The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Configuring IOS SLB involves identifying server farms, configuring groups of real servers in server farms, and configuring the virtual servers that represent the real servers to the clients.
For configuration examples associated with these tasks, see the “Configuration Examples for IOS SLB” section.
For a complete description of the IOS SLB commands in this section, refer to the “Server Load Balancing Commands” chapter of the Cisco IOS IP Application Services Command Reference. To locate documentation of other commands that appear in this section, search online using Cisco.com.
To configure IOS SLB functions, perform the tasks in the following sections. Required and optional tasks are indicated.
Perform this required task to configure a server farm and a real server.
Note |
You cannot configure IOS SLB from different user sessions at the same time. |
Note |
When performing server load balancing and firewall load balancing together on a Cisco Catalyst 6500 Family Switch, use the mls ip slb wildcard search rp command to reduce the probability of exceeding the capacity of the Telecommunications Access Method (TCAM) on the Policy Feature Card (PFC). See "How to Configure a Wildcard Search" for more details. |
Perform this required task to configure a virtual server. IOS SLB supports up to 500 virtual servers.
Command or Action | Purpose | |||||||
---|---|---|---|---|---|---|---|---|
Step 1 | enable Example: Router> enable |
Enables privileged EXEC mode. If prompted, enter your password if prompted. |
||||||
Step 2 | configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
||||||
Step 3 | ip slb vserver virtual-server Example: Router(config)# ip slb vserver PUBLIC_HTTP |
Identifies a virtual server and enters virtual server configuration mode. |
||||||
Step 4 | Do one of the following:
Example: Router(config-slb-vserver)# virtual 10.0.0.1 tcp www |
Specifies the virtual server IP address, type of connection, and optional TCP or User Datagram Protocol (UDP) port number, Internet Key Exchange (IKE) or Wireless Session Protocol (WSP) setting, and service coupling.
|
||||||
Step 5 | serverfarm primary-farm [backup backup-farm[sticky]] [ipv6-primary ipv6-primary-farm[ipv6-backup ipv6-backup-farm]] [map map-id priority priority] Example: Router(config-slb-vserver)# serverfarm SF1 backup SF2 map 1 priority 1 |
Associates a real server farm with a virtual server, and optionally configures a backup server farm and specifies that sticky connections are to be used in the backup server farm.
|
||||||
Step 6 | access interface [route framed-ip] Example: Router(config-slb-vserver)# access Vlan20 route framed-ip |
(Optional) Enables framed-IP routing to inspect the ingress interface. |
||||||
Step 7 | advertise [active] Example: Router(config-slb-vserver)# advertise |
(Optional) Controls the installation of a static route to the Null0 interface for a virtual server address. |
||||||
Step 8 | client {ipv4-address netmask[exclude] | gtp carrier-code [code]} Example: Router(config-slb-vserver)# client 10.4.4.0 255.255.255.0 |
(Optional) Specifies which clients are allowed to use the virtual server.
|
||||||
Step 9 | delay {duration | radius framed-ip duration} Example: Router(config-slb-vserver)# delay 30 |
(Optional) Specifies the time IOS SLB maintains TCP connection context after a connection has ended. |
||||||
Step 10 | gtp notification cac [reassign-count] Example: Router(config-slb-vserver)# gtp notification cac 5 |
(Optional) Limits the number of times IOS SLB can reassign a session to a new real server for GGSN-IOS SLB messaging. |
||||||
Step 11 | gtp session Example: Router(config-slb-vserver)# no gtp session |
(Optional) Enables IOS SLB to create GTP load-balancing sessions. This is the default setting. To enable sticky-only load balancing for GTP, use the no form of this command: no gtp session If you enable sticky-only load balancing, you must also enable sticky connections for the virtual server using the sticky (virtual server)command. |
||||||
Step 12 | gw port port Example: Router(config-slb-vserver)# gw port 63082 |
(Optional) Specifies the port that the Cisco Broadband Wireless Gateway (BWG) is to use to communicate with IOS SLB. |
||||||
Step 13 | hand-off radius duration Example: Router(config-slb-vserver)# hand-off radius 30 |
(Optional) Changes the amount of time IOS SLB waits for an ACCT-START message from a new Mobile IP foreign agent in the event of a foreign agent hand-off. |
||||||
Step 14 | idle [asn request duration | asn msid msid | gtp imsi duration [query [max-queries]] | gtp request duration | ipmobile request duration | radius {request | framed-ip} duration] Example: Router(config-slb-vserver)# idle 120 |
(Optional) Specifies the minimum time IOS SLB maintains connection context in the absence of packet activity.
|
||||||
Step 15 | purge radius framed-ip acct on-off Example: Router(config-slb-vserver)# purge radius framed-ip acct on-off |
(Optional) Enables IOS SLB to purge entries in the IOS SLB RADIUS framed-IP sticky database upon receipt of an Accounting On or Off message. |
||||||
Step 16 | purge radius framed-ip acct stop {attribute-number | {26| vsa} {vendor-ID | 3gpp| 3gpp2} sub-attribute-number} Example: Router(config-slb-vserver)# purge radius framed-ip acct stop 44 |
(Optional) Enables IOS SLB to purge entries in the IOS SLB RADIUS framed-IP sticky database upon receipt of an Accounting-Stop message. |
||||||
Step 17 | radius acct local-ack key [encrypt] secret-string Example: Router(config-slb-vserver)# radius acct local-ack key SECRET_PASSWORD |
(Optional) Enables a RADIUS virtual server to acknowledge RADIUS accounting messages. |
||||||
Step 18 | radius inject auth group-number {calling-station-id | username} Example: Router(config-slb-vserver)# radius inject auth 1 calling-station-id |
(Optional) Configures a vendor-specific attribute (VSA) correlation group for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server, and specifies whether IOS SLB is to create VSA correlation entries based on RADIUS calling station IDs or RADIUS usernames. |
||||||
Step 19 | radius inject auth timer seconds Example: Router(config-slb-vserver)# radius inject auth timer 45 |
(Optional) Configures a timer for VSA correlation for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server. |
||||||
Step 20 | radius inject auth vsa vendor-id Example: Router(config-slb-vserver)# radius inject auth vsa vendor1 |
(Optional) Buffers VSAs for VSA correlation for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server. |
||||||
Step 21 | replicate casa listen-ip remote-ip port [interval] [password [encrypt] secret-string timeout] Example: Router(config-slb-vserver)# replicate casa 10.10.10.11 10.10.11.12 4231 |
(Optional) Configures a stateful backup of IOS SLB decision tables to a backup switch.
|
||||||
Step 22 | replicate interval interval Example: Router(config-slb-vserver)# replicate interval 20 |
(Optional) Sets the replication delivery interval for an IOS SLB virtual server.
|
||||||
Step 23 | replicate slave Example: Router(config-slb-vserver)# replicate slave |
(Optional) Enables stateful backup of redundant route processors for an IOS SLB virtual server.
|
||||||
Step 24 | sticky {duration[group group-id] [netmask netmask] | asn msid[group group-id] | gtp imsi[group group-id] | radius calling-station-id| radius framed-ip[group group-id] | radius username[msid-cisco] [group group-id]} Example: Router(config-slb-vserver)# sticky 60 group 10 |
(Optional) Specifies that connections from the same client use the same real server, as long as the interval between client connections does not exceed the specified duration.
|
||||||
Step 25 | synguard syn-count interval Example: Router(config-slb-vserver)# synguard 50 |
(Optional) Specifies the rate of TCP SYNchronize sequence numbers (SYNs) managed by a virtual server in order to prevent a SYN flood denial-of-service attack.
|
||||||
Step 26 | inservice [standby group-name] [active] Example: Router(config-slb-vserver)# inservice |
Enables the virtual server for use by IOS SLB. |
Perform the following optional task to verify a virtual server.
The following show ip slb vservers command verifies the configuration of the virtual servers PUBLIC_HTTP and RESTRICTED_HTTP:
Router# show ip slb vservers
slb vserver prot virtual state conns
-------------------------------------------------------------------
PUBLIC_HTTP TCP 10.0.0.1:80 OPERATIONAL 0
RESTRICTED_HTTP TCP 10.0.0.2:80 OPERATIONAL 0
Router#
Perform the following optional task to verify a server farm.
The following show ip slb reals command shows the status of server farms PUBLIC and RESTRICTED, the associated real servers, and their status:
Router# show ip slb real
real farm name weight state conns
---------------------------------------------------------------------
10.1.1.1 PUBLIC 8 OPERATIONAL 0
10.1.1.2 PUBLIC 8 OPERATIONAL 0
10.1.1.3 PUBLIC 8 OPERATIONAL 0
10.1.1.20 RESTRICTED 8 OPERATIONAL 0
10.1.1.21 RESTRICTED 8 OPERATIONAL 0
Router#
The following show ip slb serverfarmcommand displays the configuration and status of server farms PUBLIC and RESTRICTED:
Router# show ip slb serverfarm
server farm predictor nat reals bind id
---------------------------------------------------
PUBLIC ROUNDROBIN none 3 0
RESTRICTED ROUNDROBIN none 2 0
Router#
Perform the following optional task to verify clients.
The following show ip slb conns command verifies the restricted client access and status:
Router# show ip slb conns
vserver prot client real state nat
-------------------------------------------------------------------------------
RESTRICTED_HTTP TCP 10.4.4.0:80 10.1.1.20 CLOSING none
Router#
The following show ip slb conns command shows detailed information about the restricted client access status:
Router# show ip slb conns client 10.4.4.0 detail
VSTEST_UDP, client = 10.4.4.0:80
state = CLOSING, real = 10.1.1.20, nat = none
v_ip = 10.0.0.2:80, TCP, service = NONE
client_syns = 0, sticky = FALSE, flows attached = 0
Router#
Perform the following optional task to verify IOS SLB connectivity.
To verify that the IOS SLB feature is installed and is operating correctly, ping the real servers from the IOS SLB switch, then ping the virtual servers from the clients.
The following show ip slb stats command shows detailed information about the IOS SLB network status:
Router# show ip slb stats
Pkts via normal switching: 0
Pkts via special switching: 6
Pkts dropped: 0
Connections Created: 1
Connections Established: 1
Connections Destroyed: 0
Connections Reassigned: 0
Zombie Count: 0
Connections Reused: 0
See "How to Monitor and Maintain the Cisco IOS SLB Feature" for additional commands used to verify IOS SLB networks and connections.
Perform the following tasks to configure a basic IOS SLB firewall load-balancing network.
IOS SLB firewall load balancing uses probes to detect and recover from failures. You must configure a probe on each real server in the firewall farm. Ping probes are recommended; see "How to Configure a Ping Probe" for more details. If a firewall does not allow ping probes to be forwarded, use HTTP probes instead. See "How to Configure an HTTP Probe" for more details. You can configure more than one probe, in any combination of supported types (DNS, HTTP, TCP, or ping), for each firewall in a firewall farm.
When you perform server load balancing and firewall load balancing together on a Cisco Catalyst 6500 switch, use the mls ip slb wildcard search rp command in global configuration mode to reduce the probability of exceeding the capacity of the Telecommunications Access Method (TCAM) on the Policy Feature Card (PFC). See "How to Configure a Wildcard Search" for more details.
If IOS SLB experiences a high purge rate, the CPU might be impacted. If this problem occurs, use the no form of the mls ip slb purge global command in global configuration mode to disable purge throttling on TCP and UDP flow packets. See "How to Configure Protocol-Level Purging of MLS Entries" for more details.
This section describes the following IOS SLB firewall load-balancing configuration tasks. Required and optional tasks are indicated.
Perform the following required task to configure a firewall farm.
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 | enable Example: Router> enable |
Enables privileged EXEC mode. If prompted, enter your password. |
||
Step 2 | configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
||
Step 3 | ip slb firewallfarm firewall-farm Example: Router(config)# ip slb firewallfarm FIRE1 |
Adds a firewall farm definition to the IOS SLB configuration and enters firewall farm configuration mode. |
||
Step 4 | real ip-address Example: Router(config-slb-fw)# real 10.1.1.1 |
Identifies a firewall by IP address as a member of a firewall farm and enters real server configuration mode. |
||
Step 5 | probe probe Example: Router(config-slb-fw-real)# probe FireProbe |
Associates a probe with the firewall. |
||
Step 6 | weight setting Example: Router(config-slb-fw-real)# weight 24 |
(Optional) Specifies the firewall’s workload capacity relative to other firewalls in the firewall farm. |
||
Step 7 | inservice Example: Router(config-slb-fw-real)# inservice |
Enables the firewall for use by the firewall farm and by IOS SLB. |
||
Step 8 | access [source source-ip netmask | destination destination-ip netmask | inbound {inbound-interface | datagram connection} | outbound outbound-interface] Example: Router(config-slb-fw)# access destination 10.1.6.0 255.255.255.0 |
(Optional) Routes specific flows to a firewall farm. |
||
Step 9 | predictor hash address [port] Example: Router(config-slb-fw)# predictor hash address |
(Optional) Specifies whether the source and destination TCP or User Datagram Protocol (UDP) port numbers, in addition to the source and destination IP addresses, are to be used when selecting a firewall. |
||
Step 10 | purge connection Example: Router(config-slb-fw)# purge connection |
(Optional) Enables IOS SLB firewall load balancing to send purge requests for connections. |
||
Step 11 | purge sticky Example: Router(config-slb-fw)# purge sticky |
(Optional) Enables IOS SLB firewall load balancing to send purge requests for sticky connections when the sticky timer expires. |
||
Step 12 | replicate casa listen-ip remote-ip port [interval] [password [encrypt] secret-string[timeout]] Example: Router(config-slb-fw)# replicate casa 10.10.10.11 10.10.11.12 4231 |
(Optional) Configures a stateful backup of IOS SLB firewall load-balancing decision tables to a backup switch.
|
||
Step 13 | replicate interval interval Example: Router(config-slb-fw)# replicate interval 20 |
(Optional) Sets the replication delivery interval for an IOS SLB firewall farm.
|
||
Step 14 | replicate slave Example: Router(config-slb-fw)# replicate slave |
(Optional) Enables stateful backup of redundant route processors for an IOS SLB firewall farm.
|
||
Step 15 | protocol tcp Example: Router(config-slb-fw)# protocol tcp |
(Optional) Enters firewall farm TCP protocol configuration mode. |
||
Step 16 | delay duration Example: Router(config-slb-fw-tcp)# delay 30 |
(Optional) In firewall farm TCP protocol configuration mode, specifies the time IOS SLB firewall load balancing maintains TCP connection context after a connection ends. |
||
Step 17 | idle duration Example: Router(config-slb-fw-tcp)# idle 120 |
(Optional) In firewall farm TCP protocol configuration mode, specifies the minimum time IOS SLB firewall load balancing maintains connection context in the absence of packet activity. |
||
Step 18 | maxconns maximum-number Example: Router(config-slb-fw-tcp)# maxconns 1000 |
(Optional) In firewall farm TCP protocol configuration mode, specifies the maximum number of active TCP connections allowed on the firewall farm at one time. |
||
Step 19 | sticky duration [netmask netmask] [source| destination] Example: Router(config-slb-fw-tcp)# sticky 60 |
(Optional) In firewall farm TCP protocol configuration mode, specifies that connections from the same IP address use the same firewall if either of the following conditions is met:
|
||
Step 20 | protocol datagram Example: Router(config-slb-fw)# protocol datagram |
(Optional) Enters firewall farm datagram protocol configuration mode. |
||
Step 21 | idle duration Example: Router(config-slb-fw-udp)# idle 120 |
(Optional) In firewall farm datagram protocol configuration mode, specifies the minimum time IOS SLB firewall load balancing maintains connection context in the absence of packet activity. |
||
Step 22 | maxconns maximum-number Example: Router(config-slb-fw-udp)# maxconns 1000 |
(Optional) In firewall farm datagram protocol configuration mode, specifies the maximum number of active datagram connections allowed on the firewall farm at one time. |
||
Step 23 | sticky duration [netmask netmask] [source| destination] Example: Router(config-slb-fw-udp)# sticky 60 |
(Optional) In firewall farm datagram protocol configuration mode, specifies that connections from the same IP address use the same firewall if either of the following conditions is met:
|
||
Step 24 | inservice Example: Router(config-slb-fw)# inservice |
Enables the firewall farm for use by IOS SLB. |
Perform the following optional task to verify a firewall farm.
The following show ip slb reals command shows the status of firewall farm FIRE1, the associated real servers, and the server status:
Router# show ip slb real
real farm name weight state conns
--------------------------------------------------------------------
10.1.1.2 FIRE1 8 OPERATIONAL 0
10.1.2.2 FIRE1 8 OPERATIONAL 0
The following show ip slb firewallfarmcommand shows the configuration and status of firewall farm FIRE1:
Router# show ip slb firewallfarm
firewall farm hash state reals
------------------------------------------------
FIRE1 IPADDR INSERVICE 2
Perform the following optional task to verify firewall connectivity.
To verify that IOS SLB firewall load balancing is configured and is operating correctly, perform the following steps:
Step 1 | Ping the external real servers (the ones outside the firewall) from the IOS SLB firewall load-balancing switch. |
Step 2 | Ping the internal real servers (the ones inside the firewall) from the clients. |
Step 3 |
Use the show ip slb stats command to show information about the IOS SLB firewall load-balancing network status: Example: Router# show ip slb stats Pkts via normal switching: 0 Pkts via special switching: 0 Pkts dropped: 0 Connections Created: 1911871 Connections Established: 1967754 Connections Destroyed: 1313251 Connections Reassigned: 0 Zombie Count: 0 Connections Reused: 59752 Connection Flowcache Purges:1776582 Failed Connection Allocs: 17945 Failed Real Assignments: 0 |
Step 4 |
Use the show ip slb real detailcommand to show information about the IOS SLB firewall load-balancing real server status: Example: Router# show ip slb reals detail 172.16.88.5, SF1, state = OPERATIONAL, type = server ipv6 = 2342:2342:2343:FF04:2388:BB03:3223:8912 conns = 0, dummy_conns = 0, maxconns = 4294967295 weight = 8, weight(admin) = 8, metric = 0, remainder = 0 reassign = 3, retry = 60 failconn threshold = 8, failconn count = 0 failclient threshold = 2, failclient count = 0 total conns established = 0, total conn failures = 0 server failures = 0 |
Step 5 |
Use the show ip slb connscommand to show information about the active IOS SLB firewall load-balancing connections: Example: Router# show ip slb conns vserver prot client real state nat ------------------------------------------------------------------------------- FirewallTCP TCP 80.80.50.187:40000 10.1.1.4 ESTAB none FirewallTCP TCP 80.80.50.187:40000 10.1.1.4 ESTAB none FirewallTCP TCP 80.80.50.187:40000 10.1.1.4 ESTAB none FirewallTCP TCP 80.80.50.187:40000 10.1.1.4 ESTAB none FirewallTCP TCP 80.80.50.187:40000 10.1.1.4 ESTAB none |
See "How to Monitor and Maintain the Cisco IOS SLB Feature" for additional commands used to verify IOS SLB networks and connections.
The following sections describe how to configure and verify probes. By default, no probes are configured in IOS SLB.
IOS SLB uses probes to verify connectivity and detect failures. For a detailed description of each type of probe, see the “Probes” section.
Perform the following task to configure a probe. Required and optional tasks are indicated.
Perform the following task to configure a custom User Datagram Protocol (UDP) probe.
Command or Action | Purpose | |
---|---|---|
Step 1 | enable Example: Router> enable |
Enables privileged EXEC mode. If prompted, enter your password. |
Step 2 | configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 | ip slb probe probe custom udp Example: Router(config)# ip slb probe PROBE6 custom udp |
Configures the IOS SLB probe name and enters custom User Datagram Protocol (UDP) probe configuration mode. |
Step 4 | address [ip-address] [routed] Example: Router(config-slb-probe)# address 10.1.1.1 |
(Optional) Configures an IP address to which to send the custom UDP probe. |
Step 5 | faildetect number-of-probes Example: Router(config-slb-probe)# faildetect 16 |
(Optional) Specifies the number of consecutive unacknowledged custom UDP probes that constitute failure of the real server. |
Step 6 | interval seconds Example: Router(config-slb-probe)# interval 11 |
(Optional) Configures the custom UDP probe transmit timers. |
Step 7 | port port Example: Router(config-slb-probe)# port 8 |
Configures the port to which the custom UDP probe is to connect. |
Step 8 | request data {start-byte | continue} hex-data-string Example: Router(config-slb-probe)# request data 0 05 04 00 77 18 2A D6 CD 0A AD 53 4D F1 29 29 CF C1 96 59 CB |
Defines the payload of the UDP request packet to be sent by a custom UDP probe. |
Step 9 | response clause-number data start-byte hex-data-string Example: Router(config-slb-probe)# response 2 data 44 DD DD |
Defines the data string to match against custom UDP probe response packets. |
Step 10 | timeout seconds Example: Router(config-slb-probe)# timeout 20 |
(Optional) Sets a timeout for custom UDP probes. |
Perform the following task to configure a Domain Name System (DNS) probe.
Command or Action | Purpose | |
---|---|---|
Step 1 | enable Example: Router> enable |
Enables privileged EXEC mode. If prompted, enter your password. |
Step 2 | configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 | ip slb probe probe dns Example: Router(config)# ip slb probe PROBE4 dns |
Configures the IOS SLB probe name and enters Domain Name System (DNS) probe configuration mode. |
Step 4 | address [ip-address [routed]] Example: Router(config-slb-probe)# address 10.1.10.1 |
(Optional) Configures an IP address to which to send the DNS probe. |
Step 5 | faildetect number-of-probes Example: Router(config-slb-probe)# faildetect 16 |
(Optional) Specifies the number of consecutive unacknowledged DNS probes that constitute failure of the real server or firewall. |
Step 6 | interval seconds Example: Router(config-slb-probe)# interval 11 |
(Optional) Configures the DNS probe transmit timers. |
Step 7 | lookup ip-address Example: Router(config-slb-probe)# lookup 10.1.10.1 |
(Optional) Configures an IP address of a real server that a DNS server should supply in response to a domain name resolve request. |
Perform the following task to configure an HTTP probe.
Command or Action | Purpose | |
---|---|---|
Step 1 | enable Example: Router> enable |
Enables privileged EXEC mode. If prompted, enter your password. |
Step 2 | configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 | ip slb probe probe http Example: Router(config)# ip slb probe PROBE2 http |
Configures the IOS SLB probe name and enters HTTP probe configuration mode. |
Step 4 | address [ip-address [routed]] Example: Router(config-slb-probe)# address 10.1.10.1 |
(Optional) Configures an IP address to which to send the HTTP probe. |
Step 5 | credentials {username [password]} Example: Router(config-slb-probe)# credentials Username1 password |
(Optional) Configures header values for the HTTP probe. |
Step 6 | expect [status status-code] [regex expression] Example: Router(config-slb-probe)# expect status 401 regex Copyright |
(Optional) Configures the expected HTTP status code or regular expression. |
Step 7 | header field-name [field-value] Example: Router(config-slb-probe)# header HeaderName HeaderValue |
(Optional) Configures header values for the HTTP probe. |
Step 8 | interval seconds Example: Router(config-slb-probe)# interval 11 |
(Optional) Configures the HTTP probe transmit timers. |
Step 9 | port port Example: Router(config-slb-probe)# port 8 |
(Optional) Configures the port to which the HTTP probe is to connect. |
Step 10 | request [method {get | post | head | name name}] [url path] Example: Router(config-slb-probe)# request method post url /probe.cgi?all |
(Optional) Configures the URL path to request from the server, and the method used to perform the request to the server. |
Step 11 | Configure a route to the virtual server. | HTTP probes require a route to the virtual server. The route is not used, but it must exist to enable the socket code to verify that the destination can be reached, which in turn is essential for HTTP probes to function correctly. The route can be either:
|
Perform the following task to configure a ping probe.
Command or Action | Purpose | |
---|---|---|
Step 1 | enable Example: Router> enable |
Enables privileged EXEC mode. If prompted, enter your password. |
Step 2 | configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 | ip slb probe probe ping Example: Router(config)# ip slb probe PROBE1 ping |
Configures the IOS SLB probe name and enters ping probe configuration mode. |
Step 4 | address [ip-address [routed]] Example: Router(config-slb-probe)# address 10.1.10.1 |
(Optional) Configures an IP address to which to send the ping probe. |
Step 5 | faildetect number-of-pings Example: Router(config-slb-probe)# faildetect 16 |
(Optional) Specifies the number of consecutive unacknowledged pings that constitute failure of the real server or firewall. |
Step 6 | interval seconds Example: Router(config-slb-probe)# interval 11 |
(Optional) Configures the ping probe transmit timers. |
Perform the following task to configure a TCP probe.
Command or Action | Purpose | |
---|---|---|
Step 1 | enable Example: Router> enable |
Enables privileged EXEC mode. If prompted, enter your password. |
Step 2 | configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 | ip slb probe probe tcp Example: Router(config)# ip slb probe PROBE5 tcp |
Configures the IOS SLB probe name and enters TCP probe configuration mode. |
Step 4 | address [ip-address [routed]] Example: Router(config-slb-probe)# address 10.1.10.1 |
(Optional) Configures an IP address to which to send the TCP probe. |
Step 5 | interval seconds Example: Router(config-slb-probe)# interval 5 |
(Optional) Configures the TCP probe transmit timers. |
Step 6 | port port Example: Router(config-slb-probe)# port 8 |
Configures the port to which the TCP probe is to connect. |
Perform the following task to configure a Wireless Session Protocol (WSP) probe.
Command or Action | Purpose | |
---|---|---|
Step 1 | enable Example: Router> enable |
Enables privileged EXEC mode. If prompted, enter your password. |
Step 2 | configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 | ip slb probe probe wsp Example: Router(config)# ip slb probe PROBE3 wsp |
Configures the IOS SLB probe name and enters Wireless Session Protocol (WSP) probe configuration mode. |
Step 4 | address [ip-address [routed]] Example: Router(config-slb-probe)# address 10.1.10.1 |
(Optional) Configures an IP address to which to send the WSP probe. |
Step 5 | interval seconds Example: Router(config-slb-probe)# interval 11 |
(Optional) Configures the WSP probe transmit timers. |
Step 6 | url [path] Example: Router(config-slb-probe)# url http://localhost/test.txt |
(Optional) Configures the WSP probe URL path. |
Perform the following task to associate a probe with a real server or firewall.
After configuring a probe, you must associate the probe with a real server or firewall using the probe command. See "How to Configure a Server Farm and a Real Server" and "How to Configure Firewall Load Balancing" for more details.
Note |
You cannot associate a WSP probe with a firewall. |
Command or Action | Purpose | |
---|---|---|
Step 1 | enable Example: Router> enable |
Enables privileged EXEC mode. If prompted, enter your password. |
Step 2 | configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 | Do one of the following:
Example: Router(config)# ip slb serverfarm PUBLIC Example: Router(config)# ip slb firewallfarm FIRE1 |
Identifies a firewall farm and enters firewall farm configuration mode. or Identifies a server farm and enters SLB server farm configuration mode. |
Step 4 | Do one of the following:
Example: Router(config-slb-sfarm)# probe PROBE1 Example: Router(config-slb-fw-real)# probe FireProbe |
Associates a probe with a firewall farm or a server farm. |
Perform the following optional task to verify a probe.
To verify that a probe is configured correctly, use the show ip slb probecommand:
Router# show ip slb probe
Server:Port State Outages Current Cumulative
----------------------------------------------------------------
10.1.1.1:80 OPERATIONAL 0 never 00:00:00
10.1.1.2:80 OPERATIONAL 0 never 00:00:00
10.1.1.3:80 OPERATIONAL 0 never 00:00:00
Perform the following task to configure IOS SLB as a Dynamic Feedback Protocol (DFP) manager, and to identify a DFP agent with which IOS SLB can initiate connections.
You can define IOS SLB as a DFP manager, as a DFP agent for another DFP manager, or as both at the same time. Depending on your network configuration, you might enter the commands for configuring IOS SLB as a DFP manager and the commands for configuring IOS SLB as a DFP agent on the same device or on different devices.
Command or Action | Purpose | |
---|---|---|
Step 1 | enable Example: Router> enable |
Enables privileged EXEC mode. If prompted, enter your password. |
Step 2 | configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 | ip slb dfp [password[[encrypt] secret-string [timeout]] Example: Router(config)# ip slb dfp password Password1 360 |
Configures Dynamic Feedback Protocol (DFP), supplies an optional password, and enters DFP configuration mode. |
Step 4 | agent ip-address port [timeout[retry-count [retry-interval]]] Example: Router(config-slb-dfp)# agent 10.1.1.1 2221 30 0 10 |
Identifies a DFP agent to which IOS SLB can connect. |
Step 5 | Configure IOS SLB as a DFP agent. | To configure IOS SLB as a DFP agent, refer to the DFP Agent Subsystem feature document for Cisco IOS Release 12.2(18)SXB. |
Perform the following tasks to configure general packet radio service (GPRS) load balancing.
Command or Action | Purpose | |
---|---|---|
Step 1 | Configure a server farm and a real server. | See "How to Configure a Server Farm and a Real Server". When you configure the server farm and real server for GPRS load balancing, keep the following considerations in mind:
|
Step 2 | Configure a virtual server. | See "How to Configure a Virtual Server". When you configure the virtual command, keep the following considerations in mind:
In GPRS load balancing without GTP cause code inspection enabled, when you configure the idle timer using the idle command, specify an idle timer greater than the longest possible interval between PDP context requests on the SGSN. |
Step 3 | Configure the virtual IP address as a loopback on each of the GGSNs in the servers. | (Required for dispatched mode) This step is required only if you are using dispatched mode without GTP cause code inspection enabled. Refer to the Cisco IOS Interface Configuration Guide “Configuring Virtual Interfaces” section for more information. |
Step 4 | Route each GGSN to each associated SGSN. | The route can be static or dynamic, but the GGSN needs to be able to reach the SGSN. Refer to the Cisco IOS Mobile Wireless Configuration Guide “Configuring Network Access to the GGSN” section for more details. |
Step 5 | Route each SGSN to the virtual templates on each associated Cisco GGSN, and to the GPRS load-balancing virtual server. | (Required) Refer to the configuration guide for your SGSN for more details. |
Step 6 | Configure a GSN idle timer. | (Optional) This step is applicable only if GTP cause code inspection is enabled. See "How to Configure a GSN Idle Timer" for more information. |
Perform this task to configure a GPRS support node (GSN) idle timer.
Command or Action | Purpose | |
---|---|---|
Step 1 | enable Example: Router> enable |
Enables privileged EXEC mode. If prompted, enter your password. |
Step 2 | configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 | ip slb timers gtp gsn duration Example: Router(config)# ip slb timers gtp gsn 45 |
Change the amount of time IOS SLB maintains sessions to and from an idle gateway GPRS support node (GGSN) or serving GPRS support node (SGSN). |
Perform this task to configure GGSN-IOS SLB messaging.
Command or Action | Purpose | |
---|---|---|
Step 1 | Configure the GGSN to support GGSN-IOS SLB messaging. | When you configure GGSN-IOS SLB messaging support, configure all IOS SLB virtual servers that share the same GGSN to use the same NAT mode, either dispatched mode or directed mode, using the gprs slb modecommand. The virtual servers cannot use a mix of dispatched mode and directed mode, because you can configure only one NAT mode on a given GGSN. For more information, refer to the Cisco IOS Mobile Wireless Configuration Guide for GGSN Release 5.0 for Cisco IOS Release 12.3(2)XU or later. |
Step 2 | Configure a server farm and a real server. | See "How to Configure a Server Farm and a Real Server". When you configure the server farm and real server for GGSN-IOS SLB messaging, to prevent IOS SLB from failing the current real server when reassigning the session to a new real server, disable automatic server failure detection by specifying the no faildetect inband command. |
Step 3 | Configure a virtual server. | See "How to Configure a Virtual Server". When you configure the virtual server for GGSN-IOS SLB messaging, specify the gtp notification caccommand to limit the number of times IOS SLB can reassign a session to a new real server. |
Perform this task to configure GPRS load balancing maps.
GPRS load balancing maps enable IOS SLB to categorize and route user traffic based on access point names (APNs). To enable maps for GPRS load balancing, you must define a GPRS Tunneling Protocol (GTP) map, then associate the map with a server farm.
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 | enable Example: Router> enable |
Enables privileged EXEC mode. If prompted, enter your password. |
||
Step 2 | configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
||
Step 3 | ip slb map map-id gtp | radius} Example: Router(config)# ip slb map 1 radius |
Configures an IOS SLB GTP map and enters SLB GTP map configuration mode. |
||
Step 4 | apn string Example: Router(config-slb-map-gtp)# apn abc |
Configures an ASCII regular expression string to be matched against the access point name (APN) for general packet radio service (GPRS) load balancing. |
||
Step 5 | exit Example: Router(config-slb-map-gtp)# exit |
Exits SLB GTP map configuration mode. |
||
Step 6 | ip slb vserver virtual-server Example: Router(config)# ip slb vserver GGSN_SERVER |
Identifies a virtual server and enters virtual server configuration mode. |
||
Step 7 | virtual ipv4-address [ipv4-netmask[group]] [ipv6 ipv6-address [prefix ipv6-prefix]] {tcp| udp} [port| any] [service service] Example: Router(config-slb-vserver)# virtual 10.10.10.10 udp 0 service gtp |
Specifies the virtual server IP address, type of connection, and optional TCP or User Datagram Protocol (UDP) port number, Internet Key Exchange (IKE) or Wireless Session Protocol (WSP) setting, and service coupling.
|
||
Step 8 | serverfarm primary-farm [backup backup-farm[sticky]] [ipv6-primary ipv6-primary-farm[ipv6-backup ipv6-backup-farm]] [map map-id priority priority] Example: Router(config-slb-vserver)# serverfarm farm1 backup farm2 map 1 priority 3 |
Associates a GTP map with a server farm. Associates a real server farm with a virtual server, and optionally configures a backup server farm and specifies that sticky connections are to be used in the backup server farm.
You can associate more than one server farm with a virtual server by configuring more than one serverfarm command, each with a unique map ID and a unique priority. (That is, each map ID and each map priority must be unique across all server farms associated with the virtual server.) If you are using GTP maps, and you have configured a real server in more than one server farm, you must associate a different virtual server with each server farm. |
Perform this task to configure KeepAlive Application Protocol (KAL-AP) agent support.
KAL-AP agent support enables IOS SLB to perform load balancing in a global server load balancing (GSLB) environment.
Command or Action | Purpose | |
---|---|---|
Step 1 | enable Example: Router> enable |
Enables privileged EXEC mode. If prompted, enter your password. |
Step 2 | configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 | ip slb capp udp Example: Router(config)# ip slb capp udp |
Enables the KAL-AP agent and enters SLB Content Application Peering Protocol (CAPP) configuration mode. |
Step 4 | peer [ip-address] port port Example: Router(config-slb-capp)# peer port 6000 |
(Optional) Specifies the port to which the KAL-AP agent is to connect. |
Step 5 | peer [ip-address] secret [encrypt] secret-string Example: Router(config-slb-capp)# peer secret SECRET_STRING |
(Optional) Enables Message Digest Algorithm Version 5 (MD5) authentication for the KAL-AP agent. |
Step 6 | exit Example: Router(config-slb-map-gtp)# exit |
Exits SLB CAPP configuration mode. |
Step 7 | ip slb serverfarm server-farm Example: Router(config)# ip slb serverfarm PUBLIC |
Identifies a server farm and enters SLB server farm configuration mode. |
Step 8 | kal-ap domain tag Example: Router(config-slb-sfarm)# kal-ap domain chicago-com |
(Optional) Enables the KAL-AP agent to look for a domain tag when reporting the load for a virtual server. |
Step 9 | farm-weight setting Example: Router(config-slb-sfarm)# farm-weight 16 |
(Optional) Specifies a weight to be used by the KAL-AP agent when calculating the load value for a server farm. |
Perform this task to configure RADIUS load balancing.
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 | Configure a server farm and a real server. | See "How to Configure a Server Farm and a Real Server". When you configure the server farm and real server for RADIUS load balancing, keep the following considerations in mind:
|
||
Step 2 | Configure a virtual server. | See "How to Configure a Virtual Server". When you configure the virtual server for RADIUS load balancing, keep the following considerations in mind:
If you configure the accessinterface route framed-ipcommand, you must also configure the virtual command with the service radiuskeywords specified.
|
||
Step 3 | Configure a virtual server. (continued) |
If you configure the sticky radius framed-ipcommand, you must also configure the virtual command with the service radiuskeywords specified.
To prevent IOS SLB from purging entries in the IOS SLB RADIUS framed-IP sticky database upon receipt of an Accounting On or Off message, specify the no purge radius framed-ip acct on-off virtual serverconfiguration command.
To prevent IOS SLB from purging entries in the IOS SLB RADIUS framed-IP sticky database upon receipt of an Accounting-Stop message, specify the no purge radius framed-ip acct stop virtual serverconfiguration command.
To enable IOS SLB to create the IOS SLB RADIUS username sticky database and direct RADIUS requests from a subscriber to the same service gateway based on the username, specify the stickycommand with the radius usernamekeywords. If you configure the sticky radius calling-station-idcommand or the sticky radius usernamecommand, you must also configure the virtual command with the service radiuskeywords specified, and you must configure the sticky radius framed-ipcommand. You cannot configure both the sticky radius calling-station-id command and the sticky radius username command on the same virtual server.
To configure a timer for VSA correlation for an authentication virtual server, configure the radius inject auth timercommand. To buffer VSAs for VSA correlation for an authentication virtual server, configure the radius inject auth vsacommand. To configure a VSA correlation group for an accounting virtual server, and to enable Message Digest Algorithm Version 5 (MD5) authentication for VSA correlation, configure the radius inject acct command. |
||
Step 4 | Enable IOS SLB to inspect packets for RADIUS framed-IP sticky routing. | (Optional) See "How to Enable IOS SLB to Inspect Packets for RADIUS Framed-IP Sticky Routing". |
||
Step 5 | Configure RADIUS load balancing maps. | (Optional) See "How to Configure RADIUS Load Balancing Maps". |
||
Step 6 | Configure RADIUS load balancing accelerated data plane forwarding. | (Optional) See "How to Configure RADIUS Load Balancing Accelerated Data Plane Forwarding". |
||
Step 7 | Increase the number of available MLS entries. | (Optional) If you are running IOS SLB in dispatched mode on a Cisco Catalyst 6500 series switch with Cisco Supervisor Engine 2, you can improve performance by configuring the no mls netflow command. This command increases the number of MLS entries available for hardware switching of end-user flows.
For more information about configuring MLS NetFlow, refer to the Cisco Catalyst 6000 Family IOS Software Configuration Guide . |
||
Step 8 | Configure a probe. | See "How to Configure a Probe". To verify the health of the server, configure a ping probe. |
You can enable IOS SLB to inspect packets whose source IP addresses match a configured IP address and subnet mask. If the source IP address of an inspected packet matches an entry in the IOS SLB RADIUS framed-IP sticky database, IOS SLB uses that entry to route the packet. Otherwise, IOS routes the packet.
Command or Action | Purpose | |
---|---|---|
Step 1 | enable Example: Router> enable |
Enables privileged EXEC mode. If prompted, enter your password. |
Step 2 | configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 | ip slb route framed-ip deny | ip-address netmask framed-ip | inter-firewall Example: Router(config)# ip slb route 10.10.10.1 255.255.255.255 framed-ip |
Enables IOS SLB to route packets using the RADIUS framed-IP sticky database, or to route packets from one firewall real server back through another firewall real server. |
RADIUS load balancing maps enable IOS SLB to categorize and route user traffic based on RADIUS calling station IDs and usernames. To enable maps for RADIUS load balancing, you must define a RADIUS map, then associate the map with a server farm.
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 | enable Example: Router> enable |
Enables privileged EXEC mode. If prompted, enter your password. |
||
Step 2 | configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
||
Step 3 | ip slb map map-id radius Example: Router(config)# ip slb map 1 radius |
Configures an IOS SLB RADIUS map and enters SLB RADIUS map configuration mode. |
||
Step 4 | calling-station-id string Example: Router(config-slb-radius-map)# calling-station-id .919* |
Configures an ASCII regular expression string to be matched against the calling station ID attribute for RADIUS load balancing. |
||
Step 5 | username string Example: Router(config-slb-map-radius)# )# username ...?525* |
Configures an ASCII regular expression string to be matched against the username attribute for RADIUS load balancing. |
||
Step 6 | exit Example: Router(config-slb-map-gtp)# exit |
Exits SLB RADIUS map configuration mode. |
||
Step 7 | ip slb vserver virtual-server Example: Router(config)# ip slb vserver GGSN_SERVER |
Identifies a virtual server and enters virtual server configuration mode. |
||
Step 8 | virtual ipv4-address [ipv4-netmask[group]] [ipv6 ipv6-address [prefix ipv6-prefix]] {tcp| udp} [port| any] [service service] Example: Router(config-slb-vserver)# virtual 10.0.0.1 udp 0 service radius |
Specifies the virtual server IP address, type of connection, and optional TCP or User Datagram Protocol (UDP) port number, Internet Key Exchange (IKE) or Wireless Session Protocol (WSP) setting, and service coupling.
|
||
Step 9 | serverfarm primary-farm [backup backup-farm[sticky]] [ipv6-primary ipv6-primary-farm[ipv6-backup ipv6-backup-farm]] [map map-id priority priority] Example: Router(config-slb-vserver)# serverfarm SF1 backup SF2 map 1 priority 1 |
Associates a RADIUS map with a server farm. Associates a real server farm with a virtual server, and optionally configures a backup server farm and specifies that sticky connections are to be used in the backup server farm.
You can associate more than one server farm with a virtual server by configuring more than one serverfarm command, each with a unique map ID and a unique priority. (That is, each map ID and each map priority must be unique across all server farms associated with the virtual server.) |
Perform this task to configure RADIUS load balancing accelerated data plane forwarding.
RADIUS load balancing accelerated data plane forwarding, also known as Turbo RADIUS load balancing, is a high-performance solution that uses basic policy-based routing (PBR) route maps to manage subscriber data-plane traffic in a Cisco Content Services Gateway (CSG) environment.
Turbo RADIUS load balancing requires a server farm configured with predictor route-map on the accounting virtual server.
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 | enable Example: Router> enable |
Enables privileged EXEC mode. If prompted, enter your password. |
||
Step 2 | configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
||
Step 3 | ip slb serverfarm server-farm Example: Router(config)# ip slb serverfarm PUBLIC |
Identifies a server farm and enters SLB server farm configuration mode. |
||
Step 4 | predictor [roundrobin| leastconns| route-map mapname] Example: Router(config-slb-sfarm)# predictor route-map map1 |
(Optional) Specifies the algorithm to be used to determine how a real server is selected. Turbo RADIUS load balancing requires the route-map keyword and mapname argument. When you specify the predictor route-map command, no further commands in SLB server farm configuration mode or real server configuration mode are allowed. |
||
Step 5 | exit Example: Router(config-slb-sfarm)# exit |
Exits SLB server farm configuration mode. |
||
Step 6 | ip slb vserver virtual-server Example: Router(config)# ip slb vserver RADIUS_AUTH |
Identifies a virtual server and enters virtual server configuration mode. |
||
Step 7 | virtual ipv4-address [ipv4-netmask[group]] [ipv6 ipv6-address [prefix ipv6-prefix]] {tcp| udp} [port| any] [service service] Example: Router(config-slb-vserver)# virtual 10.10.10.10 udp 1813 service radius |
Specifies the virtual server IP address, type of connection, and optional TCP or User Datagram Protocol (UDP) port number, Internet Key Exchange (IKE) or Wireless Session Protocol (WSP) setting, and service coupling and enters SLB virtual server configuration mode.
|
||
Step 8 | serverfarm primary-farm [backup backup-farm[sticky]] [ipv6-primary ipv6-primary-farm[ipv6-backup ipv6-backup-farm]] [map map-id priority priority] Example: Router(config-slb-vserver)# serverfarm AAAFARM |
Associates a RADIUS map with a server farm. Associates a real server farm with a virtual server, and optionally configures a backup server farm and specifies that sticky connections are to be used in the backup server farm.
You can associate more than one server farm with a virtual server by configuring more than one serverfarm command, each with a unique map ID and a unique priority. (That is, each map ID and each map priority must be unique across all server farms associated with the virtual server.) |
||
Step 9 | radius acct local-ack key [encrypt] secret-string Example: Router(config-slb-vserver)# radius acct local-ack key SECRET_PASSWORD |
(Optional) Configures VSA correlation and enables a RADIUS virtual server to acknowledge RADIUS accounting messages
This command is valid only for VSA correlation accounting virtual servers. |
||
Step 10 | radius inject auth group-number {calling-station-id| username} Example: Router(config-slb-vserver)# radius inject auth 1 calling-station-id |
(Optional) Configures a VSA correlation group for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server, and specifies whether IOS SLB is to create VSA correlation entries based on RADIUS calling station IDs or RADIUS usernames. For a given authentication virtual server, you can configure one radius inject authgroup-number calling-station-id command or one radius inject authgroup-number usernamecommand, but not both. This command is valid only for VSA correlation authentication virtual servers. |
||
Step 11 | radius inject auth timer seconds Example: Router(config-slb-vserver)# radius inject auth timer 45 |
(Optional) Configures a timer for VSA correlation for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server. This command is valid only for VSA correlation authentication virtual servers. |
||
Step 12 | radius inject auth vsa vendor-id Example: Router(config-slb-vserver)# radius inject auth vsa vendor1 |
(Optional) Buffers VSAs for VSA correlation for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server. This command is valid only for VSA correlation authentication virtual servers. |
Perform this task to configure Exchange Director for mobile Service Exchange Framework (mSEF).
Perform this task to configure RADIUS load balancing for the Exchange Director.
Command or Action | Purpose | |
---|---|---|
Step 1 | Configure a server farm and a real server. | See "How to Configure a Server Farm and a Real Server". When you configure the server farm and real server for RADIUS for the Exchange Director, keep the following considerations in mind:
|
Step 2 | Configure a virtual server. | See "How to Configure a Virtual Server". When you configure the virtual server for RADIUS for the Exchange Director, keep the following considerations in mind:
If you configure the accessinterface route framed-ipcommand, you must also configure the virtual command with the service radiuskeywords specified.
If you configure the sticky radius framed-ipcommand, you must also configure the virtual command with the service radiuskeywords specified. |
Step 3 | Configure a virtual server. (continued) |
To enable IOS SLB to create the IOS SLB RADIUS username sticky database and direct RADIUS requests from a subscriber to the same service gateway based on the username, specify the stickycommand with the radius usernamekeywords. If you configure the sticky radius calling-station-idcommand or the sticky radius usernamecommand, you must also configure the virtual command with the service radiuskeywords specified, and you must configure the sticky radius framed-ipcommand. You cannot configure both the sticky radius calling-station-id command and the sticky radius username command on the same virtual server. |
Step 4 | Enable IOS SLB to inspect packets for RADIUS framed-IP sticky routing. | (Optional) See "How to Enable IOS SLB to Inspect Packets for RADIUS Framed-IP Sticky Routing". |
Step 5 | Configure RADIUS load balancing maps. | (Optional) See "How to Configure RADIUS Load Balancing Maps". |
Step 6 | Increase the number of available MLS entries. | (Optional |
Step 7 | Configure a probe. | See "How to Configure a Probe". To verify the health of the server, configure a ping probe. |
Perform this task to configure firewall load balancing for the Exchange Director.
This section lists the tasks used to configure firewalls for the Exchange Director. Detailed configuration information is contained in the referenced sections of this or other documents. Required and optional tasks are indicated.
Perform the following required task to configure a firewall farm.
Command or Action | Purpose | |
---|---|---|
Step 1 | enable Example: Router> enable |
Enables privileged EXEC mode. If prompted, enter your password. |
Step 2 | configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 | ip slb firewallfarm firewall-farm Example: Router(config)# ip slb firewallfarm FIRE1 |
Adds a firewall farm definition to the IOS SLB configuration and enters firewall farm configuration mode. |
Step 4 | real ip-address Example: Router(config-slb-fw)# real 10.1.1.1 |
Identifies a firewall by IP address as a member of a firewall farm and enters real server configuration mode. |
Step 5 | probe probe Example: Router(config-slb-fw-real)# probe FireProbe |
Associates a probe with the firewall. |
Step 6 | weight setting Example: Router(config-slb-fw-real)# weight 16 |
(Optional) Specifies the firewall’s workload capacity relative to other firewalls in the firewall farm. |
Step 7 | inservice Example: Router(config-slb-fw-real)# inservice |
Enables the firewall for use by the firewall farm and by IOS SLB. |
Step 8 | exit Example: Router(config-slb-fw-real)# exit |
Exits real server configuration mode. |
Step 9 | access [source source-ip netmask] [destination destination-ip netmask]| inbound inbound-interface | outbound outbound-interface] Example: Router(config-slb-fw)# access destination 10.1.6.0 255.255.255.0 |
(Optional) Routes specific flows to a firewall farm. |
Step 10 | predictor hash address [port] Example: Router(config-slb-fw)# predictor hash address |
(Optional) Specifies whether the source and destination TCP or User Datagram Protocol (UDP) port numbers, in addition to the source and destination IP addresses, are to be used when selecting a firewall. |
Step 11 | purge connection Example: Router(config-slb-fw)# purge connection |
(Optional) Enables IOS SLB firewall load balancing to send purge requests for connections. |
Step 12 | purge sticky Example: Router(config-slb-fw)# purge sticky |
(Optional) Enables IOS SLB firewall load balancing to send purge requests when the sticky idle timer expires. |
Step 13 | replicate casa listen-ip remote-ip port [interval] [password [[encrypt] secret-string [timeout]]] Example: Router(config-slb-fw)# replicate casa 10.10.10.11 10.10.11.12 4231 |
(Optional) Configures a stateful backup of IOS SLB firewall load balancing decision tables to a backup switch. |
Step 14 | protocol tcp Example: Router(config-slb-fw)# protocol tcp |
(Optional) Enters firewall farm TCP protocol configuration mode. |
Step 15 | delay duration Example: Router(config-slb-fw-tcp)# delay 30 |
(Optional) For firewall farm TCP protocol configuration mode, specifies the time IOS SLB firewall load balancing maintains TCP connection context after a connection has ended. |
Step 16 | idle duration Example: Router(config-slb-fw-tcp)# idle 120 |
(Optional) For firewall farm TCP protocol configuration mode, specifies the minimum time IOS SLB firewall load balancing maintains connection context in the absence of packet activity. |
Step 17 | maxconns maximum-number Example: Router(config-slb-fw-tcp)# maxconns 1000 |
(Optional) For firewall farm TCP protocol configuration mode, specifies the maximum number of active TCP connections allowed on the firewall farm at one time. |
Step 18 | sticky seconds [netmask netmask] [source| destination] Example: Router(config-slb-fw-tcp)# sticky 60 |
(Optional) For firewall farm TCP protocol configuration mode, specifies that connections from the same IP address use the same firewall if either of the following conditions is met:
|
Step 19 | exit Example: Router(config-slb-fw-tcp)# exit |
Exits firewall farm TCP protocol configuration mode. |
Step 20 | protocol datagram Example: Router(config-slb-fw)# protocol datagram |
(Optional) Enters firewall farm datagram protocol configuration mode. |
Step 21 | idle duration Example: Router(config-slb-fw-udp)# idle 120 |
(Optional) For firewall farm datagram protocol configuration mode, specifies the minimum time IOS SLB firewall load balancing maintains connection context in the absence of packet activity. |
Step 22 | maxconns maximum-number Example: Router(config-slb-fw-udp)# maxconns 1000 |
(Optional) For firewall farm datagram protocol configuration mode, specifies the maximum number of active datagram connections allowed on the firewall farm at one time. |
Step 23 | sticky seconds [netmask netmask] [source| destination] Example: Router(config-slb-fw-udp)# sticky 60 |
(Optional) For firewall farm datagram protocol configuration mode, specifies that connections from the same IP address use the same firewall if either of the following conditions is met:
|
Step 24 | exit Example: Router(config-slb-fw-udp)# exit |
Exits firewall farm datagram protocol configuration mode. |
Step 25 | inservice Example: Router(config-slb-fw)# inservice |
Enables the firewall farm for use by IOS SLB. |
Perform the following optional task to verify a firewall farm.
Step 1 | The following show ip slb reals command displays the status of firewall farm FIRE1, the associated real servers, and their status: Example: Router# show ip slb real real farm name weight state conns -------------------------------------------------------------------- 10.1.1.2 FIRE1 8 OPERATIONAL 0 10.1.2.2 FIRE1 8 OPERATIONAL 0 |
Step 2 | The following show ip slb firewallfarmcommand displays the configuration and status of firewall farm FIRE1: Example: Router# show ip slb firewallfarm firewall farm hash state reals ------------------------------------------------ FIRE1 IPADDR INSERVICE 2 |
Perform the following optional task to verify firewall connectivity.
To verify that IOS SLB firewall load balancing is configured and operating correctly, perform the following steps:
Step 1 | Ping the external real servers (the ones outside the firewall) from the IOS SLB firewall load-balancing device. |
Step 2 | Ping the internal real servers (the ones inside the firewall) from the clients. |
Step 3 |
Use the show ip slb stats command to display information about the IOS SLB firewall load-balancing network status: Example: Router# show ip slb stats Pkts via normal switching: 0 Pkts via special switching: 0 Pkts dropped: 0 Connections Created: 1911871 Connections Established: 1967754 Connections Destroyed: 1313251 Connections Reassigned: 0 Zombie Count: 0 Connections Reused: 59752 Connection Flowcache Purges:1776582 Failed Connection Allocs: 17945 Failed Real Assignments: 0 |
Step 4 |
Use the show ip slb real detailcommand to display detailed information about the IOS SLB firewall load-balancing real server status: Example: Router# show ip slb reals detail 172.16.88.5, SF1, state = OPERATIONAL, type = server ipv6 = 2342:2342:2343:FF04:2388:BB03:3223:8912 conns = 0, dummy_conns = 0, maxconns = 4294967295 weight = 8, weight(admin) = 8, metric = 0, remainder = 0 reassign = 3, retry = 60 failconn threshold = 8, failconn count = 0 failclient threshold = 2, failclient count = 0 total conns established = 0, total conn failures = 0 server failures = 0 |
Step 5 |
Use the show ip slb connscommand to display information about active IOS SLB firewall load-balancing connections: Example: Router# show ip slb conns vserver prot client real state nat ------------------------------------------------------------------------------- FirewallTCP TCP 80.80.50.187:40000 10.1.1.4 ESTAB none FirewallTCP TCP 80.80.50.187:40000 10.1.1.4 ESTAB none FirewallTCP TCP 80.80.50.187:40000 10.1.1.4 ESTAB none FirewallTCP TCP 80.80.50.187:40000 10.1.1.4 ESTAB none FirewallTCP TCP 80.80.50.187:40000 10.1.1.4 ESTAB none |
For additional commands used to verify IOS SLB networks and connections, see "How to Monitor and Maintain the Cisco IOS SLB Feature".
Perform the following required task to configure a probe.
The Exchange Director uses probes to detect and recover from failures. You must configure a probe on each real server in the firewall farm.
To disable purge throttling on TCP and UDP flow packets, use the no form of this command.
To completely stop the sending of purge requests, use the no form of this command.
To completely stop the sending of purge requests for sticky connections, use the no form of this command.
Command or Action | Purpose | |
---|---|---|
Step 1 | Configure a server farm and a real server. | See "How to Configure a Server Farm and a Real Server". When you configure the server farm and real server for VPN server load balancing, specify the IP addresses of the real servers acting as VPN terminators using the real command. |
Step 2 | Configure a virtual server. | See "How to Configure a Virtual Server". When you configure the virtual server for VPN server load balancing of IPSec flows, keep the following considerations in mind:
When you configure the virtual server for VPN server load balancing of Point-to-Point Tunneling Protocol (PPTP) flows, keep the following considerations in mind:
|
Step 3 | Configure a probe. | See "How to Configure a Probe". To verify the health of the server, configure a ping probe. |
Perform the following task to configure load balancing across a set of Access Service Network (ASN) gateways.
Command or Action | Purpose | |
---|---|---|
Step 1 | Configure the base station. | To enable IOS SLB to manage requests from the Mobile Subscriber Station (MSS), configure the base station with the virtual IP address of the IOS SLB device. |
Step 2 | Configure a probe. | See "How to Configure a Probe". To verify the health of the server, configure a ping probe. |
Step 3 | Associate a server farm and a real server with the probe. | See "How to Configure a Server Farm and a Real Server". When you configure the server farm and real server for ASN load balancing, keep the following considerations in mind: |
Step 4 | Associate a virtual server with the server farm. | See "How to Configure a Virtual Server". When you configure the virtual server for ASN load balancing, keep the following considerations in mind:
|
Perform the following task to configure the Home Agent Director.
Command or Action | Purpose | |
---|---|---|
Step 1 | Configure a server farm and a real server. | See "How to Configure a Server Farm and a Real Server". When you configure the server farm and real server for the Home Agent Director, keep the following considerations in mind: |
Step 2 | Configure a virtual server. | See "How to Configure a Virtual Server". When you configure the virtual server for the Home Agent Director using the virtual command, keep the following considerations in mind:
|
Step 3 | Configure the virtual IP address as a loopback on each of the home agents in the servers. | (Required for dispatched mode) This step is required only if you are using dispatched mode. Refer to the “Configuring a Loopback Interface” section in the Cisco IOS Interface Configuration Guide , Release 12.2 for more information. |
Step 4 | Configure DFP. | (Optional) See "How to Configure DFP". When you configure DFP for the Home Agent Director, keep the following considerations in mind:
For information about these Mobile IP commands, refer to the Cisco Mobile Wireless Home Agent Release 2.0 feature module. |
Perform the following task to configure the IOS SLB Network Address Translation (NAT) client address pool for client NAT.
Command or Action | Purpose | |
---|---|---|
Step 1 | enable Example: Router> enable |
Enables privileged EXEC mode. If prompted, enter your password. |
Step 2 | configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 | ip slb natpool pool start-ip end-ip [netmask netmask | prefix-length leading-1-bits] [entries init-address [max-address]] Example: Router(config)# ip slb natpool web-clients 10.1.10.1 10.1.10.5 netmask 255.255.0.0 |
Configures the client address pool. GPRS load balancing does not support this command. You do not need to configure the client address pool for server NAT. |
Step 4 | nat {client pool | server} Example: Router(config-slb-sfarm)# nat server |
Configures SLB NAT and specifies a NAT mode. All IPv4 or IPv6 server farms that are associated with the same virtual server must have the same NAT configuration. |
You must also specify either NAT client translation mode or NAT server address translation mode on the server farm, using the natcommand. See "How to Configure a Server Farm and a Real Server" for more details. When you configure the virtual server for NAT, remember that you cannot configure client NAT for an ESP or GRE virtual server.
Perform the following task to configure static NAT.
Static NAT enables you to allow some users to use NAT and allow other users on the same Ethernet interface to continue with their own IP addresses. This option enables you to provide a default NAT behavior for real servers, differentiating between responses from a real server, and connection requests initiated by the real server.
Note |
To avoid unexpected results, make sure your static NAT configuration mirrors your virtual server configuration. |
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 | enable Example: Router> enable |
Enables privileged EXEC mode. If prompted, enter your password. |
||
Step 2 | configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
||
Step 3 | ip slb static {drop | nat {virtual | virtual-ip[per-packet | sticky]}} Example: Router(config)# ip slb static nat 10.1.10.1 per-packet |
Configures the real server’s NAT behavior and enters static NAT configuration mode.
|
||
Step 4 | real ip-address [port] Example: Router(config-slb-static)# real 10.1.1.3 |
Configures one or more real servers to use static NAT. |
Perform the following task to configure stateless backup over VLANs between IOS SLB devices.
Note |
For active standby, in which multiple IOS SLB devices share a virtual IP address, you must use exclusive client ranges and you must use policy routing to forward flows to the correct IOS SLB device. |
Command or Action | Purpose | |
---|---|---|
Step 1 | Configure required and optional IOS SLB functions. | (Required for server load balancing) See "How to Configure Required and Optional IOS SLB Functions". |
Step 2 | Configure firewall load balancing. | (Required for firewall load balancing) See "How to Configure Firewall Load Balancing". |
Step 3 | Configure the IP routing protocol. | Refer to the “IP Routing Protocols” chapter of the Cisco IOS IP Configuration Guide, Release 12.2 for details. |
Step 4 | Configure the VLAN between the IOS SLB devices. | Refer to the “Virtual LANs” chapter of the Cisco IOS Switching Services Configuration Guide, Release 12.2 for details. |
Step 5 | Verify the stateless backup configuration. | (Optional) See "How to Verify the Stateless Backup Configuration". |
Perform the following task to verify the stateless backup configuration.
For server load balancing, to verify that stateless backup has been configured and is operating correctly, use the following show ip slb vservers commands to display information about the IOS SLB virtual server status:
Router# show ip slb vservers slb vserver prot virtual state conns ------------------------------------------------------------------- VS1 TCP 10.10.10.12:23 OPERATIONAL 2 VS2 TCP 10.10.10.18:23 OPERATIONAL 2 Router# show ip slb vservers detail VS1, state = OPERATIONAL, v_index = 10 virtual = 10.10.10.12:23, TCP, service = NONE, advertise = TRUE server farm = SERVERGROUP1, delay = 10, idle = 3600 sticky timer = 0, sticky subnet = 255.255.255.255 sticky group id = 0 synguard counter = 0, synguard period = 0 conns = 0, total conns = 0, syns = 0, syn drops = 0 standby group = None VS2, state = INSERVICE, v_index = 11 virtual = 10.10.10.18:23, TCP, service = NONE, advertise = TRUE server farm = SERVERGROUP2, delay = 10, idle = 3600 sticky timer = 0, sticky subnet = 255.255.255.255 sticky group id = 0 synguard counter = 0, synguard period = 0 conns = 0, total conns = 0, syns = 0, syn drops = 0 standby group = None
For firewall load balancing, to verify that stateless backup has been configured and is operating correctly, use the following show ip slb firewallfarmcommands to display information about the IOS SLB firewall farm status:
Router# show ip slb firewallfarm firewall farm hash state reals ------------------------------------------------ FIRE1 IPADDR INSERVICE 2 Router# show ip slb firewallfarm details FIRE1, hash = IPADDRPORT, state = INSERVICE, reals = 2 FirewallTCP: sticky timer = 0, sticky subnet = 255.255.255.255 idle = 3600, delay = 10, syns = 1965732, syn drop = 0 maxconns = 4294967295, conns = 597445, total conns = 1909512 FirewallUDP: sticky timer = 0, sticky subnet = 255.255.255.255 idle = 3600 maxconns = 1, conns = 0, total conns = 1 Real firewalls: 10.1.1.3, weight = 10, OPERATIONAL, conns = 298823 10.1.1.4, weight = 10, OPERATIONAL, conns = 298622 Total connections = 597445
Command or Action | Purpose | |
---|---|---|
Step 1 | Configure the replication message rate for slave replication. | Specify the ip slb replicate slave ratecommand in global configuration mode. |
Step 2 | Configure required and optional IOS SLB functions. | (Required for server load balancing) See "How to Configure Required and Optional IOS SLB Functions". When you configure the virtual server for stateful backup of redundant route processors, keep the following considerations in mind: |
Step 3 | Configure firewall load balancing. | (Required for firewall load balancing) See "How to Configure Firewall Load Balancing". When you configure the firewall farm for stateful backup of redundant route processors, keep the following considerations in mind: |
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 | enable Example: Router> enable |
Enables privileged EXEC mode. If prompted, enter your password. |
||
Step 2 | configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
||
Step 3 | ip slb entries [conn [init-conn [max-conn]] | frag [init-frag [max-frag] | lifetime timeout] | gtp {gsn [init-gsn[max-gsn] | nsapi [init-nsapi [max-nsapi]} | sticky [init-sticky [max-sticky]]] Example: Router(config)# ip slb entries conn 128000 512000 |
Specifies an initial allocation and a maximum value for IOS SLB database entries.
|
Command or Action | Purpose | |
---|---|---|
Step 1 | enable Example: Router> enable |
Enables privileged EXEC mode. If prompted, enter your password. |
Step 2 | configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 | ip slb maxbuffers frag buffers Example: Router(config)# ip slb maxbuffers frag 300 |
Configures the maximum number of buffers for the IOS SLB fragment database. |
Command or Action | Purpose | |
---|---|---|
Step 1 | clear ip slb connections [firewallfarm firewall-farm| serverfarm server-farm| vserver virtual-server] Example: Router# clear ip slb connections vserver VSERVER1 |
Clears the IOS SLB connection database for one or more firewall farms, server farms, or virtual servers. |
Step 2 | clear ip slb counters [kal-ap] Example: Router# clear ip slb counters |
Clears the IOS SLB counters. Use the kal-ap keyword to clear only IP IOS SLB KeepAlive Application Protocol (KAL-AP) counters. |
Step 3 | clear ip slb sessions [firewallfarm firewall-farm| serverfarm server-farm | vserver virtual-server] Example: Router# clear ip slb sessions serverfarm FARM1 |
Clears the IOS SLB RADIUS session database for one or more firewall farms, server farms, or virtual servers. |
Step 4 | clear ip slb sticky asn msid msid Example: Router# clear ip slb sticky asn msid 001646013fc0 |
Clears entries from an IOS SLB Access Service Network (ASN) Mobile Station ID (MSID) sticky database. |
Step 5 | clear ip slb sticky gtp imsi [id imsi] Example: Router# clear ip slb sticky gtp imsi |
Clears entries from an IOS SLB general packet radio service (GPRS) Tunneling Protocol (GTP) International Mobile Subscriber ID (IMSI) sticky database. |
Step 6 | clear ip slb sticky radius {calling-station-id [id string] | framed-ip [framed-ip [netmask]]} Example: Router# clear ip slb sticky radius framed-ip |
Clears entries from an IOS SLB RADIUS sticky database. |
Command or Action | Purpose | |
---|---|---|
Step 1 | enable Example: Router> enable |
Enables privileged EXEC mode. If prompted, enter your password. |
Step 2 | configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 | Router(config)# mls ip slb search{wildcard [pfc | rp] | icmp} Example: Router(config)# mls ip slb search wildcard rp |
Specifies the behavior of IOS SLB wildcard searches. This command is supported for Cisco Catalyst 6500 series switch only. |
Command or Action | Purpose | |
---|---|---|
Step 1 | enable Example: Router> enable |
Enables privileged EXEC mode. If prompted, enter your password. |
Step 2 | configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 | Router(config)# mls ip slb purge global Example: Router(config)# mls ip slb purge global |
Specifies protocol-level purging of MLS entries from active TCP and UDP flow packets. This command is supported for Cisco Catalyst 6500 series switches only. |
You can enable IOS SLB to automatically remove connections to failed real servers and firewalls from the connection database even if the idle timers have not expired. This function is useful for applications that do not rotate the source port (such as IKE), and for protocols that do not have ports to differentiate flows (such as ESP).
You can also enable IOS SLB to automatically reassign to a new real server or firewall RADIUS sticky objects that are destined for a failed real server or firewall.
Command or Action | Purpose | |
---|---|---|
Step 1 | enable Example: Router> enable |
Enables privileged EXEC mode. If prompted, enter your password. |
Step 2 | configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 | ip slb serverfarm server-farm Example: Router(config)# ip slb serverfarm PUBLIC |
Enters server farm configuration mode. |
Step 4 | failaction [purge | asn purge| gtp purge| radius reassign] Example: Router(config-slb-sfarm)# failaction purge |
Configures IOS SLB behavior in the event that a real server fails. |
Step 5 | exit Example: Router(config-slb-sfarm)# exit |
Exits server farm configuration mode. |
Step 6 | ip slb firewallfarm firewall-farm Example: Router(config)# ip slb firewallfarm fire1 |
Enters firewall farm configuration mode. |
Step 7 | failaction purge Example: Router(config-slb-fw)# failaction purge |
Configures IOS SLB behavior in the event that a firewall fails. |
If you have configured all-port virtual servers (that is, virtual servers that accept flows destined for all ports except GTP ports), flows can be passed to servers for which no application port exists. When the servers reject these flows, IOS SLB might fail the servers and remove them from load balancing. This situation can also occur in slow-to-respond AAA servers in RADIUS load-balancing environments. To prevent this situation, you can disable automatic server failure detection.
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 | enable Example: Router> enable |
Enables privileged EXEC mode. If prompted, enter your password. |
||
Step 2 | configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
||
Step 3 | ip slb serverfarm server-farm Example: Router(config)# ip slb serverfarm PUBLIC |
Enters server farm configuration mode. |
||
Step 4 | real ipv4-address [ipv6 ipv6-address] [port] Example: Router(config-slb-sfarm)# real 10.1.1.1 |
Identifies a real server as a member of a server farm and enters real server configuration mode.
|
||
Step 5 | no faildetect inband Example: Router(config-slb-real)# no faildetect inband |
Disables automatic server failure detection.
|
Perform the following task to obtain and display runtime information about IOS SLB.
Step 1 | show ip slb conns [vserver virtual-server | client ip-address | firewall firewall-farm] [detail] Displays all connections managed by IOS SLB, or, optionally, only those connections associated with a particular virtual server or client. The following is sample output from this command: Example: Router# show ip slb conns vserver prot client real state ---------------------------------------------------------------------------- TEST TCP 10.150.72.183:328 10.80.90.25:80 INIT TEST TCP 10.250.167.226:423 10.80.90.26:80 INIT TEST TCP 10.234.60.239:317 10.80.90.26:80 ESTAB TEST TCP 10.110.233.96:747 10.80.90.26:80 ESTAB TEST TCP 10.162.0.201:770 10.80.90.30:80 CLOSING TEST TCP 10.22.225.219:995 10.80.90.26:80 CLOSING TEST TCP 10.2.170.148:169 10.80.90.30:80 |
Step 2 | show ip slb dfp [agent agent-ip port | manager manager-ip | detail | weights] Displays information about Dynamic Feedback Protocol (DFP) and DFP agents, and about the weights assigned to real servers. The following is sample output from this command: Example: Router# show ip slb dfp DFP Manager: Current passwd:NONE Pending passwd:NONE Passwd timeout:0 sec Agent IP Port Timeout Retry Count Interval -------------------------------------------------------------- 172.16.2.34 61936 0 0 180 (Default) |
Step 3 | show ip slb firewallfarm [detail] Displays information about firewall farms. The following is sample output from this command: Example: Router# show ip slb firewallfarm firewall farm hash state reals ------------------------------------------------ FIRE1 IPADDR OPERATIONAL 2 |
Step 4 | show ip slb fragments Displays information from the IOS SLB fragment database. The following is sample output from this command: Example: Router# show ip slb fragments ip src id forward src nat dst nat --------------------------------------------------------------------- 10.11.2.128 12 10.11.2.128 10.11.11.11 10.11.2.128 10.11.2.128 13 10.11.2.128 10.11.11.11 10.11.2.128 10.11.2.128 14 10.11.2.128 10.11.11.11 10.11.2.128 10.11.2.128 15 10.11.2.128 10.11.11.11 10.11.2.128 10.11.2.128 16 10.11.2.128 10.11.11.11 10.11.2.128 |
Step 5 | show ip slb gtp {gsn [gsn-ip-address] | nsapi [nsapi-key] [detail] Displays IOS SLB GPRS Tunneling Protocol (GTP) information. The following is sample output from this command: Example: Router# show ip slb gtp gsn 10.0.0.0 type ip recovery-ie purging ------------------------------------------ SGSN 10.0.0.0 UNKNOWN N |
Step 6 | show ip slb map [map-id] Displays information about IOS SLB protocol maps. The following is sample output from this command: Example: Router# show ip slb map ID: 1, Service: GTP APN: Cisco.com, yahoo.com PLMN ID(s): 11122, 444353 SGSN access list: 100 ID: 2, Service: GTP PLMN ID(s): 67523, 345222 PDP Type: IPv4, PPP ID: 3, Service: GTP PDP Type: IPv6 ID: 4, Service: RADIUS Calling-station-id: “?919*” ID: 5, Service: RADIUS Username: “. .778cisco.*” |
Step 7 | show ip slb natpool [name pool] [detail] Displays information about the IOS SLB NAT configuration. The following is sample output from this command: Example: Router# show ip slb natpool nat client B 209.165.200.225 1.1.1.6 1.1.1.8 Netmask 255.255.255.0 nat client A 10.1.1.1 1.1.1.5 Netmask 255.255.255.0 |
Step 8 | show ip slb probe [name probe] [detail] Displays information about probes defined to IOS SLB. The following is sample output from this command: Example: Router# show ip slb probe Server:Port State Outages Current Cumulative ---------------------------------------------------------------- 10.10.4.1:0 OPERATIONAL 0 never 00:00:00 10.10.5.1:0 FAILED 1 00:00:06 00:00:06 |
Step 9 | show ip slb reals [sfarm server-farm] [detail] Displays information about the real servers defined to IOS SLB. The following is sample output from this command: Example: Router# show ip slb reals real farm name weight state conns -------------------------------------------------------------------- 10.80.2.112 FRAG 8 OUTOFSERVICE 0 10.80.5.232 FRAG 8 OPERATIONAL 0 10.80.15.124 FRAG 8 OUTOFSERVICE 0 10.254.2.2 FRAG 8 OUTOFSERVICE 0 10.80.15.124 LINUX 8 OPERATIONAL 0 10.80.15.125 LINUX 8 OPERATIONAL 0 10.80.15.126 LINUX 8 OPERATIONAL 0 10.80.90.25 SRE 8 OPERATIONAL 220 10.80.90.26 SRE 8 OPERATIONAL 216 10.80.90.27 SRE 8 OPERATIONAL 216 10.80.90.28 SRE 8 TESTING 1 10.80.90.29 SRE 8 OPERATIONAL 221 10.80.90.30 SRE 8 OPERATIONAL 224 10.80.30.3 TEST 100 READY_TO_TEST 0 10.80.30.4 TEST 100 READY_TO_TEST 0 10.80.30.5 TEST 100 READY_TO_TEST 0 10.80.30.6 TEST 100 READY_TO_TEST 0 |
Step 10 | show ip slb replicate Displays information about the IOS SLB replication configuration. The following is sample output from this command: Example: Router# show ip slb replicate VS1, state = NORMAL, interval = 10 Slave Replication: Enabled Slave Replication statistics: unsent conn updates: 0 conn updates received: 0 conn updates transmitted: 0 update messages received: 0 update messages transmitted: 0 Casa Replication: local = 10.1.1.1 remote = 10.2.2.2 port = 1024 current password = <none> pending password = <none> password timeout = 180 sec (Default) Casa Replication statistics: unsent conn updates: 0 conn updates received: 0 conn updates transmitted: 0 update packets received: 0 update packets transmitted: 0 failovers: 0 |
Step 11 | show ip slb serverfarms [name server-farm] [detail] Displays information about the server farms defined to IOS SLB. The following is sample output from this command: Example: Router# show ip slb serverfarms server farm predictor reals bind id ------------------------------------------------- FRAG ROUNDROBIN 4 0 LINUX ROUNDROBIN 3 0 SRE ROUNDROBIN 6 0 TEST ROUNDROBIN 4 0 |
Step 12 | show ip slb sessions [asn| gtp[ipv6] | gtp-inspect| ipmobile| radius] [vserver virtual-server] [client ipv4-address netmask] [detail] Displays information about sessions managed by IOS SLB. The following is sample output from this command: Example: Router# show ip slb sessions radius Source Dest Retry Addr/Port Addr/Port Id Count Real Vserver ------------------------------------------------------------------------------ 10.10.11.1/1645 10.10.11.2/1812 15 1 10.10.10.1 RADIUS_ACCT |
Step 13 | show ip slb static Displays information about the IOS SLB server Network Address Translation (NAT) configuration. The following is sample output from this command: Example: Router# show ip slb static real action address counter --------------------------------------------------------------- 10.11.3.4 drop 0.0.0.0 0 10.11.3.1 NAT 10.11.11.11 3 10.11.3.2 NAT sticky 10.11.11.12 0 10.11.3.3 NAT per-packet 10.11.11.13 0 |
Step 14 | show ip slb stats Displays IOS SLB statistics. The following is sample output from this command: Example: Router# show ip slb stats Pkts via normal switching: 779 Pkts via special switching: 0 Pkts via slb routing: 0 Pkts Dropped: 4 Connections Created: 4 Connections Established: 4 Connections Destroyed: 4 Connections Reassigned: 5 Zombie Count: 0 Connections Reused: 0 Connection Flowcache Purges: 0 Failed Connection Allocs: 0 Failed Real Assignments: 0 RADIUS Framed-IP Sticky Count: 0 RADIUS username Sticky Count: 0 RADIUS calling-station-id Sticky Count: 0 GTP IMSI Sticky Count: 0 Failed Correlation Injects: 0 Pkt fragments drops in ssv: 0 ASN MSID sticky count: 1 |
Step 15 | show ip slb sticky [client ip-address netmask| radius calling-station-id[id string] | radius framed-ip[client ip-address netmask] | radius username[name string]] Displays information about the sticky connections defined to IOS SLB. The following is sample output from this command: Example: Router# show ip slb sticky client netmask group real conns ----------------------------------------------------------------------- 10.10.2.12 255.255.0.0 4097 10.10.3.2 1 |
Step 16 | show ip slb vservers [name virtual-server] [redirect] [detail] Displays information about the virtual servers defined to IOS SLB. The following is sample output from this command: Example: Router# show ip slb vservers slb vserver prot virtual state conns --------------------------------------------------------------------- TEST TCP 10.80.254.3:80 OPERATIONAL 1013 TEST21 TCP 10.80.254.3:21 OUTOFSERVICE 0 TEST23 TCP 10.80.254.3:23 OUTOFSERVICE 0 |
Step 17 | show ip slb wildcard Displays information about the wildcard representation for virtual servers defined to IOS SLB. The following is sample output from this command: Example: Router# show ip slb wildcard Interface Source Address Port Destination Address Port Prot ANY 0.0.0.0/0 0 3.3.3.3/32 2123 UDP ANY 0.0.0.0/0 0 3.3.3.3/32 0 UDP ANY 0.0.0.0/0 0 0.0.0.0/0 0 ICMP Interface: ANY Source Address [Port]: : :/0[0] Destination Address [Port]: 2342:2342:2343:FF04:2341:AA03:2323:8912/128[0] Protocol: ICMPV6 Interface: ANY Source Address [Port]: : :/0[0] Destination Address [Port]: 2342:2342:2343:FF04:2341:AA03:2323:8912/128[2123] Protocol: UDP |