|
|
This chapter describes the Server Load Balancing (SLB) feature. It includes the following sections:
 |
Note You are at Step 3 in the suggested process for configuring your SLB switch. See the "Configuring Your SLB Switch" section. You should have already configured the SLB processor and now be ready to proceed with configuring SLB. |
The SLB feature is an IOS-based solution that provides IP server load balancing. Using the SLB feature, you can define a virtual server that represents a group of real servers in a cluster of network servers known as a server farm. In this environment the clients connect to the IP address of the virtual server. The virtual server IP address is configured as a loopback address, or secondary IP address, on each of the real servers. When a client initiates a connection to the virtual server, the SLB function chooses a real server for the connection based on a configured load balancing algorithm. Figure 4-1 illustrates a SLB network.
|
Note When you configure the SLB software in server NAT mode, you do not need to configure loopback or secondary addresses on the real servers. |
SLB
This section describes the following features supported in SLB:
SLB provides two load balancing algorithms: weighted round-robin and weighted least-connections. You may specify either algorithm as the basis for choosing a real server for each new connection request that arrives at the virtual server.
The weighted round-robin algorithm specifies that the real server used for a new connection to the virtual server is chosen from the server farm in a circular fashion. Each real server is assigned a weight, n, that represents its capacity to handle connections, as compared to the other real servers associated with the virtual server. That is, new connections are assigned to a given real server n times before the next real server in the server farm is chosen.
For example, assume a server farm comprised of real server ServerA with n = 3, ServerB with n = 1, and ServerC with n = 2. The first three connections to the virtual server are assigned to ServerA, the fourth connection to ServerB, and the fifth and sixth connections to ServerC.
|
Note Assigning a weight of n=0 to all of the servers in the server farm configures the SLB switch to use a simple round-robin algorithm. |
The weighted least-connections algorithm specifies that the next real server chosen from a server farm for a new connection to the virtual server is the server with the fewest active connections. Each real server is also assigned a weight for this algorithm. When weights are assigned, the server with the fewest connections is based on the number of active connections on each server, and on the relative capacity of each server. The capacity of a given real server is calculated as the assigned weight of that server divided by the sum of the assigned weights of all of the real servers associated with that virtual server, or n1/(n1+n2+n3...).
For example, assume a server farm comprised of real server ServerA with n = 3, ServerB with n = 1, and ServerC with n = 2. ServerA would have a calculated capacity of 3/(3+1+2), or half of all active connections on the virtual server, ServerB one-sixth of all active connections, and ServerC one-third of all active connections. At any point in time, the next connection to the virtual server would be assigned to the real server whose number of active connections is farthest below its calculated capacity.
|
Note Assigning a weight of n=0 to all of the servers in the server farm configures the SLB switch to use a simple least-connection algorithm. |
You must specify which Transmission Control Protocol/User Datagram Protocol (TCP/UDP) port a virtual server handles. The port-bound servers feature allows one virtual server IP address to represent one set of real servers for one service, such as Hypertext Transfer Protocol (HTTP), and a different set of real servers for another service, such as Telnet. Packets destined to a virtual server address for a port that is not specified in a virtual server definition are not redirected.
The sticky connections feature allows new connections from a client IP address to be assigned to the same real server as previous connections from the same client address. This behavior is controlled by a configurable timer. If the timer is configured on a virtual server, new connections from a client are sent to the same real server that handled the previous client connection, provided that:
The sticky connection feature also permits the coupling of services that are handled by more than one virtual server. This feature allows connection requests for related services to use the same real server. For example, Web server (HTTP) typically uses TCP port 80, and HTTP over Secure Socket Layer (HTTPS) uses port 443. If HTTP virtual servers and HTTPS virtual servers are coupled, connections for ports 80 and 443 from the same client IP address are assigned to the same real server.
The maximum connections feature allows you to configure a limit on the number of active connections that will be directed to a real server. If the maximum number of connections is reached for a specified real server, the SLB software will automatically switch all further connection requests to another server until the connection number drops below the specified limit.
Because of IP packet ordering anomalies, SLB might "see" the termination of a TCP connection (a finish [FIN] or reset [RST]) followed by other packets for the connection. This problem usually occurs when there are multiple paths that the TCP connection packets can follow. To correctly redirect the packets that arrive after the connection is terminated, SLB retains the TCP connection information, or context, for a specified length of time. The length of time the context is retained after the connection is terminated is controlled by a configurable delay timer.
SLB tracks each TCP synchronous idle character (SYN) sent to a real server by a client attempting to open a new connection. If several consecutive SYNs are not answered, or if a SYN is replied to with a RST, the TCP session is reassigned to a new real server. The number of SYN attempts is controlled by a configurable reassign threshold.
SLB automatically detects each failed connection attempt to a real server, and increments a failure counter for that server. (The failure counter is not incremented if a failed connection from the same client has already been counted.) If a server's failure counter exceeds a configurable failure threshold, the server is considered out of service and is removed from the list of active real servers.
When a real server fails and is removed from the list of active servers, it is assigned no new connections for an amount of time specified by a configurable retry timer. After that timer expires, the server is again eligible for new virtual server connections and SLB sends the server the next qualifying connection. If the connection is successful, the failed server is placed back on the list of active real servers. If the connection is unsuccessful, the server remains out of service and the retry timer is reset.
In an environment that uses weighted least-connections load balancing, a real server that is placed in service initially has no connections, and could therefore be assigned so many new connections that it becomes overloaded. To prevent such an overload, the slow start feature controls the number of new connections that are directed to a real server that has just been placed in service.
The SLB Dynamic Feedback Protocol (DFP) is a mechanism that allows host agents in load balanced environments to dynamically report the change in status of the host systems providing a virtual service. The status reported is a relative weight that specifies a host server's capacity to perform work.
When a DFP agent is defined on the SLB software, a TCP connection is initiated from the manager to the DFP agent on the real server. Once this connection is established, the agent must periodically send update information across the connection to the SLB software. This information is used by the SLB software to aid in load balancing the real servers as well as acting as an application level keep-alive for the connection. If an agent on the real server has no information to send, and an inactivity time-out has been specified for this DFP agent, it must send an empty report to prevent the connection from being torn down. In the event that a failure of the real server occurs, the SLB software reverts to using the default weight for any real servers being reported on. This default weight is a configured parameter in the SLB software allowing control over what action is taken.
The DFP agent can be software running on the real server or a separate unit that collects information from one or more real servers. This agent will consolidate the information, format it into the DFP, and report the information to the SLB software on periodic intervals. If a need arises, for example, a sudden change in a real server's ability to handle traffic, the agent could send in an early report.
Cisco Network Address Translator (NAT), RFC 1631, allows unregistered "private" IP addresses to connect to the Internet by translating those private IP addresses into globally registered IP addresses. NAT also increases network privacy by hiding internal IP addresses from external networks.
SLB can operate in one of two redirection modes:
Since the virtual server IP address is not modified in dispatch mode, the real servers must be adjacent with the SLB switch on Layer 2, or intervening routers might not be able to route to the chosen real server.
The following types of NAT are supported:
|
Note The same connection supports server NAT and client NAT. |
Figure 4-2 shows a sample SLB NAT topology.
The topology in Figure 4-2 has two Web servers running a single HTTP server application listening on port 80. Server 1 and Server 2 are load balanced using Switch A, which is performing server address translation.
See the "NAT" section to configure SLB NAT on the Catalyst 4840G SLB switch.
HTTP probe provides a simple way to monitor the applications being server load-balanced. With frequent probes, operation of the application is verified, not just connectivity to the application.
The basic requirement of HTTP probe is to determine the real server status by issuing an HTTP GET or HTTP POST against each real server in a server farm.
Since multiple virtual servers could use a single serverfarm, all virtual servers tied to that server farm are probed, and if a real server failed for one virtual server, it must be failed for all virtual servers using that real server. If multiple probes detect failure of a real server, all virtual servers must agree that the real server is recovered before the real server is restored to inservice.
Initially only one probe per server farm is allowed.
A SLB switch could represent a point of failure and the servers could lose their connections to the backbone if power fails or if a link from a switch to the distribution-layer switch is disconnected. The Catalyst 4840G SLB switch supports two redundancy options:
For SLB redundancy information and configuration see "Configuring SLB Redundancy."
SLB has the following restrictions:
Standards
MIBs
RFCs
This section described the tasks required to configure a basic SLB network on your Catalyst 4840G SLB switch.
Figure 4-3 shows an example SLB network with the following components:
To configure the SLB network described and shown in Figure 4-3, use the following commands beginning in global configuration mode:
| Command | Purpose |
|---|---|
SLB-Switch(config)# ip slb serverfarm serverfarm-name SLB-Switch(config-slb-sfarm)# | Adds a server farm definition to the SLB configuration and initiates server farm configuration mode. See the ip slb serverfarm command for more details. |
SLB-Switch(config-slb-sfarm)# real ip-address | Identifies a real server to the SLB function and initiates real server configuration mode. See the real command for more details. |
SLB-Switch(config-slb-real)# inservice | Enables the real server for use by SLB. See the inservice (real server) command for more details. |
SLB-Switch(config-slb-real)# exit | Return to server farm configuration mode. |
SLB-Switch(config-slb-real)# end | Return to global configuration mode. |
SLB-Switch(config)# ip slb vserver virtserver-name | Identifies a virtual server and initiates virtual server configuration mode. See the ip slb vserver command for more details. |
SLB-Switch(config-slb-vserver)# virtual ip-address {tcp | udp} port-number [service service-name] | Specifies the virtual server IP address, type of connection, port number, and optional service coupling. See the virtual command for more details. |
SLB-Switch(config-slb-vserver)# inservice | Enables the virtual server for use by SLB. See the inservice (virtual server) command for more details. |
SLB-Switch(config-slb-vserver)# client ip-address network-mask | Specifies which clients are allowed to use the virtual server. See the client command for more details. |
The following sections shows examples of these configuration commands used to configure and verify the SLB network shown in Figure 4-3:
The following commands configure the server farm PUBLIC and associates the three real servers:
SLB-Switch# config t Enter configuration commands, one per line. End with CNTL/Z. SLB-Switch(config)# ip slb serverfarm PUBLIC SLB-Switch(config-slb-sfarm)# real 10.1.1.1 SLB-Switch(config-slb-real)# inservice SLB-Switch(config-slb-real)# exit SLB-Switch(config-slb-sfarm)# real 10.1.1.2 SLB-Switch(config-slb-real)# inservice SLB-Switch(config-slb-real)# exit SLB-Switch(config-slb-sfarm)# real 10.1.1.3 SLB-Switch(config-slb-real)# inservice SLB-Switch(config-slb-real)# end
The following commands configure the server farm RESTRICTED and associates the two real servers:
SLB-Switch# config t Enter configuration commands, one per line. End with CNTL/Z. SLB-Switch(config)# ip slb serverfarm RESTRICTED SLB-Switch(config-slb-sfarm)# real 10.1.1.20 SLB-Switch(config-slb-real)# inservice SLB-Switch(config-slb-real)# exit SLB-Switch(config-slb-sfarm)# real 10.1.1.21 SLB-Switch(config-slb-real)# inservice SLB-Switch(config-slb-real)# end SLB-Switch#
The following show ip slb reals command displays the status of server farms PUBLIC and RESTRICTED, the associated real servers, and their status:
SLB-Switch# show ip slb real real server farm weight state conns --------------------------------------------------------------------- 10.1.1.1 PUBLIC 8 INSERVICE 0 10.1.1.2 PUBLIC 8 INSERVICE 0 10.1.1.3 PUBLIC 8 INSERVICE 0 10.1.1.20 RESTRICTED 8 INSERVICE 0 10.1.1.21 RESTRICTED 8 INSERVICE 0 SLB-Switch#
The following show ip slb serverfarm command displays the configuration and status of server farms PUBLIC and RESTRICTED:
SLB-Switch# show ip slb serverfarm server farm predictor nat reals bind id --------------------------------------------------- PUBLIC ROUNDROBIN none 3 0 RESTRICTED ROUNDROBIN none 2 0 SLB-Switch#
The following commands configure the virtual servers PUBLIC_HTTP and RESTRICTED_HTTP:
SLB-Switch# SLB-Switch# config t Enter configuration commands, one per line. End with CNTL/Z. SLB-Switch(config)# ip slb vserver PUBLIC_HTTP SLB-Switch(config-slb-vserver)# virtual 10.0.0.1 tcp www SLB-Switch(config-slb-vserver)# serverfarm PUBLIC SLB-Switch(config-slb-vserver)# inservice SLB-Switch(config-slb-vserver)# 16:17:48: ADD_WILDCARD: . (Information Deleted) . index = 1 SLB-Switch(config-slb-vserver)# exit SLB-Switch(config)# ip slb vserver RESTRICTED_HTTP SLB-Switch(config-slb-vserver)# virtual 10.0.0.2 tcp www SLB-Switch(config-slb-vserver)# serverfarm RESTRICTED SLB-Switch(config-slb-vserver)# inservice SLB-Switch(config-slb-vserver)# 16:20:18: ADD_WILDCARD: . (Information Deleted) . index = 1 SLB-Switch(config-slb-vserver)# end SLB-Switch#
The following show ip slb vservers command verifies the configuration of the virtual servers PUBLIC_HTTP and RESTRICTED_HTTP:
SLB-Switch# show ip slb vservers slb vserver prot virtual state conns ------------------------------------------------------------------- PUBLIC_HTTP TCP 10.0.0.1:80 INSERVICE 0 RESTRICTED_HTTP TCP 10.0.0.2:80 INSERVICE 0 SLB-Switch# SLB-Switch#
The following commands remove the virtual server RESTRICTED_HTTP from service, configures the restricted client access to the virtual server, then reenables the virtual server:
SLB-Switch# config t Enter configuration commands, one per line. End with CNTL/Z. SLB-Switch(config)# ip slb vserver RESTRICTED_HTTP SLB-Switch(config-slb-vserver)# no inservice SLB-Switch(config-slb-vserver)# 16:23:14: . (Information Deleted) . index = 1 SLB-Switch(config-slb-vserver)# client 10.4.4.0 255.255.255.0 SLB-Switch(config-slb-vserver)# inservice SLB-Switch(config-slb-vserver)# 16:23:45: ADD_WILDCARD: src = 0 - 0 . (Information Deleted) . index = 1 SLB-Switch(config-slb-vserver)# end SLB-Switch#
The following show ip slb conns command verifies the restricted client access and status:
SLB-Switch# show ip slb conns client 10.4.4.0 vserver prot client real state nat ------------------------------------------------------------------------------- RESTRICTED_HTTP TCP 10.4.4.0:80 10.1.1.20 CLOSING none SLB-Switch#
The following show ip slb conns command displays detailed information about the restricted client access status:
SLB-Switch# show ip slb conns client 10.4.4.0 detail VSTEST_UDP, client = 10.4.4.0:80 state = CLOSING, real = 10.1.1.20, nat = none v_ip = 10.0.0.2:80, TCP, service = NONE client_syns = 0, sticky = FALSE, flows attached = 0 SLB-Switch#
To verify that the SLB feature has been installed and is operating correctly, ping the real servers from SLB switch, then ping the virtual servers from the clients.
The following show ip slb stats command displays detailed information about the SLB network status: SLB-Switch# show ip slb stats Pkts via normal switching: 0 Pkts via special switching: 6 Connections Created: 1 Connections Established: 0 Connections Destroyed: 0 Connections Reassigned: 0 Zombie Count: 0 Connections Reused: 0 SLB-Switch#
See the "Monitoring and Maintaining SLB" section for additional commands used to verify SLB networks and connections.
The following show running-config command example displays the SLB network described and shown in Figure 4-3:
SLB-Switch# show running-config Building configuration... . (Information Deleted) . .ip slb serverfarm PUBLIC real 10.1.1.1 inservice real 10.1.1.2 inservice real 10.1.1.3 inservice ! ip slb serverfarm RESTRICTED real 10.1.1.20 inservice real 10.1.1.21 inservice ! ip slb vserver PUBLIC_HTTP virtual 10.0.0.1 tcp www serverfarm PUBLIC inservice ! ip slb vserver RESTRICTED_HTTP virtual 10.0.0.2 tcp www serverfarm RESTRICTED client 10.4.4.0 255.255.255.0 inservice !
This section describes the optional tasks you might want to use to fine tune the SLB configuration on your Catalyst 4840G SLB switch and includes the following sections:
To determine which real server to use for each new connection request, the SLB feature uses one of two load balancing algorithms: round-robin (the default) or least-connections. (See the "Weighted Round-Robin" section or the "Weighted Least-Connections" section for detailed descriptions of these algorithms.)
|
Note You can configure a real server with a weight relative to other real servers in the server farm, using the weight real server configuration command. |
To specify the load balancing algorithm, use the following command in server farm configuration mode:
| Command | Purpose |
|---|---|
SLB-Switch(config-slb-sfarm)# predictor [roundrobin | leastconns] | Specifies whether the weighted round robin algorithm or the weighted least connections algorithm is to be used to determine how a real server is selected. See the predictor command for more details. |
The following example shows how to configure weighted least-connections algorithm:
SLB-Switch(config)# ip slb serverfarm RESTRICTED SLB-Switch(config-slb-sfarm)# predictor leastconns
See the "Monitoring and Maintaining SLB" section for additional commands used to verify SLB network connections and the "Complete Example Configuration" section for an example of a SLB network configuration.
To configure a bind ID on the server farm for use by DFP, use the following command in server farm configuration mode:
| Command | Purpose |
|---|---|
SLB-Switch(config)# ip slb serverfarm serverfarm-name SLB-Switch(config-slb-sfarm)# | Adds a server farm definition to the SLB configuration and initiates server farm configuration mode. See the ip slb serverfarm command for more details. |
SLB-Switch(config-slb-sfarm)# bindid [bind_id] | Specifies a bind ID on the server farm for use by DFP. See the bindid command for more details. |
The following example shows how to configure a bind ID of 309 on server farm RESTRICTED:
SLB-Switch(config)# ip slb serverfarm RESTRICTED SLB-Switch(config-slb-sfarm)# bindid 309
See the "Monitoring and Maintaining SLB" section for additional commands used to verify SLB network connections and the "Complete Example Configuration" section for an example of a SLB network configuration.
You can configure any of the following real server attributes using the following commands in real server configuration mode:
| Command | Purpose |
|---|---|
SLB-Switch(config)# ip slb serverfarm serverfarm-name SLB-Switch(config-slb-sfarm)# | Adds a server farm definition to the SLB configuration and initiates server farm configuration mode. See the ip slb serverfarm command for more details. |
SLB-Switch(config-slb-sfarm)# real ip-address | Identifies a real server to the SLB function and initiates real server configuration mode. See the real command for more details. |
SLB-Switch(config-slb-real)# faildetect numconns number-conns [numclients number-clients] | Specifies the number of consecutive connection failures and, optionally, the number of unique client connection failures, that constitute failure of the real server. See the faildetect command for more details. |
SLB-Switch(config-slb-real)# maxconns number-conns | Specifies the maximum number of active connections allowed on the real server at one time. See the maxconns command for more details. |
SLB-Switch(config-slb-real)# reassign threshold | Specifies the number of consecutive unanswered SYNs that initiates reassignment of the connection to another real server. See the reassign command for more details. |
SLB-Switch(config-slb-real)# retry retry-value | Specifies the interval, in seconds, that must elapse between the detection of a server failure and the next attempt to connect to the failed server. See the retry command for more details. |
SLB-Switch(config-slb-real)# weight weighting-value | Specifies the real server's workload capacity relative to other servers in the server farm. See the weight command for more details. |
SLB-Switch(config-slb-real)# inservice | Enables the real server for use by SLB. See the inservice (real server) command for more details. |
The following example shows how to configure the consecutive connection failures to 16 that constitute the failure of real server 10.1.1.1:
SLB-Switch(config)# ip slb serverfarm RESTRICTED SLB-Switch(config-slb-sfarm)# real 10.1.1.1 SLB-Switch(config-slb-real)# faildetect numconns 16
The following example shows how to configure maximum number of connections to 1000:
SLB-Switch(config-slb-real)# maxconns 1000
The following example shows how to configure the number of consecutive unanswered SYNs to 4 that initiates reassignment of the connection to another real server:
SLB-Switch(config-slb-real)# reassign 4
The following example shows how to configure the retry interval to 120 seconds between the detection of a server failure and the next attempt to connect on real server 10.1.1.1:
SLB-Switch(config-slb-real)# retry 120
The following example shows how to configure workload capacity to 16, relative to other servers in the server farm:
SLB-Switch(config-slb-real)# weight 16
The following example shows how to reenable the real server back into service after making changes to its configuration:
SLB-Switch(config-slb-real)# inservice
See the "Monitoring and Maintaining SLB" section for additional commands used to verify SLB network connections and the "Complete Example Configuration" section for an example of a SLB network configuration.
To change the default settings of the virtual server values, use the related command in virtual server configuration mode:
| Command | Purpose |
|---|---|
SLB-Switch(config)# ip slb vserver virtserver-name | Identifies a virtual server and initiates virtual server configuration mode. See the ip slb vserver command for more details. |
SLB-Switch(config-slb-vserver)# no advertise | Omits the virtual server IP address from the routing protocol updates. See the advertise command for more details. |
SLB-Switch(config-slb-vserver)# client ip-address network-mask | Specifies which clients are allowed to use the virtual server. See the client command for more details. |
SLB-Switch(config-slb-vserver)# delay duration | Specifies the amount of time SLB maintains TCP connection after a connection has terminated. The default value is 10 seconds. See the delay command for more details. |
SLB-Switch(config-slb-vserver)# idle duration | Specifies the minimum amount of time SLB maintains connection context in the absence of packet activity for a connection. The default value is 3600 seconds (60 minutes). See the idle command for more details. |
SLB-Switch(config-slb-vserver)# sticky duration [group group-id] [netmask netmask] | Specifies that connections from the same client use the same real server, providing that the interval between client connections does not exceed the specified duration. See the sticky command for more details. |
SLB-Switch(config-slb-vserver)# synguard syn-count interval | Specifies the rate of TCP SYNs handled by a virtual server in order to prevent a SYN flood denial of service attack. See the synguard command for more details. |
SLB-Switch(config-slb-vserver)# inservice | Enables the virtual server for use by SLB. See the inservice (virtual server) command for more details. |
The following commands remove the virtual server RESTRICTED_HTTP from service and then configures the restricted client access to the virtual server:
SLB-Switch(config)# ip slb vserver RESTRICTED_HTTP SLB-Switch(config-slb-vserver)# no inservice SLB-Switch(config-slb-vserver)# 16:23:14: . (Information Deleted) . index = 1 SLB-Switch(config-slb-vserver)# client 10.4.4.0 255.255.255.0
By default, virtual server addresses are advertised. That is, static routes to the Null0 interface are installed for the virtual server addresses. To advertise these static routes using the routing protocol, you must configure redistribution of static routes for the routing protocol. To prevent the installation of a static route, use the no form of the advertise command:
SLB-Switch(config-slb-vserver)# no advertise
The following command configures the delay timer to 20 seconds after the termination of the TCP connection to the virtual server:
SLB-Switch(config-slb-vserver)# delay 20
The following command configures the idle time to 180 seconds (3 minutes) that the SLB maintains connectivity to the virtual server in the absence of packet activity for a connection:
SLB-Switch(config-slb-vserver)# idle 1800
The following command configures the time to 60 seconds that connections from the same client use the same real server:
SLB-Switch(config-slb-vserver)# sticky 60 group 1
The following command configures the rate of TCP SYNs to 3600000 handled by the virtual server:
SLB-Switch(config-slb-vserver)# synguard 3600000
The following example reenables the virtual server after modification:
SLB-Switch(config-slb-vserver)# inservice SLB-Switch(config-slb-vserver)# 16:23:45: ADD_WILDCARD: src = 0 - 0 . (Information Deleted) . index = 1 SLB-Switch(config-slb-vserver)#
See the "Monitoring and Maintaining SLB" section for additional commands used to verify SLB network connections and the "Complete Example Configuration" section for an example of a SLB network configuration.
The SLB Dynamic Feedback Protocol (DFP) is a mechanism that allows host agents in load balanced environments to dynamically report the change in status of the host systems providing a virtual service. The status reported is a relative weight that specifies a host server's capacity to perform work.
To configure SLB DFP, enter the following commands in order, beginning in global configuration mode:
| Command | Description | |
|---|---|---|
Step 1 | SLB-Switch(config)# ip slb dfp [password password [timeout]] | Configures DFP and, optionally, sets a password and initiates DFP configuration mode. See the ip slb dfp command for more details. |
Step 2 | SLB-Switch(config-slb-dfp)# | Configures a DFP agent. See the agent command for more details. |
The following commands configure the DFP password as "Cookies," the timeout as 360 seconds, and then changes the CLI to DFP configuration mode:
SLB-Switch(config)# ip slb dfp password Cookies 360 SLB-Switch(config-slb-dfp)#
The following DFP command configures the IP address of the DPF agent as 10.1.1.1 and sets the connection port to use as 21 (FTP):
SLB-Switch(config-slb-dfp)# agent 10.1.1.1 21
See the "Monitoring and Maintaining SLB" section for additional commands used to verify SLB network connections and the "Complete Example Configuration" section for an example of a SLB network configuration.
Cisco Network Address Translator (NAT), RFC 1631, allows unregistered "private" IP addresses to connect to the Internet by translating those private IP addresses into globally registered IP addresses. NAT also increases network privacy by hiding internal IP addresses from external networks. For a detailed description of NAT and the difference between "client" and "server" mode, see the "NAT" section.
To configure SLB NAT for client mode, enter the following commands in order, beginning in global configuration mode:
| Command | Description | |
|---|---|---|
Step 1 | SLB-Switch(config)# ip slb natpool pool-name start-ip end-ip [netmask mask | leading_1_bits] | Configures the client address pool. |
Step 2 | SLB-Switch(config-slb-sfarm)# n at {server | client pool-name} | Configures which NAT mode to use. See the nat command for more details. |
The following commands configure a NAT server on server farm PUBLIC:
SLB-Switch(config)# ip slb serverfarm PUBLIC SLB-Switch(config-slb-sfarm)# nat server
To configure SLB NAT client mode for a specific server farm, enter the following commands in order, beginning in global configuration mode:
| Command | Description | |
|---|---|---|
Step 1 | SLB-Switch(config)# ip slb natpool pool-name start-ip end-ip [netmask mask | leading_1_bits] | Configures the client address pool. |
Step 2 | SLB-Switch(config)# ip slb serverfarm serverfarm-name | Adds a server farm definition to the SLB configuration and initiates server farm configuration mode. See the ip slb serverfarm command for more details. |
Step 3 | SLB-Switch(config-slb-sfarm)# n at {server | client pool-name} | Configures which NAT mode to use. See the nat command for more details. |
Step 4 | SLB-Switch(config-slb-sfarm)# r eal ip-address [port_number] | Identifies a real server to the SLB function and initiates real server configuration mode. See the real command for more details. |
Step 5 | SLB-Switch(config-slb-real)# inservice | Enables the real server for use by SLB. See the inservice (real server) command for more details. |
Step 6 | SLB-Switch(config-slb-real)# exit | Return to server farm configuration mode. |
Step 7 | SLB-Switch(config-slb-real)# end | Return to global configuration mode. |
Step 8 | SLB-Switch(config)# ip slb vserver virtserver-name | Identifies a virtual server and initiates virtual server configuration mode. See the ip slb vserver command for more details. |
The following commands configure NAT clients on server farm FARM2:
SLB-Switch# config t Enter configuration commands, one per line. End with CNTL/Z. SLB-Switch(config)# ip slb natpool web-clients 128.3.0.1 128.3.0.254 netmask 255.255.0.0 SLB-Switch(config)# ip slb serverfarm FARM2 SLB-Switch(config-slb-sfarm)# nat client web-clients SLB-Switch(config-slb-sfarm)# real 10.3.1.1 SLB-Switch(config-slb-real)# inservice SLB-Switch(config-slb-real)# exit SLB-Switch(config-slb-sfarm)# real 10.4.1.1 8080 SLB-Switch(config-slb-real)# inservice SLB-Switch(config-slb-real)# exit SLB-Switch(config-slb-sfarm)# real 10.4.1.1 8081 SLB-Switch(config-slb-real)# inservice SLB-Switch(config-slb-real)# exit SLB-Switch(config-slb-sfarm)# real 10.4.1.1 8082 SLB-Switch(config-slb-real)# inservice SLB-Switch(config-slb-real)# end SLB-Switch# 00:27:00: %SYS-5-CONFIG_I: Configured from console by console SLB-Switch# config terminal Enter configuration commands, one per line. End with CNTL/Z. SLB-Switch(config)# ip slb vserver HTTP2 SLB-Switch(config-slb-vserver)# virtual 128.2.0.1 tcp www SLB-Switch(config-slb-vserver)# serverfarm FARM2 SLB-Switch(config-slb-vserver)# inservice SLB-Switch(config-slb-vserver)# 00:28:21: ADD_WILDCARD: (Information Deleted) SLB-Switch# copy running-config startup-config Destination filename [startup-config]? Building configuration... [OK] SLB-Switch#
Following is the final configuration after a NAT client pool is configured using the previous process:
SLB-Switch# show running-config Building configuration... (Information Deleted) ! ip slb natpool WEB-CLIENTS 128.3.0.1 128.3.0.254 netmask 255.255.0.0 entries 800 0 13851890 ip slb serverfarm FARM2 nat server nat client WEB-CLIENTS real 10.3.1.1 faildetect numconns 8 numclients 2 inservice real 10.4.1.1 8080 faildetect numconns 8 numclients 2 inservice real 10.4.1.1 8081 faildetect numconns 8 numclients 2 inservice real 10.4.1.1 8082 faildetect numconns 8 numclients 2 inservice ! ip slb vserver HTTP2 virtual 128.2.0.1 tcp www serverfarm FARM2 inservice !
Figure 4-4 shows a sample SLB NAT configuration topology.
The topology in Figure 4-4 has two Web servers running a single HTTP server application listening on port 80.
Server 1 and Server 2 are load balanced using Switch A, which is performing server address translation.
The configuration statements for Switch A are:
ip slb serverfarm FARM1 ! Translate server addresses nat server ! Server 1 port 80 real 10.1.1.1 inservice ! Server 2 port 80 real 10.2.1.1 inservice ! ip slb vserver HTTP1 ! Handle HTTP (port 80) requests virtual 128.1.0.1 tcp www serverfarm FARM1 inservice
The basic requirement of HTTP probe is to determine the real server status by issuing an HTTP GET against each real server in a server farm. For a detailed description of HTTP probe, see the "HTTP Probe" section.
To configure an HTTP probe, enter the following commands in order, beginning in global configuration mode:
| Command | Description | |
|---|---|---|
Step 1 | SLB-Switch(config)# ip slb probe name http | Configures the SLB probe name and changes to HTTP configuration submode. See the ip slb probe command for more details. |
Step 2 | SLB-Switch(config-slb-probe)# r equest method {get | post | head | name name [url]} | (Optional) Configures the method used to perform the request to the server. See the request url command for more details. |
Step 3 | SLB-Switch(config-slb-probe)# e xpect [status number] | (Optional) Configures the expected HTTP status code. See the expect command for more details. |
Step 4 | SLB-Switch(config-slb-probe)# i nterval seconds | (Optional) Configures the HTTP probe transmit timers. See the interval (HTTP Probe) command for more details. |
Step 5 | SLB-Switch(config-slb-probe)# h eader {name field-name [field-value]} | (Optional) Configures basic authentication values for the HTTP probe. See the header command for more details. |
Step 6 | SLB-Switch(config-slb-probe)# c redentials {username [password]} | (Optional) Configures basic authentication values for the HTTP probe. See the credentials command for more details. |
Step 7 | SLB-Switch(config-slb-real)# exit | (Optional) Return to server farm configuration mode. |
Step 8 | SLB-Switch(config)# ip slb serverfarm serverfarm-name | (Optional) Change to server farm configuration mode. See the ip slb serverfarm command for more details. |
Step 9 | SLB-Switch(config-slb-sfarm)# p robe probe-name | (Optional) Specifies an HTTP probe on the server farm. See the probe command for more details. |
The following example shows how to configure an HTTP probe named DOGULA:
SLB-Switch(config)# ip slb probe DOGULA http SLB-Switch(config-slb-probe)# request method post url /probe.cgi?all SLB-Switch(config-slb-probe)# header Cookie SLB-Switch(config-slb-probe)# credentials Semisweet chips SLB-Switch(config-slb-probe)# exit SLB-Switch(config)# ip slb serverfarm PUBLIC SLB-Switch(config-slb-sfarm)# probe DOGULA SLB-Switch(config-slb-sfarm)# end
The proceeding example configures the following HTTP probe parameters:
Step 2 Configures the request method as POST and set the URL as "/probe.cgi.?all."
Step 3 Configures the header authentication as "Cookie."
Step 4 Configures the basic authentications username and password.
Step 5 Exits to global configuration mode.
Step 6 Enters SLB server farm configuration mode for server farm PUBLIC.
Step 7 Configures the HTTP probe on the server farm.
To verify that the HTTP probe is configured correctly, use the following show ip slb probe commands:
SLB-Switch# show ip slb probe DOGULA (http) 3 reals SLB-Switch# show ip slb probe detail Server:Port Status Outages Current Cumulative ---------------------------------------------------------- 10.1.1.1:80 200 0 never 00:00:00 10.1.1.2:80 200 0 never 00:00:00 10.1.1.3:80 200 0 never 00:00:00
Following are the HTTP probe configuration statements for the HTTP probe configured in the previous example:
! ip slb probe DOGULA http request method POST url /probe.cgi?all header Cookie header Authorization Basic U2VtaXN3ZWV0OmNoaXBz ! ip slb serverfarm PUBLIC nat server real 10.1.1.1 inservice real 10.1.1.2 inservice real 10.1.1.3 inservice probe DOGULA !
To obtain and display runtime information about SLB, use the following commands in EXEC mode:
| Command | Purpose |
|---|---|
SLB-Switch# show ip slb conns [vserver virtserver-name] [client ip-address] [detail] | Displays all connections handled by SLB, or, optionally, only those connections associated with a particular virtual server or client. See the show ip slb conns command for more details. |
SLB-Switch# show ip slb dfp [agent ip_addr port] [detail] [weights] | Displays information about DFP and DFP agents, and about the weights assigned to real servers. See the show ip slb dfp command for more details. |
SLB-Switch# show ip slb probe [name probe_name] [detail] | Displays information about SLB HTTP probes configured on real servers. See the show ip slb probe command for more details. |
SLB-Switch# show ip slb reals [vserver virtserver-name] [detail] | Displays information about the real servers defined to SLB. See the show ip slb reals command for more details. |
SLB-Switch# show ip slb serverfarms [name serverfarm-name] [detail] | Displays information about the server farms defined to SLB. See the show ip slb serverfarms command for more details. |
SLB-Switch# show ip slb stats | Displays SLB statistics. See the show ip slb stats command for more details. |
SLB-Switch# show ip slb sticky [client ip-address] | Displays information about the sticky connections defined to SLB. See the show ip slb sticky command for more details. |
SLB-Switch# show ip slb vservers [name virtserver-name] [detail] | Displays information about the virtual servers defined to SLB. See the show ip slb vservers command for more details. |
SLB-Switch# show ip slb probe [name probe_name] [detail] | Displays information about the HTTP probe defined to SLB. See the show ip slb probe command for more details. |
SLB-Switch# show ip slb replicate | Displays information about the SLB replication configuration. See the show ip slb replicate command for more details. |
The following example provides a complete configuration using the commands described in this chapter:
SLB-Switch# show running-config Building configuration... Current configuration: ! . (Information Deleted) . ip slb probe DOGULA http request method POST url /probe.cgi?all header Cookie header Authorization Basic U2VtaXN3ZWV0OmNoaXBz ! ip slb serverfarm PUBLIC nat server real 10.1.1.1 inservice real 10.1.1.2 inservice real 10.1.1.3 inservice probe DOGULA ! ip slb serverfarm RESTRICTED predictor leastconns bindid 309 real 10.1.1.1 weight 32 maxconns 1000 reassign 4 faildetect numconns 16 retry 120 inservice real 10.1.1.20 inservice real 10.1.1.21 inservice ! ip slb vserver PUBLIC_HTTP virtual 10.0.0.1 tcp www serverfarm PUBLIC no inservice ! ip slb vserver RESTRICTED_HTTP virtual 10.0.0.2 tcp www serverfarm RESTRICTED no advertise sticky 60 group 1 idle 1800 client 10.4.4.0 255.255.255.0 synguard 3600000 inservice ! !
Posted: Thu Sep 28 15:32:22 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.