|
|
This chapter contains an alphabetical listing of LocalDirector commands. Documentation for each command includes a brief description of its use, command syntax, usage guidelines, and an example of the command output.
Additionally, this chapter contains the following command usage sections:
You can use the commands shown in Table 6-1 on the command line to edit or display previously entered commands.
| Command | Function |
|---|---|
^a | Go to the beginning of the command line. |
^b | Go back one character (left arrow on vt100 terminals). |
^d | Delete the current character. |
^e | Go to the end of the command line. |
^f | Go forward one character (right arrow on vt100 terminals). |
^k | Delete line starting from the cursor and put into the delete buffer. |
^h | Erase character (same as the Backspace key). |
^l | Redraw line. |
^n | Move forward (down) in the command history listing (down arrow on vt100 terminals). |
^p | Move backward (up) in the command history listing (up arrow on vt100 terminals). |
^t | Transpose characters. |
^u | Delete entire line. |
^y | Yank (bring back) last item that was put into the delete buffer. |
^z | Log out of the session. |
The show history command lists the last ten command lines entered.
LocalDirector supports command line completion. When you type a part of a command and the Tab key, the command matching that letter combination displays. For example, typing faTab returns the failover command:
localdirector(config)# faTab localdirector(config)# failover
Should the partial command have more than one completion option, type Tab again to display a list of possible completions (the first Tab issues a beep to alert you more input is needed). For example:
localdirector(config)# sTabTab secure snmp-server static statistics sticky syn synguard syslog localdirector(config)# s
In the following command example, notice you cannot complete more than the command itself; keywords and variables are not completed:
localdirector(config)# faTab
localdirector(config)# failover
localdirector(config)# failover ?
usage:[no] failover [active]
failover ip address <ip_address>
failover alias ip address <ip_address> [<netmask>]
failover reset
localdirector(config)# failover iTab
usage:[no] failover [active]
Wildcards can be used with the show commands and with some action commands that are described in this chapter.
In a show command, any field in a real_id or virtual_id specifier may be left blank or padded with the keyword all to list a set servers that match.
For example, the following two commands display a list of all TCP virtual servers:
localdirector(config)# show virtual all:all:all:tcp localdirector(config)# show virtual :::tcp
To display a list of virtual servers configured to use port 443 (trailing colons are unnecessary), use the following command:
localdirector(config)# show virtual all:443
To display a list of TCP virtual servers configured to use port 443, use the following minimal command:
localdirector(config)# show virtual :443::tcp
Additionally, some commands for real servers (such as assign, retry, and timeout) allow you to replace the real_id specifier with the virtual server ID so that all real servers that are bound to the virtual server are affected by the command.
Some action commands also allow a real_id or virtual_id specifier to be padded with the keyword all to act on a set of servers that match. If the command (or no form of the command) does not allow the wildcard all, an error message stating the command cannot be used with the all keyword displays.
The command interpreter provides a command set that emulates Cisco IOS technologies. This command set provides three administrator access modes:
Follow this procedure to enter configuration mode:
Step 1 At startup, the console is in unprivileged mode. You can access privileged mode by using the enable command.
Step 2 Access configuration mode by using the configuration terminal command while in privileged mode. You can then write your settings to Flash memory, diskette, or the console.
LocalDirector(config)# route 0.0.0.0 0.0.0.0 ? usage: [no] route <dest_net> <net_mask> <gateway> [<metric>] LocalDirector(config)# route 0.0.0.0 0.0.0.0
The syntax of the command displays, followed by the prompt with your previous text entry on the command line. If necessary, use the pager command to control display output.
For a listing of all commands available for the current mode, type a question mark.
If you enter a command that LocalDirector does not recognize, the "Type `?' for a list of commands" message displays for a variety of reasons. This message can be caused by the following:
Table 6-2 lists configuration commands by LocalDirector features.
| LocalDirector Feature | Command |
|---|---|
Access modes
|
enable configuration terminal disable |
ARP table entries
|
arp no arp clear arp |
Buddy group management
|
buddy no buddy show buddy |
Configuration management
|
configuration clear configuration reload write tftp-server boot |
Connections
|
timeout synguard data show conn show stats |
Default values
|
default |
Display output
|
show pager show history |
Dynamic feedback
|
dynamic-feedback dynamic-feedback-pw
|
Failover
|
failover replicate failover active failover reset failover ip address failover alias ip address show failover |
Flash memory access
|
write erase show configuration reload write memory |
Floppy disk access
|
configuration floppy write floppy |
Help | help, ? |
Hot-standby servers | backup |
Interface
|
interface ethernet interface fddi mtu channel shutdown |
IP address
| alias ip address failover ip address failover alias ip address |
IP precedence
|
color |
Load balancing
|
predictor virtual real bind show bind show conn sticky timeout weight redirection |
MAC addresses
|
show bridge clear bridge |
Multiring
|
multiring |
Names
|
name names |
Passwords
|
enable password password |
Ping
|
ping ping-allow |
Processes, show thread information | show processes |
Prompt host name, change | hostname |
Real server adjustments
|
reassign retry threshold data timeout static |
RIP listening, enable or disable | rip passive |
Routing table
|
route show route |
Security
|
secure assign ping-allow synguard |
Service state
|
in-service out-of-service autounfail restart retry service
|
SNMP
|
snmp-server contact snmp-server location snmp-server host snmp enable traps |
SYSLOG
|
syslog console show syslog syslog output syslog host |
Telnet
|
telnet kill who password |
Virtual server adjustments
|
name predictor sticky buddy |
To set an alias IP address, use the alias ip address command. Use the no form of this command to remove an alias IP address.
alias ip address ip_address [subnet_mask]ip_address | Alias IP address for LocalDirector. A maximum of 256 aliases are allowed. |
subnet_mask | (Optional) Subnet mask for the aliased IP address. By default, the subnet mask is 255.255.255.0. |
No default behavior or values.
Configuration and replication
The alias ip address command assigns multiple IP addresses to LocalDirector. This allows LocalDirector to be placed on a different IP network than the real servers, without using a router.
localdirector(config)# alias ip address 192.168.34.33 localdirector(config)# show alias ip address alias ip address 192.168.34.33 255.255.255.0 localdirector(config)#
failover alias ip address
show alias ip address
To add an entry to the LocalDirector Address Resolution Protocol (ARP) table, use the arp command. Use the no arp command to remove an ARP entry.
arp ip mac_address interface_number [alias]ip | IP address for the ARP table entry. |
mac_address | Hardware MAC address for the ARP table entry. |
interface_number | The interface number. |
(Optional) Alias entries do not time out and are stored in the configuration with the write command. Alias entries stay in the ARP table after LocalDirector reboot if they are saved in the configuration. |
No default behavior or values.
Privileged, configuration, and replication
The arp command adds an entry to the LocalDirector ARP table. ARP is a low-level protocol that maps the physical address of a node to its IP address.
Gratuitous ARPs are supported in LocalDirector Version 1.6 and later.
LocalDirector(config)# arp 192.168.1.42 0000.0101.0202 0
LocalDirector(config)# arp 192.168.1.43 0000.0101.0203 1 alias
LocalDirector(config)# show arp
Interface 0:
192.168.1.42 (0000.0101.0202)
Interface 1:
192.168.1.43 (0000.0101.0203) alias
Interface 2:
LocalDirector(config)# clear arp
LocalDirector(config)# show arp
Interface 0:
Interface 1:
192.168.1.43 (0000.0101.0203) alias
Interface 2:
LocalDirector(config)# no arp 192.168.1.43 0000.0101.0203 1
LocalDirector(config)# show arp
Interface 0:
Interface 1:
Interface 2:
LocalDirector(config)#
clear arp
show arp
To direct connection requests to a specific instance of a virtual server, use the assign command. Use the no assign command to remove these connection requests.
assign virtual_id client_ip [netmask]virtual_id | Virtual server IP address or name, port number, bind-id, and protocol. |
client_ip | The IP address of the client requesting a connection. |
netmask | (Optional) The subnet mask used with the client IP address. The subnet mask determines the resolution of the client network that is associated with the particular virtual server. For example, a subnet mask of 255.255.255.0 specifies the entire class C network, whereas a subnet mask of 255.255.255.255 specifies exactly one IP address. |
The bind-id when defining a virtual server is 0 and the protocol is TCP.
Configuration and replication
Use the assign command to associate client IP addresses with specific virtual servers. Any client IP address not identified by an assign command statement is directed to the default bind-id of 0. A virtual server with a bind-id of 0 cannot be used with the assign command because bind-id 0 is reserved for default traffic.
Prior to Version 3.1, a first-fit algorithm was used to determine the virtual server a client was sent to. If a client fits more than one assignment, LocalDirector selected the first correct virtual server that it looked up. For example, the following example sends clients from the 172.214.67.0 network to virtual server bind-id 1, with the exception of the individual client 172.214.67.146, which is assigned to virtual server bind-id 2:
LocalDirector(config)# assign 192.9.200.1:80:1:tcp 172.214.67.0 255.255.255.0 LocalDirector(config)# assign 192.9.200.1:80:2:tcp 172.214.67.146 255.255.255.255
Version 3.1 uses a best-fit algorithm. The most restrictive subnet mask is judged the best fit, and port assignments are used secondarily. Additionally, to maintain security-related functionality for a particular virtual IP address, if a client IP address fits a subnet mask, then that client is restricted to that subnet mask for all virtual servers with that virtual IP address. As an example:
LocalDirector(config)# assign 192.9.200.1:0:1:tcp 172.214.67.0 255.255.255.0 LocalDirector(config)# assign 192.9.200.1:80:1:tcp 172.214.67.146 255.255.255.255
restricts the 172.214.67.146 client to port 80. If the client attempts a connection to any other port, even though the IP address fits the subnet mask for the port 0 virtual server, the client is rejected. Once the client is restricted to the 255.255.255.255 subnet mask, any virtual server the client is allowed to access for that IP address must be assigned with an exact subnet mask. If there is no bind-id 0 for that virtual server, and the client is not specifically assigned to another virtual server, the client will be denied access to the virtual server. To allow the client into another port for that IP address, the client must get assigned to that port explicitly (or, of course, with port 0 virtual servers, any port). To allow this client access to port 443, for example:
LocalDirector(config)# assign 192.9.200.1:443:1:tcp 172.214.67.146 255.255.255.255
Administrators can validate that the assignments they make using the test assign command:
LocalDirector(config)# test assign dest_ip dest_port client_ip [ip_type]
The command output shows the virtual server the client will be assigned to, or an indication that no virtual server is available for that client.
See the definition of client-assigned load balancing in Chapter 1, "Introduction," and the example of client-assigned load balancing in Chapter 4, "Installing and Configuring LocalDirector," for more information.
LocalDirector(config)# assign 192.9.200.1:80:1:tcp 172.89.1.0 255.255.255.0 LocalDirector(config)# assign 192.9.200.1:80:2:tcp 172.56.6.0 255.255.255.0
show assign
To put a failed real server into testing mode when it is sending data for existing connections, use the autounfail command. Use the no autounfail command to turn off the autounfail feature.
autounfail real_id | virtual_idreal_id | Real server IP address or name, port number (if a port-bound server), bind-id, and protocol. |
virtual_id | Virtual server IP address or name, port number, bind-id, and protocol. |
The autounfail command is on by default.
Configuration and replication
A real server is failed when it does not answer the number of connections set with the threshold command, even though it still might answer one of its existing data connections, or when it responds with TCP RSTs. The autounfail command brings a failed server into testing mode if it answers or sends data on a connection that is already established.
When the virtual_id is specified, all real servers represented by that virtual server are affected by this command.
In testing mode, the real server gets one real incoming connection. If it answers that connection, it is put in service. If it does not answer that connection, it is failed again.
LocalDirector(config)# autounfail 192.168.1.2 LocalDirector(config)#
show autounfail
To assign a backup server for a real or a virtual server, use the backup command. Use the no backup command to remove a backup server.
backup {real_id | virtual_id} backup_id
real_id | The IP address or name, port number (if a port-bound server), bind-id, and protocol of the real server to be backed up. |
virtual_id | The IP address or name, port number, bind-id, and protocol of the virtual server to be backed up. |
backup_id | The IP address or name, port number (if a port-bound server), bind-id, and protocol of the real or virtual server that will serve as a backup. |
No default behavior or values.
Configuration and replication
You can back up real servers with virtual addresses, and you can back up virtual servers with a real server. You can use a backup server when the real or virtual server is not in service (for example, it is failed or out of service).
It is important to note that the backup is treated just like any other real or virtual server by LocalDirector. For example, if the backup is a real server it has the same adjustable parameters (retry, timeout, reassign, and so on) that other real machines have. The predictor for the backup virtual server is used to load balance the servers being backed up by that virtual server.
A real server bound to a virtual server cannot also be used as a backup for that virtual server, which means that the following configuration works:
virtual 10.1.1.1 real 10.2.2.2 real 10.3.3.3 real 10.4.4.4 real 10.5.5.5 backup 10.2.2.2 10.4.4.4 backup 10.3.3.3 10.5.5.5 bind 10.1.1.1 10.2.2.2 bind 10.1.1.1 v.3.3.3
However, if you tried to bind real server 10.5.5.5 to virtual server 10.1.1.1, you will not be allowed because 10.5.5.5 is already serving as a backup for that virtual server.
Also, if server 10.2.2.2 fails and is backed up by 10.4.4.4, it uses that server as long as it is in service; however, if 10.4.4.4 is also failed it does not check the backup for 10.4.4.4.
LocalDirector(config)# backup server1 remote1
LocalDirector(config)# backup server2 remote1
LocalDirector(config)# backup server3 remote1
LocalDirector(config)# show backup
Real Machine(s) Backup
Virtual Machine(s) Backup
server1:0:0:tcp remote1:0:0:tcp
server2:0:0:tcp remote1:0:0:tcp
server3:0:0:tcp remote1:0:0:tcp
LocalDirector(config)#
show backup
To associate a virtual server with one or more real servers, use the bind command. Use no bind to release an association between a real server and virtual server.
bind virtual_id real_id [real_id...]
virtual_id | Virtual server IP address or name, port number, bind-id, and protocol. |
real_id | The IP address or name, port (if a port-bound server), bind-id, and protocol of a real server. |
No default behavior or values.
Configuration and replication
Use the virtual or real command to define the virtual server and real server addresses before using the bind command. Use the bind command to direct network traffic from a virtual server to a real server. If you are binding a real server to more than one virtual server, each real server must use a unique bind-id.
ld(config)# bind 192.168.1.100:80 192.168.1.1:8001 ld(config)# bind 192.168.1.100:80 192.168.1.2:8001 ld(config)# bind 192.168.1.100:80 192.168.1.3:8001 ld(config)# bind 192.168.1.101:80 192.168.1.1:8002 ld(config)# bind 192.168.1.101:80 192.168.1.2:8002 ld(config)# bind 192.168.1.101:80 192.168.1.3:8002 LocalDirector(config)# show bind
Virtual Machine(s) Real Machines
192.168.1.101:80:0:tcp(IS)
192.168.1.3:8002:0:tcp(IS)
192.168.1.2:8002:0:tcp(IS)
192.168.1.1:8002:0:tcp(IS)
192.168.1.100:80:0:tcp(IS)
192.168.1.3:8001:0:tcp(IS)
192.168.1.2:8001:0:tcp(IS)
192.168.1.1:8001:0:tcp(IS)
ld(config)#
The following is an example of the binding for a UDP virtual and real server:
Ld(config)# bind 192.10.10.101:300:0:udp 192.10.10.1:200:0:udp
Ld(config)#
Ld(config)# show bind
Virtual Machine(s) Real Machines
192.10.10.101:300:0:udp(OOS)
192.10.10.1:200:0:udp(OOS)
show bind
To enable booting from a remote configuration file, use the boot config command. Use the no boot config command to disable booting from a remote configuration file.
boot config filename tftp_server_ip [port port]filename | The name of the configuration file stored on the TFTP server. |
tftp_server_ip | The IP address of the TFTP server. |
port | (Optional) Use the port specified with the port argument. |
port | (Optional) The port number (by default, port 69 is used). |
No default behavior or values.
Configuration and replication
LocalDirector configuration files can be stored on a TFTP server. This command accesses the configuration file and boots LocalDirector using the new configuration.
When a configuration file is loaded in, each statement is read into the current configuration and evaluated with these rules:
show boot
To enable booting from a remote image, use the boot image command.
boot image image_file tftp_server_ip [port port]image_file | The name of the LocalDirector software file stored on the TFTP server. |
tftp_server_ip | The IP address of the TFTP server. |
port | (Optional) Use the port specified with the port argument. |
port | (Optional) The port number (by default, port 69 is used). |
No default behavior or values.
Configuration and replication
LocalDirector software (image file) can be stored on a TFTP server. This command accesses that software and boots LocalDirector using the new image. Optionally, you can specify to reload the image.
In the following example, LocalDirector is booted from a remote image, but not reloaded:
localdirector(config) 8# boot image ld210115.bin 171.69.183.249 confirm boot [N]: y saving image from flash copying 274944 bytes saving config from flash writing image to flash wrote 274944 bytes e.size=274944 writing the config to flash confirm reboot on new image [N]: n localdirector(config) 9#
In the following example, LocalDirector is booted from a remote image and reloaded:
localdirector(config) 2# show version
LocalDirector 410 Version 3.0.0.123
localdirector(config) 3# boot image ld300123.bin 171.69.183.249
confirm boot [N]:
saving image from flash
copying 279040 bytes
saving config from flash
writing image to flash
wrote 279040 bytes e.size=279040
writing the config to flash
confirm reboot on new image [N]:
remove floppy from drive and hit any key
Rebooting....
Finesse Bios V3.3
Booting Floppy
Loading from Flash
32MB RAM
Flash=AT29C040A @ 0x300
i82557 rev 2 Ethernet @ irq11 dev 13 index 0 MAC: 00a0.c965.576f
i82557 rev 2 Ethernet @ irq15 dev 14 index 1 MAC: 00a0.c965.5b33
LocalDirector 410 Version 3.x Initialization.....done.
Copyright (c) 1998 by Cisco Systems, Inc.
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
localdirector 0>
To manipulate bridge table operations, use the bridge command.
show bridge interface_numberinterface_number | The interface number. |
No default behavior or values.
Configuration and replication
LocalDirector is a transparent learning bridge. As traffic is received, a bridge table is populated for each interface, showing the MAC addresses that are accessible through that interface. LocalDirector bridges traffic between interfaces only if the source and destination addresses reside on different interfaces. If a server is physically moved from one interface to another, you may need to clear the bridge table to ensure that traffic destined for that server is sent to the correct interface.
localdirector(config)# show bridge
Interface 0
Address Age RX cnt TXcnt
0090.f245.3050 1 29934 0
0050.e2e0.4470 0 16882 2541
0060.5cc2.0ae5 2 4955 0
0000.bc11.4b58 12 2003 0
Interface 1
Address Age RX cnt TXcnt
Interface 2
Address Age RX cnt TXcnt
Interface 3
Address Age RX cnt TXcnt
Count = 4
clear bridge
show bridge
To associate virtual servers and create a group, use the buddy command. Use the no buddy command to remove a virtual server from a buddy group, or a buddy group, if all servers have been removed.
buddy buddy_group virtual_id [virtual_id ... ]buddy_group | The name of the group associated with the virtual servers. |
virtual_id | (Optional) Virtual server IP address or name, port number, bind-id, and protocol. |
No default behavior or values.
Configuration and replication
Use the buddy command to create a buddy group (named buddy_group) consisting of a list of virtual servers. Certain commands and parameters (such as the sticky command) that affect one virtual server affect all other virtual servers in the buddy group. A virtual server can reside in only one buddy group; if it currently exists in a group, it must be removed from that group before it can be added to a new group. An unlimited number of virtual servers can exist within a buddy group.
The show buddy buddy_group command lists the virtual servers in a group, or an error message if the buddy_group does not exist.
The following example creates the buddy group my_app and adds virtual servers 10.0.0.100 and 10.0.0.200. The contents of the group are displayed with the show buddy command.
localdirector(config)# buddy my-app 10.0.0.100:0:0:tcp
localdirector(config)# buddy my_app 10.0.0.200:0:0:tcp
localdirector(config)# sticky 10.0.0.200 10
localdirector(config)# show buddy
Buddy Group Virtual Machine(s)
my-app
10.0.0.100:0:0:tcp
10.0.0.200:0:0:tcp
With sticky turned on for virtual server 10.0.0.200, when a client visits the virtual server 10.0.0.100 after visiting 10.0.0.200, the client will be sent to the same real server as on the 10.0.0.100 connection.
clear buddy
show buddy
sticky
To change the multicast time-to-live value for multicast Cisco Applications and Services Architecture (CASA) environment packets, use the casa service-manager multicast-ttl command. Use the no casa service-manager multicast-ttl command to disable the multicast time-to-live value for multicast CASA packets.
casa service-manager multicast-ttl valuevalue | The time-to-live value. The default is 3 hops. |
The default time-to-live value is 3 hops.
Configuration and replication
The CASA environment uses LocalDirector as a Service Manager to load balance a set of routers, called Forwarding Agents, providing increased efficiency and scalability. Once the Service Manager determines the Forwarding Agent that will handle the packet stream, all packets belonging to that packet stream are directly routed to the Forwarding Agent.
The Service Manager and Forwarding Agent communicate by sending UDP IP multicast messages. Use the casa service-manager multicast-ttl command to change the time-to-live value (number of hops) for the IP multicast packets that are sent between the CASA components.
casa service-manager port
To change the Cisco Applications and Services Architecture (CASA) Service Manager mulitcast port, use the casa service-manager port command. Use the no casa
service-manager port command to reset the CASA Service Manager mulitcast port to the default port number.
port | The address of the Service Manager port. By default, 1638 is used. |
password | (Optional) Specifies the password option. |
password | (Optional) The password to enable MD5 encryption for Service Manager communications. |
password_timeout | (Optional) The timeout value for the MD5 encryption password, in seconds. A maximum of 65535 seconds can be specified. |
By default, the Service Manager port is 1638.
Configuration and replication
The CASA environment uses LocalDirector as a Service Manager to load balance a set of routers, called Forwarding Agents, providing increased efficiency and scalability. Once the Service Manager determines the Forwarding Agent that will handle the packet stream, all packets belonging to that packet stream are directly routed to the Forwarding Agent.
The Service Manager and Forwarding Agent communicate by sending UDP IP multicast messages. Use the casa service-manager port command to change the UDP port that the Service Manager uses for multicast communication between the CASA components. An optional password and password timeout can be used, which is disabled by default.
The password is the password to be used in MD5 encryption of packets between the Service Manager and Forwarding Agents. A password_timeout value is assigned for two reasons:
casa service-manager multicast-ttl
To assign two or four ports as Fast EtherChannels, use the channel command. Use the no channel command to remove a port assignment.
channel interface_number two | fourinterface_number | The first interface included in the Fast EtherChannel. Two segment channels are 0, 2, 4, and so on, and four segment channels are 0, 4, 8, and so on. |
two | four | The number of interfaces that make up the channel. |
No default behavior or values.
Configuration and replication
The channel command sets the interface numbers for the Fast EtherChannel configuration. See the section "Fast EtherChannel Configuration" in the chapter "LocalDirector Network Implementation" for a configuration procedure.
LocalDirector (config#)channel 0 twoLocalDirector (config#)interface ethernet 0 100fullLocalDirector (config#)interface ethernet 1 100full localdirector 2> show channel Fast EtherChannel 0-1 is up, line protocol is up ud Hardware is rns23x0 ethernet, address is 0000.bc11.3e0c MTU 1500 bytes, BW 200000 Kbit full duplex 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 98150 packets output, 5891299 bytes, 0 underruns localdirector 3> show interface ethernet 0 is up, line protocol is up Hardware is rns23x0 ethernet, address is 0000.bc11.3e0c MTU 1500 bytes, BW 100000 Kbit full duplex 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 98156 packets output, 5891685 bytes, 0 underruns ethernet 1 is up, line protocol is down Hardware is rns23x0 ethernet, address is 0000.bc11.3e0c MTU 1500 bytes, BW 100000 Kbit full duplex 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns ethernet 2 is down, line protocol is up Hardware is rns23x0 ethernet, address is 0000.bc11.3e0e MTU 1500 bytes, BW 100000 Kbit full duplex 98084 packets input, 5885226 bytes, 0 no buffer Received 1 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns ethernet 3 is up, line protocol is up Hardware is rns23x0 ethernet, address is 0000.bc11.3e0f MTU 1500 bytes, BW 10000 Kbit half duplex 337 packets input, 22827 bytes, 0 no buffer Received 30 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 35212 packets output, 2114369 bytes, 0 underruns localdirector 4>
show channel
To delete information associated with the other commands, use the clear command.
clear commandcommand | The arp, bridge, configuration, route, snmp-server, sticky, syslog, and telnet commands. |
No default behavior or values.
Privileged and configuration
Use the clear command with arp, bridge, configuration, route, snmp-server, sticky, syslog, and telnet to clear the values associated with those commands.
LocalDirector(config)# show arp
Interface 0:
192.168.1.42 (0000.0101.0202)
Interface 1:
LocalDirector(config)# clear arp
LocalDirector(config)# show arp
Interface 0:
Interface 1:
To delete all or part of the LocalDirector configuration, use the clear configuration command.
clear configuration [secondary | primary | all]secondary | (Optional) Clears information about virtual and real servers, server bindings, backup servers, and load balancing. |
primary | (Optional) Clears settings for routing, failover, network interfaces, passwords, error logging, and networking. |
all | (Optional) Clears all configuration information. |
No default behavior or values.
Privileged and configuration
Use the clear configuration command to delete all or part of the LocalDirector configuration. If you enter the clear configuration command without an optional argument, the default is to clear the secondary configuration.
 | Caution The clear configuration command clears the running configuration. Once you use the write memory command to save the configuration to Flash memory, any information that has been cleared cannot be restored, unless it was previously saved to diskette with the write floppy command or a TFTP server with the write net command. |
To set an IP precedence value for a virtual server, use the color command. Use the no color command to remove the IP precedence for a virtual server.
color virtual_id ip_precedence_value
virtual_id | Virtual server IP address or name, port number, bind-id, and protocol. |
ip_precedence_value | The IP precedence value. Permissible values are 0 to 7 and the following keywords with their related values: routine (0) |
The IP precedence feature is off by default.
Configuration and replication
The color command allows a value to be set on a per-virtual server to allow prioritizing of packets for different types of services. Prioritized packets are sent to and from virtual servers. For example, one port may be used for HTTP traffic, using one priority, while another port may handle UDP traffic, with another priority.
localdirector(config)# color 192.168.1.99 critical
localdirector(config)# show color
Virtual Machine(s) Coloring
192.168.1.99:0:0:tcp critical
localdirector(config)#
show color
To define the current configuration, use the configuration command.
configuration {floppy | memory | terminal | net}
floppy | Merges the current running configuration with the configuration stored on diskette with the write floppy command. |
memory | Merges the configuration in Flash memory with the current configuration in RAM. |
terminal | |
net | Configures from a remote TFTP server. To use this keyword, use the tftp-server command first, or include the full path name of the file and the IP address of the TFTP server. |
No default behavior or values.
Privileged and configuration
Each statement is read into the current configuration and evaluated with these rules:
LocalDirector 4# configuration terminal
LocalDirector(config) 5# real 192.168.1.1:0
LocalDirector(config) 6# show real
Real Machines:
No Answer TCP Reset DataIn
Machine Connect State Thresh Reassigns Reassigns Conns 192.168.1.1:0:0:tcp 0 OOS 8 0 0 0
LocalDirector(config) 7#
show configuration
To limit the number of connections to a server that has an open connection to a client, but is not sending data in response to a request, use the data command. Use the no data command to return to the connection value to 0.
data {real_id | virtual_id} [connections]
real_id | The IP address or name, port (if a port-bound server), bind-id, and protocol of a real server. |
virtual_id | Virtual server IP address or name, port number, bind-id, and protocol. |
connections | (Optional) The number of connections to allow to a real server when data has been requested, but no data has been sent by the server. To calculate this value, examine the data count during busy periods, and double it. |
The feature is disabled by default, with an initial value of 0.
Configuration and replication
Some web servers continue to establish connections to a real server even though the daemon or application running on that port is dead. The data command can be used to limit the number of connections that are sent to a real server that is not sending data.
When the virtual_id is specified, all real servers represented by that virtual server are affected.
No time interval is associated with the data command. The following explains the sequence of events that determine whether the server is responding:
1. Client sends SYN.
2. Server kernel responds with SYN/ACK.
3. Client sends ACK to complete the TCP handshake.
4. Client sends HTTP GET request (LocalDirector counts this as one data request).
5. If the server responds, LocalDirector subtracts 1 from the count.
6. If the count reaches a preset threshold, LocalDirector fails the server.
Many kernels will not accept a TCP connection (SYN) if there is no process listening on the port that the client is attempting to connect to. Some kernels, though, mistakenly do accept the connection (SYN/ACK). Because the server is responding (with a SYN/ACK, but not with data), LocalDirector does not recognize this as a real server failure.
The data command determines the number of connections to allow to a real server where data has been not been sent back to the client, regardless of the SYN/ACK response. Once a real server reaches this number, LocalDirector checks whether other machines bound to the virtual server are also at 80 percent of their threshold capacity (based on the DataIn value). If the other machines are close to reaching this value, LocalDirector assumes the site is busy and does not fail the server.
If the other machines are not at this capacity, LocalDirector fails the real server and sends the following SYSLOG/SNMP message:
Real machine 'x' Failed Application
The show real command indicates the number of unanswered connections for each real server, and the show data command indicates the value set with the data command.
localdirector(config) 5# show real
Real Machines:
No Answer TCP Reset DataIn
Machine Connect State Thresh Reassigns Reassigns Conns
192.168.1.1:0:0:tcp 0 IS 8 0 0 0
localdirector(config) 6# show data
Real Machine(s) DataIn
192.168.1.1:0:0:tcp 50
localdirector(config) 7# data 192.168.1.1:0:0:tcp 30
localdirector(config) 8# show data
Real Machine DataIn
192.168.1.1:0:0:tcp 30
localdirector(config) 9#
show data
To set new LocalDirector command defaults, use the default command.
default command value
command | The command for which a new value is being set. |
value | The new default value for the command. |
No default behavior or values.
Configuration and replication
You can set new default values for some LocalDirector commands. Once a new value is set, it is in effect until set again with the default command. Table 6-3 lists commands that can be changed and their initial default values:
| Command | Default Value |
|---|---|
autounfail | on |
color | 0 (off) |
data | 0 (off) |
maxconns | 0 (unlimited) |
predictor | leastconns |
reassign | 3 |
redirection | directed, local |
retry | 1 minute |
sticky | 0 (off) |
synguard | 0 (off) |
threshold | 8 |
timeout | 120 minutes |
weight | 1 |
localdirector(config)# default sticky 10 localdirector(config)# virtual 10.10.10.10:80:0:tcp localdirector(config)# show sticky virtual sticky 10.10.10.10:80:0:tcp 10
show default
To keep connections in LocalDirector memory after a TCP ending sequence, use the delay command. Use the no delay command to remove a delay value.
delay virtual_id
virtual_id | Virtual server IP address or name, port number, bind-id, and protocol. |
No default behavior or values.
Configuration and replication
The delay command is used to put connections into a "pending deletion" state instead of removing them immediately when a TCP ending sequence is received. If the delay command is set for a virtual server, the connection remains in memory for approximately five minutes.
If any data arrives for the connection, it is put back in an "active" state. If any other packet comes across for the connection, the packet passes through the virtual server, but the connection is not considered active.
Use this command only when responses to and from clients are often dropped, especially during the closing of TCP connections. For example, there is a known bug with the Trumpet WinSock stack running on Windows 3.11 where HTTP get requests are sent out of order, and this causes LocalDirector to drop the connection even though it has not completed.
localdirector(config)# virtual 10.10.10.1
localdirector(config)# delay 10.10.10.1
localdirector(config)# show delay
Virtual Machine(s) Deletion
10.10.10.1:0:0:tcp delayed
192.168.1.99:0:0:tcp normal
localdirector(config)#
show delay
To exit privileged mode and return to unprivileged mode, use the disable command.
disableThis command has no arguments or keywords.
No default behavior or values.
Privileged
The disable command exits privileged mode and returns you to unprivileged mode. Use the enable command to return to privileged mode.
LocalDirector# disable LocalDirector>
enable
To configure a real server to return dynamic usage statistics, use the dynamic-feedback command. Use the no dynamic-feedback command to disable the dynamic feedback.
dynamic-feedback ip_address:port [retry retry] [attempts attempts] [timeout timeout]
ip_address | The IP address of the Dynamic Feedback Agent host. |
port | The interface port number of the Dynamic Feedback Agent host. The port number must be preceded by a colon. |
retry | (Optional) Specifies that a connection attempt is tried on the closed connection between the LocalDirector and Dynamic Feedback Agent server. |
retry | (Optional) The number of retries. The retry count is from 0 (infinity) to 65535. The default is 0. |
attempts | (Optional) Specifies how many attempts are tried to establish the connection retry. |
attempts | (Optional) The time period to wait between reconnection attempts. The time between attempts is in seconds from 0 (meaning immediately) to 65535 seconds (18 hours). The default is 180 seconds. |
timeout | (Optional) Specifies an inactivity timeout period for the connection between the LocalDirector and Dynamic Feedback Agent host. |
timeout | (Optional) The time value for the timeout period. The default value is 0 seconds (no timeout). |
No default behavior or values.
Configuration and replication
The dynamic-feedback command configures a TCP connection between the LocalDirector and a server running the Dynamic Feedback Agent. The Dynamic Feedback Agent provides statistical information to LocalDirector about the availability of servers in the server farm. LocalDirector maintains the connection to the Dynamic Feedback Agent server, updates its internal status about the availability of servers, and makes load balancing decisions based on the information it receives. Dynamic feedback ensures the most available server can be chosen to provide future connections.
The real server running the Dynamic Feedback Agent must be specified by its IP address and the port over which it sends the feedback information.
The TCP connection allows messages, whose content is specified by the Dynamic Feedback Protocol (DFP), to be sent to the LocalDirector. The connection that is set up with the dynamic-feedback command is not secure. To set up a secure connection, use the dynamic-feedback-pw command.
The keywords attempts and retries specify how to reconnect to the Dynamic Feedback Agent host should the connection time out or become disconnected. If the timeout keyword is used to specify a timeout value, the connection between the LocalDirector and the Dynamic Feedback Agent host is torn down when the inactivity period on the connection exceeds the timeout value.
The following command specifies that the connection between the host 10.10.10.253 and the LocalDirector, over port 8002, will not time out:
localdirector(config) 1# dynamic-feedback 10.10.10.253:8002
dynamic-feedback-pw
show dynamic-feedback
To configure a password for the dynamic feedback connection, use the dynamic-feedback-pw command. Use the no dynamic-feedback-pw command to disable the dynamic feedback password.
dynamic-feedback-pw ip_address:port [password password]
ip_address | The IP address of the Dynamic Feedback Agent host. |
port | The interface port number of the Dynamic Feedback Agent host. The port number must be preceded by a colon. |
password | (Optional) Specify that a password be used. |
password | (Optional) The MD5 password, which can be up to 64 ASCII characters. The password is restricted to the following characters: A-Z, a-z, 0-9, @, #, $ Any other characters cause an error message to be displayed. |
No default behavior or values.
Configuration and replication
The dynamic-feedback-pw command provides an MD5 secure connection between LocalDirector and the Dynamic Feedback Agent host.
Not only does the Dynamic Feedback Protocol allow real servers to provide feedback about their ability to handle more traffic, but it also allows servers to take themselves out of service and put themselves back in service. This ability presents a security risk if the network security is compromised because the servers could be shut down, even though they still can perform.
In the secure environment, messages sent by the Dynamic Feedback Agent host must contain the MD5 code or they are discarded.
The dynamic-feedback-pw command can be issued before or after the dynamic-feedback command. If it is invoked before, the configuration exists, but is considered "not connected."
The following example shows the dynamic-feedback-pw command being invoked before the dynamic-feedback command. The results of the show dynamic-feedback command illustrate that the connection has not been initiated.
localdirector(config) 1# dynamic-feedback-pw 10.10.10.253:8002 password abcdef localdirector(config) 1# show dynamic-feedback dfp host 10.10.10.253:8002 - not connected
dynamic-feedback
show dynamic-feedback
To enter privileged mode, use the enable command.
enableThis command has no arguments or keywords.
No default behavior or values.
Unprivileged and privileged
The enable command starts privileged mode. LocalDirector prompts you for your privileged mode password. When you first configure LocalDirector, a password is not required and you can press the Enter key at the prompt. Use the disable command to exit privileged mode.
In the following example, note that the prompt changes from ">" to "#" when you enter privileged mode.
LocalDirector> enable Password: ####### LocalDirector# disable LocalDirector>
disable
enable password
To set the privileged mode password, use the enable password command.
enable password password
password | A password of up to 16 alphanumeric characters, which is not case sensitive. LocalDirector converts the password to all lowercase. |
No default behavior or values.
Privileged and unprivileged
The enable password command changes the privileged mode password, for which you are prompted after you enter the enable command.
LocalDirector(config)# enable password fnord42 LocalDirector(config)#
disable
enable
To enable access to the optional failover feature, use the failover command. Use the no failover command to disable the failover feature.
failover [active]
active | (Optional) Makes a LocalDirector the active unit. Use this command to make a standby unit active. Either enter no failover active on the active unit to switch service back to the standby unit, or enter failover active on the standby unit. |
The default configuration includes the no failover command; however, if the failover cable is present at bootup, it will be detected automatically and failover will be enabled.
Configuration and replication
Failover provides a mechanism for LocalDirector to be redundant by allowing two identical units to serve the same functionality. Both LocalDirector units must run the same version of software, and the failover cable must be used to connect the two units. The failover command without an argument indicates that you have connected the failover cable and intend to use a secondary unit to back up the primary LocalDirector. Use the show failover command to verify the status of the connection and to determine which unit is active. Use the replicate command to maintain connection state on a per-virtual server basis.
Failover works by passing control to the standby unit should the active unit fail. The switch between units occurs within 30 seconds of the failure event. The markings on the failover cable let you choose which unit is primary and which is secondary.
Use the failover active command to initiate a failover switch from the standby unit, or the no failover active command from the active unit to initiate a failover switch. You can use this feature to force an active unit offline for maintenance.
failover alias ip address
failover ip address
failover reset
replicate
show failover
shutdown
To assign a failover alias IP address, use the failover alias ip address command.
failover alias ip address ip_address [netmask]
ip_address | This IP address is used by the standby unit to communicate with the active unit. |
netmask | (Optional) A subnet mask for the aliased IP address. |
No default behavior or values.
Configuration and replication
Failover provides a mechanism for LocalDirector to be redundant by allowing two identical units to serve the same functionality. To take advantage of multiple IP addresses or dispatched mode, or to allow the failover unit to be on a different network than the real servers, use the failover alias ip address command to set up an alias on the standby failover unit. A maximum of 256 aliases are allowed.
failover
failover ip address
failover reset
replicate
show failover
shutdown
To set the failover IP address, use the failover ip address command.
failover ip address ip_address
ip_address | This IP address is used by the standby unit to communicate with the active unit. Use this IP address with the ping command to check the status of the standby unit. This address must be on the same network as the system IP address. For example, if the system IP address is 192.168.1.1, set the failover IP address to 192.168.1.2. |
No default behavior or values.
Configuration and replication
Failover provides a mechanism for LocalDirector to be redundant by allowing two identical units to serve the same functionality. Use the failover ip address command to set the IP address on the standby unit.
The following output shows failover on, and the primary unit state is active:
ld-prim(config)# failover ip address 192.168.89.2 ld-prim(config)# show failover Failover On Cable status: Normal This host: Primary - Active Active time: 6885 (sec) Interface 0 (192.168.89.1): Normal Interface 1 (192.168.89.1): Normal Other host: Secondary - Standby Active time: 0 (sec) Interface 0 (192.168.89.2): Normal Interface 1 (192.168.89.2): Normal
The following example shows the show failover output if failover has not started monitoring the network interfaces:
ld-prim(config)# show failover Failover On Cable status: Normal This host: Primary - Active Active time: 6930 (sec) Interface 0 (192.168.89.1): Normal (Waiting) Interface 1 (192.168.89.1): Normal (Waiting) Other host: Secondary - Standby Active time: 15 (sec) Interface 0 (192.168.89.2): Normal (Waiting) Interface 1 (192.168.89.2): Normal (Waiting)
failover
failover alias ip address
failover reset
replicate
show failover
shutdown
To take a unit out of the failed state, use the failover reset command.
failover resetThis command has no arguments or keywords.
No default behavior or values.
Configuration and replication
Failover provides a mechanism for LocalDirector to be redundant by allowing two identical units to serve the same functionality. To take a unit out of the failed state, cycle the power or use the failover reset command. The failover reset command also clears failover timers and counters for the LocalDirector unit. When a failed primary unit is fixed and brought back online, it does not automatically resume as the active unit. This action ensures that active control does not resume on a unit that could immediately enter a failed state again. However, if a failure is due to a lost signal on a network interface card, failover autorecovers when the network is available again.
replicate
failover
failover alias ip address
failover ip address
show failover
shutdown
To display help information, use the help command.
helpThis command has no arguments or keywords.
No default behavior or values.
All
The help or ? command displays help information about all commands. You can view help on an individual command by entering the command name followed by a question mark. The command line prompt returns with the command syntax, and the command appears on the command line.
Use the pager command to control the display output.
Enter ? at the command prompt to get a list of all of the commands available for the current mode.
LocalDirector(config)# arp ? usage: [no] arp <ip> <mac_address> <interface_number> [alias] LocalDirector(config)# arp
pager
To change the host name in the LocalDirector command line prompt, use the hostname command.
hostname newname
newname | New host name for the LocalDirector prompt. This name can be up to |
No default behavior or values.
Configuration
The hostname command changes the host name label on prompts.
LocalDirector(config)# hostname e-commerce lab1(config)#
No related commands.
To mark a real or virtual server as being in service (IS), use the in-service or is command.
in-service {virtual virtual_id} | {real real_id} [all]
virtual | Marks a virtual server as in service. |
virtual_id | Virtual server IP address or name, port number, bind-id, and protocol of the virtual server that will be put in service. |
real | Marks a real server as in service. |
real_id | The IP address or name, port (if a port-bound server), bind-id, and protocol of the real server that will be put in service. |
all | (Optional) Mark all virtual servers or all real servers with the same IP address as in service. Port numbers and bind-ids need not be specified. |
No default behavior or values.
Configuration and replication
The in-service (or is) command indicates that the virtual server or real server is ready to accept connections.
In the following example, the is command is used with the all keyword to put all ports of real server 192.168.1.1 in service. This puts all ports of the real server (both default and port-bound) in service with just one command.
Server www.domain.com is put in service by using the name of the server for server_id. Because no port is specified, only the default ports are put in service.
When port-bound server 192.168.1.3 80 is put in service, the remaining ports (both default and port-bound) are left out of service.
LocalDirector(config) 0# show real
Real Machines:
No Answer TCP Reset DataIn
Machine Connect State Thresh Reassigns Reassigns Conn 192.168.1.3:0:0:tcp 0 OOS 8 0 0 0
192.168.1.3:21:0:tcp 0 OOS 8 0 0 0
192.168.1.3:80:0:tcp 0 OOS 8 0 0 0
www.domain.com:0:0:tcp 0 OOS 8 0 0 0
www.domain.com:21:0:tcp 0 OOS 8 0 0 0
www.domain.com:80:0:tcp 0 OOS 8 0 0 0
192.168.1.1:0:0:tcp 0 OOS 8 0 0 0
192.168.1.1:21:0:tcp 0 OOS 8 0 0 0
192.168.1.1:80:0:tcp 0 OOS 8 0 0 0
LocalDirector(config) 1# is real 192.168.1.1 all
LocalDirector(config) 2# is real www.domain.com
LocalDirector(config) 3# is real 192.168.1.3:80:tcp
LocalDirector(config) 4# show real
Real Machines:
No Answer TCP Reset DataIn
Machine Connect State Thresh Reassigns Reassigns Conns
192.168.1.3:0:0:tcp 0 OOS 8 0 0 0
192.168.1.3:21:0:tcp 0 OOS 8 0 0 0
192.168.1.3:80:0:tcp 0 IS 8 0 0 0
www.domain.com:0:0:tcp 0 IS 8 0 0 0
www.domain.com:21:0:tcp 0 OOS 8 0 0 0
www.domain.com:80:0:tcp 0 OOS 8 0 0 0
192.168.1.1:0:0:tcp 0 IS 8 0 0 0
192.168.1.1:21:0:tcp 0 IS 8 0 0 0
192.168.1.1:80:0:tcp 0 IS 8 0 0 0
LocalDirector(config) 5#
To configure network interfaces, use the interface ethernet command.
interface ethernet interface_number {10baset | 100basetx | 100full | auto}
interface number | The interface number. |
10baset | Sets 10-Mbps Ethernet and half-duplex communications. |
100basetx | Sets 100-Mbps Ethernet and half-duplex communications. |
100full | Sets 100-Mbps Ethernet and full-duplex communications. |
auto | Automatically determines networking speed and sets full-duplex communications, if available. This is the recommended full-duplex Ethernet keyword, but the network interface must support autodetection. The RNS 4-port adapter cards do not support this keyword, but the single-port and the Intel 4-port Ethernet adapter cards do. Check the type of card you have with the show interface command. An Intel card displays the information "Hardware is i82557" and the RNS card displays "Hardware is rns23x0." |
No default behavior or values.
Configuration and replication
The interface ethernet command identifies the type of network interface boards, and the speed and duplex settings for Ethernet. Use the show interface command to view information about the interface.
To configure full-duplex Ethernet, the auto keyword is recommended, but your network interface must support autodetection. (The RNS 4-port adapter cards do not support the auto keyword.) You can force the Ethernet argument to accept full duplex with the 100full keyword if the network accepts full duplex and 100-Mbps Ethernet.
localdirector(config) 9# show interface
ethernet 0 is down, line protocol is down
Hardware is rns23x0 ethernet, address is 0000.bc11.4c68
MTU 1500 bytes, BW 10000 Kbit half duplex
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
ethernet 1 is down, line protocol is down
Hardware is rns23x0 ethernet, address is 0000.bc11.4c69
MTU 1500 bytes, BW 10000 Kbit half duplex
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
ethernet 2 is up, line protocol is down
Hardware is rns23x0 ethernet, address is 0000.bc11.4c6a
MTU 1500 bytes, BW 100000 Kbit half duplex
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
ethernet 3 is up, line protocol is down
Hardware is rns23x0 ethernet, address is 0000.bc11.4c6b
MTU 1500 bytes, BW 100000 Kbit half duplex
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
localdirector(config) 0# interface ethernet 0 100full
localdirector(config) 1# interface ethernet 1 auto
WARNING: setting rns23x0 to autosense mode which
is incompatible with autonegotiating devices
localdirector(config) 2# show interface
ethernet 0 is down, line protocol is down
Hardware is rns23x0 ethernet, address is 0000.bc11.4c68
MTU 1500 bytes, BW 100000 Kbit full duplex
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
ethernet 1 is down, line protocol is down
Hardware is rns23x0 ethernet, address is 0000.bc11.4c69
MTU 1500 bytes, BW 10000 Kbit half duplex
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
ethernet 2 is up, line protocol is down
Hardware is rns23x0 ethernet, address is 0000.bc11.4c6a
MTU 1500 bytes, BW 100000 Kbit half duplex
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
ethernet 3 is up, line protocol is down
Hardware is rns23x0 ethernet, address is 0000.bc11.4c6b
MTU 1500 bytes, BW 100000 Kbit half duplex
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
localdirector(config) 3#
show interface
shutdown
To assign the system IP address for LocalDirector, use the ip address command.
ip address ip [subnet_mask]
ip | System IP address of LocalDirector. |
subnet_mask | (Optional) Subnet mask of the LocalDirector network. |
No default behavior or values.
Configuration and replication
The ip address command assigns an IP address to LocalDirector. Use the show ip address command to view the address.
In the following example, the system IP address is 192.168.1.1, and the failover IP address is 192.168.1.2. The current IP of 192.168.1.2 indicates that this is the standby unit for failover. If the current IP is the system IP address, the unit is active. If the current IP is the failover IP address, the unit is standby.
LocalDirector(config) 4# ip address 192.168.1.1 255.255.255.0 LocalDirector(config) 4# failover ip address 192.168.1.2 LocalDirector(config) 5# show ip address System IP 192.168.1.1, system subnet 255.255.255.0 Current IP 192.168.1.2 LocalDirector(config) 6#
failover
show ip address
To terminate a Telnet session, use the kill command.
kill id
id | Telnet session ID. |
No default behavior or values.
Privileged and configuration
The kill command terminates a Telnet session. Use who or show who to view the Telnet session ID value. When you kill a Telnet session, LocalDirector lets any active commands terminate and then drops the connection without warning to the user.
LocalDirector(config)# show who 2: From 192.168.2.2 1: From 192.168.1.3 0: On console LocalDirector(config)# kill 2 LocalDirector(config)# who 1: From 192.168.1.3 0: On console
telnet
show who
who
To set the maximum number of connections that LocalDirector sends to a real server, use the maxconns command. To remove the nondefault maxconns value, use the no maxconns command.
maxconns real_id | virtual_id number
real_id | The IP address or name, port (if a port-bound server), bind-id, and protocol of the real server. |
virtual_id | Virtual server IP address or name, port number, bind-id, and protocol. |
number | The maximum number of connections allowed for the server, or "unlimited" if there is no limit. |
The default value for the maxconns command is 0, or unlimited connections.
Configuration and replication
You can set the maximum number of connections that a real server accepts to avoid overloading the server. If the server reaches the maximum connection value, or if the virtual server is failed or out of service, LocalDirector responds with a TCP RST packet for all new connections to that server.
When virtual_id is specified, all real servers represented by that virtual server are affected by this command. When all real servers represented by the virtual ID reach the maximum number of connections, the message "virtual machine ... at capacity" displays, and no other connections are sent to this virtual server until the real servers process their connections.
localdirector(config)# show maxconns
Real Machine(s) Limit
192.168.1.1:0:0:tcp unlimited
192.168.1.2:0:0:tcp unlimited
localdirector(config)# maxconns 192.168.1.1 500
localdirector(config)# show maxconns
Real Machine(s) Limit
192.168.1.1:0:0:tcp 500
192.168.1.2:0:0:tcp unlimited
localdirector(config)#
show maxconns
To specify the maximum transmission unit (MTU) value for the specified network interface, use the mtu command.
mtu interface_number bytes
interface_number | The interface number. |
bytes | The MTU for the interface. Specify a number from 64 to 65535. |
For Ethernet interfaces, the default MTU should be 1500 bytes in a block; for FDDI, specify 4352 bytes.
Privileged and configuration
The value for the mtu command depends on the type of network interface specified in the interface command. The minimum value for bytes is 64 and the maximum is 65535 bytes.
LocalDirector(config)# show mtu mtu 0 1500 mtu 1 1500 LocalDirector(config)# mtu 0 4352 LocalDirector(config)# show mtu mtu 0 4352 mtu 1 1500
interface
show mtu
To enable the Routing Information Field (RIF) for FDDI interfaces, use the multiring command. Use the no multiring command to disable the RIF.
multiring [all]
all | (Optional) Enable multiring for all frames. |
The multiring command is enabled by default.
Configuration and replication
The multiring command enables an interface's ability to collect and use source-route information (RIF) for routable protocols. The all keyword enables the multiring for all frames. See the chapter "Configuring Source-Route Bridging" in the document Router Products Configuration and Reference for more information.
In FDDI (and Token Ring), if the upper bit of the source MAC address is set, LocalDirector expects a RIF field to be present in the MAC header. If this field is not present, the packet will be processed incorrectly. Some systems, for example DEC-NET, set this bit even though no RIF field is present. If source-route bridging is not being used in your network, disable multiring support with the no multiring command on LocalDirector and it will ignore this bit.
show multiring
To associate a name with an IP address, use the name command. To remove an assigned name, use the no name command.
name ip name
ip | The IP address of the virtual server or real server being named. This does not include port numbers associated with port-bound servers. |
name | The name assigned to the IP address. |
No default behavior or values.
Configuration and replication
Use the name command to identify a virtual or real server by a text name. Using a name makes it easier to change the LocalDirector configuration because you can refer to real and virtual servers by name rather than IP address; however, the port number and bind-id must be included with the name for port-bound servers and virtual servers with bind-ids. The name command can be used before or after a server is defined.
The name command is optional, and it is not related to DNS. It provides a means of making LocalDirector servers easier to configure, and the names associated to the configuration need not be synchronized with DNS.
In the example that follows, the name command identifies the IP address 192.168.1.1 as "v1" and then it is defined as a virtual server with the virtual command. These commands create a virtual server with a default port of 0 and a bind-id of 0.
ld(config) 8# name 192.168.1.1 v1 ld(config) 9# virtual v1
Two more virtual servers are created using the same name, and they are bound to port 80 with bind-ids of :1 and :2.
ld(config) 0# virtual v1:80:1 ld(config) 1# virtual v1:80:2
A virtual server is created with an IP address of 192.168.1.2 that is bound to port 443 and has a bind-id of :1. The name command is then used to identify IP address 192.168.1.2 as "v2" after the virtual server is defined.
ld(config) 2# virtual 192.168.1.2:443:1
ld(config) 3# name 192.168.1.2 v2
ld(config) 4# show virtual
Virtual Machines:
Machine State Connect Sticky Predictor Slowstart
v1:80:2:tcp OOS 0 0 leastconns roundrobin*
v1:80:1:tcp OOS 0 0 leastconns roundrobin*
v1:0:0:tcp OOS 0 0 leastconns roundrobin*
v2:443:1:tcp OOS 0 0 leastconns roundrobin*
The name "v1" is used as the virtual_id with the is command and the all keyword to put all virtual servers with IP address 192.168.1.1 in service.
ld(config) 5# is virtual v1 all
ld(config) 6# show virtual
Virtual Machines:
Machine State Connect Sticky Predictor Slowstart
v1:80:2:tcp IS 0 0 leastconns roundrobin*
v1:80:1:tcp IS 0 0 leastconns roundrobin*
v1:0:0:tcp IS 0 0 leastconns roundrobin*
v2:443:1:tcp OOS 0 0 leastconns roundrobin*
The name "v2" is used to identify a virtual server bound to port 80 with a bind-id of :1.
ld(config) 7# virtual v2:80:1
ld(config) 8# show virtual
Virtual Machines:
Machine State Connect Sticky Predictor Slowstart
v1:80:2:tcp IS 0 0 leastconns roundrobin*
v1:80:1:tcp IS 0 0 leastconns roundrobin*
v1:0:0:tcp IS 0 0 leastconns roundrobin*
v2:443:1:tcp OOS 0 0 leastconns roundrobin*
v2:80:1:tcp OOS 0 0 leastconns roundrobin*
ld(config) 9#
show name
To determine whether IP addresses or server names display in screen output, use the names command. Use the no names command to disable the display of names in screen output.
namesThis command has no keywords or arguments.
No default behavior or values.
Privileged, configuration, and replication
You can use either the server name or IP address to configure real and virtual servers regardless of whether the names command is on or off. The status of the names command does not affect the write terminal and show configuration commands. Use the show names command to check the status of names.
LocalDirector(config)# show names names are on LocalDirector(config)# show real Real Machines: No AnswerTCP ResetDataIn Machine ConnectStateThreshReassigns ReassignsConns server1:0:0:tcp0IS8000 server2:0:0:tcp0IS8000 LocalDirector(config)# no names LocalDirector(config)# show real Real Machines: No AnswerTCP ResetDataIn Machine ConnectStateThreshReassigns ReassignsConns 192.168.0.1:0:0:tcp0IS8000 192.168.0.2:0:0:tcp0IS8000 LocalDirector(config)# show names names are off LocalDirector(config)#
show names
To mark a virtual server or real server as out of service (OOS), use the out-of-service or oos command.
out-of-service {virtual virtual_id} | {real real_id} [oos | maintenance | sticky | failed] [all]
virtual | Marks a virtual server as out of service. |
virtual_id | Virtual server IP address or name, port number, bind-id, and protocol. |
real | Marks a real server as out of service. |
real_id | The IP address or name, port (if a port-bound server), bind-id, and protocol of a real server. |
oos | (Optional) The default state; no new connections are sent to the server. Connections are cleared when put back in service. |
maintenance | (Optional) Similar to oos, but connections to the server are not cleared when put back in service. |
sticky | (Optional) Same as maintenance, but only clients with sticky associations continue to receive those connections. |
failed | (Optional) The server is failed by an external source (for example, another device notifies LocalDirector that an application is down). For real machines, the retry function is disabled. For virtual servers, no new connections are accepted. Once the real or virtual server is put back in service, all connections are cleared. |
all | (Optional) Marks all virtual servers or all real servers with the same IP address as out of service. Port numbers, bind-ids, and protocols need not be specified. |
No default behavior or values.
Configuration and replication
When you mark a real server as being out of service, LocalDirector does not assign new connections to it, but lets old connections continue to run until they complete. An out of service real server can still be accessed by clients specifying its actual IP address. Use the show real command to watch the status of open connections; when all connections appear as OOS, you can power down the server or reconfigure it as required.
In the following example, the oos command is used with the all keyword to take all ports of real server 192.168.1.1 out of service with just one command.
Server www.domain.com is placed out of service by using the name of the server for server_id. Because no port is specified, only the default ports are taken out of service.
When port-bound server 192.168.1.3 80 is placed out of service, the remaining ports (both default and port-bound) are left in service.
LocalDirector(config) 1# show real
Real Machines:
No Answer TCP Reset DataIn
Machine Connect State Thresh Reassigns Reassigns Conns
192.168.1.3:0:0:tcp 0 IS 8 0 0 0
192.168.1.3:21:0:tcp 0 IS 8 0 0 0
192.168.1.3:80:0:tcp 0 IS 8 0 0 0
www.domain.com:0:0:tcp 0 IS 8 0 0 0
www.domain.com:21:0:tcp 0 IS 8 0 0 0
www.domain.com:80:0:tcp 0 IS 8 0 0 0
192.168.1.1:0:0:tcp 0 IS 8 0 0 0
192.168.1.1:21:0:tcp 0 IS 8 0 0 0
192.168.1.1:80:0:tcp 0 IS 8 0 0 0
LocalDirector(config) 2# oos real 192.168.1.1 all
LocalDirector(config) 3# oos real www.domain.com
LocalDirector(config) 4# oos real 192.168.1.3:80
LocalDirector(config) 5# show real
Real Machines:
No Answer TCP Reset DataIn
Machine Connect State Thresh Reassigns Reassigns Conns
192.168.1.3:0:0:tcp 0 IS 8 0 0 0
192.168.1.3:21:0:tcp 0 IS 8 0 0 0
192.168.1.3:80:0:tcp 0 OOS 8 0 0 0
www.domain.com:0:0:tcp 0 OOS 8 0 0 0
www.domain.com:21:0:tcp 0 IS 8 0 0 0
www.domain.com:80:0:tcp 0 IS 8 0 0 0
192.168.1.1:0:0:tcp 0 OOS 8 0 0 0
192.168.1.1:21:0:tcp 0 OOS 8 0 0 0
192.168.1.1:80:0:tcp 0 OOS 8 0 0 0
LocalDirector(config) 6#
in-service (is)
show real
To control display output, use the pager command. Use the no pager command to remove paging control.
pagerThis command has no keywords or arguments.
The pager command is on by default.
Unprivileged, privileged, and configuration
If the pager option is on, by default, one screen of output displays at a time. Press the spacebar to display the next page of information, and press Enter to display the next line. Press the q key to stop the output and return the system prompt.
Use the show pager command to learn if the pager option is on or off.
LocalDirector(config)# show pager pager is off LocalDirector(config)# pager LocalDirector(config)# show pager pager is on LocalDirector(config)#
pager lines
show pager
To set the number of lines in the pager display output, use the pager lines command.
pager lines numbernumber | The number of lines to display. |
No default behavior or values.
Unprivileged, privileged, and configuration
If the pager option is on, by default, one screen of output displays at a time. Use the pager lines command to change the number of lines that display for one screen.
LocalDirector(config)# show pager pager is off LocalDirector(config)# pager lines 20 turn pager on first LocalDirector(config)# pager LocalDirector(config)# pager lines 20 LocalDirector(config)# show pager pager is on
pager
show pager
To modify a Telnet login password, use the password command.
password password
password | A password of up to 16 alphanumeric characters, which is not case sensitive. LocalDirector converts the password to all lowercase. |
The default password is cisco.
Configuration and replication
The password command sets a password for Telnet access. It should be changed from the default.
LocalDirector(config)# password athensge0rg1a LocalDirector(config)#
enable password
show password
To send a ping request message, use the ping command.
ping ip_address
ip_address | The IP address of a host on the network. |
No default behavior or values.
Privileged and configuration
The ping command determines if LocalDirector has connectivity or if a host is available on the network. The command output shows if the response was received; that is, that the host exists on the network. If the host is not responding, ping displays "no response received." Use the show interface command to ensure that LocalDirector is connected to the network and has connectivity.
In the following example, three attempts reached the specified address:
LocalDirector(config)# ping 192.168.42.54 192.168.42.54 response received - 10Ms 192.168.42.54 response received - 10Ms 192.168.42.54 response received - 10Ms LocalDirector(config)#
show interface
To turn on the ability to ping a virtual address, use the ping-allow command. Use the no ping-allow command to turn off the ability to ping a virtual address.
ping-allow interface_numberinterface_number | The interface number. |
The default is to not allow a virtual address to be pinged.
Configuration and replication
By default, virtual addresses cannot be pinged, which helps protect virtual addresses from an ICMP echo flood.
Use the ping-allow command to enable a LocalDirector virtual address to respond to a ping request.
The following example allows a virtual address to be pinged from interface 0:
LocalDirector(config)# ping-allow 0 LocalDirector(config)#
show ping-allow
To choose the type of load balancing for each virtual server, use the predictor command.
predictor virtual_id fastest | roundrobin | leastconns | loaded | weighted [roundrobin | none]
virtual_id | Virtual server IP address or name, port number, bind-id, and protocol. |
fastest | Assigns new connections to the physical server with the fastest predicted response time. |
roundrobin | Rotates through the list of physical servers bound to the virtual server, assigning connections to the next server. |
leastconns | Assigns new connections to the physical server that has the least number of current connections. This is the default. |
loaded | Assigns a weighted portion of connections to a server before moving to the next. Values are set with the weight command. |
weighted | Assigns new connections based on values set with the weight command. The default weight for each server is one. |
none | (Optional) Disables slowstart for the virtual server. |
The default load balancing mode is leastconns.
Configuration and replication
Each virtual server can have a different predictor option. The show virtual command places an asterisk (*) next to the active predictor, indicating whether the virtual server is using the selected predictor value, or is in slowstart mode.
The slowstart option is available for the leastconns or weighted arguments. When slowstart is enabled, LocalDirector rotates through the servers until the number of connections reaches a predetermined level, which avoids overloading a server with too many requests when it is brought in service. The slowstart option is enabled by default.
The leastconns keyword directs network connections to the server with the least number of open connections. Although it may not be intuitively obvious that the leastconns predictor would provide effective load balancing, in fact, it is quite successful. At web sites where there is a collection of servers with similar performance, the leastconns predictor is effective in smoothing distribution when a server gets bogged down. In sites where there are large differences in the capacity of various servers, the leastconns predictor also is also very effective. In maintaining the same amount of connections to all servers, those servers that are capable of processing (and thus terminating) connections the fastest will get more connections over time. A server deemed to be twice as powerful as another server gets about twice as many connections per second.
The weighted keyword allows you to assign a performance weight to each server. Weighted load balancing is similar to the function of the leastconns keyword, but servers with a higher weight value receive a larger percentage of connections at any one time. LocalDirector administrators can assign a weight to each real server, and LocalDirector uses this weight to determine the percentage of the current number of connections to give each server. The default weight is one.
For example, in a configuration with 5 servers, the percentage of connections is calculated as follows:
This distribution results in server1 getting 7/24 of the current number of connections, server2 getting 8/24, server3 getting 2/24, and so on. If a new server, server6, is added with a weight of 10, it will get 10/34, and so on.
The weighted predictor gives new connections to the real server that is in most need of a connection, based on how many connections the virtual server and real machines bound to it have at that moment.
For example:
Virtual server 1.1.1.1 has 50 connections and is bound to real servers 1.1.1.2, 1.1.1.3, and 1.1.1.4.
Based on weights, the load should be distributed as follows:
The actual percentage of connections to the real servers is as follows:
Thus, real server 1.1.1.4 will receive connections to bring it closer to having 44% of the connections at the time.
The roundrobin keyword directs the network connection to the next server, and treats all servers as equals, regardless of number of connections or response time. Although the LocalDirector round-robin predictor appears similar to a DNS round robin, it is superior because no propagation delay or caching hinders the algorithm. Also, LocalDirector can determine when a server is not responding, and avoid sending connections to that server.
The fastest keyword directs the network connection to the server with the fastest response rate, although it does not perform consistently in varying server configurations. Web server performance, in particular, does not follow a linear progression of response time to number of connections. Web servers seem to respond flatly to a point, and then at a certain load there is a sharp, dramatic increase in the response time. In these situations, the fastest predictor will tend to overload a particular server before moving on to another.
Use the loaded keyword to give each server a weighted number of connections in a row (round-robin style) before proceeding to the next server on the list. For example:
Server 1 weight 2
Server 2 weight 4
Server 3 weight 1
Server 1 will receive 2 connections, then Server 2 will receive 4 connections, and then Server 3 will receive 1 connection, and so on.
LocalDirector(config) 9# show virtual
Machines:
Machine Mode State Connect Sticky Predictor Slowstart
10.10.10.1:0:0:tcp directed local OOS 0 least conns roundrobin*
192.168.1.99:0:0:tcp directed local OOS 0 least conns roundrobin*
LocalDirector(config) 0# predictor www.domain.com weighted none
LocalDirector(config) 1# show virtual
Virtual Machines:
Machine Mode State Connect Sticky Predictor Slowstart
domain.com:0:0:0:tcp directed local OOS 0 weighted* none
LocalDirector(config) 2#
show predictor
show virtual
weight
To define a real server, use the real command. Use no real to remove a real server from LocalDirector.
real real_name | real_ip[:[port]:[bind-id]:[protocol]] [service-state]
real_name | The name of a real server. |
real_ip | The IP address of a real server. |
port | (Optional) The port to use for traffic to run on the real server. Use a colon as a delimiter between the IP address and port number. If you do not identify a specific port, all traffic is allowed to the server and the port is labeled "default." Zero is the same as default. Servers with a port specified are referred to as "port-bound" servers. |
bind-id | (Optional) Used to bind the same ip:port:protocol to multiple virtual servers. Use a colon as a delimiter between the bind-id and port number. If you do not specify a bind-id when defining a real server, the default is :0. |
protocol | (Optional) The protocol to use. The default value is tcp, but udp and gre are is an available option. Use a colon as a delimiter between the port number and protocol. |
service-state | (Optional) In service (is) or out of service (oos). The default is oos. |
No default behavior or values.
Configuration and replication
Real servers are actual host machines with unique IP addresses that provide IP services to the network. Real servers can still be accessed using their actual IP address.
Use the show real command to check the service state of real servers. Possible service states are:
Although a space can be used as a delimiter for port-bound servers, a colon is preferred. Note that the port is 0 by default, and the is (in service) command is used to put the port 80 server in service when it is defined.
ld(config) 1# real 192.168.1.1
ld(config) 2# real 192.168.1.1:80:tcp is
ld(config) 3# real 192.168.1.1 23
ld(config) 4# show real
Real Machines:
No Answer TCP Reset DataIn
Machine Connect State Thresh Reassigns Reassigns Conns
192.168.1.1:23:0:tcp 0 OOS 8 0 0 0
192.168.1.1:80:0:tcp 0 IS 8 0 0 0
192.168.1.1:0:0:tcp 0 OOS 8 0 0 0
The show real command provides the information shown in Table 6-4.
| Column Heading | Description |
|---|---|
Machine | IP address or name of the server, port (if a port-bound server), bind_id, and protocol. |
Connect | The current number of connections to the server. This does not include direct connections to the server that are bridged by LocalDirector. |
State | IS (in service), OOS (out of service), failed, or testing. |
Thresh | Threshold value for reassignments before server is marked as failed. |
No Answer Reassigns | Number of connections that are not answered by a real server. |
TCP Reset Reassigns | Number of connections that are reassigned because a real server responded with an RST packet on a new connection. |
DataIn Conns | Number of clients requesting but not receiving data. |
show real
To set number of retries to a real server before the connection is reassigned to another server, use the reassign command.
reassign real_id | virtual_id val
real_id | The IP address or name, port (if a port-bound server), bind-id, and protocol of a real server. |
virtual_id | Virtual server IP address or name, port number, bind-id, and protocol. |
val | The number of retries allowed. This value can be a number from 1 to 4. The default is 3. |
The default is 3 retries.
Configuration and replication
If reassign is at the default of 3, then TCP will attempt to connect three times before going to another real server (TCP SYNs are counted). If threshold is set to 8, connections are attempted eight times before the server is marked as failed.
When the virtual_id is specified, all real servers represented by that virtual server are affected by this command.
localdirector(config)# show reassign
Real Machine(s) Reassign
192.168.1.1:0:0:tcp 3
192.168.1.2:0:0:tcp 3
localdirector(config)# reassign 192.168.1.1 4
localdirector(config)# show reassign
Real Machine(s) Reassign
192.168.1.1:0:0:tcp 4
192.168.1.2:0:0:tcp 3
localdirector(config)#
show reassign
To set the type of load balancing redirection for the virtual server, use the redirection command.
redirection virtual_id {directed | dispatched} [local | casa] [igmp igmp_address] [port port] [wildcard-ttl seconds] [fixed-ttl seconds]
virtual_id | The IP address or name, port (if a port-bound server), bind-id, and protocol of a virtual server. |
directed | Uses Network Address Translation (NAT) to pass packets to the real server. (NAT replaces the virtual IP address with IP address of the real server.) |
dispatched | The IP address of the virtual server is aliased on each real server, making address translation unnecessary. (LocalDirector replaces the MAC address on a packet with that of the real server. Packets are then passed on to a real server, retaining the IP address.) |
local | (Optional) Use LocalDirector style of architecture; that is, the style used since Version 1.0 |
casa | (Optional) Use the Cisco Applications and Services Architecture (CASA) environment. This keyword is not functional unless LocalDirector is part of the CASA environment. |
igmp | (Optional) Multicast group for Service Manager and Forwarding Agent components. This keyword is not functional unless LocalDirector is part of the CASA environment. |
igmp_address | (Optional) Multicast group address. The default address is 224.0.1.2. |
port | (Optional) Configures the port for CASA communications. This keyword is not functional unless LocalDirector is part of the CASA environment. |
port | (Optional) The address of the CASA port. By default, 1638 is used. |
wildcard-ttl | (Optional) The time to live for wildcards. This keyword is not functional unless LocalDirector is part of the CASA environment. |
fixed-ttl | (Optional) The fixed-ttl connection objects (connections). This keyword is not functional unless LocalDirector is part of the CASA environment. |
seconds | (Optional) The number of seconds. |
By default, directed mode with local architecture is used.
Configuration and replication
The redirection command allows you to change the way packets pass through LocalDirector.
Directed mode uses NAT to translate the IP headers in packets. NAT, supported in LocalDirector since Version 1.0, provides quick setup with no network address changes, reducing system administration time.
Using NAT may not always be the best solution, however. Some protocols embed the IP address within the payload, causing a problem when a packet is encrypted. Additionally, searching though an entire payload for an IP address is processor-intensive and
time-consuming. In these cases, performance can be increased using dispatched mode.
Dispatched mode increases traffic throughput, but requires an additional setup of assigning an aliased IP address on a real server that matches the virtual IP address on LocalDirector. Dispatched mode should be used for UDP and TCP when the IP address information needs to remain unchanged.
Use the casa igmp keyword to set the multicast group address for the CASA components on the LocalDirector. Messages between the Service Manager and Forwarding Agent are sent using multicast to the members of this group. By default, the IGMP group address is 224.0.1.2. Use the no form of this command to remove a component from the group.
Use the casa wildcard-ttl keyword to set the time-to-live value for the wildcard-affinity connection objects on the Forwarding Agents. The Service Manager is responsible for ensuring the wildcard-affinities are refreshed before they time out. The default value is
1 minute.
Use the casa fixed-ttl keyword to set the time-to-live value for the fixed-affinity connection objects. The fixed-affinity connection objects default time-to-live value is
1 minute.
show redirection
virtual
To reboot and reload the configuration, use the reload command.
reloadThis command has no arguments or keywords.
No default behavior or values.
Privileged
The reload command reboots LocalDirector and reloads the configuration from Flash memory.
LocalDirector# reload Proceed with reload?[confirm] Rebooting...
This command has no related commands.
To enable stateful failover, use the replicate command. Use the no replicate command to disable stateful failover on a virtual server.
replicate {interface interface_number | virtual_id}
interface | Specifies an interface for sending replication data. |
interface_number | The interface number through which the active LocalDirector unit sends connection replication data to the standby unit. The default is interface 0. |
virtual_id | Virtual server IP address or name, port number, bind-id, and protocol of the virtual server where connections are replicated. |
No default behavior or values.
Configuration and replication
Connection replication is a property of the virtual server, and it is set and cleared with the replicate command. With this command, all established connections are replicated to the standby unit. In the event of a LocalDirector failure (with failover configured), the standby unit has information for current connections, and keeps connections to the virtual server alive.
Replication can be set on a per-virtual basis, which means you can turn it on for 3270 and leave it off for HTTP. We do not recommend that LocalDirector maintain state for
short-lived connections.
Use the replicate interface command to dedicate an interface to stateful failover.
LocalDirector(config) 6# replicate 10.10.10.10:0:0:tcp
LocalDirector(config) 7# replicate interface 3
LocalDirector(config) 8# show replicate
replicate interface 3
Machine Replicate
10.10.10.10:0:0:tcp on
LocalDirector(config) 9#
show replicate
To take a server out of service, and then bring it back in service, use the restart command.
restart {real real_id} | {virtual virtual_id}real | Restart the real server. |
real_id | IP address or name, port (if a port-bound server), bind-id, and protocol of the real server to be restarted. |
virtual | Restart the virtual server. |
virtual_id | IP address or name, port number, bind-id, and protocol of the virtual server to be restarted. |
No default behavior or values.
Privileged, configuration, and replication
The restart command takes a server out of service and puts it back in service with one command.
| Caution All connections to virtual servers or real servers are cleared during a system restart. |
LocalDirector(config)# restart real server1 LocalDirector(config)#
To specify the number of minutes before a failed server is sent a live connection to check its state, use the retry command.
retry {real_id | virtual_id} val
real_id | Real server IP address or name, port (if a port-bound server), bind-id, and protocol of the real server. |
virtual_id | Virtual server IP address or name, port number, bind-id, and protocol. |
val | The number of minutes before a failed server is retried. The default is one, the minimum is 0, and the maximum is 65535. |
The default retry interval is one minute.
Configuration and replication
The retry command sets the number of minutes before a failed real server is assigned another connection. If the retry is set to zero, the failed server is not retried until the server is brought back into service with the in-service command.
When the virtual_id is specified, all real servers represented by that virtual server are affected by this command.
localdirector(config)# show retry
Real Machine(s) Retry
192.168.1.1:0:0:tcp 1
192.168.1.2:0:0:tcp 1
localdirector(config)# retry 192.168.1.1 5
localdirector(config)# show retry
Real Machine(s) Retry
192.168.1.1:0:0:tcp 5
192.168.1.2:0:0:tcp 1
localdirector(config)#
show retry
To enable IP routing table updates from Routing Information Protocol (RIP) broadcasts that are received, use the rip passive command. To disable routing table updates, use the no rip passive command.
rip passiveThis command has no arguments or keywords.
No default behavior or values.
Configuration and replication
If you have RIP on your network, enter the rip passive command. If you are not using RIP on your network, you must assign a static route with the route command. LocalDirector does not broadcast RIP, it only listens to RIP.
LocalDirector supports RIP Version 1.
LocalDirector(config)# show rip no rip passive LocalDirector(config)# rip passive LocalDirector(config)# show rip rip passive LocalDirector(config)#
show rip
To add a static route to the IP routing table, use the route command. Use the no route command to clear the route.
route dest_net net_mask gateway [metric]
dest_net | Destination IP network address; if default route, specify as all zeros (0.0.0.0). |
net_mask | Subnet mask for the network; if default route, specify as all zeros (0.0.0.0). |
gateway | The adjacent gateway to reach the destination IP network. |
metric | (Optional) Distance metric (defaults to one). |
No default behavior or values.
Configuration and replication
If you want to change an existing route, you must first use the no route command to clear the route, and then specify the new route with the route command. Defining a new IP route with the route command does not overwrite a route that is already established.
LocalDirector(config)#route 0.0.0.0 0.0.0.0 192.168.1.1 1LocalDirector(config)#
clear route
show route
To turn bridging off per interface, use the secure command. Use the no secure command to turn bridging on per interface.
secure interface_number
interface_number | The interface that is secured against bridged traffic. |
By default, bridging is off.
Configuration and replication
The secure command blocks bridged traffic bound for a specific interface in LocalDirector without affecting traffic that is load-balanced through a virtual server. Only traffic being serviced by a virtual server traverses the interface, and no traffic is bridged to or from the interface.
LocalDirector(config) 0# secure 0 LocalDirector(config) 1# secure 1 LocalDirector(config) 2# show secure secure 0 secure 1 LocalDirector(config) 3# no secure 0 LocalDirector(config) 4# show secure no secure 0 secure 1 LocalDirector(config) 5#
show secure
To set the type of service enhancements provided by the virtual server, use the service command. Use the no service command to unset the service
service virtual_id ftp-proxy
virtual_id | Virtual server IP address or name, port number, bind-id, and protocol of the virtual server where connections are replicated. |
ftp-proxy | Enables the FTP service. |
No default behavior or values.
Configuration and replication
Current and past releases of LocalDirector supported load-balancing FTP service in a way that worked, but was not fool proof. Because an FTP session consists of a control and a data connection, LocalDirector must monitor the control connection to discover which data connections will be created so it can attach those data connections to the same server handling the control connection. This default support for FTP monitors the control connection on a packet by packet basis, and it does not work if the packets are out of order or if a control command spans packets.
The service virtual_id ftp-proxy command specifies that the virtual_id provides FTP service. LocalDirector monitors the control connection by proxying it, thus this service is about 100 percent foolproof. The trade-off is that each FTP session now consumes more resources in LocalDirector.
TCP connections going to port 21 of 10.10.10.202 are proxied by LocalDirector and monitored for FTP commands that create data connections:
LocalDirector(config)# service 10.10.10.202 ftp-proxy
TCP connections going to port 1066 of 10.10.10.204 are proxied by LocalDirector and monitored for FTP commands that create data connections:
LocalDirector(config)# service 10.10.10.204:1066 ftp-proxy
show service
To view LocalDirector information, use the show command.
show command | ?
command | The command for which information is displayed. |
No default behavior or values.
All
Any settings left at their default values do not display with the write terminal command. Use the show command and the command associated with the setting to view the default value in the configuration (for example, show retry). The only exception is the show configuration command, which displays the configuration stored in Flash memory, and therefore does not include default values either.
Use the show ? command to view the names of the arguments that can be used with show.
The pager command is used to control the display of show command output.
localdirector(config)# show real
Real Machines:
No Answer TCP Reset DataIn
Machine Connect State Thresh Reassigns Reassigns Conns
server2:0:0:tcp 0 IS 8 0 0 0
server1:0:0:tcp 0 IS 8 0 0 0
localdirector(config)#
show pager lines
To show system buffer utilization, use the show blocks command.
show blocksNo default behavior or values.
Configuration and replication
A block (buffer) is the resource used to store packets from the network.
localdirector(config)# show blocks
SIZE MAX LOW CNT
4 1024 1024 1024
80 256 254 254
256 128 127 127
1550 1280 664 677
A description of the show blocks command output is provided in Table 6-5.
| Heading | Description |
|---|---|
SIZE | Block size, in bytes. |
MAX | Maximum number of blocks that are allocated. |
LOW | Lowest number of blocks available since reboot. |
CNT | Number of that size blocks that are currently available in the buffer. |
To disable an interface, use the shutdown command. To enable an interface, use the no shutdown command.
shutdown {ethernet | fddi} interface_number
ethernet | The interface is an Ethernet interface. |
fddi | The interface is an FDDI interface. |
interface_number | The number of the interface. |
No default behavior or values.
Configuration and replication
Use the shutdown command to disable access to a network interface. It is important to shutdown an interface if failover is configured, because failover sees the unused interface as failed if it is not turned off.
To enable an interface and configure its speed, use the following commands:
LocalDirector(config)# no shutdown ethernet 0
LocalDirector(config)# interface ethernet 0 100full
To disable this same interface, use the following commands:
LocalDirector(config)# shutdown ethernet 0
LocalDirector(config)# interface ethernet 0 100full
Use the write memory command to save configurations to Flash memory.
show shutdown
To configure LocalDirector SNMP agent, use the snmp-server command. Use the no snmp-server command to unconfigure LocalDirector SNMP agent.
snmp-server {contact text | enable traps | host ipaddr | location text}
contact | Your name or that of the LocalDirector system administrator. |
text | When you use this argument with contact, specify your name or that of the LocalDirector system administrator. When used with location, specify your LocalDirector location. |
enable traps | Enable sending SNMP traps. By default, traps are enabled. |
host | The IP address of the computer that is the SNMP Management Station. This command enables SNMP access from the SNMP Management Station (using GetRequest, GetNextRequest, and SetRequest), and also specifies the address where traps should be sent (see the snmp-server enable traps command). You can specify a maximum of 64 host IP addresses, one per command, each representing an SNMP Management Station. Note that polling LocalDirector simultaneously from a large number of SNMP Management Stations may generate significant network load. |
ipaddr | When you use this argument with host, the IP address of a host (SNMP Management Station) that is allowed to access LocalDirector, and to where SNMP traps are sent. You can specify a maximum of 64 host IP addresses. |
location | The LocalDirector location. |
No default behavior or values.
Configuration and replication
The snmp-server contact, snmp-server host, and snmp-server location commands configure the SNMP agent on LocalDirector. LocalDirector converts the contact and location information to lowercase.
The snmp-server enable traps command can be used to enable SNMP traps if traps were turned off with the no snmp-server enable traps command. By default, SNMP traps are enabled.
Follow this procedure to configure SNMP:
Step 1 Identify the SNMP system location and contact with the snmp-server location and snmp-server contact commands.
Step 2 Designate up to 64 SNMP Management Stations that are allowed to access LocalDirector, and that are to receive SNMP traps using the snmp-server host command.
LocalDirector supports GetRequests and GetNextRequests on variables in the following groups:
LocalDirector supports SetRequests on the following variable:
LocalDirector sends traps from the following MIB groups:
All of the HPOV commands are in the /opt/OV/bin directory. When using HPOV, you must use a name for LocalDirector, and the name must be listed in the /etc/hosts file.
The xnmbrowser on the command line is recommended for viewing the MIBs.
Follow this procedure to load the MIB files using the CiscoWorks for Windows program (Castle Rock SNMPc):
Step 1 Download the current version of all required files and save them in the install_dir\Mibfiles directory, where install_dir is the location where SNMPc is installed (usually C:\Program Files\Snmpc).
Step 2 Start SNMPc, and select the Compile Mib option in the Config menu.
The Load MIBs... dialog box displays.
Step 3 Scroll to the bottom of the list.
Step 4 Select the last item in the list.
Step 5 Add the file CISCO-SMI.my (or whatever you changed the name to).
Step 6 Select the last item in the list (which should now be CISCO-SMI.my).
Step 7 Add the file CISCO-TC.my (or whatever you changed the name to).
Step 8 Select the last item in the list (which should now be CISCO-TC.my).
Step 9 Add the other three files.
Step 10 Click Load All and then click OK.
The MIBs are compiled and when completed, the MIB files are loaded.
LocalDirector(config)# show snmp-server snmp-server enable traps no snmp-server contact no snmp-server location localdirector(config)# snmp-server contact System Administrator localdirector(config)# snmp-server location Corporate Headquarters localdirector(config)# snmp-server host 10.10.10.2 localdirector(config)# show snmp-server snmp-server host 10.10.10.2 snmp-server enable traps snmp-server contact System Administrator snmp-server location Corporate Headquarters localdirector(config)#
clear snmp-server
show snmp-server
To translate a real server IP address to that of a virtual server, use the static command.
static real_id virtual_id
real_id | Real server IP address or name, port (if a port-bound server), bind-id, and protocol of the real server. |
virtual_id | The virtual address that the real server will be translated to. The virtual server must exist on LocalDirector, but it need not have real servers bound to it. |
No default behavior or values.
Configuration and replication
Use the static command to translate a real server address to a virtual server address. This translation allows the real server to make outbound connections, but keeps the IP address hidden outside the LocalDirector network.
For outbound connections that the real server makes (not in response to a user accessing the virtual server), the IP address is translated to the virtual IP address identified by the static command. The outbound connection count is displayed with the show static command.
If the real_id exists as a real server, then the outbound connection is counted toward the number of connections for that real server (that is, it will affect load balancing); otherwise, the connection is only translated and does not affect load balancing.
localdirector(config) 6# static 10.10.10.220:0 192.168.1.1:0:0
localdirector(config) 7# show static
Real Machine Static Machine Connections
10.10.10.220:0:0:tcp 192.168.1.1:0:0:tcp 0
localdirector(config) 8#
show static
To set the number of inactivity minutes between connections before the client is sent to another server, use the sticky command. To delete sticky associations on the specified virtual server, use the clear sticky command. To disable the sticky feature, use the no sticky command.
sticky virtual_id minutes [generic | ssl]
virtual_id | Virtual server IP address or name, port number, bind-id, and protocol. |
minutes | The elapsed time of connection inactivity, after which a connection from the same client can be reassigned to a different real server. The default is 0 minutes, and the maximum value is 65535 (45.5 days). |
generic | (Optional) The sticky connection is based on the IP address. In the Cisco Applications and Services Architecture (CASA) environment, this option is on by default and should not be invoked. |
ssl | (Optional) The sticky connection is based on the Secure Sockets Layer (SSL) session ID. SSL Version 2 is not supported and produces a fatal error. LocalDirector supports SSL version 3 servers and SSL2/3 (hybrid) clients. This option cannot be used in the CASA environment. |
The default sticky interval is 0 minutes (sticky is off).
Configuration and replication
The sticky command ensures that the same client gets the same server for multiple connections. The connection is based on IP address for generic or sticky session ID for ssl. The sticky command is used when applications require a consistent and constant connection to the same server. If you are connecting to a system that keeps state about your connection, sticky allows you to get back to the same real server again and retain the statefulness of the system. For example, if an online form is being completed by a client, the sticky command ensures that multiple connections are sent to the same server to complete the transaction.
The sticky command is not timing how long a client is connected; it is timing periods of inactivity. If sticky is set to five, and the client is active, new requests from the client are not sent to another server via load balancing, even if five minutes have elapsed. However, if five minutes of connection inactivity elapse, the requests from the client could be sent to another real server.
If maxconns will be exceeded by a new connection, a new host is chosen and sticky information is updated to reflect the new host. Then all future connections (within sticky number of minutes) go to a new host.
Use show sticky or show virtual to display the sticky value. Use the no sticky command return to the default value of 0.
Use the clear sticky command to delete sticky associations on the specified virtual server that are minutes old; if the minutes parameter is set to 0, then delete all associations.
The sticky command can also be used in conjunction with the buddy command to sticky two virtual servers together. The buddy command cannot be used to sticky a virtual server running SSL with a generic sticky virtual server.
SSL sticky
In the following example, the virtual command is used to identify 192.168.1.1:443 as a virtual server accepting traffic on port 443 (SSL), and 192.168.1.1:80 as a virtual server accepting HTTP traffic. The sticky command is used to ensure that SSL requests from the same client will be sent to port 443 on real server 192.168.1.1:443 until 10 minutes of inactivity have elapsed:
ld(config) 5# virtual 192.168.1.1:443:0:tcp
ld(config) 6# virtual 192.168.1.1:80:0:tcp
ld(config) 7# sticky 192.168.1.1:443:0:tcp 10 ssl
ld(config) 8# show sticky
Virtual Machine(s) Sticky
192.168.1.1:80:0:tcp 0 generic
192.168.1.1:443:0:tcp 10 ssl
localdirector(config)#ld(config) 9#
buddy
clear sticky
show sticky
show virtual
To activate synguard mode, use the synguard command. To deactivate synguard mode, use the no synguard command.
synguard virtual_id countvirtual_id | Virtual server IP address or name, port number, and bind-id. |
count | The number of unanswered SYNs allowed before entering synguard mode. The default is 0. |
Synguard mode is off.
Configuration and replication
The synguard command provides limited protection against SYN attacks to the virtual IP address. Once the number of unanswered SYNs set with the synguard command is reached, LocalDirector starts to protect the real network and servers from a SYN attack.
A SYSLOG message is sent when LocalDirector enters synguard mode.
To use synguard effectively, monitor the web site to gather statistics about the highest number of SYN counts (using the show syn command). Then, set the synguard level to a percentage (perhaps 10 to 15 percent, or whatever is appropriate for the site) above that number.
The show synguard command displays the number of inbound TCP SYN packets from the client for which the chosen server has not responded with a SYN ACK. Once the server responds, this counter is decremented.
LocalDirector(config) 1# show synguard
VirtualMachine(s) SynGuardStatus
192.168.1.1:80:0:tcp0
LocalDirector(config) 2# synguard 192.168.1.1:80:0:tcp 400
LocalDirector(config) 3# show synguard
Virtual Machine(s)SynGuardStatus
192.168.1.1:80:0:tcp 400
LocalDirector(config) 4# show syn
VirtualMachine(s)ConnsSyn Count
192.168.1.1:80:0:tcp722 400
LocalDirector(config) 5#
show syn
show synguard
To log messages to SYSLOG server, use the syslog command. Use the no syslog command to stop the messages.
syslog {host ip | console | output facility.level}
host | Specify that a server is to receive SYSLOG messages. |
ip | The IP address of the server designated as the log host. |
console | Displays SYSLOG messages on the console. SYSLOG messages are sent to the console display as they are logged, and may display in the middle of other screen information. SYSLOG messages scroll on the screen without pausing. This command is not stored in the configuration. |
output | Set the facility number and error level for messages sent to SYSLOG, hosts, and the console. |
facility | The facility is a unique device number that identifies logging information. It is saved in a log file shared by a number of devices. Hosts file the messages based on the facility number in the message. Eight facilities are available: LOCAL0(16) through LOCAL7(23); the default is LOCAL4(20). |
level | Message priority; sets the level above which LocalDirector suppresses messages to the SYSLOG hosts. Setting the level to 3, for example, displays messages with levels 0, 1, 2, and 3. The default is 3. A period must be used between the facility and the level values. The levels are: 0 --- System unusable 1 --- Take immediate action 2 --- Critical condition 3 --- Error message 4 --- Warning message 5 --- Normal but significant condition 6 --- Informational 7 --- Debug message |
No default behavior or values.
Configuration and replication
Use the syslog host command to specify the system that is to receive SYLOG messages. Messages are sent to the SYSLOG host over UDP. You can use the show syslog command to view previously sent messages.
The syslog console command is not stored in the LocalDirector configuration and is valid only for the current session. After logging out, the syslog console command is reset to the default because the console for a Telnet user may not be available when LocalDirector is rebooted, thus causing a problem. The syslog console command must be entered each time you want the SYSLOG output to come to your console, whether it is the actual serial line console or a Telnet console.
Logging is enabled by configuring LocalDirector with the IP address of the log host.
Follow this procedure to configure SYSLOG:
Step 1 Designate the SYSLOG host with the syslog host command.
Step 2 Specify the type of SYSLOG messages to accept with the syslog output command.
Step 3 Use show syslog to list the SYSLOG hosts and output level.
Follow this procedure to configure a UNIX system to accept SYSLOG messages:
Step 1 Use the LocalDirector syslog host command to configure LocalDirector to send SYSLOG messages to the IP address of the UNIX host.
Step 2 Log in to the UNIX system as root (superuser) and execute the following commands; change name to the log file where you want SYSLOG messages to appear:
# mkdir /var/log/localdirector
# touch /var/log/localdirector/name
Step 3 While still logged in as root, edit the /etc/syslog.conf file with a UNIX editor and add the following selector and action pairs for each message type you want to capture:
| Message Priority | UNIX syslog.conf File Keyword |
|---|---|
0 --- Emergency | local n.emerg |
1 --- Immediate action | local n.alert |
2 --- Critical condition | local n.crit |
3 --- Error | local n.err |
4 --- Warning | local n.warning |
5 --- Notice | local n.notice |
6 --- Information | local n.info |
7 --- Debug | local n.debug |
In the syslog.conf file, configure each selector and action pair for the messages you want to receive. For example, if you want to receive messages in a file called localdirector for message priorities 0, 1, 2, and 3, and use the default LOCAL4 facility, the syslog.conf statements would be:
# LocalDirector SYSLOG messages
local4.emerg /var/log/localdirector/ld-emerg
local4.alert /var/log/localdirector/ld-alert
local4.crit /var/log/localdirector/ld-crit
local4.error /var/log/localdirector/ld-error
This configuration directs LocalDirector SYSLOG messages to the specified file. Alternatively, if you want the message sent to the logging host console or sent as an email message to a system administrator, refer to the UNIX syslog.conf(4) manual page.
Entries in /etc/syslog.conf must obey these rules:
Step 4 Inform the SYSLOG server program on the UNIX system to reread the syslog.conf file by sending it a HUP (hang up) signal with the following commands:
# cat /etc/syslog.pid
92
# kill -HUP 92
The first command generates the SYSLOG process ID (92 in this example). This number may vary by system. The second command sends SYSLOG the HUP signal to restart.
The following example shows SYSLOG error messages generated by a bridge loop:
LocalDirector(config) 5# show syslog
OUTPUT ON (20.3)
CONSOLE OFF
<162> : Switching to OK.
<162> : Switching to OK.
<162> Secondary: Switching to ACTIVE.
<162> Secondary: Cable not connected my side.
<162> Secondary: Switching to OK.
<162> Secondary: Switching to OK.
<163> Config FAILED: reassign 3
<163> Config FAILED: passwd cisco
<163> Bridge Loop, 00a0.2409.4f41 on multiple interfaces.
<163> Bridge Loop, 00a0.24c0.e863 on multiple interfaces.
<163> Bridge Loop, 00a0.c90d.10bd on multiple interfaces.
<163> Bridge Loop, 00a0.c933.287b on multiple interfaces.
<163> Bridge Loop, 00a0.c90d.10bd on multiple interfaces.
LocalDirector(config)6#
clear syslog
show syslog
Use the telnet command to add authorized IP addresses for Telnet access to LocalDirector. Use the no telnet command to remove Telnet access from an IP address.
telnet ip mask
ip | The IP address or network of a host that is authorized to access the LocalDirector Telnet management interface. |
mask | The subnet mask for the network specified in this command. Use any valid mask, or a network IP address to enable access to all in the subnet; for example, if you set the mask to 255.255.255.0, all systems in the subnet can access LocalDirector over Telnet. If you set the mask to 255.255.255.255, only the IP address you specify can access LocalDirector. |
No default behavior or values.
Configuration and replication
The telnet command is used to identify who can configure LocalDirector via Telnet. Up to 16 hosts or networks are allowed access to the LocalDirector console, 4 simultaneously. The show telnet command displays the list of IP addresses authorized to access LocalDirector and the clear telnet command removes Telnet access from an IP address. Use the who command to view IP addresses that are accessing LocalDirector.
Use the password command to change the access password for Telnet.
LocalDirector(config)# telnet 192.168.1.3 255.255.255.255
LocalDirector(config)# telnet 192.168.1.4 255.255.255.255
LocalDirector(config)# telnet 192.168.2.0 255.255.255.0
LocalDirector(config)# show telnet
192.168.1.3 255.255.255.255
192.168.1.4 255.255.255.255
192.168.2.0 255.255.255.0
LocalDirector(config)# no telnet 192.168.1.3
LocalDirector(config)# show telnet
192.168.1.4 255.255.255.255
192.168.2.0 255.255.255.255
LocalDirector(config)#
clear telnet
password
show telnet
who
To set the IP address of the TFTP server for storing secondary configuration information and software image files, use the tftp-server command. To remove a TFTP server, use the no tftp-server command.
tftp-server tftp_server_ip [port port] tftp_directory
tftp_server_ip | IP address of the TFTP server. |
port | (Optional) Use the port specified with the port argument. |
port | (Optional) The port number (by default, port 69 is used). |
tftp_directory | The directory where the secondary configuration and software image files are stored. The default directory is /tftp/boot. |
No default behavior or values.
Configuration and replication
The tftp-server command defines the IP address of a TFTP server. Secondary configuration information can be written to, and read from, a TFTP server with the write net and configure net commands. The secondary configuration contains information about virtual and real servers, server bindings, backup servers, and load balancing.
The commands associated with TFTP are as follows:
LocalDirector(config)# tftp-server 192.168.10.1 LocalDirector(config)#
boot config
boot image
configuration net
show tftp-server
write net
To configure the number of consecutive TCP connection reassignments that a real server can exhibit before LocalDirector marks the real server as failed, use the threshold command.
threshold real_id | virtual_id connect_failures
real_id | Real server IP address or name, port (if a port-bound server), bind-id, and protocol. |
virtual_id | Virtual server IP address or name, port number, bind-id, and protocol. |
connect_failures | The number of consecutive connection reassignments to tolerate; the default is 8. A 0 means the real server will never be failed; the maximum number of reassigns is 65535. |
The default is 8 connection reassignments.
Configuration and replication
Use show real or show threshold to display real server threshold values. When the number of connection reassignments is equal to the threshold value, the server is failed by LocalDirector. Connection reassignments may be due to a TCP RST, or no answer from the real server.
Failed real servers are not used by virtual servers while in the failed state; however, LocalDirector retests each failed server periodically with a single TCP connection attempt to learn if the server has returned to normal behavior. If so, LocalDirector marks the server as in service, which makes it available to process virtual server requests.
When the virtual_id is specified, all real servers represented by that virtual server are affected by this command.
localdirector(config)# show threshold
Real Machine(s) Threshold
192.168.1.1:0:0:tcp 8
192.168.1.2:0:0:tcp 8
localdirector(config)# threshold 192.168.1.1 10
localdirector(config)# show threshold
Real Machine(s) Threshold
192.168.1.1:0:0:tcp 10
192.168.1.2:0:0:tcp 8
localdirector(config)#
reassign
retry
show real
show threshold
To set the connection timeout for real server, user the timeout command.
timeout real_id | virtual_id idle_minutes
real_id | Real server IP address or name, port (if a port-bound server), bind-id, and protocol. |
virtual_id | Virtual server IP address or name, port number, bind-id, and protocol. |
idle_minutes | The number of minutes the server maintains a connection before dropping it. The default is 120 minutes, the minimum is 5 minutes, and the maximum is 65535 minutes. To calculate this value, match the timeout setting in the operating system of the server for TCP connections. |
The default connection interval is 120 minutes.
Configuration and replication
Idle connections will be timed out after the number of minutes set with the timeout command for each real server. In addition, every two minutes LocalDirector will remove a connection that has not been fully established (that is, either the client or server did not complete the TCP handshaking sequence to get the connection established).
When the virtual_id is specified, all real servers represented by that virtual server are affected by this command.
Use the timeout command for real servers running the connectionless UDP protocol. Because no mechanism exists within UDP to signal the end of a connection, set the duration of the UDP connection with the timeout idle_minutes setting. UDP connections can successfully use the timeout minimum, which is 5 minutes.
localdirector(config)# show timeout
Real Machine(s) Timeout
192.168.1.1:0:0:tcp 120
192.168.1.2:0:0:tcp 120
localdirector(config)# timeout 192.168.1.2 11
localdirector(config)# show timeout
Real Machine(s) Timeout
192.168.1.1:0:0:tcp 120
192.168.1.2:0:0:tcp 11
localdirector(config)#
show timeout
To create a virtual server to accept a connection from the network, use the virtual command. Use the no virtual command to remove the virtual server from LocalDirector.
virtual virtual_name | virtual_ip [:[virtual_port]:[bind-id]:[protocol]]
virtual_name | The name of the virtual server being defined. |
virtual_ip | The IP address of the virtual server being defined. |
virtual_port | (Optional) The port traffic that runs on the server. Use a colon as a delimiter between the IP address and port number. If you do not identify a specific port, all traffic is allowed to the server and the port is labeled 0. Servers with a port specified are referred to as "port-bound" servers. |
bind-id | (Optional) Used with the assign command to direct traffic to a specific location. Use a colon as a delimiter between the bind-id and port number. If you do not specify a bind-id when defining a virtual server, the default is :0. Any client IP address not identified by an assign command statement will be directed to the default bind-id of 0. |
protocol | (Optional) The protocol to use. The default value is tcp, but udpand gre are is available options. Use a colon as a delimiter between the bind-id and protocol. |
service-state | (Optional) In service (is) or out of service (oos). The default is oos. |
No default behavior or values.
Configuration
The virtual command creates a virtual server to accept a connection from the network. Virtual servers present a single address for a group of real servers and load-balance service requests between the real servers in a site. The virtual server IP address is published to the user community, but the real IP address can remain unpublished.
If you are using directed mode, and the published or "advertised" addresses are different from internal addresses, the IP address of LocalDirector must be on the network from which you want to access LocalDirector. That is, if your virtual servers are on network 204.31.17.x, and your real servers are on network 192.168.89.x, then the IP address of LocalDirector should be either 204.31.17.x (if accessing LocalDirector from outside) or 192.168.89.x (if accessing LocalDirector from inside). Here "accessing" means using Telnet, SNMP, or SYSLOG to connect to LocalDirector. Virtual server addresses can only be accessed from the client side of LocalDirector.
If you are using dispatched mode, you can create an alias IP address on LocalDirector and keep it in a subnet different from the location of the real servers.
Specify the IP address of LocalDirector with the ip address command before defining virtual servers.
If no real servers are bound to the virtual server, use the no virtual command to remove the virtual server from LocalDirector.
The port and bind-id are optional when defining virtual servers. Although a space can be used as a delimiter for the port, a colon is preferred and must be used with the bind-id. Note that the port and bind-id are 0 by default.
ld(config) 5# virtual 10.10.10.1:80:tcp
ld(config) 6# virtual 10.10.10.1:443:1:tcp
ld(config) 7# virtual 10.10.10.1
ld(config) 8# show virtual
Machines:
Machine Mode State Connect Sticky Predictor Slowstart
10.10.10.1:80:0:tcp directed local OOS 0 0 leastconns roundrobin*
10.10.10.1:443:1:tcp directed local OOS 0 0 leastconns roundrobin*
10.10.10.1:0:0:tcp directed local OOS 0 0 leastconns roundrobin*
In the following example, note the use of the name command. The name is used with the port and bind-id to identify the server (virtual_id).
ld(config) 9# name 10.10.10.1 lucky ld(config) 0# is virtual lucky:80 ld(config) 1# sticky lucky:443:1 10 ld(config) 2# show virtual Virtual Machines: Machine Mode State Connect Sticky Predictor Slowstart lucky:80:0:tcp directed local IS 0 0 leastconns roundrobin* lucky:443:1:tcp directed local OOS 0 10 leastconns roundrobin* lucky:0:0:tcp directed local OOS 0 0 leastconns roundrobin*
To remove a virtual server, you must first remove any bind association to real servers. For example:
LocalDirector(config) 5# show virtual
Virtual Machines:
Machine Mode State Connect Sticky Predictor Slowstart
192.168.0.98:0:0:tcp directed local OOS 0 0 leastconns roundrobin*
192.168.0.99:0:0:tcp directed local IS 0 0 leastconns roundrobin*
LocalDirector(config) 6# show bind
Virtual Real
192.168.0.98:0:0:tcp(OOS)
192.168.0.3:0:0:tcp(OOS)
192.168.0.99:0:0:tcp(IS)
192.168.0.1:0:0:tcp(IS)
192.168.0.2:0:0:tcp(IS)
LocalDirector(config) 7# no virtual 192.168.0.98:0:0:tcp
Must unbind all reals before removing virtual.
LocalDirector(config) 8# no bind 192.168.0.98:0:0:tcp 192.168.0.3:0:0:tcp
LocalDirector(config) 9# no virtual 192.168.0.98:0:0:tcp
LocalDirector(config) 0# show virtual
Virtual Machines:
Machine Mode State Connect Sticky Predictor Slowstart
192.168.0.99:0:0:tcp directed local IS 0 0 leastconns roundrobin*
LocalDirector(config) 1#
The show virtual command indicates the service state of virtual servers in addition to other information. Descriptions of the show virtual command output are provided in Table 6-6.
| Column Heading | Description |
|---|---|
Machine | IP address or name of the server, port (if a port-bound server), |
Mode | Directed or dispatched and local or CASA modes. |
State | IS (in service), OOS (out of service), failed, or max. |
Connect | Number of connections to the server. |
Sticky | Elapsed time of inactivity before connection is sent to another server. |
Predictor | Type of load balancing. An asterisk (*) indicates that this predictor is active. |
Slowstart | Slowstart option set with predictor command (round-robin or none). An asterisk (*) indicates that this predictor is active. |
Possible service states are:
ip address
show virtual
To assign a relative value to the distribution of connections for a real server, use the weight command. Use the no weight command to remove a weight value from a real server.
weight real_id number
real_id | The IP address or name, port (if a port-bound server), bind-id, and protocol of a real server. |
number | The number that is averaged to determine the distribution of current connections among real servers. The default is one, and the value can be a whole number from 0 to 65535. A value of 0 is equivalent to placing the server out of service. |
The default number of connections is 1.
Configuration and replication
Servers with higher performance can support a higher number of connections. In the following example, the weights of all of the servers equals eight. Therefore, server 192.168.1.1 would receive 4/8 of the connections, or 50 percent. Server 192.168.1.2 would receive 25 percent of the connections, and servers 192.168.1.3 and 192.168.1.4 would each receive 12.5 percent of the connections. Faster servers receive more connections because they service the connection faster, regardless of the percentage of connections they are assigned at the time.
localdirector(config)# show weight
Real Machine(s) Weight
192.168.1.1:0:0:tcp 1
192.168.1.2:0:0:tcp 1
localdirector(config)# weight 192.168.1.1 4
localdirector(config)# show weight
Real Machine(s) Weight
192.168.1.1:0:0:tcp 4
192.168.1.2:0:0:tcp 1
localdirector(config)#
show weight
To show active Telnet administration sessions, use the who command.
who [ip]
ip | (Optional) An IP address to limit the listing to one IP address or to a network IP address. |
No default behavior or values.
Unprivileged, privileged, and configuration
The who command shows the tty_id and IP address of each Telnet client currently logged in to LocalDirector. This command is the same as the show who command.
LocalDirector# who 2: From 192.168.2.2 1: From 192.168.1.3 0: On console LocalDirector#
kill
show who
telnet
To show wildcards in use, use the show wildcard command.
show wildcardNo default behavior or values.
Privileged
Use this command to view the wildcards that are currently being used.
To store the current configuration, use the write command.
write {erase | floppy | memory | terminal | standby}
erase | Clears the Flash memory configuration. |
floppy | Stores the current running configuration on a floppy disk. |
memory | Saves the current running configuration to Flash memory. When the failover is configured, this keyword forces the configuration to be written to Flash memory on the standby unit also. |
terminal | Displays the current running configuration on the console computer. Before using this command, you can set your terminal communications program to store the screen display in a log file. |
standby | Copies the active configuration to the standby unit. |
No default behavior or values.
Privileged and configuration
Use the write floppy command to save the current running configuration to floppy disk, and use the write memory command to save to Flash memory. You can save your configuration on the distribution diskette that shipped with your LocalDirector. Use configure memory or configure floppy to restore the saved configuration.
Any settings left at the default value will not be displayed with the write terminal command. Use the show command and the command associated with the setting to view the default value in the configuration (for example, show retry). The only exception is the show configuration command, which displays the configuration stored in Flash memory, and therefore will not include default values either.
LocalDirector(config)# write floppy Building configuration... [OK] LocalDirector(config)#
To store the current configuration to a TFTP server, use the write net command.
write net [[tftp_server_ip] [port port]] [file file]
net | Save configuration to a remote TFTP server. To use this keyword, issue the tftp-server command first, or identify the name of the file and the IP address of the TFTP server. The file must be created on the TFTP server before it can be saved to the TFTP server. |
tftp_server_ip | (Optional) The IP address of the TFTP server. |
file | (Optional) The name of the file on the TFTP server. |
port | (Optional) Uses the port specified with the port argument. |
port | (Optional) The port number (by default, port 69 is used). |
file | (Optional) Uses the file for configuration file. |
No default behavior or values.
Privileged and configuration
Use the write net command to save the current running configuration to a TFTP server. Use the configure net command to restore the saved configuration.
configure net
Posted: Wed Sep 22 14:55:15 PDT 1999
Copyright 1989-1999©Cisco Systems Inc.