access (firewall farm)

To route specific flows to a firewall farm, use the accesscommand in firewall farm configuration mode. To restore the default settings, use the no form of this command.

access [ { source source-ip netmask | destination destination-ip netmask | inbound { inbound-interface | datagram connection} | outbound outbound-interface} ]
no access [ { source source-ip netmask | destination destination-ip netmask | inbound { inbound-interface | datagram connection} | outbound outbound-interface} ]

Syntax Description

source

(Optional) Routes flows based on source IP address.

source-ip

(Optional) Source IP address. The default is 0.0.0.0 (all sources).

netmask

(Optional) Source IP network mask. The default is 0.0.0.0 (all source subnets).

destination

(Optional) Routes flows based on destination IP address.

destination-ip

(Optional) Destination IP address. The default is 0.0.0.0 (all destinations).

netmask

(Optional) Destination IP network mask. The default is 0.0.0.0 (all destination subnets).

inbound inbound-interface

(Optional) Indicates that the firewall farm is to accept inbound packets only on the specified inbound interface.

You can specify a subinterface, such as Gigabitethernet7/3.100, for the inbound-interfaceargument.

inbound datagram connection

(Optional) Indicates that IOS SLB is to create connections for inbound traffic as well as outbound traffic.

outbound outbound-interface

(Optional) Indicates that the firewall farm is to accept outbound packets only on the specified outbound interface.

You can specify a subinterface, such as Gigabitethernet7/3.100, for the outbound-interfaceargument.

Command Default

The default source IP address is 0.0.0.0 (routes flows from all sources to this firewall farm). The default source IP network mask is 0.0.0.0 (routes flows from all source subnets to this firewall farm). The default destination IP address is 0.0.0.0 (routes flows from all destinations to this firewall farm). The default destination IP network mask is 0.0.0.0 (routes flows from all destination subnets to this firewall farm). If you do not specify an inbound interface, the firewall farm accepts inbound packets on all inbound interfaces. If you do not specify the inbound datagram connection option, IOS SLB creates connections only for outbound traffic. If you do not specify an outbound interface, the firewall farm accepts outbound packets on all outbound interfaces.

Command Modes

Firewall farm configuration (config-slb-fw)

Command History

Release

Modification

12.1(7)E

This command was introduced.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

The inbound and outbound keywords and inbound-interface and outbound-interface arguments were added.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(33)SRE

This command was modified.

The datagram connection keywords were added.

The inbound-interfaceand outbound-interfacearguments can be subinterfaces.

Usage Guidelines

You can specify more than one source or destination for each firewall farm. To do so, configure multiple access statements, making sure the network masks do not overlap each other.

You can specify up to two inbound interfaces and two outbound interfaces for each firewall farm. To do so, configure multiple access statements, keeping the following considerations in mind:

  • All inbound and outbound interfaces must be in the same Virtual Private Network (VPN) routing and forwarding (VRF).
  • All inbound and outbound interfaces must be different from each other.
  • You cannot change inbound or outbound interfaces for a firewall farm while it is in service.

If you do not configure an access interface using this command, IOS SLB installs the wildcards for the firewall farm in all of the available interfaces of the device, including the VRF interfaces. If IOS SLB is not required on the VRF interfaces, use this command to limit wildcards to the specified interfaces only.

By default, IOS SLB firewall load balancing creates connections only for outbound traffic (that is, traffic that arrives through the real server). Inbound traffic uses those same connections to forward the traffic, which can impact the CPU. To enable IOS SLB to create connections for both inbound traffic and outbound traffic, reducing the impact on the CPU, use the access inbound datagram connection command.

Examples

The following example routes flows with a destination IP address of 10.1.6.0 to firewall farm FIRE1:

Router(config)# ip slb firewallfarm FIRE1
Router(config-slb-fw)# access destination 10.1.6.0 255.255.255.0

Related Commands

Command

Description

show ip slb firewallfarm

Displays information about the firewall farm configuration.

access (server farm)

To configure an access interface for a server farm, use the access command in server farm configuration mode. To disable the access interface, use the no form of this command.

access interface
no access interface

Syntax Description

interface

Interface to be inspected. The server farm will handle outbound flows from real servers only on the specified interface.

You can specify a subinterface, such as Gigabitethernet7/3.100, for the interfaceargument.

Command Default

The server farm handles outbound flows from real servers on all interfaces.

Command Modes

Server farm configuration (config-slb-sfarm)

Command History

Release

Modification

12.2(18)SXE

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(33)SRE

This command was modified. The interfaceargument can be a subinterface.

Usage Guidelines

The virtual server and its associated server farm interfaces must be in the same Virtual Private Network (VPN) routing and forwarding (VRF).

You can specify up to two access interfaces for each server farm. To do so, configure two access statements, keeping the following considerations in mind:

  • The two interfaces must be in the same VRF.
  • The two interfaces must be different from each other.
  • The access interfaces of primary and backup server farms must be the same.
  • You cannot change the interfaces for a server farm while it is in service.

If you do not configure an access interface using this command, IOS SLB installs the wildcards for the server farm in all of the available interfaces of the device, including the VRF interfaces. If IOS SLB is not required on the VRF interfaces, use this command to limit wildcards to the specified interfaces only.

Examples

The following example limits the server farm to handling outbound flows from real servers only on access interface Vlan106:

Router(config)# ip slb serverfarm SF1
Router(config-slb-sfarm)# access Vlan106

Related Commands

Command

Description

show ip slb serverfarms

Displays information about the server farms.

access (virtual server)

To enable framed-IP routing to inspect the ingress interface, use the access command in virtual server configuration mode. To disable framed-IP routing, use the no form of this command.

access interface [ route framed-ip]
no access interface [ route framed-ip]

Syntax Description

interface

Interface to be inspected.

You can specify a subinterface, such as Gigabitethernet7/3.100, for the interfaceargument.

route framed-ip

(Optional) Routes flows using framed-IP routing.

Command Default

Framed-IP routing cannot inspect the ingress interface.

Command Modes

Virtual server configuration (config-slb-vserver)

Command History

Release

Modification

12.1(12c)E

This command was introduced.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

The command was modified to accept up to two framed-IP access interfaces (specified on separate commands).

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(33)SRE

This command was modified. The interfaceargument can be a subinterface.

Usage Guidelines

This command enables framed-IP routing to inspect the ingress interface when routing subscriber traffic. All framed-IP sticky database entries created as a result of RADIUS requests to this virtual server will include the interface in the entry. In addition to matching the source IP address of the traffic with the framed-IP address, the ingress interface must also match this interface when this command is configured.

You can use this command to allow subscriber data packets to be routed to multiple service gateway service farms.

The virtual server and its associated server farm interfaces must be in the same Virtual Private Network (VPN) routing and forwarding (VRF).

You can specify up to two framed-IP access interfaces for each virtual server. To do so, configure two access statements, keeping the following considerations in mind:

  • The two interfaces must be in the same VRF.
  • The two interfaces must be different from each other.
  • You cannot change the interfaces for a virtual server while it is in service.

If you do not configure an access interface using this command, IOS SLB installs the wildcards for the virtual server in all of the available interfaces of the device, including the VRF interfaces. If IOS SLB is not required on the VRF interfaces, use this command to limit wildcards to the specified interfaces only.

Examples

The following example enables framed-IP routing to inspect ingress interface Vlan20:

Router(config)# ip slb vserver SSG_AUTH
Router(config-slb-vserver)# access Vlan20 route framed-ip

Related Commands

Command

Description

show ip slb vservers

Displays information about the virtual servers defined to IOS SLB.

address (custom UDP probe)

To configure an IP address to which to send custom User Datagram Protocol (UDP) probes, use the addresscommand in custom UDP probe configuration mode. To restore the default settings, use the no form of this command.

address [ip-address] [routed]
no address [ip-address] [routed]

Syntax Description

ip-address

(Optional) Destination IP address that is to respond to the custom UDP probe.

routed

(Optional) Flags the probe as a routed probe, with the following considerations:

  • Only one instance of a routed probe per server farm can run at any given time.
  • Outbound packets for a routed probe are routed directly to ip-address.

Command Default

If the custom UDP probe is associated with a firewall farm, you must specify an IP address. If the custom UDP probe is associated with a server farm, and you do not specify an IP address, the address is inherited from the server farm real servers.

Command Modes

Custom UDP probe configuration (config-slb-probe)

Command History

Release

Modification

12.1(13)E3

This command was introduced.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example configures a custom UDP probe named PROBE6, enters custom UDP probe configuration mode, and configures the probe to receive responses from IP address 13.13.13.13:

Router(config)# ip slb probe PROBE6 custom udp
Router(config-slb-probe)# address 13.13.13.13

Related Commands

Command

Description

ip slb probe custom udp

Configures a custom UDP probe name and enters custom UDP probe configuration mode.

show ip slb probe

Displays information about an IOS SLB probe.

address (DNS probe)

To configure an IP address to which to send Domain Name System (DNS) probes, use the addresscommand in DNS probe configuration mode. To restore the default settings, use the no form of this command.

address [ ip-address [routed] ]
no address [ ip-address [routed] ]

Syntax Description

ip-address

(Optional) Destination IP address that is to respond to the DNS probe.

routed

(Optional) Flags the probe as a routed probe, with the following considerations:

  • Only one instance of a routed probe per server farm can run at any given time.
  • Outbound packets for a routed probe are routed directly to the specified IP address.

Command Default

If the DNS probe is associated with a firewall farm, you must specify an IP address. If the DNS probe is associated with a server farm, and you do not specify an IP address, the address is inherited from the server farm real servers.

Command Modes

DNS probe configuration (config-slb-probe)

Command History

Release

Modification

12.1(11b)E

This command was introduced.

12.1(12c)E

The routed keyword was added.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example configures a DNS probe named PROBE4, enters DNS probe configuration mode, and configures the probe to receive responses from IP address 10.1.10.1:

Router(config)# ip slb probe PROBE4 dns
Router(config-slb-probe)# address 10.1.10.1

Related Commands

Command

Description

ip slb probe dns

Configures a DNS probe name and enters DNS probe configuration mode.

show ip slb probe

Displays information about an IOS SLB probe.

address (HTTP probe)

To configure an IP address to which to send HTTP probes, use the addresscommand in HTTP probe configuration mode. To restore the default settings, use the no form of this command.

address [ ip-address [routed] ]
no address [ ip-address [routed] ]

Syntax Description

ip-address

(Optional) Destination IP address that is to respond to the HTTP probe.

routed

(Optional) Flags the probe as a routed probe, with the following considerations:

  • Only one instance of a routed probe per server farm can run at any given time.
  • Outbound packets for a routed probe are routed directly to the specified IP address.

Command Default

If the HTTP probe is associated with a firewall farm, you must specify an IP address. If the HTTP probe is associated with a server farm, and you do not specify an IP address, the address is inherited from the server farm real servers.

Command Modes

HTTP probe configuration (config-slb-probe)

Command History

Release

Modification

12.1(3a)E

This command was introduced.

12.1(12c)E

The routed keyword was added.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example configures an HTTP probe named PROBE2, enters HTTP probe configuration mode, and configures the probe to receive responses from IP address 10.1.10.1:

Router(config)# ip slb probe PROBE2 http
Router(config-slb-probe)# address 10.1.10.1

Related Commands

Command

Description

ip slb probe http

Configures an HTTP probe name and enters HTTP probe configuration mode.

show ip slb probe

Displays information about an IOS SLB probe.

address (ping probe)

To configure an IP address to which to send ping probes, use the addresscommand in ping probe configuration mode. To restore the default settings, use the no form of this command.

address [ ip-address [routed] ]
no address [ ip-address [routed] ]

Syntax Description

ip-address

(Optional) Destination IP address that is to respond to the ping probe.

routed

(Optional) Flags the probe as a routed probe, with the following considerations:

  • Only one instance of a routed probe per server farm can run at any given time.
  • Outbound packets for a routed probe are routed directly to the specified IP address.

Command Default

If the ping probe is associated with a firewall farm, you must specify an IP address. If the ping probe is associated with a server farm, and you do not specify an IP address, the address is inherited from the server farm real servers.

Command Modes

Ping probe configuration (config-slb-probe)

Command History

Release

Modification

12.1(3a)E

This command was introduced.

12.1(12c)E

The routed keyword was added.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example configures a ping probe named PROBE1, enters ping probe configuration mode, and configures the probe to receive responses from IP address 10.1.10.1:

Router(config)# ip slb probe PROBE1 ping
Router(config-slb-probe)# address 10.1.10.1

Related Commands

Command

Description

ip slb probe ping

Configures a ping probe name and enters ping probe configuration mode.

show ip slb probe

Displays information about an IOS SLB probe.

address (TCP probe)

To configure an IP address to which to send TCP probes, use the addresscommand in TCP probe configuration mode. To restore the default settings, use the no form of this command.

address [ ip-address [routed] ]
no address [ ip-address [routed] ]

Syntax Description

ip-address

(Optional) Destination IP address that is to respond to the TCP probe.

routed

(Optional) Flags the probe as a routed probe, with the following considerations:

  • Only one instance of a routed probe per server farm can run at any given time.
  • Outbound packets for a routed probe are routed directly to the specified IP address.

Command Default

If the TCP probe is associated with a firewall farm, you must specify an IP address If the TCP probe is associated with a server farm, and you do not specify an IP address, the address is inherited from the server farm real servers.

Command Modes

TCP probe configuration (config-slb-probe)

Command History

Release

Modification

12.1(11b)E

This command was introduced.

12.1(12c)E

The routed keyword was added.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example configures a TCP probe named PROBE5, enters TCP probe configuration mode, and configures the probe to receive responses from IP address 10.1.10.1:

Router(config)# ip slb probe PROBE5 tcp
Router(config-slb-probe)# address 10.1.10.1

Related Commands

Command

Description

ip slb probe tcp

Configures a TCP probe name and enters TCP probe configuration mode.

show ip slb probe

Displays information about an IOS SLB probe.

address (WSP probe)

To configure an IP address to which to send Wireless Session Protocol (WSP) probes, use the addresscommand in WSP probe configuration mode. To restore the default settings, use the no form of this command.

address [ ip-address [routed] ]
no address [ ip-address [routed] ]

Syntax Description

ip-address

(Optional) Destination IP address that is to respond to the WSP probe.

routed

(Optional) Flags the probe as a routed probe, with the following considerations:

  • Only one instance of a routed probe per server farm can run at any given time.
  • Outbound packets for a routed probe are routed directly to the specified IP address.

Command Default

If the WSP probe is associated with a firewall farm, you must specify an IP address. If the WSP probe is associated with a server farm, and you do not specify an IP address, the address is inherited from the server farm real servers. In dispatched mode, the ip-address argument value is the same as the virtual server IP address. In directed Network Address Translation (NAT) mode, an IP address is unnecessary.

Command Modes

WSP probe configuration (config-slb-probe)

Command History

Release

Modification

12.1(5a)E

This command was introduced.

12.1(12c)E

The routed keyword was added.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example configures a WSP probe named PROBE3, enters WSP probe configuration mode, and configures the probe to receive responses from IP address 10.1.10.1:

Router(config)# ip slb probe PROBE3 wsp
Router(config-slb-probe)# address 10.1.10.1

Related Commands

Command

Description

ip slb probe wsp

Configures a WSP probe name and enters WSP probe configuration mode.

show ip slb probe

Displays information about an IOS SLB probe.

advertise

To control the installation of a static route to the Null0 interface for a virtual server address, use the advertise command in SLB virtual server configuration mode. To prevent the installation of a static route for the virtual server IP address, use the no form of this command.

advertise [active]
no advertise [active]

Syntax Description

active

(Optional) Indicates that the host route is to be advertised only when the virtual IP address is available (that is, when there is at least one real server in OPERATIONAL, DFP_THROTTLED, or MAXCONNS state).

Command Default

The virtual server IP address is advertised. That is, a static route to the Null0 interface is installed for the virtual server IP addresses and it is added to the routing table. If you do not specify the activekeyword, the host route is advertised regardless of whether the virtual IP address is available.

Command Modes

SLB virtual server configuration (config-slb-vserver)

Command History

Release

Modification

12.0(7)XE

This command was introduced.

12.1(5)T

This command was integrated into Cisco IOS Release 12.1(5)T.

12.2

This command was integrated into Cisco IOS Release 12.2.

12.1(7)E

The activekeyword was added.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

Advertisement of a static route using the routing protocol requires that you configure redistribution of static routes for the routing protocol.

The advertise command does not affect virtual servers used for transparent web cache load balancing.

HTTP probes and route health injection require a route to the virtual server. The route is not used, but it must exist to enable the sockets code to verify that the destination can be reached, which in turn is essential for HTTP probes and route health injection to function correctly.

  • For HTTP probes, the route can be either a host route (advertised by the virtual server) or a default route (specified using the ip route 0.0.0.0 0.0.0.0command, for example). If you specify either the no advertise or the advertise active command, you must specify a default route.
  • For route health injection, the route must be a default route.

HTTP probes and route health injection can both use the same default route; you need not specify two unique default routes.

Examples

The following example prevents advertisement of the virtual server’s IP address in routing protocol updates:

Router(config)# ip slb vserver PUBLIC_HTTP
Router(config-slb-vserver)# no advertise

Related Commands

Command

Description

show ip slb vservers

Displays information about the virtual servers defined to IOS SLB.

agent

To identify a Dynamic Feedback Protocol (DFP) agent with which the IOS Server Load Balancing (IOS SLB) feature can initiate connections, use the agentcommand in SLB DFP configuration mode. To remove a DFP agent definition from the DFP configuration, use the no form of this command.

agent ip-address port [ timeout [ retry-count [retry-interval] ] ]
no agent ip-address port

Syntax Description

ip-address

Agent IP address.

port

Agent TCP or User Datagram Protocol (UDP) port number.

timeout

(Optional) Time period, in seconds, during which the DFP manager must receive an update from the DFP agent. The valid range is 0 to 65535 seconds. The default is 0 seconds, which means there is no timeout.

retry-count

(Optional) Number of times the DFP manager attempts to establish the TCP connection to the DFP agent. The valid range is 0 to 65535 times. The default is 0 retries, which means there are infinite retries.

retry-interval

(Optional) Interval, in seconds, between retries. The valid range is 1 to 65535 seconds. The default is 180 seconds.

Command Default

The default timeout is 0 seconds (no timeout). The default retry count is 0 (infinite retries). The default retry interval is 180 seconds.

Command Modes

SLB DFP configuration (config-slb-dfp)

Command History

Release

Modification

12.0(7)XE

This command was introduced.

12.1(5)T

This command was integrated into Cisco IOS Release 12.1(5)T.

12.2

This command was integrated into Cisco IOS Release 12.2.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

A DFP agent collects status information about the load capability of a server and reports that information to a load manager. The DFP agent may reside on the server, or it may be a separate device that collects and consolidates the information from several servers before reporting to the load manager.

The password specified in the ip slb dfp command for the DFP manager must match the password specified in the password command for the DFP agent.

You can configure up to 1024 agents.

Examples

The following example sets the DFP password to Password1 (to match the DFP agent’s password), sets the timeout to 360 seconds, enters DFP configuration mode, and enables IOS SLB to connect to the DFP agent with IP address 10.1.1.1 and port number 2221:

Router(config)# ip slb dfp password Password1 360
Router(config-slb-dfp)# agent 10.1.1.1 2221 30 0 10

Related Commands

Command

Description

ip dfp agent

Identifies a DFP agent subsystem and enters DFP agent configuration mode.

ip slb dfp

Configures DFP, supplies an optional password, and enters DFP configuration mode.

apn

To configure an ASCII regular expression string to be matched against the access point name (APN) for general packet radio service (GPRS) load balancing, use the apn command in SLB GTP map configuration mode. To delete the APN string, use the no form of this command.

apn string
no apn string

Syntax Description

string

ASCII regular expression string to be matched against the APN.

For information about regular expressions and how to use them in Cisco IOS software configurations, refer to the Understanding Regular Expressions section of the Cisco IOS Configuration Fundamentals Configuration Guide .

Command Default

None

Command Modes

SLB GTP map configuration (config-slb-gtp-map)

Command History

Release

Modification

12.2(33)SRB

This command was introduced.

Usage Guidelines

For a given IOS SLB GTP map, you can configure up to 100 apn commands. However, we recommend you configure no more than 10 apn commands per map.

Examples

The following example specifies that, for IOS SLB GTP map 2, string .cisco* is to be matched against the APN:

Router(config)# ip slb map 2 gtp
Router(config-slb-gtp-map)# apn cisco*

Related Commands

Command

Description

ip slb map

Configures an IOS SLB protocol map and enters SLB map configuration mode.

show ip slb map

Displays information about IOS SLB protocol maps.

bindid

To configure a bind ID, use the bindidcommand inSLBserver farm configuration mode. To remove a bind ID from the server farm configuration, use the no form of this command.

bindid [bind-id]
no bindid [bind-id]

Syntax Description

bind-id

(Optional) Bind ID number. The default bind ID is 0.

Command Default

The default bind ID is 0.

Command Modes

SLB server farm configuration (config-slb-sfarm)

Command History

Release

Modification

12.0(7)XE

This command was introduced.

12.1(5)T

This command was integrated into Cisco IOS Release 12.1(5)T.

12.2

This command was integrated into Cisco IOS Release 12.2.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

You can configure one bind ID on each bindid command.

The bind ID allows a single physical server to be bound to multiple virtual servers, and to report a different weight for each one. Thus, the single real server is represented as multiple instances of itself, each having a different bind ID. Dynamic Feedback Protocol (DFP) uses the bind ID to identify for which instance of the real server a given weight is specified.

In general packet radio service (GPRS) load balancing, bind IDs are not supported. Therefore do not use the bindidcommand in a GPRS load-balancing environment.

Examples

The following example configures bind ID 309:

Router(config)# ip slb serverfarm PUBLIC
Router(config-slb-sfarm)# bindid 309

Related Commands

Command

Description

ip slb dfp

Configures DFP, supplies an optional password, and enters DFP configuration mode.

show ip slb serverfarms

Displays information about the IOS SLB server farms.

calling-station-id

To configure an ASCII regular expression string to be matched against the calling station ID attribute for RADIUS load balancing, use the calling-station-id command in SLB RADIUS map configuration mode. To delete the calling station ID match string, use the no form of this command.

calling-station-id string
no calling-station-id string

Syntax Description

string

ASCII regular expression string to be matched against the calling station ID attribute in the RADIUS payload.

For information about regular expressions and how to use them in Cisco IOS software configurations, refer to the Understanding Regular Expressions section of the Cisco IOS Configuration Fundamentals Configuration Guide .

Command Default

None

Command Modes

SLB RADIUS map configuration (config-slb-radius-map)

Command History

Release

Modification

12.2(33)SRB

This command was introduced.

Usage Guidelines

For a given IOS SLB RADIUS map, you can configure a single calling-station-id command or a single username (IOS SLB) command, but not both.

Examples

The following example specifies that, for IOS SLB RADIUS map 1, string .919* is to be matched against the calling station ID attribute in the RADIUS payload:

Router(config)# ip slb map 1 radius
Router(config-slb-radius-map)# calling-station-id .919*

Related Commands

Command

Description

ip slb map

Configures an IOS SLB protocol map and enters SLB map configuration mode.

show ip slb map

Displays information about IOS SLB protocol maps.

username

Configures an ASCII regular expression string to be matched against the username attribute in the RADIUS payload.

clear fm slb counters

To clear Feature Manager (FM) IOS Server Load Balancing (IOS SLB) counters, use the clear fm slb counterscommand in privileged EXEC mode.

clear fm slb { inband | purge} counters

Syntax Description

inband

Clears FM IOS SLB inband counters.

purge

Clears FM IOS SLB purge counters.

Command Default

FM IOS SLB counters are not cleared.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

12.2(18)SXF5

This command was introduced.

Examples

The following example clears the FM IOS SLB inband counters:

Router# clear fm slb inband counters

Related Commands

Command

Description

show fm slb counters

Displays information about the Feature Manager (FM) IOS Server Load Balancing (IOS SLB) counters.

clear ip slb connections

To clear the IP IOS Server Load Balancing (IOS SLB) connections, use the clear ip slb connections command in privileged EXEC mode.

clear ip slb connections [ { firewallfarm firewall-farm | serverfarm server-farm | vserver virtual-server} ]

Syntax Description

firewallfarm firewall-farm

(Optional) Clears the IOS SLB connection database for the specified firewall farm.

serverfarm server-farm

(Optional) Clears the IOS SLB connection database for the specified server farm.

vserver virtual-server

(Optional) Clears the IOS SLB connection database for the specified virtual server.

Command Default

The IOS SLB connection database is cleared for all firewall farms, server farms, and virtual servers.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

12.1(1)E

This command was introduced as part of the clear ip slb command.

12.1(5)T

This command was integrated into Cisco IOS Release 12.1(5)T.

12.2

This command was integrated into Cisco IOS Release 12.2.

12.1(11b)E

This command was separated from the clear ip slb command.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

In general packet radio service (GPRS) load balancing, the clear ip slb connections command clears connections, but does not clear sessions.

Examples

The following example clears the connection database of server farm FARM1:

Router# clear ip slb connections serverfarm FARM1

The following example clears the connection database of virtual server VSERVER1:

Router# clear ip slb connections vserver VSERVER1

Related Commands

Command

Description

show ip slb conns

Displays information about active IOS SLB connections.

show ip slb firewallfarm

Displays information about the firewall farm configuration.

show ip slb serverfarms

Displays information about the IOS SLB server farms.

show ip slb vservers

Displays information about the virtual servers defined to IOS SLB.

clear ip slb counters

To clear the IP IOS Server Load Balancing (IOS SLB) counters, use the clear ip slb counterscommand in privileged EXEC mode.

clear ip slb counters [kal-ap]

Syntax Description

kal-ap

(Optional) clears only IP IOS SLB KeepAlive Application Protocol (KAL-AP) counters.

Command Default

IP IOS SLB counters are not cleared.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

12.1(1)E

This command was introduced as part of the clear ip slb command.

12.1(5)T

This command was integrated into Cisco IOS Release 12.1(5)T.

12.2

This command was integrated into Cisco IOS Release 12.2.

12.1(11b)E

This command was separated from the clear ip slb command.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(33)SRC

The kal-apkeyword was added.

Examples

The following example clears the IP IOS SLB counters:

Router# clear ip slb counters

Related Commands

Command

Description

show ip slb stats

Displays IOS SLB statistics.

clear ip slb sessions

To clear the IP IOS Server Load Balancing (IOS SLB) sessions database, use the clear ip slb sessionscommand in privileged EXEC mode.

clear ip slb sessions [ { firewallfarm firewall-farm | serverfarm server-farm | vserver virtual-server} ]

Syntax Description

firewallfarm firewall-farm

(Optional) Clears the IOS SLB session database for the specified firewall farm.

serverfarm server-farm

(Optional) Clears the IOS SLB session database for the specified server farm.

vserver virtual-server

(Optional) Clears the IOS SLB session database for the specified virtual server.

Command Default

If no optional keywords or arguments are specified, the IOS SLB sessions database is cleared of all firewall farms, server farms, and virtual servers.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

12.1(11b)E

This command was introduced.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example clears the session database of server farm FARM1:

Router# clear ip slb sessions serverfarm FARM1

The following example clears the session database of virtual server VSERVER1:

Router# clear ip slb sessions vserver VSERVER1

Related Commands

Command

Description

show ip slb firewallfarm

Displays information about the IOS SLB firewall farms.

show ip slb sessions

Displays information about sessions handled by IOS SLB.

show ip slb vservers

Displays information about the virtual servers defined to IOS SLB.

clear ip slb sticky asn msid

To clear an entry from an IOS Server Load Balancing (IOS SLB) Access Service Network (ASN) Mobile Station ID (MSID) sticky database, use the clear ip slb sticky asn msidcommand in privileged EXEC mode.

clear ip slb sticky asn msid msid

Syntax Description

imsi

Clears the entry associated with the specified MSID from the IOS SLB ASN MSID sticky database.

Command Default

None

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

12.2(33)SRE

This command was introduced.

Usage Guidelines

When you use this command to clear an entry from the IOS SLB ASN MSID sticky database, the session is not cleared; it lingers until it times out. (The session timeout is configured by using the idle command in SLB virtual server configuration mode; the default timeout is 60 seconds.) To clear the session manually, use the clear ip slb sessions command in privileged EXEC mode.

Examples

The following example clears the entry associated with MSID 001646013fc0 from the IOS SLB ASN MSID sticky database:

Router# clear ip slb sticky asn msid 001646013fc0

Related Commands

Command

Description

show ip slb sticky

Displays information about the IOS Server Load Balancing (IOS SLB) sticky database.

clear ip slb sticky gtp imsi

To clear entries from an IOS Server Load Balancing (IOS SLB) general packet radio service (GPRS) Tunneling Protocol (GTP) International Mobile Subscriber ID (IMSI) sticky database, use the clear ip slb sticky gtp imsicommand in privileged EXEC mode.

clear ip slb sticky gtp imsi [ id imsi]

Syntax Description

id imsi

Clears only the entry associated with the specified IMSI from the IOS SLB GTP IMSI sticky database.

Command Default

If you enter this command without the optional IMSI ID, all entries are cleared from the IOS SLB GTP IMSI sticky database.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

12.2(18)SXE

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

When you use this command to clear an entry from the IOS SLB GTP IMSI sticky database, the session is not cleared; it lingers until it times out. (The session timeout is configured by using the idle command in SLB virtual server configuration mode; the default timeout is 30 seconds.) If the same user tries to create a new Packet Data Protocol (PDP) context before the session times out, using the same Network Service Access Point Identifier (NSAPI) but a different access point name (APN), IOS SLB forwards the request to the old server farm, even though the new APN should lead to a different server farm. To avoid this problem, clear the session manually by using the clear ip slb sessions command in privileged EXEC mode.

Examples

The following example clears all entries from the IOS SLB GTP IMSI sticky database:

Router# clear ip slb sticky gtp imsi

Related Commands

Command

Description

show ip slb sticky

Displays information about the IOS Server Load Balancing (IOS SLB) sticky database.

clear ip slb sticky radius

To clear entries from a IOS Server Load Balancing (IOS SLB) RADIUS sticky database, use the clear ip slb sticky radiuscommand in privileged EXEC mode.

clear ip slb sticky radius { calling-station-id [ id string] | framed-ip [ framed-ip [netmask] ] }

Syntax Description

calling-station-id

Clears entries from the IOS SLB RADIUS calling-station-ID sticky database.

id string

(Optional) Calling station ID of the entry to be cleared.

framed-ip

Clears entries from the IOS SLB RADIUS framed-IP sticky database.

framed-ip

(Optional) Framed-IP address of entries to be cleared.

netmask

(Optional) Subnet mask specifying a range of entries to be cleared.

Command Default

If no optional arguments are specified, all entries are cleared from the IOS SLB RADIUS calling-station-ID sticky database or framed-IP sticky database.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

12.1(11b)E

This command was introduced.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(14)ZA5

The calling-station-idand idkeywords and string argument were added.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

When you use this command to clear an entry from the IOS SLB RADIUS calling-station-ID sticky database, the session is not cleared; it lingers until it times out. (The session timeout is configured by using the idle command in SLB virtual server configuration mode; the default timeout is 30 seconds.) If the same user tries to create a new Packet Data Protocol (PDP) context before the session times out, using the same Network Service Access Point Identifier (NSAPI) but a different access point name (APN), IOS SLB forwards the request to the old server farm, even though the new APN should lead to a different server farm. To avoid this problem, clear the session manually by using the clear ip slb sessions command in privileged EXEC mode.

Examples

The following example clears all entries from the IOS SLB RADIUS framed-IP sticky database:

Router# clear ip slb sticky radius framed-ip

Related Commands

Command

Description

show ip slb sticky

Displays information about the IOS SLB sticky database.

client (virtual server)

To define which clients are allowed to use the virtual server, use the clientcommand in Server Load Balancing (SLB) virtual server configuration mode. To remove a client definition from the SLB configuration, use the no form of this command.

client { ipv4-address netmask [exclude] | gtp carrier-code [code] }
no client { ipv4-address netmask [exclude] | gtp carrier-code [code] }

Syntax Description

ipv4-address

Client IPv4 address. The default is 0.0.0.0 (all clients).

netmask

Client IPv4 network mask. The default is 0.0.0.0 (all subnets).

exclude

(Optional) Ignores connections initiated by the client IPv4 address from the load-balancing scheme.

gtp carrier-code

For general packet radio service (GPRS) Tunneling Protocol (GTP) cause code inspection, configures the virtual server to accept Packet Data Protocol (PDP) context creates only from the specified International Mobile Subscriber Identity (IMSI) carrier code.

code

(Optional) For GTP cause code inspection, identifies the IMSI carrier code from which this virtual server is to accept PDP context creates. The code has the format:

mcc mcc-code mnc mnc-code

where:

  • mcc-code is the Mobile Country Code (MCC)
  • mnc-code is the Mobile Network Code (MNC)

If you do not specify a code, the virtual server accepts PDP context creates from any IMSI carrier code.

Command Default

The default client IPv4 address is 0.0.0.0 (all clients). The default client IPv4 network mask is 0.0.0.0 (all subnets). Taken together, the default is client 0.0.0.0 0.0.0.0 (allows all clients on all subnets to use the virtual server). If you specify gtp carrier-code and you do not specify a code, the virtual server accepts PDP context creates from any IMSI carrier code.

Command Modes

SLB virtual server configuration (config-slb-vserver)

Command History

Release

Modification

12.0(7)XE

This command was introduced.

12.1(1)E

The exclude keyword was added.

12.1(5)T

This command was integrated into Cisco IOS Release 12.1(5)T.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.1(13)E3

The gtp carrier-codekeyword and code argument were added.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

You can use more than one client command to define more than one client.

The netmask value is applied to the source IPv4 address of incoming connections. The result must match the ipv4-address value for the client to be allowed to use the virtual server.

If you configure probes in your network, you must also do one of the following:

  • Configure the exclude keyword on the client command on the virtual server to exclude connections initiated by the client IPv4 address from the load-balancing scheme.
  • Configure IPv4 addresses on the IOS SLB device that are Layer 3-adjacent to the real servers used by the virtual server.

Configure separate client commands to specify the clients that can use the virtual server, and to specify the IMSI carrier code from which the virtual server is to accept PDP context creates.

Dual-stack support for GTP load balancing does not support this command.

Examples

The following example allows clients from only 10.4.4.0 access to the virtual server:

Router(config)# ip slb vserver PUBLIC_HTTP
Router(config-slb-vserver)# client 10.4.4.0 255.255.255.0

Related Commands

Command

Description

show ip slb vserver

Displays information about the virtual servers defined to IOS SLB.

virtual (virtual server)

Configures the virtual server attributes.

credentials (HTTP probe)

To configure basic authentication values for the HTTP IOS Server Load Balancing (IOS SLB) probe, use the credentialscommand in HTTP probe configuration mode. To remove a credentials configuration, use the no form of this command.

credentials username [password]
no credentials username [password]

Syntax Description

username

Authentication username of the HTTP probe header. The character string is limited to 15 characters.

password

(Optional) Authentication password of the HTTP probe header. The character string is limited to 15 characters.

Command Default

Basic authentication values for the HTTP IOS SLB probe are not configured.

Command Modes

HTTP probe configuration (config-slb-probe)

Command History

Release

Modification

12.1(2)E

This command was introduced.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example configures an HTTP probe named PROBE2, enters HTTP probe configuration mode, sets the HTTP authentication to username Username1, and sets the password to develop:

Router(config)# ip slb probe PROBE2 http
Router(config-slb-probe)# credentials Username1 develop

Related Commands

Command

Description

show ip slb probe

Displays information about an IOS Server Load Balancing (IOS SLB) probe.

delay (firewall farm TCP protocol)

To change the amount of time the IOS Server Load Balancing (IOS SLB) maintains TCP connection context after a connection has terminated, use the delaycommand in firewall farm TCP protocol configuration mode. To restore the default delay timer, use the no form of this command.

delay duration
no delay

Syntax Description

duration

Delay timer duration in seconds. The valid range is 1 to 600 seconds. The default value is 10 seconds.

Command Default

The default duration is 10 seconds.

Command Modes

Firewall farm TCP protocol configuration (config-slb-fw-tcp)

Command History

Release

Modification

12.1(3a)E

This command was introduced.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

The delay timer allows out-of-sequence packets and final acknowledgments (ACKs) to be delivered after a TCP connection ends. Do not set this value to zero (0).

If you are configuring a delay timer for HTTP flows, choose a low number such as 5 seconds as a starting point.

Examples

The following example specifies that IOS SLB maintains TCP connection context for 30 seconds after a connection has terminated:

Router(config)# ip slb firewallfarm FIRE1
Router(config-slb-fw)# protocol tcp
Router(config-slb-fw-tcp)# delay 30

Related Commands

Command

Description

protocol tcp

Enters firewall farm TCP protocol configuration mode.

show ip slb firewallfarm

Displays information about the firewall farm configuration.

delay (virtual server)

To change the amount of time IOS Server Load Balancing (IOS SLB) maintains TCP connection context after a connection has terminated, use the delaycommand in SLB virtual server configuration mode. To restore the default delay timer, use the no form of this command.

delay { duration | radius framed-ip duration}
no delay { duration | radius framed-ip duration}

Syntax Description

duration

Delay timer duration for TCP connection context, in seconds. The valid range is 1 to 600 seconds. The default value is 10 seconds.

radius framed-ip duration

Delay timer for RADIUS framed-ip sticky database, in seconds. The valid range is 1 to 43200 seconds. The default value is 10 seconds.

Command Default

The default duration for the TCP connection context is 10 seconds. The default duration for the RADIUS framed-ip sticky database is 10 seconds.

Command Modes

SLB virtual server configuration (config-slb-vserver)

Command History

Release

Modification

12.0(7)XE

This command was introduced.

12.1(5)T

This command was integrated into Cisco IOS Release 12.1(5)T.

12.2

This command was integrated into Cisco IOS Release 12.2.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.1(18)E

The radius and framed-ip keywords and the duration argument were added.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

The TCP connection context delay timer allows out-of-sequence packets and final acknowledgments (ACKs) to be delivered after a TCP connection ends. Do not set this value to zero (0).

If you are configuring a TCP connection context delay timer for HTTP flows, choose a low number such as 5 seconds as a starting point.

For the Home Agent Director, the delay command has no meaning and is not supported.

Examples

The following example specifies that IOS SLB maintains TCP connection context for 30 seconds after a connection has terminated:

Router(config)# ip slb vserver PUBLIC_HTTP
Router(config-slb-vserver)# delay 30

Related Commands

Command

Description

show ip slb vservers

Displays information about the virtual servers defined to IOS SLB.

virtual

Configures the virtual server attributes.

expect

To configure a status code or regular expression to expect information from the HTTP probe, use the expectcommand in HTTP probe configuration mode. To restore the default settings, use the no form of this command.

expect [ status status-code] [ regex expression]
no expect [ status status-code] [ regex expression]

Syntax Description

status status-code

(Optional) Configures the expected HTTP status code. The valid range is 100 to 599. The default expected status code is 200.

regex expression

(Optional) Configures the regular expression expected in the HTTP response.

For information about regular expressions and how to use them in Cisco IOS software configurations, refer to the Understanding Regular Expressions section of the Cisco IOS Configuration Fundamentals Configuration Guide.

Command Default

The default expected status code is 200. There is no default expected regular expression.

Command Modes

HTTP probe configuration (config-slb-probe)

Command History

Release

Modification

12.1(2)E

This command was introduced.

12.1(3a)E

The regex keyword and expression argument were added.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

The expect command configures the expected status code or regular expression to be received from the servers. A real server is considered to have failed and is taken out of service if any of the following events occurs:

  • A status number other than the expected one is received.
  • The expected regular expression is not received in the first 2920 bytes of probe output. (IOS Server Load Balancing [IOS SLB] searches only the first 2920 bytes for the expected status code or regular expression.)
  • The server fails to respond.

For IOS SLB firewall load balancing, configure the HTTP probe to expect status code 40l.

Examples

The following example configures an HTTP probe named PROBE2, enters HTTP configuration mode, and configures the HTTP probe to expect the status code 40l and the regular expression Copyright:

Router(config)# ip slb probe PROBE2 http
Router(config-slb-probe)# expect status 401 regex Copyright

Related Commands

Command

Description

ip slb probe http

Configures an HTTP probe name and enters HTTP probe configuration mode.

show ip slb probe

Displays information about an IOS SLB probe.

failaction (firewall farm)

To configure the IOS Server Load Balancing (IOS SLB) feature’s behavior when a firewall fails, use the failaction command in firewall farm configuration mode.

failaction purge

Syntax Description

purge

Enables IOS SLB to automatically remove connections to failed firewalls from the connection database even if the idle timers have not expired.

Command Default

If you do not specify the failactioncommand, IOS SLB does not automatically remove connections to failed firewalls.

Command Modes

Firewall farm configuration (config-slb-fw)

Command History

Release

Modification

12.1(9)E

This command was introduced.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

This command is useful for applications that do not rotate the source port (such as Internet Key Exchange [IKE]), and for protocols that do not have ports to differentiate flows (such as Encapsulation Security Payload [ESP]).

Examples

In the following example, IOS SLB removes all connections to failed firewalls in firewall farm FIRE1:

Router(config)# ip slb firewallfarm FIRE1
Router(config-slb-fw)# failaction purge

failaction (server farm)

To configure IOS Server Load Balancing (IOS SLB) feature’s behavior when a real server fails, use the failaction command in server farm configuration mode. To restore the default settings, use the no form of this command.

failaction { purge | asn purge | gtp purge | radius reassign}
no failaction { purge | asn purge | gtp purge | radius reassign}

Syntax Description

purge

Enables IOS SLB to automatically remove connections to failed real servers from the connection database even if the idle timers have not expired.

asn purge

Enables IOS SLB to automatically remove objects associated with failed real servers from the Access Service Network (ASN) sticky database, even if the idle timers have not expired.

gtp purge

Enables IOS SLB to automatically remove objects associated with failed real servers from the general packet radio service (GPRS) Tunneling Protocol (GTP) International Mobile Subscriber ID (IMSI) sticky database, even if the idle timers have not expired.

radius reassign

Enables IOS SLB to automatically reassign to a new real server RADIUS sticky objects that are destined for a failed real server.

Command Default

If you do not specify the failactioncommand, IOS SLB does not perform the following actions:

  • Remove connections to failed real servers
  • Remove connections to objects associated with failed real servers
  • Remove ASN or GPRS sticky objects (IOS SLB continues to assign new session requests to the failed real servers)
  • Reassign RADIUS sticky objects

Command Modes

Server farm configuration (config-slb-sfarm)

Command History

Release

Modification

12.1(9)E

This command was introduced.

12.1(11b)E

The radius reassign keywords were added.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

The gtp purgekeywords were added.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(33)SRE

The asn purgekeywords were added.

Usage Guidelines

This command is useful for applications that do not rotate the source port (such as Internet Key Exchange [IKE]), and for protocols that do not have ports to differentiate flows (such as Encapsulation Security Payload [ESP]).

You can specify no failaction purge, but it has no effect on the connection database.

If you specify failaction radius reassign, IOS SLB reassigns RADIUS sticky objects without seeing any new RADIUS messages. The assumption is that, in the event of a failure, the RADIUS proxy gateways can handle user flows without seeing the RADIUS messages. If the RADIUS proxy gateways cannot do so, do not specify the failaction radius reassign command.

Examples

In the following example, IOS SLB removes all connections to failed real servers in server farm PUBLIC:

Router(config)# ip slb serverfarm PUBLIC
Router(config-slb-sfarm)# failaction purge

faildetect (custom UDP probe)

To specify the number of consecutive unacknowledged custom User Datagram Protocol (UDP) probes that constitute failure of the real server, use the faildetectcommand in custom UDP probe configuration mode. To restore the default values that indicate a server failure, use the no form of this command.

faildetect number-of-probes
no faildetect

Syntax Description

number-of-probes

Number of consecutive unacknowledged custom UDP probes allowed before a real server is considered to have failed. Valid range is 1 to 65535. The default value is one (1) unacknowledged custom UDP probe.

Command Default

The default value is one (1) unacknowledged probe.

Command Modes

Custom UDP probe configuration (config-slb-probe)

Command History

Release

Modification

12.2(33)SRB

This command was introduced.

Examples

In the following example the unacknowledged custom UDP probe threshold is set to 16:

Router(config)# ip slb probe PROBE6 custom udp
Router(config-slb-probe)# faildetect 16

Related Commands

Command

Description

ip slb probe custom udp

Configures a custom User Datagram Protocol (UDP) probe name and enters custom UDP probe configuration mode.

show ip slb probe

Displays information about an IOS Server Load Balancing (IOS SLB) probe.

faildetect (DNS probe)

To specify the conditions that indicate a server failure, use the faildetectcommand in DNS probe configuration mode. To restore the default values that indicate a server failure, use the no form of this command.

faildetect number-of-probes
no faildetect

Syntax Description

number-of-probes

Number of consecutive unacknowledged Domain Name System (DNS) probes allowed before a real server is considered to have failed. Valid range is 1 to 65535. The default value is three (3) unacknowledged DNS probes.

Command Default

The default value is three (3) unacknowledged DNS probes.

Command Modes

DNS probe configuration (config-slb-probe)

Command History

Release

Modification

12.1(11b)E

This command was introduced.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

In the following example the unacknowledged DNS probe threshold is set to 16:

Router(config)# ip slb probe PROBE4 dns
Router(config-slb-probe)# faildetect 16

Related Commands

Command

Description

ip slb probe dns

Configures a Domain Name System (DNS) probe name and enters DNS probe configuration mode.

show ip slb probe

Displays information about an IOS SLB probe.

faildetect (ping probe)

To specify the conditions that indicate a server failure, use the faildetectcommand in ping probe configuration mode. To restore the default values that indicate a server failure, use the no form of this command.

faildetect number-of-pings
no faildetect

Syntax Description

number-of-pings

Number of consecutive unacknowledged pings allowed before a real server is considered to have failed. Valid range is 1 to 65535. The default is ten (10) unacknowledged pings.

Command Default

The default value is ten (10) unacknowledged pings.

Command Modes

Ping probe configuration (config-slb-probe)

Command History

Release

Modification

12.1(3a)E

This command was introduced.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

In the following example the unacknowledged ping threshold is set to 16:

Router(config)# ip slb probe PROBE1 ping
Router(config-slb-probe)# faildetect 16

Related Commands

Command

Description

ip slb probe ping

Configures a ping probe name and enters ping probe configuration mode.

show ip slb probe

Displays information about an IOS SLB probe.

faildetect inband (real server)

To enable automatic server failure detection, use the faildetect inbandcommand in real server configuration mode. To disable automatic server failure detection, use the no form of this command.

faildetect inband
no faildetect inband

Syntax Description

This command has no arguments or keywords.

Command Default

Automatic server failure detection is enabled.

Command Modes

Real server configuration (config-slb-real)

Command History

Release

Modification

12.2(14)ZA4

This command was introduced.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

If you have configured all-port virtual servers (that is, virtual servers that accept flows destined for all ports except GTP ports), flows can be passed to servers for which no application port exists. When the servers reject these flows, Cisco IOS SLB might fail the servers and remove them from load balancing. This situation can also occur in slow-to-respond AAA servers in RADIUS load-balancing environments. To prevent this situation, you can disable automatic server failure detection using the no faildetect inband command.


Note


If you disable automatic server failure detection using the no faildetect inband command, Cisco strongly recommends that you configure one or more probes. If you specify the no faildetect inband command, the faildetect numconns command is ignored, if specified.

Examples

In the following example, automatic server failure detection is disabled:

Router(config)# ip slb serverfarm PUBLIC
Router(config-slb-sfarm)# real 10.10.1.1
Router(config-slb-real)# no faildetect inband

Related Commands

Command

Description

faildetect numconns (real server)

Specifies the conditions that indicate a real server failure.

real (server farm)

Identifies a real server by IP address and optional port number as a member of a server farm and enters real server configuration mode.

show ip slb reals

Displays information about the real servers.

show ip slb serverfarms

Displays information about the server farm configuration.

faildetect numconns (real server)

To specify the conditions that indicate a real server failure, use the faildetect numconnscommand in SLB real server configuration mode. To restore the default values that indicate a server failure, use the no form of this command.

faildetect numconns number-of-conns [ numclients number-of-clients]
no faildetect numconns number-of-conns [ numclients number-of-clients]

Syntax Description

number-of-conns

Number of consecutive connection failures allowed before IOS Server Load Balancing (IOS SLB) fails the real server. The valid range is 1 to 255. The default value is 8.

numclients number-of-clients

(Optional) Number of unique client IP addresses that can experience connection failures before IOS SLB fails the real server. The valid range is 1 to 8. The default value is 2.

If there is only one client in your network (for example, one serving GPRS support node [SGSN] in a general packet radio service [GPRS] load-balancing environment), then you must specify numclients 1.

In RADIUS load balancing, for automatic session-based failure detection, specify numclients 1.

Command Default

If you do not specify the faildetect numconnscommand, the default value of the connection failure threshold is 8. If you specify the faildetect numconnscommand but do not specify the numclients keyword, the default value of the client connection failure threshold is 2.

Command Modes

SLB real server configuration (config-slb-real)

Command History

Release

Modification

12.0(7)XE

This command was introduced.

12.1(5)T

This command was integrated into Cisco IOS Release 12.1(5)T.

12.2

This command was integrated into Cisco IOS Release 12.2.

12.1(9)E

This command was modified to support GPRS load balancing.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

If you specify the no faildetect inband command, the faildetect numconns command is ignored, if specified.

IOS SLB does not fail the real server until both of the following conditions are met:

  • There have been number-of-connsconsecutive connection failures.
  • There have been number-of-clients unique client connection failures.

That is, there can be many consecutive connection failures, but until there have also been number-of-clients unique client connection failures, IOS SLB does not fail the real server.

Similarly, there can be many unique client connection failures, but until there have also been number-of-conns consecutive connection failures, IOS SLB does not fail the real server.

GPRS load balancing has the following features:

  • The numconns keyword specifies the number of consecutive Create Packet Data Protocol (PDP) requests allowed before IOS SLB fails the gateway GPRS support node (GGSN).
  • The numclients keyword specifies the number of unique client Create PDP request failures allowed before IOS SLB fails the GGSN.

Examples

In the following example, the numconns keyword is set to 10 and the numclients keyword is set to 3:

Router(config)# ip slb serverfarm PUBLIC
Router(config-slb-sfarm)# real 10.10.1.1
Router(config-slb-real)# faildetect numconns 10 numclients 3

With those settings, IOS SLB will not fail the real server until there have been ten (10) consecutive connection failures and there have been three (3) unique client connection failures.

Related Commands

Command

Description

faildetect inband (real server)

Enables automatic server failure detection.

real (server farm)

Identifies a real server by IP address and optional port number as a member of a server farm and enters real server configuration mode.

show ip slb reals

Displays information about the real servers.

show ip slb serverfarms

Displays information about the server farm configuration.

farm-weight

To specify a weight to be used by the IOS SLB KeepAlive Application Protocol (KAL-AP) agent when calculating the load value for a server farm, use the farm-weightcommand in server farm configuration mode. To restore the default weight value, use the no form of this command.

farm-weight setting
no farm-weight

Syntax Description

setting

Weight setting to be used by the KAL-AP agent. Valid settings range from 1 to 4294967295.

Command Default

If you do not configure a KAL-AP farm weight, IOS SLB calculates a relative weight.

Command Modes

Server farm configuration (config-slb-sfarm)

Command History

Release

Modification

12.2(33)SRC

This command was introduced.

Usage Guidelines

Configuring a farm-weight enables KAL-AP to calculate loads more accurately when load balancing in a global server load balancing (GSLB) environment.

For best results, configure a farm-weight that is equal to the sum of the maximum DFP weights for the real servers in the server farm. (The maximum DFP weight for a real server is configured using the gprs dfp max-weightcommand in global configuration mode.) For example, if there are three real servers in a server farm, configured with maximum DFP weights of 100, 50, and 50, then configure a farm-weight of 200 (that is, 100 + 50 + 50). If a real server is added to or removed from the server farm, you must adjust the farm-weight accordingly.

Examples

The following example specifies that a weight of 16 is to be used by the KAL-AP agent when calculating the load value for a server farm:

Router(config-slb-sfarm)# farm-weight 16

Related Commands

Command

Description

gprs dfp max-weight

Specifies the maximum weight sent to a DFP manager by a Gateway GPRS Support Node (GGSN) acting as a DFP agent.

ip slb capp udp

Enables the IOS SLB KeepAlive Application Protocol (KAL-AP) agent and enters SLB Content Application Peering Protocol (CAPP) configuration mode.

ip slb serverfarm

Identifies a server farm and enter SLB server farm configuration mode.

gtp notification cac

To limit the number of times IOS SLB can reassign a session to a new real server for GGSN-IOS SLB messaging, use the gtp notification caccommand in virtual server configuration mode. To restore the default limit, use the no form of this command.

gtp notification cac [reassign-count]
no gtp notification cac

Syntax Description

reassign-count

(Optional) Number of times IOS SLB can reassign a session to a new real server. That is, the number of times that IOS SLB can reassign a rejected Create PDP Context to a new real GGSN.

The valid range is 1 to 20 reassignments. The default setting is 2 reassignments (that is, the initial real server assignment and 2 additional reassignments).

Command Default

The default is 2 reassignments (that is, the initial real server assignment and 2 additional reassignments).

Command Modes

Virtual server configuration (config-slb-vserver)

Command History

Release

Modification

12.2(17d)SXB1

This command was introduced.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example specifies that IOS SLB can reassign a session up to 5 times:

Router(config)# ip slb vserver PUBLIC_HTTP
Router(config-slb-vserver)# gtp notification cac 5

Related Commands

Command

Description

show ip slb vservers

Displays information about the virtual servers defined to IOS Server Load Balancing (IOS SLB).

virtual

Configures the virtual server attributes.

gtp session (virtual server)

To enable IOS SLB to create general packet radio service (GPRS) Tunneling Protocol (GTP) load-balancing sessions, use the gtp session command in SLB virtual server configuration mode. To disable the creation of GTP sessions by IOS SLB, (the sticky-only load-balancing solution), use the no form of this command.

gtp session
no gtp session

Syntax Description

This command has no arguments or keywords.

Command Default

IOS SLB creates GTP load-balancing sessions. Sticky-only load-balancing is disabled.

Command Modes

SLB virtual server configuration (config-slb-vserver)

Command History

Release

Modification

12.2(33)SRE

This command was introduced.

Usage Guidelines

Sticky-only load balancing is supported for all versions of GTP.

If sticky-only load balancing (no gtp session) is enabled for GTP:

  • IOS SLB load-balances GTP Packet Data Protocol (PDP) create requests based on the sticky objects in the GTP International Mobile Subscriber ID (IMSI) sticky database.
  • Sticky connections must also be enabled for the virtual server, using the sticky (virtual server)command.
  • Automatic server failure detection (the faildetect inband command) is not supported. Instead, use probes to detect real server failures.

Examples

The following example specifies that sticky-only load balancing is to be used for GTP:

Router(config)# ip slb vserver VS1
Router(config-slb-vserver)# no gtp session

Related Commands

Command

Description

show ip slb vservers

Displays information about the virtual servers defined to IOS SLB.

virtual

Configures the virtual server attributes.

gw port (virtual server)

To specify the port that the Cisco Broadband Wireless Gateway (BWG) is to use to communicate with IOS SLB, use the gw port command in SLB virtual server configuration mode. To restore the default settings, use the no form of this command.

gw port port
no gw port port

Syntax Description

port

Port number used by the Cisco BWG to communicate with IOS SLB. This port number must be unique across all virtual servers.

Valid port numbers are 1 to 65535.

Command Default

No port number is defined.

Command Modes

SLB virtual server configuration (config-slb-vserver)

Command History

Release

Modification

12.2(33)SRE

This command was introduced.

Usage Guidelines

The Cisco BWG uses this port when sending delete notifications and NAI update messages to IOS SLB.

If multiple communication ports are needed, the network administrator must identify multiple unique unused ports.

Examples

The following example specifies that the Cisco BWG is to use port 63082 to communicate with IOS SLB:

Router(config)# ip slb vserver VS1
Router(config-slb-vserver)# gw port 63082

Related Commands

Command

Description

show ip slb vservers

Displays information about the virtual servers defined to IOS SLB.

virtual

Configures the virtual server attributes.

hand-off radius

To change the amount of time IOS Server Load Balancing (IOS SLB) waits for an ACCT-START message from a new Mobile IP foreign agent in the event of a foreign agent hand-off, use the hand-off radiuscommand in virtual server configuration mode. To restore the default hand-off timer, use the no form of this command.

hand-off radius duration
no hand-off radius

Syntax Description

duration

Hand-off timer duration in seconds. The valid range is 1 to 43200 seconds.

Command Default

No default behavior or values.

Command Modes

Virtual server configuration (config-slb-vserver)

Command History

Release

Modification

12.2(14)ZA2

This command was introduced.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

The hand-off radius timer is valid only for RADIUS virtual servers that have the service radiuskeywords specified on the virtual command.

Examples

The following example specifies that IOS SLB waits for 30 seconds after a foreign agent hand-off:

Router(config)# ip slb vserver PUBLIC_HTTP
Router(config-slb-vserver)# hand-off radius 30

Related Commands

Command

Description

show ip slb vservers

Displays information about the virtual servers defined to IOS Server Load Balancing (IOS SLB).

virtual

Configures the virtual server attributes.

header

To configure the basic authentication values for the HTTP probe, use the headercommand in HTTP probe configuration mode. To remove a header HTTP probe configuration, use the no form of this command.

header field-name [field-value]
no header field-name [field-value]

Syntax Description

field-name

Configures the name of the HTTP probe header. The character string is limited to 15 characters.

field-value

(Optional) Configures the value of the HTTP probe header.

Command Default

The following headers are inserted in the request by default:

Accept: */* Connection: close User-Agent: cisco-slb-probe/1.0 Host: virtual IP address

Command Modes

HTTP probe configuration (config-slb-probe)

Command History

Release

Modification

12.1(2)E

This command was introduced.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

The headercommand in HTTP probe configuration mode configures the name and value parameters of the header.


Note


The colon ( : ) separating the field name and field value is automatically inserted if not provided. Multiple headers with the same name are not supported.

Examples

The following example configures an HTTP probe named PROBE2, enters HTTP configuration mode, and configures the HTTP probe header name as HeaderName and value as HeaderValue:

Router(config)# ip slb probe PROBE2 http
Router(config-slb-probe)# header HeaderName HeaderValue

Related Commands

Command

Description

ip slb probe http

Configures an HTTP probe name and enters HTTP probe configuration mode.

show ip slb probe

Displays information about an IOS SLB probe.

idle (firewall farm datagram protocol)

To specify the minimum time IOS Server Load Balancing (IOS SLB) maintains connection information in the absence of packet activity, use the idle command in firewall farm datagram protocol configuration mode. To restore the default idle duration value, use the no form of this command.

idle duration
no idle

Syntax Description

duration

Idle connection timer duration in seconds. Valid values range from 10 to 65535 seconds. The default is 3600 seconds (1 hour).

Command Default

The default idle duration is 3600 seconds.

Command Modes

Firewall farm datagram protocol configuration (config-slb-fw-udp)

Command History

Release

Modification

12.1(3a)E

This command was introduced.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example instructs IOS SLB to maintain connection information for an idle connection for 120 seconds:

Router(config)# ip slb firewallfarm FIRE1
Router(config-slb-fw)# protocol datagram
Router(config-slb-fw-udp)# idle 120

Related Commands

Command

Description

protocol datagram

Enters firewall farm datagram protocol configuration mode.

show ip slb firewallfarm

Displays information about the firewall farm configuration.

idle (firewall farm TCP protocol)

To specify the minimum time IOS Server Load Balancing (IOS SLB) maintains connection information in the absence of packet activity, use the idle command in firewall farm TCP protocol configuration mode. To restore the default idle duration value, use the no form of this command.

idle duration
no idle

Syntax Description

duration

Idle connection timer duration in seconds. Valid values range from 10 to 65535 seconds. The default is 3600 seconds (1 hour).

Command Default

The default idle duration is 3600 seconds.

Command Modes

Firewall farm TCP protocol configuration (config-slb-fw-tcp)

Command History

Release

Modification

12.1(3a)E

This command was introduced.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

If a client sends a TCP packet that is not a sequence number (SYN) or reset (RST) packet, and IOS SLB does not have a TCP connection object in its table (possibly due to expiration of the idle timer), IOS SLB sends a TCP RST to the client.

If you are configuring an idle timer for HTTP flows, choose a low number such as 120 seconds as a starting point. A low number ensures that the IOS SLB connection database maintains a manageable size if problems at the server, client, or network result in a large number of connections. However, do not choose a value under 60 seconds; such a low value can reduce the efficiency of IOS SLB.

Examples

The following example instructs IOS SLB to maintain connection information for an idle connection for 120 seconds:

Router(config)# ip slb firewallfarm FIRE1
Router(config-slb-fw)# protocol tcp
Router(config-slb-fw-tcp)# idle 120

Related Commands

Command

Description

protocol tcp

Enters firewall farm TCP protocol configuration mode.

show ip slb firewallfarm

Displays information about the firewall farm configuration.

idle (virtual server)

To specify the minimum time the IOS Server Load Balancing (IOS SLB) maintains connection information in the absence of packet activity, use the idle command in SLB virtual server configuration mode. To restore the default idle duration value, use the no form of this command.

idle [ { asn request duration | asn msid msid | gtp imsi duration [ query [max-queries] ] | gtp request duration | ipmobile request duration | radius { request | framed-ip} duration} ]
no idle [ { asn request duration | asn msid msid | gtp imsi duration [ query [max-queries] ] | gtp request duration | ipmobile request duration | radius { request | framed-ip} duration} ]

Syntax Description

asn request

(Optional) For load balancing across a set of Access Service Network (ASN) gateways, configures the duration for which IOS SLB keeps the session object. If a Mobile Station (MS) Pre-Attachment Ack is received before the timer expires, IOS SLB resets the timer.

duration

Idle connection timer duration in seconds. Valid values range from 4 to 65535 seconds. For GTP IMSI, you can specify 0 to disable the timer and prevent GTP IMSI sticky database objects from timing out.

The default values are:

  • 60 seconds in ASN load balancing.
  • 60 seconds for objects in the ASN MSID sticky database.
  • 0 seconds for objects in the GTP IMSI sticky database.
  • 10 seconds in the Home Agent Director.
  • 30 seconds in GPRS load balancing.
  • 30 seconds for RADIUS entries in the IOS SLB session database.
  • 7200 seconds for entries in the IOS SLB RADIUS framed-IP sticky database.
  • 3600 seconds (1 hour) in all other environments.

asn msid

(Optional) For load balancing across a set of ASN gateways, configures the duration for objects in the ASN Mobile Station ID (MSID) sticky database.

gtp imsi

(Optional) For general packet radio service (GPRS) Tunneling Protocol (GTP) cause code inspection, configures the duration for objects in the GTP International Mobile Subscriber ID (IMSI) sticky database.

query

(Optional) Query the Cisco gateway GPRS support node (GGSN) before deleting any GTP IMSI sticky objects. The default is not to query the GGSN.

max-queries

(Optional) Maximum number of queries to send when there is no response from the GGSN. Valid range is 1 to 10 queries. The default value is 5 queries.

gtp request

(Optional) For general packet radio service (GPRS) Tunneling Protocol (GTP) cause code inspection, configures the duration for Packet Data Protocol (PDP) context create, update, or delete request messages to a real gateway GPRS support node (GGSN) to go unanswered, before IOS SLB cleans up the session object.

ipmobile request

(Optional) For Home Agent Director, configures the duration for IOS SLB to wait for a Mobile IP Registration Request (RRQ), before IOS SLB cleans up the session object.

radius request

(Optional) Configures the duration for RADIUS entries in the IOS SLB session database.

radius framed-ip

(Optional) Configures the duration for entries in the IOS SLB RADIUS framed-IP sticky database.

Command Default

The default idle duration is:

  • 60 seconds in ASN load balancing.
  • 60 seconds for objects in the ASN MSID sticky database.
  • 0 seconds for objects in the GTP IMSI sticky database.
  • 10 seconds in the Home Agent Director
  • 30 seconds in GPRS load balancing
  • 30 seconds for RADIUS entries in the IOS SLB session database
  • 7200 seconds for entries in the IOS SLB RADIUS framed-IP sticky database
  • 3600 seconds (1 hour) in all other environments

The default setting for the query keyword is no queries.

The default setting for the max-queries argument is 5 queries.

Command Modes

SLB virtual server configuration (config-slb-vserver)

Command History

Release

Modification

12.0(7)XE

This command was introduced.

12.1(5)T

This command was integrated into Cisco IOS Release 12.1(5)T.

12.2

This command was integrated into Cisco IOS Release 12.2.

12.1(9)E

This command was modified to support GPRS load balancing.

12.1(11b)E

This command was modified to support RADIUS load balancing.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.1(13)E3

The gtp request keywords were added.

12.2(14)ZA2

The ipmobile request keywords were added.

12.2(18)SXE

The gtp imsi keywords were added.

12.2(18)SXF

The query keyword and max-queries argument were added.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(33)SRC1

The asn requestoption was added.

12.2(33)SRE

The asn msidoption was added.

Usage Guidelines

If a client sends a TCP packet that is not a sequence number (SYN) or reset (RST) packet, and IOS SLB does not have a TCP connection object in its table (possibly due to expiration of the idle timer), IOS SLB sends a TCP RST to the client.

If you are configuring an idle timer for HTTP flows, choose a low number such as 120 seconds as a starting point. A low number ensures that the IOS SLB connection database maintains a manageable size if problems at the server, client, or network result in a large number of connections. However, do not choose a value under 60 seconds (except in GPRS load balancing); such a low value can reduce the efficiency of the IOS SLB feature.

In most environments, the idle timer times out data paths. However, in GPRS load balancing, it times out the session context for signaling paths (not data paths).

In GPRS load balancing without GTP cause code inspection enabled, you must specify an idle timer greater than the longest possible interval between PDP context requests on the serving GPRS support node (SGSN). The longest interval can be expressed using the following algorithm:

Longest interval = T3 x 2(N3-2)

where T3 is the SGSN’s T3-RESPONSE counter value and N3 is the SGSN’s N3-REQUESTS counter value.

For example, if the T3-RESPONSE counter value is 3 and the N3-REQUESTS counter value is 6, then:

Longest interval = 3 x 2(6-2) = 3 x 2(4) = 3 x 16 = 48 seconds

Given those values, you must specify an idle timer of at least 49 seconds.

Examples

The following example instructs IOS SLB to maintain sticky objects in the GTP IMSI sticky database for 120 seconds:

Router(config)# ip slb vserver PUBLIC_HTTP
Router(config-slb-vserver)# idle gtp imsi 120 

Related Commands

Command

Description

show ip slb vservers

Displays information about the virtual servers defined to IOS SLB.

virtual

Configures the virtual server attributes.

inservice (DFP agent)

To enable the Dynamic Feedback Protocol (DFP) agent for communication with a DFP manager, use the inservice command in DFP agent configuration mode. To remove the DFP agent from service, use the no form of this command.

inservice
no inservice

Syntax Description

This command has no arguments or keywords.

Command Default

The DFP agent is inactive.

Command Modes

DFP agent configuration (config-dfp)

Command History

Release

Modification

12.1(8a)E

This command was introduced.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.3(4)T

This command was integrated into Cisco IOS Release 12.3(4)T.

12.2(18)SXD

This command was integrated into Cisco IOS Release 12.2(18)SXD.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

A DFP agent is inactive until both of the following conditions are met:

  • The DFP agent has been enabled using the inservice (DFP agent) command.
  • The client subsystem has changed the DFP agent’s state to ACTIVE.

When you use the no form of this command to remove a DFP agent from service, the DFP agent closes all open connections, and no new connections are assigned.

Examples

In the following example, the DFP agent is enabled for communication with a DFP manager:

Router(config)# ip dfp agent slb
Router(config-dfp)# inservice

Related Commands

Command

Description

agent

Identifies a DFP agent to which IOS SLB can connect.

ip dfp agent

Identifies a DFP agent subsystem and initiates DFP agent configuration mode.

ip slb dfp

Configures DFP, supplies an optional password, and initiates DFP configuration mode.

inservice (firewall farm)

To enable the firewall farm for use by IOS Server Load Balancing (IOS SLB), use the inservicecommand in firewall farm configuration mode. To remove the firewall farm from service, use the no form of this command.

inservice [ standby group-name]
no inservice [ standby group-name]

Syntax Description

standby

(Optional) Configures the Hot Standby Router Protocol (HSRP) standby firewall farm for use with stateless and stateful backup.

group-name

(Optional) HSRP group name with which the IOS SLB firewall farm is associated.

Command Default

The firewall farm is defined to IOS SLB but is not used.

Command Modes

Firewall farm configuration (config-slb-fw)

Command History

Release

Modification

12.1(3a)E

This command was introduced.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

When you use the no form of this command to remove a firewall farm from service, the firewall farm acquiesces gracefully. No new connections are assigned, and existing connections are allowed to complete.

Examples

In the following example, the firewall farm is enabled for use by the IOS SLB feature:

Router(config)# ip slb firewallfarm FIRE1
Router(config-slb-fw)# inservice

Related Commands

Command

Description

ip slb firewallfarm

Identifies a firewall by IP address farm and enters firewall farm configuration mode.

show ip slb firewallfarm

Displays information about the firewall farm configuration.

inservice (firewall farm real server)

To enable the firewall for use by IOS Server Load Balancing (IOS SLB), use the inservicecommand in firewall farm real server configuration mode. To remove the firewall from service, use the no form of this command.

inservice
no inservice

Syntax Description

This command has no arguments or keywords.

Command Default

The firewall is defined to IOS SLB but is not used.

Command Modes

Firewall farm real server configuration (config-slb-fw-real)

Command History

Release

Modification

12.1(3a)E

This command was introduced.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

IOS SLB firewall load balancing uses probes to detect failures. Therefore, if you have not configured a probe, the firewall is not placed in service.

When you use the no form of this command to remove a firewall from service, the firewall acquiesces gracefully. No new connections are assigned, and existing connections are allowed to complete.

Examples

In the following example, the firewall is enabled for use by the IOS SLB feature:

Router(config)# ip slb firewallfarm FIRE1
Router(config-slb-fw)# real 10.10.1.1
Router(config-slb-fw-real)# inservice

Related Commands

Command

Description

real (firewall farm)

Identifies a firewall by IP address as a member of a firewall farm and enters real server configuration mode.

show ip slb firewallfarm

Displays information about the firewall farm configuration.

show ip slb reals

Displays information about the real servers.

inservice (server farm real server)

To enable the real server for use by IOS Server Load Balancing (IOS SLB), use the inservicecommand in SLB server farm real server configuration mode. To remove the real server from service, use the no form of this command.

inservice
no inservice

Syntax Description

This command has no arguments or keywords.

Command Default

The real server is defined to IOS SLB but is not used.

Command Modes

SLB server farm real server configuration (config-slb-sfarm-real)

Command History

Release

Modification

12.0(7)XE

This command was introduced.

12.1(5)T

This command was integrated into Cisco IOS Release 12.1(5)T.

12.2

This command was integrated into Cisco IOS Release 12.2.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

In the following example, the real server is enabled for use by the IOS SLB feature:

Router(config)# ip slb serverfarm PUBLIC
Router(config-slb-sfarm)# real 10.10.1.1
Router(config-slb-sfarm-real)# inservice

Related Commands

Command

Description

real (server farm)

Identifies a real server by IP address and optional port number as a member of a server farm and enters real server configuration mode.

show ip slb reals

Displays information about the real servers.

show ip slb serverfarms

Displays information about the server farm configuration.

inservice (server farm virtual server)

To enable the virtual server for use by IOS Server Load Balancing (IOS SLB), use the inservicecommand in SLB server farm virtual server configuration mode. To remove the virtual server from service, use the no form of this command.

inservice [ standby group-name] [active]
no inservice [ standby group-name]

Syntax Description

standby

(Optional) Configures the Hot Standby Router Protocol (HSRP) standby virtual server for use with stateless and stateful backup.

group-name

(Optional) HSRP group name with which the IOS SLB virtual server is associated.

active

(Optional) Enables the virtual server to stop answering Internet Control Message Protocol (ICMP) requests if all real servers associated with the virtual server are inactive.

Command Default

The virtual server is defined to IOS SLB but is not used.

Command Modes

SLB server farm virtual server configuration (config-slb-vserver)

Command History

Release

Modification

12.0(7)XE

This command was introduced.

12.1(1)E

The standby keyword and group-name argument were added.

12.1(5)T

This command was integrated into Cisco IOS Release 12.1(5)T.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(33)SRC

The active keyword was added.

Usage Guidelines

When you use the no form of this command to remove a virtual server from service, the virtual server acquiesces gracefully. No new connections are assigned, and existing connections are allowed to complete.

If the active keyword is configured, and all of the real servers that are associated with the virtual server are inactive, the following actions occur:

  • The virtual server is placed in the INOP_REAL state.
  • An SNMP trap is generated for the virtual server’s state transition.
  • The virtual server stops answering ICMP requests.

Examples

In the following example, the virtual server is enabled for use by the IOS SLB feature:

Router(config)# ip slb vserver PUBLIC_HTTP
Router(config-slb-vserver)# inservice

Related Commands

Command

Description

show ip slb vservers

Displays information about the virtual servers.

virtual

Configures the virtual server attributes.

interval (custom UDP probe)

To configure a custom User Datagram Protocol (UDP) probe interval, use the intervalcommand in custom UDP probe configuration mode. To remove a custom UDP probe interval configuration, use the no form of this command.

interval seconds
no interval seconds

Syntax Description

seconds

Number of seconds to wait before reattempting the probe. Valid values range from 1 to 65535 seconds. The default interval is 10 seconds.

Command Default

The default custom UDP probe interval value is 10 seconds.

Command Modes

Custom UDP probe configuration (config-slb-probe)

Command History

Release

Modification

12.1(13)E3

This command was introduced.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example configures a custom UDP probe named PROBE6, enters custom UDP configuration mode, and configures the custom UDP probe timer interval to send every 11 seconds:

Router(config)# ip slb probe PROBE6 custom udp
Router(config-slb-probe)# interval 11

Related Commands

Command

Description

ip slb probe custom udp

Configures a custom User Datagram Protocol (UDP) probe name and enters custom UDP probe configuration mode.

show ip slb probe

Displays information about an IOS Server Load Balancing (IOS SLB) probe.

interval (DFP agent)

To configure a Dynamic Feedback Protocol (DFP) agent weight recalculation interval, use the intervalcommand in DFP agent configuration mode. To restore the default setting, use the no form of this command.

interval seconds
no interval seconds

Syntax Description

seconds

Number of seconds to wait before recalculating weights for the DFP manager. The valid range is from 5 to 65535 seconds. The default is 10 seconds.

Command Default

The default interval value is 10 seconds.

Command Modes

DFP agent configuration (config-dfp)

Command History

Release

Modification

12.1(8a)E

This command was introduced.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.3(4)T

This command was integrated into Cisco IOS Release 12.3(4)T.

12.2(18)SXD

This command was integrated into Cisco IOS Release 12.2(18)SXD.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

The DFP agent sends a new weight to the DFP manager only if the new weight is different from the old weight. If the new weight is the same as the old weight, it is not sent to the DFP manager.

Examples

The following example shows how to configure the DFP agent to recalculate weights every 11 seconds:

Router(config)# ip dfp agent slb
Router(config-dfp)# interval 11

Related Commands

Command

Description

agent

Identifies a DFP agent to which IOS SLB can connect.

ip dfp agent

Identifies a DFP agent subsystem and enters DFP agent configuration mode.

ip slb dfp

Configures DFP, supplies an optional password, and enters DFP configuration mode.

interval (DNS probe)

To configure a DNS probe interval, use the intervalcommand in DNS probe configuration mode. To remove a DNS probe interval configuration, use the no form of this command.

interval seconds
no interval seconds

Syntax Description

seconds

Number of seconds to wait before reattempting the probe. Valid values range from 1 to 65535 seconds. The default interval is 10 seconds.

Command Default

The default DNS probe interval value is 10 seconds.

Command Modes

DNS probe configuration (config-slb-probe)

Command History

Release

Modification

12.1(11b)E

This command was introduced.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example configures a DNS probe named PROBE4, enters DNS configuration mode, and configures the DNS probe timer interval to send every 11 seconds:

Router(config)# ip slb probe PROBE4 dns
Router(config-slb-probe)# interval 11

Related Commands

Command

Description

ip slb probe dns

Configures a DNS probe name and enters DNS probe configuration mode.

show ip slb probe

Displays information about an IOS SLB probe.

interval (HTTP probe)

To configure an HTTP probe interval, use the intervalcommand in HTTP probe configuration mode. To remove an HTTP probe interval configuration, use the no form of this command.

interval seconds
no interval seconds

Syntax Description

seconds

Number of seconds to wait before reattempting the probe. Valid values range from 1 to 65535 seconds. The default interval is 8 seconds.

Command Default

The default HTTP probe interval value is 8 seconds.

Command Modes

HTTP probe configuration (config-slb-probe)

Command History

Release

Modification

12.1(2)E

This command was introduced.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example configures an HTTP probe named PROBE2, enters HTTP configuration mode, and configures the HTTP probe timer interval to send every 11 seconds:

Router(config)# ip slb probe PROBE2 http
Router(config-slb-probe)# interval 11

Related Commands

Command

Description

ip slb probe http

Configures an HTTP probe name and enters HTTP probe configuration mode.

show ip slb probe

Displays information about an IOS SLB probe.

interval (ping probe)

To configure a ping probe interval, use the intervalcommand in ping probe configuration mode. To remove a ping probe interval configuration, use the no form of this command.

interval seconds
no interval seconds

Syntax Description

seconds

Number of seconds to wait before reattempting the probe. Valid values range from 1 to 65535 seconds. The default interval is 1 second.

Command Default

The default ping probe interval value is 1 second.

Command Modes

Ping probe configuration (config-slb-probe)

Command History

Release

Modification

12.1(3a)E

This command was introduced.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example configures a ping probe named PROBE1, enters ping configuration mode, and configures the ping probe timer interval to send every 11 seconds:

Router(config)# ip slb probe PROBE1 ping
Router(config-slb-probe)# interval 11

Related Commands

Command

Description

ip slb probe ping

Configures a ping probe name and enters ping probe configuration mode.

show ip slb probe

Displays information about an IOS SLB probe.

interval (TCP probe)

To configure a TCP probe interval, use the intervalcommand in TCP probe configuration mode. To remove a TCP probe interval configuration, use the no form of this command.

interval seconds
no interval seconds

Syntax Description

seconds

Number of seconds to wait before reattempting the probe. Valid values range from 1 to 65535 seconds. The default interval is 10 seconds.

Command Default

The default TCP probe interval value is 10 seconds.

Command Modes

TCP probe configuration (config-slb-probe)

Command History

Release

Modification

12.1(11b)E

This command was introduced.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example configures a TCP probe named PROBE5, enters TCP configuration mode, and configures the TCP probe timer interval to send every 11 seconds:

Router(config)# ip slb probe PROBE5 tcp
Router(config-slb-probe)# interval 11

Related Commands

Command

Description

ip slb probe tcp

Configures a TCP probe name and enters TCP probe configuration mode.

show ip slb probe

Displays information about an IOS SLB probe.

interval (WSP probe)

To configure a Wireless Session Protocol (WSP) probe interval, use the intervalcommand in WSP probe configuration mode. To remove a WSP probe interval configuration, use the no form of this command.

interval seconds
no interval seconds

Syntax Description

seconds

Number of seconds to wait before reattempting the probe. Valid values range from 1 to 65535 seconds. The default interval is 8 seconds.

Command Default

The default WSP probe interval value is 8 seconds.

Command Modes

WSP probe configuration (config-slb-probe)

Command History

Release

Modification

12.1(5a)E

This command was introduced.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example configures a ping probe named PROBE3, enters WSP probe configuration mode, and configures the WSP probe timer interval to send every 11 seconds:

Router(config)# ip slb probe PROBE3 wsp
Router(config-slb-probe)# interval 11

Related Commands

Command

Description

ip slb probe wsp

Configures a WSP probe name and enters WSP probe configuration mode.

show ip slb probe

Displays information about an IOS SLB probe.

ip dfp agent

To identify a Dynamic Feedback Protocol (DFP) agent subsystem and enter DFP agent configuration mode, use the ip dfp agentcommand in global configuration mode. To remove the DFP agent identification, use the no form of this command.

ip dfp agent subsystem-name
no ip dfp agent subsystem-name

Syntax Description

subsystem-name

Character string used to identify the DFP agent subsystem:

  • slb for IOS SLB
  • mobileip for Mobile IP and the Home Agent Director

The subsystem name enables the subsystem to send weights to a DFP manager. The subsystem name is limited to 15 characters.

Command Default

No DFP agent subsystem is defined.

Command Modes

Global configuration (config)

Command History

Release

Modification

12.1(8a)E

This command was introduced.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.3(4)T

This command was integrated into Cisco IOS Release 12.3(4)T.

12.2(18)SXD

The mobileip subsystem name was added.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

To discover the subsystem names that are available in your network, enter the ip dfp agent ? command.

Examples

The following example identifies a DFP agent subsystem named slb:

Router(config)# ip dfp agent slb
Router(config-dfp)#

Related Commands

Command

Description

agent

Identifies a DFP agent to which IOS SLB can connect.

ip slb dfp

Configures DFP, supplies an optional password, and initiates DFP configuration mode.

ip slb capp udp

To enable the IOS SLB KeepAlive Application Protocol (KAL-AP) agent and enter SLB Content Application Peering Protocol (CAPP) configuration mode, use the ip slb capp udpcommand in global configuration mode. To disable the KAL-AP agent feature, use the no form of this command.

ip slb capp udp
no ip slb capp udp

Syntax Description

This command has no arguments or keywords.

Command Default

The KAL-AP agent is not enabled.

Command Modes

Global configuration (config)

Command History

Release

Modification

12.2(33)SRC

This command was introduced.

Examples

The following example enables the KAL-AP agent an enters CAPP UDP configuration mode:

Router(config)# ip slb capp udp

Related Commands

Command

Description

farm-weight

Specifies a weight to be used by the IOS SLB KeepAlive Application Protocol (KAL-AP) agent when calculating the load value for a server farm.

kal-ap domain

Specifies a domain tag to be used by the IOS SLB KeepAlive Application Protocol (KAL-AP) agent when searching for a server farm.

peer port

Specifies the port to which the IOS SLB KeepAlive Application Protocol (KAL-AP) agent is to connect.

peer secret

Enables Message Digest Algorithm Version 5 (MD5) authentication for the IOS SLB KeepAlive Application Protocol (KAL-AP) agent.

ip slb dfp

To configure Dynamic Feedback Protocol (DFP), supply an optional password, and enter DFP configuration mode, use the ip slb dfp command in global configuration mode. To remove the DFP configuration, use the no form of this command.

ip slb dfp [ password [encrypt] secret-string [timeout] ]
no ip slb dfp

Syntax Description

password

(Optional) Password for Message Digest Algorithm Version 5 (MD5) authentication.

encrypt

(Optional) Indicates how the secret-string is represented when the configuration is displayed (for example, show run), or how it is written to nonvolatile memory (for example, write memory).

The possible values are 0 and 7:

  • 0 --The secret-string is stored in plain text. This is the default setting.
  • 7 --The secret-string is encrypted before it is displayed or written to nonvolatile memory.
Note    If your router is configured to encrypt all passwords, then the password is represented as 7 followed by the encrypted text. See the Cisco IOS service command for more details.

secret-string

(Optional) 1- to 64-character clear password value for MD5 authentication. All characters are valid; case is significant. This password must match the password configured on the host agent.

The secret-stringis always sent in plain text when the configuration is downloaded.

The secret-stringmust match the secret that is specified on the RADIUS client (for example, the gateway general packet radio service [GPRS] support node [GGSN]).

timeout

(Optional) Delay period, in seconds, during which both the old password and the new password are accepted. The valid range is 0 to 65535 seconds. The default value is 180 seconds, if a password is specified.

Command Default

The default password encryption is 0 (unencrypted). The default password timeout is 180 seconds, if a password is specified.

Command Modes

Global configuration (config)

Command History

Release

Modification

12.0(7)XE

This command was introduced.

12.1(5)T

This command was integrated into Cisco IOS Release 12.1(5)T.

12.2

This command was integrated into Cisco IOS Release 12.2.

12.1(3a)E

The 0 and 7 keywords were added.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

The password specified in the ip slb dfp command for the DFP manager must match the password specified in the password command for the DFP agent.

The timeout option allows you to change the password without stopping messages between the DFP agent and its manager. The default value is 180 seconds.

During the timeout, the agent sends packets with the old password (or null, if there is no old password), and receives packets with either the old or new password. After the timeout expires, the agent sends and receives packets only with the new password; received packets that use the old password are discarded.

If you are changing the password for an entire load-balanced environment, set a longer timeout to allow enough time for you to update the password on all agents and servers before the timeout expires. Setting a longer timeout also prevents mismatches between agents and servers that have begun running the new password and agents, and servers on which you have not yet changed the old password.

If you are running IOS SLB as a DFP manager, and you specify a password on the ip slb dfp command, the password must match the one specified on the password command in DFP agent configuration mode in the DFP agent.

Examples

The following example configures DFP, sets the DFP password to Password1 and the timeout to 360 seconds, and enters DFP configuration mode:

Router(config)# ip slb dfp password Password1 360
Router(config-slb-dfp)#

Related Commands

Command

Description

agent

Identifies a DFP agent to which IOS SLB can connect.

ip dfp agent

Identifies a DFP agent subsystem and enters DFP agent configuration mode.

ip slb entries

To configure an initial allocation and a maximum value for IOS Server Load Balancing (IOS SLB) database entries, use the ip slb entriescommand in global configuration mode. To restore the default values, use the no form of this command.

ip slb entries [ { conn [ init-conn [max-conn] ] | frag [ { init-frag [max-frag] | lifetime timeout} ] | gtp { gsn init-gsn [max-gsn] | nsapi init-nsapi [max-nsapi] } | sticky [ init-sticky [max-sticky] ] } ]
no ip slb entries [ { conn frag [ { lifetime} ] gtp { gsn | nsapi} | sticky} ]

Syntax Description

conn

(Optional) Configures an initial allocation and a maximum value for IOS SLB connection database entries.

init-conn

(Optional) Initial allocation of connection database entries. When the number of available entries is reduced to less than half of the init-conn argument, IOS SLB begins allocating additional entries. The number of entries can grow dynamically up to the number specified by the max-connargument.

Valid range is 1 to 1000000 connection database entries. The default is 8000 connection database entries.

Note    Be careful when setting the init-conn argument to a very high value, such as 1000000, because IOS SLB immediately allocates those entries, which can cause the router or switch to pause indefinitely. Start with a lower value, such as 125000.

max-conn

(Optional) Maximum number of connection database entries that can be allocated.

Valid range is 1 to 8000000 connection database entries. The default is 8000000 connection database entries.

frag

(Optional) Configures an initial allocation and a maximum value for IOS SLB fragment database entries.

init-frag

(Optional) Initial allocation of routing entries in the fragment database. When the number of available entries is reduced to less than half of the init-frag argument, IOS SLB begins allocating additional entries. The number of entries can grow dynamically up to the number specified by the max-fragargument.

Valid range is 1 to 1000000 connection database entries. The default is 2000 connection database entries.

Note    Be careful when setting the init-frag argument to a very high value, such as 1000000, because IOS SLB immediately allocates those entries, which can cause the router or switch to pause indefinitely. Start with a lower value, such as 125000.

max-frag

(Optional) Maximum number of fragment database entries that can be allocated.

Valid range is 1 to 8000000 fragment database entries. The default is 32000 fragment database entries.

lifetime timeout

(Optional) Lifetime of an entry in the IOS SLB fragment database, in seconds.

Valid range is 1 to 255 seconds. The default value is 10 seconds.

gtp

(Optional) Configures an initial allocation and a maximum value for IOS SLB general packet radio service (GPRS) Tunneling Protocol (GTP) database entries.

gsn

(Optional) Configures an initial allocation and a maximum value for IOS SLB GPRS support node (GSN) database entries.

init-gsn

(Optional) Initial allocation of GSN database entries. When the number of available entries is reduced to less than half of the init-gsn argument, IOS SLB begins allocating additional entries. The number of entries can grow dynamically up to the number specified by the max-gsnargument.

Valid range is 1 to 5000 GSN database entries. The default is 200 GSN database entries.

Note    Be careful when setting the init-gsn argument to a very high value, such as 5000, because IOS SLB immediately allocates those entries, which can cause the router or switch to pause indefinitely. Start with a lower value, such as 500.

max-gsn

(Optional) Maximum number of GSN database entries that can be allocated.

Valid range is 1 to 20000 GSN database entries. The default is 20000 GSN database entries.

nsapi

(Optional) Configures an initial allocation and a maximum value for IOS SLB Network Service Access Point Identifier (NSAPI) database entries.

init-nsapi

(Optional) Initial allocation of NSAPI database entries. When the number of available entries is reduced to less than half of the init-nsapi argument, IOS SLB begins allocating additional entries. The number of entries can grow dynamically up to the number specified by the max-nsapiargument.

Valid range is 1 to 1000000 NSAPI database entries. The default is 8000 NSAPI database entries.

Note    Be careful when setting the init-nsapi argument to a very high value, such as 1000000, because IOS SLB immediately allocates those entries, which can cause the router or switch to pause indefinitely. Start with a lower value, such as 125000.

max-nsapi

(Optional) Maximum number of NSAPI database entries that can be allocated.

Valid range is 1 to 8000000 NSAPI database entries. The default is 8000000 NSAPI database entries.

sticky

(Optional) Configures an initial allocation and a maximum value for IOS SLB sticky connection database entries.

init-sticky

(Optional) Initial allocation of sticky database entries. When the number of available entries is reduced to less than half of the init-stickyargument, IOS SLB begins allocating additional entries. The number of entries can grow dynamically up to the number specified by the max-stickyargument.

Valid range is 1 to 1000000 sticky database entries. The default is 4000 sticky database entries.

Note    Be careful when setting the init-stickyargument to a very high value, such as 1000000, because IOS SLB immediately allocates those entries, which can cause the router or switch to pause indefinitely. Start with a lower value, such as 125000.

max-sticky

(Optional) Maximum number of sticky database entries that can be allocated. Valid range is 1 to 8000000 sticky database entries. The default is 8000000 sticky database entries.

Command Default

For the connection database, the default initial allocation is 8000 connections, and the default maximum is 8000000 connections. For the fragment database, the default initial allocation is 2000 fragments, and the default maximum is 8000000 fragments. The default lifetime is 10 seconds. For the GSN database, the default initial allocation is 200 GSNs, and the default maximum is 20000 GSNs. For the NSAPI database, the default initial allocation is 8000 NSAPIs, and the default maximum is 8000000 NSAPIs. For the sticky connection database, the default initial allocation is 4000 sticky connections, and the default maximum is 3200 sticky connections.

Command Modes

Global configuration (config)

Command History

Release

Modification

12.1(2)E

This command was introduced.

12.1(11b)E

The lifetimekeyword and timeout argument were added.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.1(13)E3

The gsn, gtp, and nsapi keywords and init-gsn, init-nsapi, max-gsn, and max-nsapi arguments were added.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

Enter this command before entering the rest of your IOS SLB configuration. If you have already begun configuring IOS SLB before entering this command, you must reload ISO SLB after entering this command.

If you configure an initial allocation value that exceeds the amount of available memory, memory might not be available for other features. In extreme cases, the router or switch might not boot properly. Therefore, be careful when you configure initial allocation values.

Examples

The following example configures an initial allocation of 128,000 connections, which can grow dynamically to a limit of 512,000 connections:

Router(config)# ip slb entries conn 128000 512000

Related Commands

Command

Description

show ip slb conns

Displays all connections handled by IOS SLB, or, optionally, only those connections associated with a particular virtual server or client.

ip slb firewallfarm

To identify a firewall farm and enter firewall farm configuration mode, use the ip slb firewallfarmcommand in global configuration mode. To remove the firewall farm from the IOS Server Load Balancing (IOS SLB) configuration, use the no form of this command.

ip slb firewallfarm firewall-farm
no ip slb firewallfarm firewall-farm

Syntax Description

firewall-farm

Character string used to identify the firewall farm. The character string is limited to 15 characters.

Command Default

No default behavior or values

Command Modes

Global configuration (config)

Command History

Release

Modification

12.1(3a)E

This command was introduced.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

Grouping real servers into firewall farms is an essential part of IOS SLB firewall load balancing. Using firewall farms enables IOS SLB to assign new connections to the real servers based on their weighted capacities, and on the load-balancing algorithms used.

Examples

The following example identifies a firewall farm named FIRE1:

Router(config)# ip slb firewallfarm FIRE1

Related Commands

Command

Description

real (firewall farm)

Identifies a firewall by IP address as a member of a firewall farm and enters real server configuration mode.

ip slb map

To configure an IOS SLB protocol map and enter SLB map configuration mode, use the ip slb mapcommand in global configuration mode. To delete the map, use the no form of this command.

ip slb map map-id { gtp | radius}
no ip slb map map-id { gtp | radius}

Syntax Description

map-id

IOS SLB protocol map identifier. The valid range is from 1 to 255.

gtp

For general packet radio service (GPRS) load balancing, configures an IOS SLB GPRS Tunneling Protocol (GTP) map and enters SLB GTP map configuration mode.

radius

For RADIUS load balancing, configures an IOS SLB RADIUS map and enters SLB RADIUS map configuration mode.

Command Default

No SLB protocol map is configured.

Command Modes

Global configuration (config)

Command History

Release

Modification

12.2(33)SRB

This command was introduced.

Usage Guidelines

You can configure up to 255 IOS SLB GTP or RADIUS maps. However, we recommend that you configure no more than 10 maps for a given virtual server.

Each map ID must be unique across all server farms associated with a given GTP or RADIUS virtual server. That is, you cannot configure more than one map with the same ID.

For each IOS SLB RADIUS map, you can configure a single calling-station-id command or a single username (IOS SLB) command, but not both.

Configure the gtp or radius keyword only on maps that are to be used with GTP or RADIUS virtual servers, respectively.

Examples

The following example configures IOS SLB RADIUS map 1 and enters SLB RADIUS map configuration mode:

Router(config)# ip slb map 1 radius

Related Commands

Command

Description

calling-station-id

Configures an ASCII regular expression string to be matched against the calling station ID attribute in the RADIUS payload.

show ip slb map

Displays information about IOS SLB protocol maps.

username (IOS SLB)

Configures an ASCII regular expression string to be matched against the username attribute in the RADIUS payload.

ip slb maxbuffers frag

To configure the maximum number of buffers for the IOS Server Load Balancing (IOS SLB) fragment database, use the ip slb maxbuffers frag command in global configuration mode. To restore the default setting, use the no form of this command.

ip slb maxbuffers frag buffers
no ip slb maxbuffers frag

Syntax Description

buffers

Maximum number of out-of-order trailing fragments to be buffered simultaneously in the IOS SLB fragment database, waiting for the leader fragment. This value can help prevent IOS SLB memory from being overrun in the event of a fragment attack.

Valid range is 0 to 65535 buffers. The default value is 100 buffers.

Command Default

The default maximum is 100 buffers.

Command Modes

Global configuration (config)

Command History

Release

Modification

12.1(11b)E

This command was introduced.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example sets the maximum number of buffers for the IOS SLB fragment buffer to 300:

Router(config)# ip slb maxbuffers frag 300

ip slb natpool

To configure an IOS Server Load Balancing (IOS SLB) Network Address Translation (NAT) to create at least one client address pool, use the ip slb natpoolcommand in global configuration mode. To remove an ip slb natpool configuration, use the no form of this command.

ip slb natpool pool start-ip end-ip [ { netmask netmask | prefix-length leading-1-bits} ] [ entries init-address [max-address] ]
no ip slb natpool pool

Syntax Description

pool

Character string used to identify this client address pool. The character string is limited to 15 characters.

start-ip

Starting IP address that defines the range of addresses in the address pool.

end-ip

Ending IP address that defines the range of addresses in the address pool.

netmask netmask

(Optional) Configures the mask for the associated IP subnet. Specifies the netmask of the network to which the pool addresses belong.

prefix-length leading-1-bits

(Optional) Specifies how many bits of the netmask are ones (that is, how many bits of the address indicate the network).

entries

(Optional) Configures an initial allocation and optional maximum value for IOS SLB client NAT address entries for the pool argument.

init-address

(Optional) Initial allocation of client NAT address entries. The number of client NAT address entries can grow dynamically: When the number of available client NAT address entries is less than half of the init-addressargument, IOS SLB allocates additional client NAT address entries.

Valid range is 1 to 1000000 client NAT address entries. The default is 8000 client NAT address entries.

max-address

(Optional) Maximum number of client NAT address entries that can be allocated. Valid range is 1 to 8000000 client NAT address entries.

The default is the maximum number of ports that can be allocated within the IP address range specified for pool. For example, the following command:

ip slb natpool 10.1.10.1 10.1.10.5 prefix-length 24 entries 8000

has a default max-address of (10.1.10.1-10.1.10.1.5*54535, or 4*54535, or 218140.

Command Default

The default initial allocation is 8000 client NAT address entries. The default maximum number of client NAT address entries that can be allocated is the maximum number of ports that can be allocated within the IP address range.

Command Modes

Global configuration (config)

Command History

Release

Modification

12.1(2)E

This command was introduced.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

If you want to use client NAT, you must create at least one client address pool.

The range of IP addresses in the address pool, configured with the start-ip and end-ip arguments, must not overlap the IP address for a VLAN as specified on the ip addressinterface configuration command.

Examples

The following example configures an IOS SLB NAT server farm pool of addresses with the name web-clients, the IP address range from 10.1.10.1 to 10.1.10.5, and a subnet mask of 255.255.0.0:

Router(config)# ip slb natpool web-clients 10.1.10.1 10.1.10.5 netmask 255.255.0.0

Related Commands

Command

Description

show ip slb natpool

Displays information about the IOS SLB NAT configuration.

show ip slb serverfarms

Displays information about the server farm configuration.

ip slb probe custom udp

To configure a custom User Datagram Protocol (UDP) probe name and enter custom UDP probe configuration mode, use the ip slb probe custom udpcommand in global configuration mode. To remove a custom UDP probe name, use the no form of this command.

ip slb probe probe custom udp
no ip slb probe probe

Syntax Description

probe

Name of the custom UDP probe. The character string is limited to 15 characters.

Command Default

No custom UDP probe is configured.

Command Modes

Global configuration (config)

Command History

Release

Modification

12.1(13)E3

This command was introduced.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

This command configures the custom UDP probe name and application protocol and enters custom UDP configuration mode.

The custom UDP probe cannot be unconfigured while it is being used by the server farm or firewall farm.

You can configure more than one probe, in any combination of supported types, for each server farm or for each firewall in a firewall farm.

Examples

The following example configures an IOS Server Load Balancing (IOS SLB) probe named PROBE6, then enters custom UDP probe configuration mode:

Router(config)# ip slb probe PROBE6 custom udp

Related Commands

Command

Description

address (custom UDP probe)

Configures an IP address to which to send custom UDP probes.

interval (custom UDP probe)

Configures a custom UDP probe interval.

port (custom UDP probe)

Specifies the port to which a custom UDP probe is to connect.

request (custom UDP probe)

Defines the payload of the UDP request packet to be sent by a custom UDP probe.

response

Defines the data string to match against custom UDP probe response packets.

show ip slb probe

Displays information about an IOS SLB probe.

ip slb probe dns

To configure a Domain Name System (DNS) probe name and enter DNS probe configuration mode, use the ip slb probe dnscommand in global configuration mode. To remove a DNS probe name, use the no form of this command.

ip slb probe probe dns
no ip slb probe probe

Syntax Description

probe

Name of the DNS probe. The character string is limited to 15 characters.

Command Default

No DNS probe is configured.

Command Modes

Global configuration (config)

Command History

Release

Modification

12.1(11b)E

This command was introduced.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

DNS probes send domain name resolve requests to real servers and verify the returned IP addresses.

This command configures the DNS probe name and application protocol and enters DNS configuration mode.

The DNS probe cannot be unconfigured while it is being used by the server farm or firewall farm.

You can configure more than one probe, in any combination of supported types, for each server farm or for each firewall in a firewall farm.

Examples

The following example configures an IOS Server Load Balancing (IOS SLB) probe named PROBE4, then enters DNS probe configuration mode:

Router(config)# ip slb probe PROBE4 dns

Related Commands

Command

Description

show ip slb probe

Displays information about an IOS SLB probe.

ip slb probe http

To configure an HTTP probe name and enter HTTP probe configuration mode, use the ip slb probe httpcommand in global configuration mode. To remove an HTTP probe name, use the no form of this command.

ip slb probe probe http
no ip slb probe probe

Syntax Description

probe

Name of the HTTP probe. The character string is limited to 15 characters.

Command Default

No HTTP probe is configured.

Command Modes

Global configuration (config)

Command History

Release

Modification

12.1(2)E

This command was introduced.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

This command configures the HTTP probe name and application protocol and enters HTTP configuration mode.

The HTTP probe cannot be unconfigured while it is being used by the server farm or firewall farm.

You can configure more than one probe, in any combination of supported types, for each server farm or for each firewall in a firewall farm.


Note


HTTP probes require a route to the virtual server. The route is not used, but it must exist to enable the sockets code to verify that the destination can be reached, which in turn is essential for HTTP probes to function correctly. The route can be either a host route (advertised by the virtual server) or a default route (specified using the ip route 0.0.0.0 0.0.0.0command, for example).

Examples

The following example configures an IOS Server Load Balancing (IOS SLB) probe named PROBE2, then enters HTTP probe configuration mode:

Router(config)# ip slb probe PROBE2 http

Related Commands

Command

Description

show ip slb probe

Displays information about an IOS SLB probe.

ip slb probe ping

To configure a ping probe name and enter ping probe configuration mode, use the ip slb probe pingcommand in global configuration mode. To remove a ping probe name, use the no form of this command.

ip slb probe probe ping
no ip slb probe probe

Syntax Description

probe

Name of the ping probe. The character string is limited to 15 characters.

Command Default

No ping probe is configured.

Command Modes

Global configuration (config)

Command History

Release

Modification

12.1(3a)E

This command was introduced.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

This command configures the ping probe name and application protocol and enters ping configuration mode.

The ping probe cannot be unconfigured while it is being used by the server farm or firewall farm.

You can configure more than one probe, in any combination of supported types, for each server farm or for each firewall in a firewall farm.

Examples

The following example configures an IOS Server Load Balancing (IOS SLB) probe named PROBE1, then enters ping probe configuration mode:

Router(config)# ip slb probe PROBE1 ping

Related Commands

Command

Description

show ip slb probe

Displays information about an IOS SLB probe.

ip slb probe tcp

To configure a TCP probe name and enter TCP probe configuration mode, use the ip slb probe tcpcommand in global configuration mode. To remove a TCP probe name, use the no form of this command.

ip slb probe probe tcp
no ip slb probe probe

Syntax Description

probe

Name of the TCP probe. The character string is limited to 15 characters.

Command Default

No TCP probe is configured.

Command Modes

Global configuration (config)

Command History

Release

Modification

12.1(11b)E

This command was introduced.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

This command configures the TCP probe name and application protocol and enters TCP configuration mode.

The TCP probe cannot be unconfigured while it is being used by the server farm or firewall farm.

You can configure more than one probe, in any combination of supported types, for each server farm or for each firewall in a firewall farm.

Examples

The following example configures an IOS Server Load Balancing (IOS SLB) probe named PROBE5, then enters TCP probe configuration mode:

Router(config)# ip slb probe PROBE5 tcp

Related Commands

Command

Description

show ip slb probe

Displays information about an IOS SLB probe.

ip slb probe wsp

To configure a Wireless Session Protocol (WSP) probe name and enter WSP probe configuration mode, use the ip slb probe wspcommand in global configuration mode. To remove a WSP probe name, use the no form of this command.

ip slb probe probe wsp
no ip slb probe probe

Syntax Description

probe

Name of the WSP probe. The character string is limited to 15 characters.

Command Default

No WSP probe is configured.

Command Modes

Global configuration (config)

Command History

Release

Modification

12.1(5a)E

This command was introduced.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

This command configures the WSP probe name and application protocol and enters WSP probe configuration mode.

The WSP probe cannot be unconfigured while it is being used by the server farm or firewall farm.

You can configure more than one probe, in any combination of supported types, for each server farm or for each firewall in a firewall farm.

Examples

The following example configures an IOS Server Load Balancing (IOS SLB) probe named PROBE3, then enters WSP probe configuration mode:

Router(config)# ip slb probe PROBE3 wsp

Related Commands

Command

Description

show ip slb probe

Displays information about an IOS SLB probe.

ip slb replicate slave rate

To set the replication message rate for IOS Server Load Balancing (IOS SLB) slave replication, use the ip slb replicate slave ratecommand in global configuration mode. To restore the default rate, use the no form of this command.

ip slb replicate slave rate rate
no ip slb replicate slave rate rate

Syntax Description

rate

Replication message rate for IOS SLB slave replication, in messages per second. The valid range is 50 messages per second to 1000 messages per second. The default setting is 400 messages per second.

Command Default

The default rate is 400 messages per second.

Command Modes

Global configuration (config)

Command History

Release

Modification

12.2(14)ZA5

This command was introduced.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

This command enables you to manage Interprocess Communication Channel (IPC) resources between two route processors. If there is congestion between the two route processors, use this command to set a lower rate.

If the replication rate is exceeded, IOS SLB issues an appropriate error message.

General packet radio service (GPRS) load balancing without GPRS Tunneling Protocol (GTP) cause code inspection enabled does not support the ip slb replicate slave ratecommand in global configuration mode.

The Home Agent Director does not support the ip slb replicate slave ratecommand in global configuration mode.

Examples

The following example sets the replication message rate to 500 messages per second:

Router(config)# ip slb replicate slave rate 500

Related Commands

Command

Description

replicate casa (firewall farm)

Configures a stateful backup of IOS SLB decision tables to a backup switch

replicate interval (firewall farm)

Sets the replication delivery interval for an IOS SLB firewall farm.

replicate slave (firewall farm)

Enables stateful backup of redundant route processors for an IOS SLBfirewall farm.

show ip slb replicate

Displays the configuration of IOS SLB IP replication.

show ip slb virtuals

Displays information about the virtual servers defined to IOS SLB.

ip slb route

To enable IOS Server Load Balancing (IOS SLB) to route packets using the RADIUS framed-IP sticky database, or to route packets from one firewall real server back through another firewall real server, use the ip slb routecommand in global configuration mode. To route packets normally, use the no form of this command.

ip slb route { framed-ip deny | ip-address netmask framed-ip | inter-firewall}
no ip slb route { framed-ip deny | ip-address netmask framed-ip | inter-firewall}

Syntax Description

framed-ip deny

(Optional) Packets that do not match entries in the IOS SLB RADIUS framed-ip sticky database are not routed.

ip-address

(Optional) IP address of packets to be inspected.

netmask

(Optional) Subnet mask specifying a range of packets to be inspected.

framed-ip

(Optional) Packets are to be routed using the IOS SLB RADIUS framed-IP sticky database.

inter-firewall

(Optional) Enables IOS SLB to route packets from one firewall real server back through another firewall real server, if the flows to the destination IP would otherwise have been firewall load-balanced. This can be done within the same firewall farm or across different firewall farms.

Command Default

Cisco IOS SLB cannot route packets using the RADIUS framed-IP sticky database, nor can it route packets from one firewall real server back through another firewall real server.

Command Modes

Global configuration (config)

Command History

Release

Modification

12.1(11b)E

This command was introduced.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.1(13)E3

The inter-firewall keyword was added.

12.2 (14)ZA6

The framed-ip denykeyword was added.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

This command enables IOS SLB to inspect packets whose source IP addresses match the specified IP address and subnet mask. IOS SLB then searches for the packet’s source IP address in the RADIUS framed-IP sticky database. If the database contains a matching entry, IOS SLB routes the packet to the associated real server. If the database does not contain a matching entry, IOS SLB routes the packet normally.

The inter-firewall keyword is useful when traffic is arriving from an address behind a firewall, is destined for an address behind a firewall, and has a sticky entry to be routed via the routing table.

Examples

The following example enables IOS SLB to inspect packets with the source IP address 10.10.10.1:

Router(config)# ip slb route 10.10.10.1 255.255.255.255 framed-ip

Related Commands

Command

Description

show ip slb sticky

Displays the IOS SLB sticky database.

ip slb serverfarm

To identify a server farm and enter SLB server farm configuration mode, use the ip slb serverfarm command in global configuration mode. To remove the server farm from the IOS Server Load Balancing (IOS SLB) configuration, use the no form of this command.

ip slb serverfarm server-farm
no ip slb serverfarm server-farm

Syntax Description

server-farm

Character string used to identify the server farm. The character string is limited to 15 characters.

Command Default

No server farm is identified.

Command Modes

Global configuration (config)

Command History

Release

Modification

12.0(7)XE

This command was introduced.

12.1(5)T

This command was integrated into Cisco IOS Release 12.1(5)T.

12.2

This command was integrated into Cisco IOS Release 12.2.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

Grouping real servers into server farms is an essential part of IOS SLB. Using server farms enables IOS SLB to assign new connections to the real servers based on their weighted capacities, and on the load-balancing algorithms used.

Examples

The following example identifies a server farm named PUBLIC:

Router(config)# ip slb serverfarm PUBLIC
Router(config-slb-sfarm)#

Related Commands

Command

Description

real (server farm)

Identifies a real server by IP address and optional port number as a member of a server farm and enters real server configuration mode.

ip slb static

To configure a real server’s Network Address Translation (NAT) behavior and enter static NAT configuration mode, use the ip slb staticcommand in global configuration mode. To restore the real server’s default NAT behavior, use the no form of this command.

ip slb static { drop | nat { virtual | virtual-ip [ { per-packet | sticky} ] } }
no ip slb static { drop | nat { virtual | virtual-ip [ { per-packet | sticky} ] } }

Syntax Description

drop

Indicates that IOS Server Load Balancing (IOS SLB) is to drop packets from this real server if the packets do not correspond to existing connections. This option is usually used in conjunction with the subnet mask or port number option on the real command in static NAT configuration mode, such that IOS SLB builds connections to the specified subnet or port, and drops all other connections from the real server.

nat virtual

Configures the real server to use server NAT, and to use the virtual IP address that is configured on the real command in static NAT configuration mode when translating addresses.

nat virtual-ip

Configures the real server to use server NAT, and to use the specified virtual IP address when translating addresses.

per-packet

(Optional) IOS SLB is not to maintain connection state for packets originating from the real server. That is, IOS SLB is to use server NAT to redirect packets originating from the real server.

sticky

(Optional) Indicates that IOS SLB is not to maintain connection state for packets originating from the real server, unless those packets match a sticky object. That is, if IOS SLB can find a matching sticky object, it builds the connection. Otherwise, IOS SLB does not build the connection.

Command Default

If you do not specify either the per-packet or stickykeyword, IOS SLB maintains connection state for packets originating from the real server.

Command Modes

Global configuration (config)

Command History

Release

Modification

12.1(11b)E

This command was introduced.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

If you specify the virtual-ip argument and you do not specify the per-packet option, IOS SLB uses server port translation to distinguish between connection requests initiated by different real servers.

Static NAT with the per-packet option specified does not load-balance fragmented packets.

Examples

The following example specifies that the real server is to use server NAT and to use virtual IP address 10.1.10.1 when translating addresses, and that IOS SLB is not to maintain connection state for any packets originating from the real server:

Router(config)# ip slb static nat 10.1.10.1 per-packet

Related Commands

Command

Description

show ip slb static

Displays information about the static NAT configuration.

ip slb timers gtp gsn

To change the amount of time IOS Server Load Balancing (IOS SLB) maintains sessions to and from an idle gateway general packet radio service (GPRS) support node (GGSN) or serving GPRS support node (SGSN), use the ip slb timers gtp gsncommand in global configuration mode. To restore the default GPRS support node (GSN) idle timer, use the no form of this command.

ip slb timers gtp gsn duration
no ip slb timers gtp gsn duration

Syntax Description

duration

GSN idle timer duration in seconds, which defines how long IOS SLB is to allow a GGSN or SGSN to be idle (that is, to go without echoing or signaling through IOS SLB). When the timer expires, IOS SLB cleans up all sessions that are using the idle GGSN or SGSN.

The valid range is 1 to 65535 seconds. The default value is 90 seconds.

Command Default

The default duration is 90 seconds.

Command Modes

Global configuration (config)

Command History

Release

Modification

12.1(13)E3

This command was introduced.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

This command sets the GSN idle timer for all IOS SLB virtual servers that are configured for GPRS Tunneling Protocol (GTP) cause code inspection. When the GSN idle timer expires, IOS SLB destroys all sessions to and from the idle GGSN or SGSN.

Examples

The following example specifies that IOS SLB maintains sessions for 45 seconds after a GGSN or SGSN becomes idle:

Router(config)# ip slb timers gtp gsn 45

Related Commands

Command

Description

virtual

Configures the virtual server attributes.

ip slb vserver

To identify a virtual server and enter SLB virtual server configuration mode, use the ip slb vservercommand in global configuration mode. To remove a virtual server from the IOS Server Load Balancing (IOS SLB) configuration, use the no form of this command.

ip slb vserver virtual-server
no ip slb vserver virtual-server

Syntax Description

virtual-server

Character string used to identify the virtual server. The character string is limited to 15 characters.

Command Default

No virtual server is identified.

Command Modes

Global configuration (config)

Command History

Release

Modification

12.0(7)XE

This command was introduced.

12.1(5)T

This command was integrated into Cisco IOS Release 12.1(5)T.

12.2

This command was integrated into Cisco IOS Release 12.2.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example identifies a virtual server named PUBLIC_HTTP:

Router(config)# ip slb vserver PUBLIC_HTTP
Router(config-slb-vserver)#

Related Commands

Command

Description

serverfarm

Associates a real server farm with a virtual server, and optionally configures a backup server farm and specifies that sticky connections are to be used in the backup server farm.

show ip slb vservers

Displays information about the virtual servers defined to IOS Server Load Balancing (IOS SLB).

kal-ap domain

To enable the IOS SLB KeepAlive Application Protocol (KAL-AP) agent to look for a domain tag when reporting the load for a virtual server, use the kal-ap domaincommand in server farm configuration mode. To delete the domain tag, use the no form of this command.

kal-ap domain tag
no kal-ap domain

Syntax Description

tag

1- to 64-character domain tag to be used by the KAL-AP agent. All characters are valid; case is significant.

Command Default

The KAL-AP agent does not look for a domain tag when reporting the load for a virtual server.

Command Modes

Server farm configuration (config-slb-sfarm)

Command History

Release

Modification

12.2(33)SRC

This command was introduced.

Usage Guidelines

Configure the kal-ap domain command on the server farm that is associated with the virtual server for which the KAL-AP agent is to report the load.

Examples

The following example specifies that the KAL-AP agent is to look for domain tag chicago.com:

Router(config-slb-sfarm)# kal-ap domain chicago-com

Related Commands

Command

Description

ip capp udp

Enables the IOS SLB KeepAlive Application Protocol (KAL-AP) agent and enters SLB Content Application Peering Protocol (CAPP) configuration mode.

ip slb serverfarm

Identifies a server farm and enter SLB server farm configuration mode.