
Outstanding slowpath(high pri) buffers 0 0
Outstanding small buffers 0 0
Outstanding medium buffers 0 0
Outstanding large buffers 0 0
Outstanding sessions 0 0
Use the show module csm slot vlan command to display the list of VLANs.
show module csm slot vlan [client | server | ft] [id vlan-id] [detail]
If no options are specified, the command displays information about all VLANs.
Privileged EXEC.
|
|
---|---|
1.1(1) |
This command was introduced as show ip slb vlan. |
2.1(1) |
This command was changed to show module csm slot (for ip slb mode rp only). |
This example shows how to display the VLAN configurations:
SLB-Switch# show module csm 4 vlan
vlan IP address IP mask type
---------------------------------------------------
11 10.10.4.2 255.255.255.0 CLIENT
12 10.10.3.1 255.255.255.0 SERVER
30 0.0.0.0 0.0.0.0 FT
SLB-Switch#
SLB-Switch#
SLB-Switch# sh mod csm 4 vlan detail
vlan IP address IP mask type
---------------------------------------------------
11 10.10.4.2 255.255.255.0 CLIENT
GATEWAYS
10.10.4.1
12 10.10.3.1 255.255.255.0 SERVER
30 0.0.0.0 0.0.0.0 FT
vlan - Module CSM configuration submode.
Use the show module csm slot vserver redirect command to display the list of virtual servers.
show module csm slot vserver redirect
slot |
Slot where the CSM resides. |
If no options are specified, the command displays information about all clients.
Privileged EXEC.
|
|
---|---|
1.1(1) |
This command was introduced as show ip slb vserver redirect. |
2.1(1) |
This command was changed to show module csm slot (for ip slb mode rp only). |
This example shows how to display the CSM virtual servers:
SLB-Switch# show module csm 4 vserver
slb vserver prot virtual vlan state conns
---------------------------------------------------------------------------
FTP_VIP TCP 10.10.3.100/32:21 ALL OUTOFSERVICE 0
WEB_VIP TCP 10.10.4.100/32:80 ALL OPERATIONAL 0
SLB-Switch#
SLB-Switch#
SLB-Switch# sh mod csm 4 vserver detail
FTP_VIP, state = OUTOFSERVICE, v_index = 3
virtual = 10.10.3.100/32:21, TCP, service = NONE, advertise = FALSE
idle = 3600, replicate csrp = none, vlan = ALL
max parse len = 600, persist rebalance = TRUE
conns = 0, total conns = 0
Policy Tot Conn Client pkts Server pkts
------------------------------------------------------
(default) 0 0 0
WEB_VIP, state = OPERATIONAL, v_index = 4
virtual = 10.10.4.100/32:80, TCP, service = NONE, advertise = FALSE
idle = 3600, replicate csrp = none, vlan = ALL
max parse len = 600, persist rebalance = TRUE
conns = 0, total conns = 140
Default policy:
server farm = FARM1
sticky:timer = 0, subnet = 0.0.0.0, group id = 0
Policy Tot Conn Client pkts Server pkts
------------------------------------------------------
(default) 140 672 404
Use the show module csm xml stats command to display a list of XML statistics.
show module csm xml stats
If no options are specified, the command displays information about all clients.
Privileged EXEC.
|
|
---|---|
3.1(1) |
This command was introduced. |
This example shows how to display the CSM XML statistics:
SLB-Switch# show module csm 4 xml stats
XML config:inservice, port = 80, vlan = <all>, client list = <none>
connection stats:
current = 0, total = 5
failed = 2, security failed = 2
requests:total = 5, failed = 2
Use the snmp enable traps slb ft command to enable or disable fault-tolerant traps. Use the no form of this command to disable fault-tolerant traps.
snmp enable traps slb ft
no snmp enable traps slb ft
This command has no default settings.
Module CSM configuration submode.
|
|
---|---|
3.1(1) |
This command was introduced. |
A fault-tolerant trap allows the CSM e to send an SNMP trap when the CSM transitions from standby to active after detecting a failure in its fault tolerant peer.
This example shows how to enable fault tolerant traps:
SLB-Switch(config-module-csm)# snmp enable traps slb ft
Use the static command to configure the server NAT behavior and enter the NAT configuration submode. This command configures the CSM to support connections initiated by real servers. Both client NAT and server NAT can exist in the same configuration. Use the no form of this command to remove NAT from the CSM configuration.
static {drop | nat {virtual | ip-address}}
no static {drop | nat {virtual | ip-address}}
This command has no default settings.
Module CSM configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to configure the CSM to support connections initiated by the real servers:
SLB-Switch(config-module-csm)# static nat virtual
Use the real command in SLB static NAT configuration submode to specify the address for a real server or the subnet mask for multiple real servers performing server NAT. Use the no form of this command to remove the address of a real server or the subnet mask of multiple real servers so they are no longer performing NAT.
real real-ip-address [real-netmask]
no real real-ip-address [real-netmask]
real-ip-address |
Real server IP address performing NAT. |
real-netmask |
(Optional) Range of real servers performing NAT. If not specified, the default is 255.255.255.255 (a single real server). |
This command has no default settings.
SLB static NAT configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to specify the address for a real server:
SLB-Switch(config-slb-static)# real 10.0.0.0 255.0.0.0
Use the sticky command to ensure that connections from the same client that match the same SLB policy use the same real server on subsequent connections. Use the no form of this command to remove a sticky group.
sticky sticky-group-id {netmask netmask | cookie name | ssl} [timeout sticky-time]
no sticky sticky-group-id
The sticky time default value is 1440 minutes (24 hours).
Module CSM configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
2.1(1) |
Changed the default timeout from 0 to 1440. |
Specifying a netmask permits sticky connections based on the masked client IP address.
Use the sticky time option to ensure that connections from the same client that match the same SLB policy use the same real server. If you specify a nonzero value, the last real server that was used for a connection from a client is remembered for sticky-time minutes after the end of the client's latest connection. New connections from the client to the virtual server initiated before the sticky time expires and that match SLB policy are balanced to the same real server that was used for the previous connection. A sticky time of 0 means sticky connections are not tracked.
This example shows how to create an IP sticky group:
SLB-Switch(config-module-csm)# sticky 5 netmask 255.255.255.255 timeout 20
sticky-group (SLB policy submode)
sticky (SLB vserver submode)
show module csm sticky
Use the vlan command to create a client or server VLAN and assign it a VLAN ID and enter the VLAN submode. Use the no form of this command to remove the VLAN from the configuration.
vlan vlan-id {client | server}
no vlan vlan-id
vlan-id |
Number of the VLAN; the range is from 2 to 4095. |
client |
Keyword to specify a client-side VLAN. |
server |
Keyword to specify a server-side VLAN. |
This command has no default settings.
Module CSM configuration submode.
A database entry should exist for the given VLAN ID.
|
|
---|---|
1.1(1) |
This command was introduced. |
2.1(1) |
VLAN type fault-tolerance is deprecated and hidden. |
This example shows how to create a server VLAN and assign it a VLAN ID:
SLB-Switch(config-module-csm)# vlan 2 server
vlan (SLB vserver submode)
show module csm vlan
Use the alias command in the SLB VLAN configuration submode to assign multiple IP addresses to the CSM. Use the no form of this command to remove an alias IP addresses from the configuration.
alias ip-address netmask
no alias ip-address netmask
ip-address |
Alias IP address; a maximum of 255 addresses are allowed per VLAN. |
netmask |
Network mask. |
This command has no default settings.
SLB VLAN configuration submode.
This command allows you to place the CSM on a different IP network than real servers without using a router.
|
|
---|---|
1.1(1) |
This command was introduced for server VLANs. |
2.1(1) |
This command is now available for both client and server VLANs. |
This example shows how to assign multiple IP addresses to the CSM:
SLB-Switch(config-slb-vlan-server)# alias 130.21.34.56 255.255.255.0
SLB-Switch(config-slb-vlan-server)# alias 130.22.35.57 255.255.255.0
SLB-Switch(config-slb-vlan-server)# alias 130.23.36.58 255.255.255.0
SLB-Switch(config-slb-vlan-server)# alias 130.24.37.59 255.255.255.0
SLB-Switch(config-slb-vlan-server)# alias 130.25.38.60 255.255.255.0
Use the gateway command in the SLB VLAN configuration mode to configure a gateway IP address. Use the no form of this command to remove the gateway from the configuration.
gateway ip-address
no gateway ip-address
ip-address |
IP address of the client-side gateway. |
This command has no default settings.
SLB VLAN configuration submode.
You can configure up to seven gateways per VLAN with a total of up to 255 gateways for the entire system. A gateway must be in the same network as specified in the ip address SLB VLAN command.
|
|
---|---|
1.1(1) |
This command was introduced for client VLANs. |
2.1(1) |
This command is now available for both client and server VLANs. |
This example shows how to configure a client-side gateway IP address:
SLB-Switch(config-slb-vlan-client)# gateway 130.21.34.56
ip address (SLB VLAN configuration submode)
vlan
show module csm vlan
Use the ip address command in the SLB VLAN configuration submode to assign an IP address to the CSM that is used for probes and ARP requests on a VLAN. Use the no form of this command to remove the CSM IP address and disable probes and ARP requests from the configuration.
ip address ip-address netmask
no ip address
ip-address |
IP address for the CSM; only one management IP address is allowed per VLAN. |
netmask |
Network mask. |
This command has no default settings.
SLB VLAN configuration submode.
This command is applicable for both server and client VLANs. Up to 255 unique VLAN IP addresses are allowed per module.
|
|
---|---|
1.1(1) |
This command was introduced. |
2.2.1 |
Increases maximum number of unique VLAN IP addresses per system form 32 to 255. |
This example shows how to assign an IP address to the CSM:
SLB-Switch(config-slb-vlan-client)# ip address 130.21.34.56 255.255.255.0
Use the route command in the SLB VLAN configuration submode to configure networks that are one Layer 3 hop away from the CSM. Use the no form of this command to remove the subnet or gateway IP address from the configuration.
route ip-address netmask gateway gw-ip-address
no route ip-address netmask gateway gw-ip-address
ip-address |
Subnet IP address. |
netmask |
Network mask. |
gateway |
Keyword to specify that the gateway is configured. |
gw-ip-address |
Gateway IP address. |
This command has no default settings.
SLB VLAN configuration submode.
You specify the Layer 3 network's subnet address and the gateway IP address to reach the next-hop router. The gateway address must be in the same network as specified in the ip address SLB VLAN command.
|
|
---|---|
1.1(1) |
This command was introduced for server VLANs. |
2.1(1) |
This command is now available for both client and server VLANs. |
This example shows how to configure a network to the CSM:
SLB-Switch(config-slb-vlan-server)# route 130.21.34.56 255.255.255.0 gateway 120.22.36.40
ip address (SLB VLAN configuration submode)
vlan
show module csm vlan
Use the vserver command to identify a virtual server and enter the virtual server configuration submode. Use the no form of this command to remove a virtual server from the configuration.
vserver virtserver-name
no vserver virtserver-name
virtserver-name |
Character string used to identify the virtual server; the character string is limited to 15 characters. |
This command has no default settings.
Module CSM configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to identify a virtual server named PUBLIC_HTTP and change the CLI to virtual server configuration mode:
SLB-Switch(config-module-csm)# vserver PUBLIC_HTTP
redirect-vserver (SLB serverfarm submode)
show module csm vserver redirect
Use the advertise command in the SLB t virtual server configuration mode to allow the CSM to advertise the IP address of the virtual server as host-route. Use the no form of this command to stop advertising the host-route for this virtual server.
advertise [active]
no advertise
active |
(Optional) Keyword to allow the CSM to advertise the IP address of the virtual server as host-route. |
The default for network mask is 255.255.255.255 if the network mask is not specified.
SLB virtual server configuration submode.
Without the active option, the CSM always advertises the virtual server IP address whether or not there is any active real server attached to this virtual server.
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to restrict a client from using the virtual server:
SLB-Switch(config-slb-redirect-vs)# advertise 10.5.2.1 exclude
redirect-vserver
show module csm vserver redirect
Use the client command in the SLB virtual server configuration mode to restrict which clients are allowed to use the virtual server. Use the no form of this command to remove the client definition from the configuration.
client ip-address [network-mask] [exclude]
no client ip-address [network-mask]
ip-address |
Client's IP address. |
network-mask |
(Optional) Client's IP mask. |
exclude |
(Optional) Keyword to specify that the IP address is disallowed. |
The default for network mask is 255.255.255.255 if the network mask is not specified.
SLB virtual server configuration submode.
The network mask is applied to the source IP address of incoming connections and the result must match the IP address before the client is allowed to use the virtual server. If exclude is not specified, the IP address and network mask combination is allowed.
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to restrict a client from using the virtual server:
SLB-Switch(config-slb-vserver)# client 10.5.2.1 exclude
client-group (SLB policy submode)
ip access-list standard
vserver
show module csm vserver redirect
Use the idle command in the SLB virtual server configuration submode to control the amount of time the CSM maintains connection information in the absence of packet activity. Use the no form of this command to change the idle timer to its default value.
idle duration
no idle
duration |
Idle connection timer duration in seconds; the range is from 4 to 65535. |
The default is 3600.
SLB virtual server configuration submode.
If you do not specify a duration value, the default value is applied.
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to specify an idle timer duration of 4000:
SLB-Switch(config-slb-vserver)# idle 4000
vserver
show module csm vserver redirect
Use the inservice command in the SLB virtual server configuration submode to enable the virtual server for load balancing. Use the no form of this command to remove the virtual server from service.
inservice
no inservice
This command has no keywords or arguments.
The default is no inservice.
SLB virtual server configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to enable a virtual server for load balancing:
SLB-Switch(config-slb-vserver)# inservice
vserver
show module csm vserver redirect
Use the owner command in the SLB virtual server submode to define an owner that may access the virtual server. Use the no form of this command to remove the owner.
owner owner-name maxconns number
no maxconns
owner-name |
Name of the owner object. |
maxconns |
Keyword to set the maximum number of connections for this owner. |
number |
Maximum number of connections. |
This command has no default settings.
SLB virtual server configuration submode.
|
|
---|---|
3.1(1) |
This command was introduced. |
This example shows how to specify an owner for virtual server access:
SLB-Switch(config-slb-vserver)# owner madrigal maxconns 1000
Use the parse-length command in the SLB virtual server configuration submode to set the maximum number of bytes to parse for URLs and cookies. Use the no form of this command to restore the default.
parse-length bytes
no parse-length
bytes |
Number of bytes; the range is from 1 to 4000. |
The default is 600.
SLB virtual server configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to set the number of bytes to parse for URLs and cookies:
SLB-Switch(config-slb-vserver)# parse-length 1000
vserver
show module csm vserver redirect
Use the pending command in the SLB virtual server configuration submode to set the pending connection timeout. Use the no form of this command to restore the default.
pending timeout
no pending
timeout |
Seconds to wait before a connection is considered unreachable. Range is from 1 to 65535. |
The default pending timeout is 30 seconds.
SLB virtual server configuration submode.
This command is used to prevent denial of service (DOS) attacks. The pending connection timeout sets the response time for terminating connections if a switch becomes flooded with traffic. The pending connections are configurable on a per virtual server basis.
|
|
---|---|
2.2(1) |
This command was introduced. |
This example shows how to set the number to wait for a connection to be made to the server:
SLB-Switch(config-slb-vserver)# pending 300
vserver
show module csm vserver redirect
Use the persistent rebalance command in the SLB virtual server configuration submode to enable or disable HTTP 1.1 persistence for connections in the virtual server. Use the no form of this command to disable persistence.
persistent rebalance
no persistent rebalance
This command has no keywords or arguments.
The default is persistent rebalance.
SLB virtual server configuration submode.
|
|
---|---|
2.1(1) |
This command was introduced. |
This example shows how to enable the HTTP 1.1 persistence:
SLB-Switch(config-slb-vserver)# persistent rebalance
vserver
show module csm vserver redirect
Use the replicate csrp command in the SLB virtual server configuration submode to enable connection redundancy. Use the no form of this command to disable connection redundancy.
replicate csrp {sticky | connection}
no replicate csrp {sticky | connection}
sticky |
Replicate the sticky database to the backup CSM. |
connection |
Replicate connections to the backup CSM. |
The default is disabled.
SLB virtual server configuration submode.
Sticky and connection replication can be enabled or disabled separately. For replication to occur, you must enable SLB fault tolerance with the ft group command.
|
|
---|---|
2.1(1) |
This command was introduced. |
This example shows how to enable connection redundancy:
SLB-Switch(config-slb-vserver)# replicate csrp connection
ft group
vserver
show module csm vserver redirect
Use the serverfarm command in SLB virtual server configuration submode to associate a server farm with a virtual server. Use the no form of this command to remove a server farm association from the virtual server.
serverfarm primary-serverfarm [backup sorry-serverfarm [sticky]]
no serverfarm
This command has no default settings.
SLB virtual server configuration submode.
The server farm name must match the server farm name specified in a previous module CSM submode serverfarm command.
The backup serverfarm can be associated with a policy. A primary serverfarm must be associated with that policy to allow the backup serverfarm to function properly. The backup serverfarm can have a different predictor option than the primary server. When the sticky option is used for a policy, then stickiness can apply to real servers in the backup serverfarm. Once a connection has been balanced to a server in the backup serverfarm, subsequent connections from the same client can be stuck to the same server even when the real servers in the primary serverfarm come back to the operational state. You may allow the sticky attribute when applying the backup serverfarm to a policy.
By default, the sticky option does not apply to the backup serverfarm. To remove the backup serverfarm, you can either use the serverfarm command without the backup option or use the no serverfarm command.
|
|
---|---|
1.1(1) |
This command was introduced. |
3.1(1) |
The sorry server (backup server) option was added to this command. |
This example shows how to associate a server farm with a virtual server named PUBLIC_HTTP:
SLB-Switch(config-slb-vserver)# serverfarm PUBLIC_HTTP back-up seveneleven sticky
serverfarm (Module CSM submode)
reverse-sticky (SLB policy submode)
show module csm vserver redirect
vserver
Use the slb-policy command in the SLB virtual server configuration submode to associate a load-balancing policy with a virtual server. Use the no form of this command to remove a policy from a virtual server.
slb-policy policy-name
no slb-policy policy-name
policy-name |
Policy associated with a virtual server. |
This command has no default settings.
SLB virtual server configuration submode.
Multiple load-balancing policies can be associated with a virtual server. URLs in incoming requests are parsed and matched against policies defined in the same order in which they are defined with this command. The policy name must match the name specified in a previous policy command.
Note The order of the policy association is important; you should enter the highest priority policy first.
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to associate a policy with a virtual server.:
SLB-Switch(config-slb-vserver)# slb-policy COOKIE-POLICY1
vserver
policy
show module csm owner
show module csm vserver redirect
Use the ssl-sticky command in the SLB virtual server configuration submode to allow SSL sticky operation. Use the no form of this command to remove the SSL sticky feature.
ssl-sticky offset X length Y
no ssl-sticky
offset |
Keyword to specify the SSL ID offset. |
X |
Sets the offset value. |
length |
Keyword to specify the SSL ID length. |
Y |
Sets the length. |
The default is offset 0 and length 32.
SLB virtual server configuration submode.
This feature allows you to stick an incoming SSL connection based only on this special section of the SSL ID specified by the offset and length values. The ssl-sticky command was added to ensure that the CSM always load balances an incoming SSL connection to the SSL Termination Engine that generated that SSL ID.
|
|
---|---|
3.1(1) |
This command was introduced. |
This example shows how to associate a policy with a virtual server.:
SLB-Switch(config-slb-vserver)# ssl-sticky offset 0 length 32
vserver
policy
show module csm owner
show module csm vserver redirect
Use the sticky command to ensure that connections from the same client use the same real server. Use the no form of this command to change the sticky timer to its default value and remove the sticky option from the virtual server.
sticky duration [group group-id] [netmask ip-netmask] [source | destination | both]
no sticky
The default is no sticky. Sticky connections are not tracked.
The group ID default is 0. The sticky feature is not used for other virtual servers.
The network default is 255.255.255.255.
SLB virtual server configuration submode.
The last real server that was used for a connection from a client is stored for the duration value after the end of the client's latest connection. If a new connection from the client to the virtual server is initiated during that time, the same real server that was used for the previous connection is chosen for the new connection.
A nonzero sticky group ID must correspond to a sticky group previously created using the sticky command. Virtual servers in the same sticky group share sticky state information.
|
|
---|---|
1.1(1) |
This command was introduced. |
3.1(1) |
The IP reverse-sticky optional parameters are introduced. |
This example shows how to set the sticky timer duration and places the virtual server in a sticky group for connection coupling:
SLB-Switch(config-module-csm)# vserver PUBLIC_HTTP
SLB-Switch(config-slb-vserver)# sticky 60 group 3
sticky
sticky-group (SLB policy submode)
reverse-sticky
url-hash
show module csm sticky
show module csm vserver redirect
Use the reverse-sticky command to ensure that the CSM switches connections in the opposite direction back to the original source. Use the no form of this command to remove the reverse-sticky option from the policy or the default-policy of a virtual server.
reverse-sticky group-id
no reverse-sticky
group-id |
Number identifying the sticky group to which the virtual server belongs; the range is from 0 to 255. |
The default is no reverse-sticky. Sticky connections are not tracked.
The group ID default is 0. The sticky feature is not used for other virtual servers.
The network default is 255.255.255.255.
SLB virtual server configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
3.1(1) |
The IP reverse-sticky command is introduced. |
This example shows how to set the IP reverse-sticky feature:
SLB-Switch(config-module-csm)# vserver PUBLIC_HTTP
SLB-Switch(config-slb-vserver)# reverse-sticky 60
sticky
sticky-group (SLB policy submode)
show module csm sticky
show module csm vserver redirect
Use the url-hash command in the SLB virtual server configuration submode to set the beginning and ending pattern of a URL to parse URLs for the URL hash load-balancing algorithm. Use the no form of this command to remove the hashing from service.
url-hash {begin-pattern | end-pattern} pattern
no url-hash
begin-pattern |
Keyword to specify the beginning of the URL to parse. |
end-pattern |
Keyword to specify the ending of the URL to parse. |
pattern |
Pattern string to parse. |
The default is no url-hash.
SLB virtual server configuration submode.
The beginning and ending patterns apply to the URL hashing algorithm that is set using the predictor command in the SLB serverfarm submode.
|
|
---|---|
2.1(1) |
This command was introduced. |
This example shows how to specify a URL pattern to parse:
SLB-Switch(config-slb-vserver)# url hash begin pattern lslkjfsj
predictor (SLB serverfarm configuration submode)
vserver
show module csm vserver redirect
Use the virtual command in the SLB virtual server configuration submode to configure virtual server attributes. Use the no form of this command to set the virtual server's IP address to 0.0.0.0 and its port number to zero.
virtual ip-address [ip-mask] protocol port-number [service ftp | rtsp] [unidirectional]
no virtual ip-address
The default IP mask is 255.255.255.255.
SLB virtual server configuration submode.
Clients connecting to the server farm represented by the virtual server use this address to access the server farm. This service option is allowed only if a port number is specified. A port of 0 (or any) means that this virtual server handles all ports not specified for handling by another virtual server with the same IP address. The port is used only for TCP or UDP load balancing.
The following TCP port names can be used in place of a number:
XOT—X25 over TCP (1998)
dns—Domain Name Service (53)
ftp—File Transfer Protocol (21)
https—HTTP over Secure Sockets Layer (443)
matip-a—Mapping of Airline Traffic over IP, Type A (350)
nntp—Network News Transport Protocol (119)
pop2—Post Office Protocol v2 (109)
pop3—Post Office Protocol v3 (110)
smtp—Simple Mail Transport Protocol (25)
telnet—Telnet (23)
www—World Wide Web—Hypertext Transfer Protocol (80)
any—Allows traffic for any port, or the same as specifying a 0.
This example shows how to create a virtual server and assign it an IP address, protocol, and port:
SLB-Switch(config-slb-vserver)# virtual 102.35.44.79 tcp 1 unidirectional
vserver
show module csm vserver redirect
Use the vlan command in the SLB virtual server submode to define which source VLANs may access the virtual server. Use the no form of this command to remove the VLAN.
vlan vlan-number
no vlan
vlan-number |
VLAN that the virtual server may access. |
The default is all VLANs.
SLB virtual server configuration submode.
The VLAN must correspond to an SLB VLAN previously created with the vlan command.
|
|
---|---|
2.1(1) |
This command was introduced. |
This example shows how to specify a VLAN for virtual server access:
SLB-Switch(config-slb-vserver)# vlan 5
show module csm vserver redirect
show module csm vlan
vlan
Use the xml-config command to enable XML for a CSM module, and enter the XML configuration submode. Use the no form of this command to remove the XML configuration.
xml-config
no xml-config
This command has no default settings.
Module CSM configuration submode.
|
|
---|---|
3.1(1) |
This command was introduced. |
This example shows how to display the XML configuration:
SLB-Switch(config-module-csm)# xml-config
SLB-Switch(config-slb-xml)#
client-group
vlan
client-group
credentials
Use the client-group command in the SLB XML submode to allow only connections sourced from an IP address matching the client group. Use the no form of this command to remove the owner.
client-group [1-99 | name]
no client-group
1-99 |
(Optional) Client group number. |
name |
(Optional) Name of the client group. |
The default is no client-group.
SLB XML configuration submode.
When a client group is specified, only connections sourced from an IP address matching that client group are accepted by the CSM XML configuration interface. If no client group is specified, then no source IP address check is performed. Only one client-group may be specified.
|
|
---|---|
3.1(1) |
This command was introduced. |
This example shows how to specify a client group:
SLB-Switch(config-slb-xml)# client-group domino
Use the credentials command in the SLB XML submode to define one or more username and password combinations. Use the no form of this command to remove the credentials.
credentials user-name password
no credentials user-name
user-name |
Name of the credentials user. |
password |
Password for the credentials user. |
This command has no default settings.
SLB XML configuration submode.
When one or more credentials commands are specified, the CSM HTTP server authenticates user access.
|
|
---|---|
3.1(1) |
This command was introduced. |
This example shows how to specify the user and password credentials for access:
SLB-Switch(config-slb-xml)# credentials savis XXXXX
Use the inservice command in the SLB XML submode to enable XML for use by the CSM. If this command is not specified, XML is not used. Use the no form of this command to disable XML.
inservice
no inservice
This command has no default settings.
SLB XML configuration submode.
|
|
---|---|
3.1(1) |
This command was introduced. |
This example shows how to enable XML:
SLB-Switch(config-slb-xml)# inservice
Use the port command in the SLB XML submode to specify the TCP port on which the CSM HTTP server listens. Use the no form of this command to remove the port.
port port-number
no port
port-number |
Sets the CSM port. |
The default is port 80
SLB XML configuration submode.
|
|
---|---|
3.1(1) |
This command was introduced. |
This example shows how to specify the TCP port for the server:
SLB-Switch(config-slb-xml)# port 80
Use the vlan command in the SLB XML submode to restrict the CSM HTTP server to accept connections only from the specified VLAN. Use the no form of this command to specify that all vlans are accepted.
vlan id
no vlan
id |
VLAN name. |
The default is no vlan.
SLB XML configuration submode.
|
|
---|---|
3.1(1) |
This command was introduced. |
This example shows how to specify an owner for virtual server access:
SLB-Switch(config-slb-xml)# vlan 9