Application Control Engine Module Getting Started Guide (Software Version A2(3.0))
Configuring Route Health Injection
Download this chapter
Configuring Route Health InjectionConfiguring Route Health Injection
Download the complete book
Cisco Application Control Engine Module Getting Started Guide Book-Length PDF (Software Version A2(3.0))Cisco Application Control Engine Module Getting Started Guide Book-Length PDF (Software Version A2(3.0)) (PDF - 3 MB)
give_us_feedback

Table Of Contents

Configuring Route Health Injection

Information About RHI

Configuring Route Health Injection

Configuration Example for Route Health Injection

Where to Go Next


Configuring Route Health Injection

This chapter describes how to configure route health injection (RHI) for the Cisco Application Control Engine (ACE) module.

This chapter contains the following sections:

Information About RHI

Configuring Route Health Injection

Configuration Example for Route Health Injection

Where to Go Next

Information About RHI

After reading this chapter, you should have a basic understanding of what RHI is, how it works in the ACE, and how to configure it to advertise a VIP.

Route Health Injection (RHI) allows the ACE to advertise the availability of a VIP address throughout the intranet as a host route. The ACE send this RHI information to the MSFC in the Catalyst 6500 series switch or the Cisco 7600 series router, which periodically propagates the VIP availability according to the RHI information it receives. RHI is normally restricted to intranets because the MSFC does not broadcast host-route availability to the Internet.

The ACE uses health probes (configured in Chapter 10, "Configuring Health Monitoring Using Health Probes") together with RHI to determine the availability of a VIP before advertising it. When a VIP becomes unavailable, the ACE withdraws the RHI information. The MSFC adds an entry in its routing table for each VIP address it receives from the ACE. The routing protocol running on the MSFC sends routing-table updates, including availability and hop-count routing information for each instance of a VIP address to other routers. The client router uses the routing information to choose a route based on best available path to that VIP address and also where the Cisco application switch is logically closer to the client system.

RHI is aware of virtual routing and forwarding (VRF) allowing ACE virtual devices to inject and remove routes directly from VRF routing tables in the supervisor engine.

By default, the ACE advertises the VLAN of the VIP interface for RHI. To advertise a VLAN for route health injection (RHI) that is different from the VIP interface VLAN, use the ip route inject vlan command in interface configuration mode. By default, the ACE advertises the VLAN of the VIP interface for RHI. Use this command when there is no directly shared VLAN between the ACE and the Catalyst 6500 series supervisor engine. This topology can occur when there is an intervening device, for example, a Cisco Firewall Services Module (FWSM), configured between the ACE and the supervisor engine. Be sure to configure this command on the VIP interface of the ACE.

Configuring Route Health Injection

Procedure

 
Command
Purpose

Step 1  

changeto context

Example: 

host1/Admin# changeto VC_WEB

host1/VC_WEB#

Changes to the correct context if necessary. Check the CLI prompt to verify that you are operating in the desired context.

Step 2  

config

Example: 

host1/VC_WEB# config

host1/VC_WEB(config)#

Enters configuration mode.

Step 3 

policy-map multi-match name


Example: 

host1/VC_WEB(config)# policy-map 
multi-match PM_MULTI_MATCH

host1/VC_WEB(config-pmap)#

Accesses the PM_MULTI_MATCH Layer 3 and Layer 4 multi-match policy map that you created in Chapter 6, "Configuring Server Load Balancing."

Step 4 

class name


Example: 

host1/VC_WEB(config-pmap)# class VS_WEB

host1/VC_WEB(config-pmap-c)#

Accesses the VS_WEB Layer 3 and Layer 4 class map that you created in Chapter 6, "Configuring Server Load Balancing."

Step 5  

loadbalance vip advertise [active] | 
[metric number]

Example: 

host1/VC_WEB(config-pmap-c)# 
loadbalance vip advertise active

Enables the ACE to advertise the availability of a VIP address throughout the network.

Without the active option, the ACE always advertises the VIP whether or not there is any active real server associated with this VIP.

You must enable the advertising of a VIP using the loadbalance vip advertise command before you can enter a distance metric value for the route. Otherwise, the ACE returns an error message.

Step 6 

exit


Example: 

host1/VC_WEB(config-pmap-c)# exit

host1/VC_WEB(config-pmap)# exit

host1/VC_WEB(config)#

Exits policy map class configuration mode. Exits policy map configuration mode. Alternatively, you can press Ctrl-G to exit one mode.

Step 7  

ip route inject vlan vlan_id

Example: 

host1/VC_WEB(config)# interface vlan 
400

host1/VC_WEB(config-if)# ip route 
inject vlan 200

(Optional) Advertises a VLAN for route health injection (RHI) that is different from the VIP interface VLAN.

The vlan_id is the interface shared between the supervisor engine and the intervening device.

Use this command when there is no directly shared VLAN between the ACE and the Catalyst 6500 series supervisor engine. This topology can occur when there is an intervening device, for example, a Cisco Firewall Services Module (FWSM), configured between the ACE and the supervisor engine.

Be sure to configure this command on the VIP interface of the ACE.

Step 8  

exit


Example:

host1/VC_WEB(config-if)# exit

host1/VC_WEB(config) exit

host1/VC_WEB#

Exits interface configuration mode. Exits configuration mode.

Step 9  

show running-config policy-map 
policy_name

Example: 

host1/VC_WEB# show running-config 
policy-map PM_MULTI_MATCH

Displays the policy-map configuration information.

Step 10 

copy running-config startup-config


Example:

host1/VC_WEB# copy running-config startup-config

(Optional) Copies the running configuration to the startup configuration.

Configuration Example for Route Health Injection

The following example shows how to configure RHI. The commands that you have configured in this chapter appear in bold text. 

switch/VC_WEB(config)# do show running config

Generating configuration....


access-list INBOUND line 8 extended permit ip any any


probe http HTTP_PROBE1

  expect status 200 200


rserver host RS_WEB1

  description content server web-one

  ip address 10.10.50.10

  inservice

rserver host RS_WEB2

  description content server web-two

  ip address 10.10.50.11

  inservice

rserver host RS_WEB3

  description content server web-three

  ip address 10.10.50.12

  inservice

rserver host RS_WEB4

  description content server web-four

  ip address 10.10.50.13

  inservice


serverfarm host SF_WEB

  predictor hash header Accept

  probe HTTP_PROBE1

  rserver RS_WEB1 80

    inservice

  rserver RS_WEB2 80

    inservice

  rserver RS_WEB3 80

    inservice

  rserver RS_WEB4 80

    inservice


sticky http-cookie Cookie1 StickyGroup1

  timeout 3600

  serverfarm SF_WEB


ssl-proxy service SSL_PSERVICE_SERVER

  key cisco-sample-key

  cert cisco-sample-cert


class-map match-all CM_SSL

  2 match virtual-address 10.10.40.11 tcp eq https

class-map type management match-any REMOTE_ACCESS

  description Remote access traffic match

  2 match protocol ssh any

  3 match protocol telnet any

  4 match protocol icmp any

class-map match-all VS_WEB

  2 match virtual-address 10.10.40.10 tcp eq www


policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY

  class REMOTE_ACCESS

    permit


policy-map type loadbalance first-match PM_LB

  class class-default

    serverfarm SF_WEB


policy-map multi-match PM_MULTI_MATCH

  class VS_WEB

    loadbalance vip inservice

    loadbalance policy PM_LB

    loadbalance vip advertise active

policy-map multi-match PM_SSL

  class CM_SSL

    ssl-proxy server SSL_PSERVICE_SERVER


service-policy input REMOTE_MGMT_ALLOW_POLICY


interface vlan 400

  description Client connectivity on VLAN 400

  ip address 10.10.40.1 255.255.255.0

  access-group input INBOUND

  service-policy input PM_MULTI_MATCH

  service-policy input PM_SSL

  no shutdown

  ip route inject vlan 200


interface vlan 500

  description Server connectivity on VLAN 500

  ip address 10.10.50.1 255.255.255.0

  no shutdown


domain DOMAIN1

add-object all


ip route 0.0.0.0 0.0.0.0 172.25.91.1

username USER1 password 5 $1$vAN9gQDI$MmbmjQgJPj45lxbtzXPpB1  role SLB-Admin domain 
DOMAIN1

Where to Go Next

In this chapter, you have enabled the RHI feature to advertise the availability of a VIP address. In the next chapter, you will learn how to configure redundancy or fault tolerance.