|
|
This chapter describes how to configure the Server Load Balancing (SLB) switch redundancy. For further information about the commands used in this chapter, refer to the command reference publications in the Cisco IOS documentation set and to "Command Reference."
A SLB switch could represent a point of failure and the servers could lose their connections to the backbone if power fails or if a link from a switch to the distribution-layer switch is disconnected. This section described redundancy features you can use to reduce that risk.
This chapter includes the following sections:
 |
Note You are at Step 4 in the suggested process for configuring your SLB switch. See the "Configuring Your SLB Switch" section. By now you have set up the hardware and are ready to proceed with configuring SLB redundancy. |
Configuration of the HSRP on a SLB switch requires the following:
A SLB switch running the HSRP detects a failure by sending and receiving multicast User Datagram Protocol (UDP) "hello" packets. When the SLB switch running HSRP detects that the designated active SLB switch has failed, the selected backup SLB switch assumes control of the HSRP group MAC and IP addresses. (You can also select a new standby SLB switch at that time.)
SLB switching software supports HSRP over 10/100 Ethernet, Gigabit Ethernet, FEC, GEC, and BVI (Bridge-Group Virtual Interface) connections.
For example, the HSRP network shown in Figure 5-1. Device A is the active HSRP SLB switch and is responsible for handling packets to the real servers 1 through 4. If the connection between Device A and the client accessing virtual server IP address 10.10.10.12 tcp 23 or 10.10.10.18 tcp 23 fails, fast converging routing protocols, such as the Enhanced Interior Gateway Routing Protocol (Enhanced IGRP) and Open Shortest Path First (OSPF), can respond within seconds so that Device B is prepared to transfer packets that would have gone through Device A.
HSRP uses a priority scheme to determine which HSRP-configured SLB switch is to be the default active SLB switch. To configure a SLB switch as active, you assign it a priority that is higher than the priority of all the other HSRP-configured SLB switches. The default priority is 100, so if you configure just one SLB switch to have a higher priority, that switch becomes the default active switch.
HSRP works by the exchange of multicast messages that advertise priority among HSRP-configured SLB switches. When the active switch fails to send a hello message within a configurable period of time, the standby switch with the highest priority becomes the active switch. The transition of packet-
forwarding functions between SLB switches is completely transparent to all hosts accessing the network.
HSRP-configured SLB switches exchange the following three types of multicast messages:
At any time, HSRP-configured SLB switches are in one of the following states:
This section describes configuring the HSRP on the Catalyst 4840G SLB switch.
To configure HSRP over VLANs between SLB switches, you must first create its environment. Perform these tasks in the order in which they appear.
|
Note When you configure the virtual server as "in-service" you must use the optional standby command and configure an HSRP group name. See the "inservice (virtual server)" section. |
Command | Purpose |
|---|---|
SLB-Switch(config-if)#standby [group-number] ip [ip-address [secondary]] |
|
To customize "hot standby" group attributes, use one or more of the following commands in interface configuration mode:
The following commands enable the HSRP standby group 100 IP address, preempt, priority, timers, configure a name and authentication for Device A in Figure 5-1:
SLB-Switch(config-if)# standby 100 ip 172.20.100.10 SLB-Switch(config-if)# standby 100 priority 110 SLB-Switch(config-if)# standby 100 preempt SLB-Switch(config-if)# standby 100 timers 5 15 SLB-Switch(config-if)# standby 100 name Web_group1 SLB-Switch(config-if)# standby 100 authentication Secret SLB-Switch(config-if)# exit SLB-Switch#
Figure 5-1 shows the topology of an IP network with two SLB switches configured for HSRP.
All hosts accessing the network use the IP address of the virtual servers (in this case, 10.10.10.12 or 10.10.10.18).
|
Note The configurations shown use the RIP routing protocol. HSRP can be used with any routing protocol supported by the Cisco IOS software. Some configurations that use HSRP still require a routing protocol to converge when a topology change occurs. The standby SLB switch becomes active, but connectivity does not occur until the protocol converges. |
The following is the configuration for Switch A (active):
hostname Switch A ! ip slb serverfarm ServerGroup1 real 172.20.100.3 inservice real 172.20.100.4 inservice ! ip slb serverfarm ServerGroup2 real 172.20.200.3 inservice real 172.20.200.4 inservice ! ip slb vserver VS1 virtual 10.10.10.12 tcp 23 serverfarm ServerGroup1 in-service standby Web_Group1 ! ip slb vserver VS2 virtual 10.10.10.18 tcp 23 serverfarm ServerGroup2 in-service standby Web_Group2 ! ip routing router rip network 172.20.0.0 ! interface vlan100 ip address 172.20.100.1 255.255.255.0 standby 100 ip 172.20.100.10 standby 100 priority 110 standby 100 preempt standby 100 timers 5 15 standby 100 name Web_Group1 standby 100 authentication Secret ! interface vlan200 ip address 172.20.200.1 255.255.255.0 standby 200 ip 172.20.200.10 standby 200 priority 110 standby 200 preempt standby 200 timers 5 15 standby 200 name Web_Group2 standby 200 authentication Covert !
The following is the configuration for Switch B (standby):
hostname Switch B ! ip slb serverfarm ServerGroup1 real 172.20.100.3 inservice real 172.20.100.4 inservice ! ip slb serverfarm ServerGroup2 real 172.20.200.3 inservice real 172.20.200.4 inservice ! ip slb vserver VS1 virtual 10.10.10.12 tcp 23 serverfarm ServerGroup1 in-service standby Web_Group1 ! ip slb vserver VS2 virtual 10.10.10.18 tcp 23 serverfarm ServerGroup2 in-service standby Web_Group2 ! ip routing router rip network 172.20.0.0 ! interface vlan100 ip address 172.20.100.2 255.255.255.0 standby 100 ip 172.20.100.10 standby 100 preempt standby 100 timers 5 15 standby 100 name Web_Group1 standby 100 authentication Secret ! interface vlan200 ip address 172.20.200.2 255.255.255.0 standby 200 ip 172.20.200.10 standby 200 preempt standby 200 timers 5 15 standby 200 name Web_Group2 standby 200 authentication Covert
The standby ip interface configuration command enables HSRP and establishes 10.10.10.12 and 10.10.10.18 as the IP addresses of the virtual servers. The configurations of both SLB switches include this command so that both switches share the same virtual IP address. The 100 establishes Hot Standby group 100. (If you do not specify a group number, the default is group 0.) The configuration for at least one of the SLB switches in the Hot Standby group must specify the IP address of the virtual server; specifying the IP address of the virtual router is optional for other routers in the same Hot Standby group.
The standby preempt interface configuration command allows the SLB switch to become the active switch when its priority is higher than all other HSRP-configured switches in this Hot Standby group. The configurations of both switches include this command so that each can be the standby SLB switch for the other switch. The "100" indicates that this command applies to Hot Standby group 100. If you do not use the standby preempt command in the configuration for a SLB switch, that switch cannot become the active SLB switch.
The standby priority interface configuration command sets the SLB switch's HSRP priority to 110, which is higher than the default priority of 100. Only the configuration of Device A includes this command, which makes Device A the default active SLB switch. The "100" indicates that this command applies to Hot Standby group 100.
The standby timers interface configuration command sets the interval in seconds between hello messages (called the hello time) to five seconds and sets the duration in seconds that a SLB switch waits before it declares the active SLB switch to be down (called the hold time) to eight seconds. (The defaults are three and 10 seconds, respectively.) If you decide to modify the default values, you must configure each SLB switch to use the same hello time and hold time. The "100" indicates that this command applies to Hot Standby group 100.
To verify that the SLB HSRP feature has been configured and is operating correctly, use the following show ip slb vserver commands to display information about the SLB virtual server status:
SLB-Switch# show ip slb vserver slb vserver prot virtual state conns ------------------------------------------------------------------- VS1 TCP 10.10.10.12:23 INSERVICE 2 VS2 TCP 10.10.10.18:23 INSERVICE 2 SLB-Switch# show ip slb vserver detail VS1, state = INSERVICE, v_index = 10 virtual = 10.10.10.12:23, TCP, service = NONE, advertise = TRUE server farm = SERVERGROUP1, delay = 10, idle = 3600 sticky timer = 0, sticky subnet = 255.255.255.255 sticky group id = 0 synguard counter = 0, synguard period = 0 conns = 0, total conns = 0, syns = 0, syn drops = 0 standby group = None VS2, state = INOFSERVICE, v_index = 11 virtual = 10.10.10.18:23, TCP, service = NONE, advertise = TRUE server farm = SERVERGROUP2, delay = 10, idle = 3600 sticky timer = 0, sticky subnet = 255.255.255.255 sticky group id = 0 synguard counter = 0, synguard period = 0 conns = 0, total conns = 0, syns = 0, syn drops = 0 standby group = None
The stateful backup feature enables SLB to incrementally back up its load balancing decisions, or "keep state," between primary and backup Catalyst 4840G SLB switches. The backup switch has its virtual servers in a dormant state until failover is detected by HSRP; then the backup (now primary) catalyst 4840G switch begins advertising virtual addresses and filtering traffic.
This enhancement provides SLB with a one-to-one stateful or idle backup scheme. This means that only one instance of SLB is handling client or server traffic at a given time, and that there is at most one backup platform for each active SLB switch.
Figure 5-2 is an example of a stateful backup configuration, using HSRP on both the client and server sides to handle failover. The real servers route outbound traffic to 10.10.3.100, which is the HSRP address on the server side interfaces. The client (or access router), routes to the virtual IP address (10.10.10.12) through 10.10.2.100, HSRP address on client side.
Notice the loopback interfaces configured on both boxes for the exchange of these messages. Each SLB should also be given duplicate routes to the other switch loopback address. This allows replication messages to flow despite an interface failure.
|
Note To allow HSRP to function properly, set spantree portfast must be configured on any Layer 2 device between the SLB switches. |
The stateful backup network shown in Figure 5-2 is used in the configuration examples in the sections that follow.
To configure stateful backup to keep state across primary and backup Catalyst 4840G SLB switches, enter the following commands in order, beginning in global configuration mode:
| Command | Description | |
|---|---|---|
Step 1 | SLB-Switch(config)# ip slb vserver virtserver-name | Configures a virtual server and enters virtual server configuration mode. |
Step 2 | SLB-Switch(config-slb-vserver)# replicate casa listening-ip remote-ip port-number [interval] [password password timeout] | Configures a stateful backup of SLB decision tables to a backup switch. See the ip slb probe command for more details. |
The following commands configure stateful backup for virtual server RESTRICTED_HTTP using listening IP 10.10.3.132 and remote IP 10.10.99.3 over port 1032 and configures the password as "PASS" for Device A in Figure 5-2:
SLB-Switch(config)# ip slb vserver RESTRICTED_HTTP SLB-Switch(config-slb-vserver)# virtual 10.10.10.12 tcp telnet SLB-Switch(config-slb-vserver)# replicate casa 10.10.3.132 10.10.99.3 1024 password PASS SLB-Switch(config-slb-vserver)# inservice standby virt SLB-Switch(config-slb-vserver)# . (Information Deleted) .
Following is the stateful backup configuration for switch SLB1 shown in Figure 5-2:
! ip slb serverfarm SF1 nat server real 10.10.3.1 inservice real 10.10.3.2 inservice real 10.10.3.3 inservice ! ip slb vserver VS1 virtual 10.10.10.12 tcp telnet serverfarm SF1 replicate casa 10.10.99.132 10.10.99.99 1024 password PASS inservice standby virt ! interface Loopback1 ip address 10.10.99.132 255.255.255.255 ! ! interface FastEthernet1 ip address 10.10.3.132 255.255.255.0 no ip redirects no ip mroute-cache standby priority 5 preempt standby name out standby ip 10.10.3.100 standby track FastEthernet3 ! interface FastEthernet3 ip address 10.10.2.132 255.255.255.0 no ip redirects standby priority 5 preempt standby name virt standby ip 10.10.2.100 standby track FastEthernet1 !
Following is the stateful backup configuration for switch SLB2 shown in Figure 5-2:
ip slb serverfarm SF1 nat server real 10.10.3.1 inservice real 10.10.3.2 inservice real 10.10.3.3 inservice ! ip slb vserver VS1 virtual 10.10.10.12 tcp telnet serverfarm SF1 replicate casa 10.10.99.99 10.10.99.132 1024 password PASS inservice standby virt ! ! interface Loopback1 ip address 10.10.99.99 255.255.255.255 ! interface FastEthernet2 ip address 10.10.2.99 255.255.255.0 no ip redirects no ip route-cache no ip mroute-cache standby priority 10 preempt standby name virt standby ip 10.10.2.100 standby track FastEthernet3 ! interface FastEthernet3 ip address 10.10.3.99 255.255.255.0 no ip redirects no ip route-cache no ip mroute-cache standby priority 10 preempt standby name out standby ip 10.10.3.100 standby track FastEthernet2 !
Posted: Thu Sep 28 15:29:14 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.