Table Of Contents
Configuring Route Health Injection
Information About RHI
Configuring Route Health Injection
Configuration Example for Route Health Injection
Where to Go Next
Configuring Route Health Injection
This chapter describes how to configure route health injection (RHI) for the Cisco Application Control Engine (ACE) module.
This chapter contains the following sections:
•
Information About RHI
•
Configuring Route Health Injection
•
Configuration Example for Route Health Injection
•
Where to Go Next
Information About RHI
After reading this chapter, you should have a basic understanding of what RHI is, how it works in the ACE, and how to configure it to advertise a VIP.
Route Health Injection (RHI) allows the ACE to advertise the availability of a VIP address throughout the intranet as a host route. The ACE send this RHI information to the MSFC in the Catalyst 6500 series switch or the Cisco 7600 series router, which periodically propagates the VIP availability according to the RHI information it receives. RHI is normally restricted to intranets because the MSFC does not broadcast host-route availability to the Internet.
The ACE uses health probes (configured in Chapter 10, "Configuring Health Monitoring Using Health Probes") together with RHI to determine the availability of a VIP before advertising it. When a VIP becomes unavailable, the ACE withdraws the RHI information. The MSFC adds an entry in its routing table for each VIP address it receives from the ACE. The routing protocol running on the MSFC sends routing-table updates, including availability and hop-count routing information for each instance of a VIP address to other routers. The client router uses the routing information to choose a route based on best available path to that VIP address and also where the Cisco application switch is logically closer to the client system.
RHI is aware of virtual routing and forwarding (VRF) allowing ACE virtual devices to inject and remove routes directly from VRF routing tables in the supervisor engine.
By default, the ACE advertises the VLAN of the VIP interface for RHI. To advertise a VLAN for route health injection (RHI) that is different from the VIP interface VLAN, use the ip route inject vlan command in interface configuration mode. By default, the ACE advertises the VLAN of the VIP interface for RHI. Use this command when there is no directly shared VLAN between the ACE and the Catalyst 6500 series supervisor engine. This topology can occur when there is an intervening device, for example, a Cisco Firewall Services Module (FWSM), configured between the ACE and the supervisor engine. Be sure to configure this command on the VIP interface of the ACE.
Configuring Route Health Injection
Procedure
|
Command
|
Purpose
|
Step 1
|
Example:
host1/Admin# changeto VC_WEB
|
Changes to the correct context if necessary. Check the CLI prompt to verify that you are operating in the desired context.
|
Step 2
|
Example:
|
Enters configuration mode.
|
Step 3
|
policy-map multi-match name
Example:
host1/VC_WEB(config)# policy-map
multi-match PM_MULTI_MATCH
host1/VC_WEB(config-pmap)#
|
Accesses the PM_MULTI_MATCH Layer 3 and Layer 4 multi-match policy map that you created in Chapter 6, "Configuring Server Load Balancing."
|
Step 4
|
class name
Example:
host1/VC_WEB(config-pmap)# class VS_WEB
host1/VC_WEB(config-pmap-c)#
|
Accesses the VS_WEB Layer 3 and Layer 4 class map that you created in Chapter 6, "Configuring Server Load Balancing."
|
Step 5
|
loadbalance vip advertise [active] |
[metric number]
Example:
host1/VC_WEB(config-pmap-c)#
loadbalance vip advertise active
|
Enables the ACE to advertise the availability of a VIP address throughout the network.
Without the active option, the ACE always advertises the VIP whether or not there is any active real server associated with this VIP.
You must enable the advertising of a VIP using the loadbalance vip advertise command before you can enter a distance metric value for the route. Otherwise, the ACE returns an error message.
|
Step 6
|
exit
Example:
host1/VC_WEB(config-pmap-c)# exit
host1/VC_WEB(config-pmap)# exit
host1/VC_WEB(config)#
|
Exits policy map class configuration mode. Exits policy map configuration mode. Alternatively, you can press Ctrl-G to exit one mode.
|
Step 7
|
ip route inject vlan vlan_id
Example:
host1/VC_WEB(config)# interface vlan
400
host1/VC_WEB(config-if)# ip route
inject vlan 200
|
(Optional) Advertises a VLAN for route health injection (RHI) that is different from the VIP interface VLAN.
The vlan_id is the interface shared between the supervisor engine and the intervening device.
Use this command when there is no directly shared VLAN between the ACE and the Catalyst 6500 series supervisor engine. This topology can occur when there is an intervening device, for example, a Cisco Firewall Services Module (FWSM), configured between the ACE and the supervisor engine.
Be sure to configure this command on the VIP interface of the ACE.
|
Step 8
|
host1/VC_WEB(config-if)# exit
host1/VC_WEB(config) exit
|
Exits interface configuration mode. Exits configuration mode.
|
Step 9
|
show running-config policy-map
policy_name
Example:
host1/VC_WEB# show running-config
policy-map PM_MULTI_MATCH
|
Displays the policy-map configuration information.
|
Step 10
|
copy running-config startup-config
Example:
host1/VC_WEB# copy running-config
startup-config
|
(Optional) Copies the running configuration to the startup configuration.
|
Configuration Example for Route Health Injection
The following example shows how to configure RHI. The commands that you have configured in this chapter appear in bold text.
switch/VC_WEB(config)# do show running config
Generating configuration....
access-list INBOUND line 8 extended permit ip any any
description content server web-one
description content server web-two
description content server web-three
description content server web-four
predictor hash header Accept
sticky http-cookie Cookie1 StickyGroup1
ssl-proxy service SSL_PSERVICE_SERVER
class-map match-all CM_SSL
2 match virtual-address 10.10.40.11 tcp eq https
class-map type management match-any REMOTE_ACCESS
description Remote access traffic match
3 match protocol telnet any
4 match protocol icmp any
class-map match-all VS_WEB
2 match virtual-address 10.10.40.10 tcp eq www
policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
policy-map type loadbalance first-match PM_LB
policy-map multi-match PM_MULTI_MATCH
loadbalance vip inservice
loadbalance vip advertise active
policy-map multi-match PM_SSL
ssl-proxy server SSL_PSERVICE_SERVER
service-policy input REMOTE_MGMT_ALLOW_POLICY
description Client connectivity on VLAN 400
ip address 10.10.40.1 255.255.255.0
access-group input INBOUND
service-policy input PM_MULTI_MATCH
service-policy input PM_SSL
description Server connectivity on VLAN 500
ip address 10.10.50.1 255.255.255.0
ip route 0.0.0.0 0.0.0.0 172.25.91.1
username USER1 password 5 $1$vAN9gQDI$MmbmjQgJPj45lxbtzXPpB1 role SLB-Admin domain
DOMAIN1
Where to Go Next
In this chapter, you have enabled the RHI feature to advertise the availability of a VIP address. In the next chapter, you will learn how to configure redundancy or fault tolerance.