- Table of Contents
- Preface
- Overview
- Networking with the Content Switching Module
- Getting Started
- Configuring VLANs
- Configuring Real Servers and Server Farms
- Configuring Virtual Servers, Maps and Policies
- Configuring Redundant Connections
- Configuring Additional Features and Options
- Configuring Health Monitoring
- Configuring CSM Scripts
- Configuring Firewall Load Balancing
- Configuration Examples
- System Messages
- CSM XML Document Type Definition
CSM XML Document Type Definition
You can use this DTD to configure the CSM as described in the "Configuring the XML Interface" section.
The CSM XML Document Type Definition (DTD) is as follows:
<!--
/*
* cisco_csm.dtd - XML DTD for CSM 3.2
*
* January 2002 Paul Mathison
*
* Copyright (c) 2002, 2003 by cisco Systems, Inc.
* All rights reserved
*/
-->
<!--
Notes:
Each element refers to a particular IOS CLI command.
Each attribute refers to a command parameter.
Except where noted, all "name" attributes are strings of length
1 to 15, with no whitespace.
IP address and mask attributes use standard "x.x.x.x" format.
-->
<!--
*************************************************************
Elements and attributes required by various other elements
*************************************************************
-->
<!ELEMENT inservice EMPTY>
<!ATTLIST inservice
sense (yes | no) #IMPLIED
>
<!ELEMENT inservice_standby EMPTY>
<!ATTLIST inservice_standby
sense (yes | no) #IMPLIED
>
<!--
backup_name is a string of length 1 to 15
backup_sticky default is "no"
-->
<!ELEMENT serverfarm_ref EMPTY>
<!ATTLIST serverfarm_ref
sense (yes | no) #IMPLIED
name CDATA #REQUIRED
backup_name CDATA #IMPLIED
backup_sticky (yes | no) #IMPLIED
>
<!--
value is between 1 and 4294967295
-->
<!ELEMENT maxconns EMPTY>
<!ATTLIST maxconns
sense (yes | no) #IMPLIED
value NMTOKEN #REQUIRED
>
<!--
id is between 1 and 255
-->
<!ELEMENT reverse_sticky EMPTY>
<!ATTLIST reverse_sticky
sense (yes | no) #IMPLIED
id NMTOKEN #REQUIRED
>
<!--
*************************************************************
Elements and attributes required for env_variable
*************************************************************
-->
<!--
name is a string of length 1 to 31
expression is a string of length 0 to 127
-->
<!ELEMENT env_variable EMPTY>
<!ATTLIST env_variable
sense (yes | no) #IMPLIED
name CDATA #REQUIRED
expression CDATA #REQUIRED
>
<!--
*************************************************************
Elements and attributes required for owner
*************************************************************
-->
<!--
string is of length 1 to 200
-->
<!ELEMENT billing_info EMPTY>
<!ATTLIST billing_info
sense (yes | no) #IMPLIED
string CDATA #REQUIRED
>
<!--
string is of length 1 to 200
-->
<!ELEMENT contact_info EMPTY>
<!ATTLIST contact_info
sense (yes | no) #IMPLIED
string CDATA #REQUIRED
>
<!ELEMENT owner (maxconns?, billing_info?, contact_info?)>
<!ATTLIST owner
sense (yes | no) #IMPLIED
name CDATA #REQUIRED
>
<!--
*************************************************************
Elements and attributes required for vlan
*************************************************************
-->
<!ELEMENT vlan_address EMPTY>
<!ATTLIST vlan_address
sense (yes | no) #IMPLIED
ipaddress NMTOKEN #REQUIRED
ipmask NMTOKEN #REQUIRED
>
<!ELEMENT gateway EMPTY>
<!ATTLIST gateway
sense (yes | no) #IMPLIED
ipaddress NMTOKEN #REQUIRED
>
<!--
gateway uses standard x.x.x.x format
-->
<!ELEMENT route EMPTY>
<!ATTLIST route
sense (yes | no) #IMPLIED
ipaddress NMTOKEN #REQUIRED
ipmask NMTOKEN #REQUIRED
gateway NMTOKEN #REQUIRED
>
<!ELEMENT alias EMPTY>
<!ATTLIST alias
sense (yes | no) #IMPLIED
ipaddress NMTOKEN #REQUIRED
ipmask NMTOKEN #REQUIRED
>
<!--
id is between 2 and 4094
Maximum of 7 gateways per vlan
Maximum of 4095 routes per vlan
Maximum of 255 aliases per vlan
Global maximum of 255 unique vlan_addresses
Global maximum of 255 vlan gateways (including routed gateways)
-->
<!ELEMENT vlan (vlan_address?, gateway*, route*, alias*)>
<!ATTLIST vlan
sense (yes | no) #IMPLIED
id NMTOKEN #REQUIRED
type (client | server) #REQUIRED
>
<!--
*************************************************************
Elements and attributes required for script_file and script_task
*************************************************************
-->
<!--
url is a string of length 1 to 200
-->
<!ELEMENT script_file EMPTY>
<!ATTLIST script_file
sense (yes | no) #IMPLIED
url CDATA #REQUIRED
>
<!--
id is between 1 and 100
name is a string of length 1 to 31
arguments is a string of length 0 to 199
-->
<!ELEMENT script_task EMPTY>
<!ATTLIST script_task
sense (yes | no) #IMPLIED
id NMTOKEN #REQUIRED
name CDATA #REQUIRED
arguments CDATA #IMPLIED
>
<!--
*************************************************************
Elements and attributes required for probe
*************************************************************
-->
<!--
value is between 2 and 65535 (default is 300)
-->
<!ELEMENT probe_failed EMPTY>
<!ATTLIST probe_failed
sense (yes | no) #IMPLIED
value NMTOKEN #REQUIRED
>
<!--
value is between 2 and 65535 (default is 120)
-->
<!ELEMENT probe_interval EMPTY>
<!ATTLIST probe_interval
sense (yes | no) #IMPLIED
value NMTOKEN #REQUIRED
>
<!--
value is between 0 and 65535 (default is 3)
-->
<!ELEMENT probe_retries EMPTY>
<!ATTLIST probe_retries
sense (yes | no) #IMPLIED
value NMTOKEN #REQUIRED
>
<!--
value is between 1 and 65535 (default 10)
-->
<!ELEMENT probe_open EMPTY>
<!ATTLIST probe_open
sense (yes | no) #IMPLIED
value NMTOKEN #REQUIRED
>
<!--
value is between 1 and 65535 (default 10)
-->
<!ELEMENT probe_receive EMPTY>
<!ATTLIST probe_receive
sense (yes | no) #IMPLIED
value NMTOKEN #REQUIRED
>
<!--
value is between 1 and 65535
-->
<!ELEMENT probe_port EMPTY>
<!ATTLIST probe_port
sense (yes | no) #IMPLIED
value NMTOKEN #REQUIRED
>
<!--
string is of length 1 to 64
-->
<!ELEMENT probe_domain EMPTY>
<!ATTLIST probe_domain
sense (yes | no) #IMPLIED
string CDATA #REQUIRED
>
<!ELEMENT probe_address EMPTY>
<!ATTLIST probe_address
sense (yes | no) #IMPLIED
ipaddress NMTOKEN #REQUIRED
mode (transparent | routed) "transparent"
>
<!ELEMENT probe_expect_address EMPTY>
<!ATTLIST probe_expect_address
sense (yes | no) #IMPLIED
ipaddress NMTOKEN #REQUIRED
>
<!--
expression is a string of length 1 to 200
-->
<!ELEMENT probe_header EMPTY>
<!ATTLIST probe_header
sense (yes | no) #IMPLIED
name CDATA #REQUIRED
expression CDATA #REQUIRED
>
<!--
user is a string of length 1 to 15
password is a string of length 1 to 15
-->
<!ELEMENT probe_credentials EMPTY>
<!ATTLIST probe_credentials
sense (yes | no) #IMPLIED
user CDATA #REQUIRED
password CDATA ""
>
<!--
url is a string of length 1 to 200
-->
<!ELEMENT probe_request EMPTY>
<!ATTLIST probe_request
sense (yes | no) #IMPLIED
method (get | head) #REQUIRED
url CDATA "/"
>
<!--
min_code is between 0 and 999
max_code default is match min_code
-->
<!ELEMENT probe_expect_status EMPTY>
<!ATTLIST probe_expect_status
sense (yes | no) #IMPLIED
min_code NMTOKEN #REQUIRED
max_code NMTOKEN #IMPLIED
>
<!--
name is a string of length 1 to 31
arguments is a string of length 0 to 199
-->
<!ELEMENT script_ref EMPTY>
<!ATTLIST script_ref
sense (yes | no) #IMPLIED
name CDATA #REQUIRED
arguments CDATA #IMPLIED
>
<!--
secret is a string of length 1 to 32
-->
<!ELEMENT probe_secret EMPTY>
<!ATTLIST probe_secret
sense (yes | no) #IMPLIED
secret CDATA #REQUIRED
>
<!--
Maximum of 255 probe_headers per http_probe
probe_address must use mode "routed"
-->
<!ELEMENT http_probe (probe_failed?, probe_interval?, probe_retries?,
probe_open?, probe_receive?, probe_port?, probe_address?,
probe_request?, probe_credentials?, probe_header*,
probe_expect_status*)
>
<!--
Maximum of 255 probe_expect_addresses per dns_probe
probe_address must use mode "routed"
-->
<!ELEMENT dns_probe (probe_failed?, probe_interval?, probe_retries?,
probe_receive?, probe_port?, probe_address?, probe_domain?,
probe_expect_address*)
>
<!--
probe_address must use mode "transparent"
-->
<!ELEMENT icmp_probe (probe_failed?, probe_interval?, probe_retries?,
probe_receive?, probe_address?)
>
<!ELEMENT tcp_probe (probe_failed?, probe_interval?, probe_retries?,
probe_open?, probe_port?)
>
<!ELEMENT udp_probe (probe_failed?, probe_interval?, probe_retries?,
probe_receive?, probe_port?)
>
<!ELEMENT smtp_probe (probe_failed?, probe_interval?, probe_retries?,
probe_open?, probe_receive?, probe_port?,
probe_expect_status*)
>
<!ELEMENT telnet_probe (probe_failed?, probe_interval?, probe_retries?,
probe_open?, probe_receive?, probe_port?,
probe_expect_status*)
>
<!ELEMENT ftp_probe (probe_failed?, probe_interval?, probe_retries?,
probe_open?, probe_receive?, probe_port?,
probe_expect_status*)
>
<!ELEMENT script_probe (probe_failed?, probe_interval?, probe_retries?,
probe_open?, probe_receive?, probe_port?, script_ref?)
>
<!--
probe_address must use mode "routed"
-->
<!ELEMENT kalap_udp_probe (probe_failed?, probe_interval?, probe_retries?,
probe_receive?, probe_port?, probe_address?,
probe_secret?)
>
<!--
probe_address must use mode "routed"
-->
<!ELEMENT kalap_tcp_probe (probe_failed?, probe_interval?, probe_retries?,
probe_open?, probe_receive?, probe_port?,
probe_address?, probe_secret?)
>
<!ELEMENT probe (http_probe | dns_probe | icmp_probe | tcp_probe | udp_probe |
smtp_probe | telnet_probe | ftp_probe | script_probe |
kalap_udp_probe | kalap_tcp_probe)
>
<!ATTLIST probe
sense (yes | no) #IMPLIED
name CDATA #REQUIRED
type (http | dns | icmp | tcp | udp |
smtp | telnet | ftp | script |
kal-ap-udp | kal-ap-tcp) #REQUIRED
>
<!--
*************************************************************
Elements and attributes required for natpool
*************************************************************
-->
<!--
Global maximum of 255 natpool addresses
-->
<!ELEMENT natpool EMPTY>
<!ATTLIST natpool
sense (yes | no) #IMPLIED
name CDATA #REQUIRED
first_ip NMTOKEN #REQUIRED
last_ip NMTOKEN #REQUIRED
ipmask NMTOKEN #REQUIRED
>
<!--
*************************************************************
Elements and attributes required by maps
*************************************************************
-->
<!--
url is a string of length 1 to 200
method is a string of length 1 to 15 (e.g. GET)
-->
<!ELEMENT url_rule EMPTY>
<!ATTLIST url_rule
sense (yes | no) #IMPLIED
url CDATA #REQUIRED
method CDATA #IMPLIED
>
<!--
name is a string of length 1 to 63
expression is a string of length 1 to 127
-->
<!ELEMENT cookie_rule EMPTY>
<!ATTLIST cookie_rule
sense (yes | no) #IMPLIED
name CDATA #REQUIRED
expression CDATA #REQUIRED
>
<!--
name is a string of length 1 to 63
expression is a string of length 1 to 127
-->
<!ELEMENT header_rule EMPTY>
<!ATTLIST header_rule
sense (yes | no) #IMPLIED
name CDATA #REQUIRED
expression CDATA #REQUIRED
type (match | insert) "match"
>
<!--
min_code and max_code are between 100 and 599
threshold is between 1 and 4294967295, no effect for count action
reset is between 0 and 4294967295 (0 means no reset)
-->
<!ELEMENT retcode_rule EMPTY>
<!ATTLIST retcode_rule
sense (yes | no) #IMPLIED
min_code NMTOKEN #REQUIRED
max_code NMTOKEN #REQUIRED
action (count | log | remove) #REQUIRED
threshold NMTOKEN #REQUIRED
reset NMTOKEN "0"
>
<!--
domain is a string of length 1 to 127
-->
<!ELEMENT dns_rule EMPTY>
<!ATTLIST dns_rule
sense (yes | no) #IMPLIED
domain CDATA #REQUIRED
>
<!--
Maximum of 1023 url_rules per map
-->
<!ELEMENT url_map (url_rule*)>
<!ATTLIST url_map
sense (yes | no) #IMPLIED
name CDATA #REQUIRED
>
<!--
Maximum of 5 cookie_rules per map
-->
<!ELEMENT cookie_map (cookie_rule*)>
<!ATTLIST cookie_map
sense (yes | no) #IMPLIED
name CDATA #REQUIRED
>
<!--
Maximum of 5 header_rules per map
-->
<!ELEMENT header_map (header_rule*)>
<!ATTLIST header_map
sense (yes | no) #IMPLIED
name CDATA #REQUIRED
>
<!--
Maximum of 100 retcodes (not ranges) per map
-->
<!ELEMENT retcode_map (retcode_rule*)>
<!ATTLIST retcode_map
sense (yes | no) #IMPLIED
name CDATA #REQUIRED
>
<!--
Maximum of 16 dns_rules per map
-->
<!ELEMENT dns_map (dns_rule*)>
<!ATTLIST dns_map
sense (yes | no) #IMPLIED
name CDATA #REQUIRED
>
<!--
*************************************************************
Elements and attributes required for redirect_server
*************************************************************
-->
<!--
value is between 1 and 65535
-->
<!ELEMENT ssl_port EMPTY>
<!ATTLIST ssl_port
sense (yes | no) #IMPLIED
value NMTOKEN #REQUIRED
>
<!--
string is of length 1 to 127
-->
<!ELEMENT redirect_relocate EMPTY>
<!ATTLIST redirect_relocate
sense (yes | no) #IMPLIED
string CDATA #REQUIRED
code (301 | 302) "302"
>
<!--
string is of length 1 to 127
-->
<!ELEMENT redirect_backup EMPTY>
<!ATTLIST redirect_backup
sense (yes | no) #IMPLIED
string CDATA #REQUIRED
code (301 | 302) "302"
>
<!ELEMENT redirect_server (ssl_port?, redirect_relocate?, redirect_backup?,
inservice?)
>
<!ATTLIST redirect_server
sense (yes | no) #IMPLIED
name CDATA #REQUIRED
>
<!--
*************************************************************
Elements and attributes required for named_real_server
*************************************************************
-->
<!--
string is of length 0 to 63
-->
<!ELEMENT location EMPTY>
<!ATTLIST location
sense (yes | no) #IMPLIED
string CDATA #REQUIRED
>
<!ELEMENT real_address EMPTY>
<!ATTLIST real_address
sense (yes | no) #IMPLIED
ipaddress NMTOKEN #REQUIRED
>
<!ELEMENT named_real_server (real_address?, location?)>
<!ATTLIST named_real_server
sense (yes | no) #IMPLIED
name CDATA #REQUIRED
>
<!--
*************************************************************
Elements and attributes required for real_server
*************************************************************
-->
<!--
value is between 0 and 100
-->
<!ELEMENT weight EMPTY>
<!ATTLIST weight
sense (yes | no) #IMPLIED
value NMTOKEN #REQUIRED
>
<!--
value is between 1 and 4294967295
-->
<!ELEMENT minconns EMPTY>
<!ATTLIST minconns
sense (yes | no) #IMPLIED
value NMTOKEN #REQUIRED
>
<!--
value is between 2 and 254 (default is 254)
-->
<!ELEMENT load_threshold EMPTY>
<!ATTLIST load_threshold
sense (yes | no) #IMPLIED
value NMTOKEN #REQUIRED
>
<!--
tag is a string of length 0 to 32
-->
<!ELEMENT real_probe_ref EMPTY>
<!ATTLIST real_probe_ref
sense (yes | no) #IMPLIED
name CDATA #REQUIRED
tag CDATA #IMPLIED
>
<!--
either ipaddress or named_real_server_ref is required
port is between 0 and 65535 (0 means no port translation)
-->
<!ELEMENT real_server_backup EMPTY>
<!ATTLIST real_server_backup
sense (yes | no) #IMPLIED
ipaddress NMTOKEN #IMPLIED
named_real_server_ref CDATA #IMPLIED
port NMTOKEN "0"
>
<!--
either ipaddress or named_real_server_ref is required
port is between 0 and 65535 (0 means no port translation)
Global maximum of 4095 real_servers
-->
<!ELEMENT real_server (weight?, minconns?, maxconns?, load_threshold?,
real_probe_ref?, real_server_backup?, inservice?,
inservice_standby?)
>
<!ATTLIST real_server
sense (yes | no) #IMPLIED
ipaddress NMTOKEN #IMPLIED
named_real_server_ref CDATA #IMPLIED
port NMTOKEN "0"
>
<!--
*************************************************************
Elements and attributes required for serverfarm
*************************************************************
-->
<!ELEMENT retcode_map_ref EMPTY>
<!ATTLIST retcode_map_ref
sense (yes | no) #IMPLIED
name CDATA #REQUIRED
>
<!--
retries is between 0 and 65534
failed is between 0 and 65535
-->
<!ELEMENT health EMPTY>
<!ATTLIST health
sense (yes | no) #IMPLIED
retries NMTOKEN #REQUIRED
failed NMTOKEN #REQUIRED
>
<!ELEMENT failaction EMPTY>
<!ATTLIST failaction
sense (yes | no) #IMPLIED
value (purge | reassign) #REQUIRED
>
<!ELEMENT probe_ref EMPTY>
<!ATTLIST probe_ref
sense (yes | no) #IMPLIED
name CDATA #REQUIRED
>
<!ELEMENT natpool_ref EMPTY>
<!ATTLIST natpool_ref
sense (yes | no) #IMPLIED
name CDATA #REQUIRED
>
<!ELEMENT server_nat EMPTY>
<!ATTLIST server_nat
sense (yes | no) #IMPLIED
>
<!--
value is between 0 and 65533
-->
<!ELEMENT bind_id EMPTY>
<!ATTLIST bind_id
sense (yes | no) #IMPLIED
value NMTOKEN #REQUIRED
>
<!--
hash_ip_type and ipmask valid only when value = hash_ip
-->
<!ELEMENT predictor EMPTY>
<!ATTLIST predictor
sense (yes | no) #IMPLIED
value (roundrobin | leastconns |
hash_ip | hash_url | forward) #REQUIRED
hash_ip_type (source | destination | both) "both"
ipmask NMTOKEN "255.255.255.255"
>
<!ELEMENT dns_predictor EMPTY>
<!ATTLIST dns_predictor
sense (yes | no) #IMPLIED
value (roundrobin | ordered-list |
leastload | hash_domain |
hash_ip | hash_ip_domain) #REQUIRED
>
<!ELEMENT serverfarm (predictor?, natpool_ref?, server_nat?, health?,
bind_id?, retcode_map_ref?, failaction?,
redirect_server*, real_server*, probe_ref*)
>
<!ATTLIST serverfarm
sense (yes | no) #IMPLIED
name CDATA #REQUIRED
>
<!--
real_server "port" attribute is ignored
-->
<!ELEMENT dns_serverfarm (dns_predictor?, real_server*)>
<!ATTLIST dns_serverfarm
sense (yes | no) #IMPLIED
name CDATA #REQUIRED
type (dns-vip | dns-ns) #REQUIRED
>
<!--
*************************************************************
Elements and attributes required for sticky_group
*************************************************************
-->
<!--
src_ip and dest_ip are necessary for IP-based sticky_groups
expression is necessary for SSL, cookie, and header-based sticky_groups
expression is a string of length 0 to 127
-->
<!ELEMENT static_sticky EMPTY>
<!ATTLIST static_sticky
sense (yes | no) #IMPLIED
real_ip NMTOKEN #REQUIRED
expression NMTOKEN #IMPLIED
src_ip NMTOKEN #IMPLIED
dest_ip NMTOKEN #IMPLIED
>
<!--
This only applies to cookie and header-based sticky_groups
offset is between 0 and 3999
length is between 1 and 4000
-->
<!ELEMENT sticky_offset EMPTY>
<!ATTLIST sticky_offset
sense (yes | no) #IMPLIED
offset NMTOKEN #REQUIRED
length NMTOKEN #REQUIRED
>
<!--
This only applies to cookie-based sticky_groups
name is a string of length 1 to 63
-->
<!ELEMENT cookie_secondary EMPTY>
<!ATTLIST cookie_secondary
sense (yes | no) #IMPLIED
name CDATA #REQUIRED
>
<!--
id is between 1 and 255
timeout is between 1 and 65535
ipmask required for ip types
cookie is a string of length 1 to 63, req for type=cookie or cookie_insert
header is a string of length 1 to 63, req for type=header
-->
<!ELEMENT sticky_group (sticky_offset?, cookie_secondary?, static_sticky*)>
<!ATTLIST sticky_group
sense (yes | no) #IMPLIED
id NMTOKEN #REQUIRED
timeout NMTOKEN "1440"
type (ip | cookie | ssl |
ip_src | ip_dest | ip_src_dest |
cookie_insert | header) #REQUIRED
ipmask NMTOKEN #IMPLIED
cookie CDATA #IMPLIED
header CDATA #IMPLIED
>
<!--
*************************************************************
Elements and attributes required for policy
*************************************************************
-->
<!ELEMENT url_map_ref EMPTY>
<!ATTLIST url_map_ref
sense (yes | no) #IMPLIED
name CDATA #REQUIRED
>
<!ELEMENT cookie_map_ref EMPTY>
<!ATTLIST cookie_map_ref
sense (yes | no) #IMPLIED
name CDATA #REQUIRED
>
<!ELEMENT header_map_ref EMPTY>
<!ATTLIST header_map_ref
sense (yes | no) #IMPLIED
name CDATA #REQUIRED
>
<!ELEMENT dns_map_ref EMPTY>
<!ATTLIST dns_map_ref
sense (yes | no) #IMPLIED
name CDATA #REQUIRED
>
<!--
order is between 1 and 3 (corresponds to "primary", "secondary", "tertiary")
ttl is between 1 and 604800 (default is 20)
response_count is between 1 and 8 (default is 1)
-->
<!ELEMENT dns_serverfarm_ref EMPTY>
<!ATTLIST dns_serverfarm_ref
sense (yes | no) #IMPLIED
order NMTOKEN #REQUIRED
name CDATA #REQUIRED
ttl NMTOKEN #IMPLIED
response_count NMTOKEN #IMPLIED
>
<!--
Reference to an IOS standard IP access list
Specify either the id (range 1 to 99) or name
name is a string of length 1 to 200
-->
<!ELEMENT client_group_ref EMPTY>
<!ATTLIST client_group_ref
sense (yes | no) #IMPLIED
name CDATA #IMPLIED
id NMTOKEN #IMPLIED
>
<!--
id is between 1 and 255
-->
<!ELEMENT sticky_group_ref EMPTY>
<!ATTLIST sticky_group_ref
sense (yes | no) #IMPLIED
id NMTOKEN #REQUIRED
>
<!--
value is between 0 and 63
-->
<!ELEMENT dscp EMPTY>
<!ATTLIST dscp
sense (yes | no) #IMPLIED
value NMTOKEN #REQUIRED
>
<!ELEMENT policy (serverfarm_ref?, client_group_ref?, sticky_group_ref?,
reverse_sticky?, dscp?, url_map_ref?, cookie_map_ref?,
header_map_ref?)
>
<!ATTLIST policy
sense (yes | no) #IMPLIED
name CDATA #REQUIRED
>
<!--
Maximum of 3 dns_serverfarm_refs per dns_policy (one for each order)
-->
<!ELEMENT dns_policy (dns_serverfarm_ref*, client_group_ref?, dns_map_ref?)>
<!ATTLIST dns_policy
sense (yes | no) #IMPLIED
name CDATA #REQUIRED
>
<!--
*************************************************************
Elements and attributes required for vserver
*************************************************************
-->
<!--
protocol is between 0 and 255 (0 = any, 1 = icmp, 6 = tcp, 17 = udp)
port is between 0 and 65535 (0 means any)
ftp and termination service valid only for tcp protocol
rtsp service valid for tcp and udp protocol
per-packet service valid only for non-tcp protocols
-->
<!ELEMENT virtual EMPTY>
<!ATTLIST virtual
sense (yes | no) #IMPLIED
ipaddress NMTOKEN #REQUIRED
ipmask NMTOKEN "255.255.255.255"
protocol NMTOKEN #REQUIRED
port NMTOKEN #REQUIRED
service (none | ftp | rtsp |
termination | per-packet) "none"
>
<!ELEMENT client EMPTY>
<!ATTLIST client
sense (yes | no) #IMPLIED
ipaddress NMTOKEN #REQUIRED
ipmask NMTOKEN "255.255.255.255"
exclude (yes | no) "no"
>
<!--
timeout is between 1 and 65535
group is between 0 and 255 (if nonzero, refers to an ip sticky_group)
-->
<!ELEMENT sticky EMPTY>
<!ATTLIST sticky
sense (yes | no) #IMPLIED
timeout NMTOKEN #REQUIRED
group NMTOKEN "0"
ipmask NMTOKEN "255.255.255.255"
>
<!ELEMENT policy_ref EMPTY>
<!ATTLIST policy_ref
sense (yes | no) #IMPLIED
name CDATA #REQUIRED
>
<!ELEMENT dns_policy_ref EMPTY>
<!ATTLIST dns_policy_ref
sense (yes | no) #IMPLIED
name CDATA #REQUIRED
>
<!--
begin and end are strings, 0-length ok
total length of begin and end should not exceed 200
-->
<!ELEMENT url_hash EMPTY>
<!ATTLIST url_hash
sense (yes | no) #IMPLIED
begin CDATA #REQUIRED
end CDATA #REQUIRED
>
<!--
value is between 2 and 4094
-->
<!ELEMENT vlan_id EMPTY>
<!ATTLIST vlan_id
sense (yes | no) #IMPLIED
value NMTOKEN #REQUIRED
>
<!--
value is between 2 and 65535
-->
<!ELEMENT idle EMPTY>
<!ATTLIST idle
sense (yes | no) #IMPLIED
value NMTOKEN #REQUIRED
>
<!--
value is between 1 and 65535
-->
<!ELEMENT pending EMPTY>
<!ATTLIST pending
sense (yes | no) #IMPLIED
value NMTOKEN #REQUIRED
>
<!ELEMENT replicate_csrp EMPTY>
<!ATTLIST replicate_csrp
sense (yes | no) #IMPLIED
value (sticky | connection) #REQUIRED
>
<!ELEMENT advertise EMPTY>
<!ATTLIST advertise
sense (yes | no) #IMPLIED
value (always | active) #REQUIRED
>
<!ELEMENT persistent EMPTY>
<!ATTLIST persistent
sense (yes | no) #IMPLIED
>
<!--
value is between 1 and 4000
-->
<!ELEMENT parse_length EMPTY>
<!ATTLIST parse_length
sense (yes | no) #IMPLIED
value NMTOKEN #REQUIRED
>
<!--
string is of length 1 to 127
-->
<!ELEMENT domain EMPTY>
<!ATTLIST domain
sense (yes | no) #IMPLIED
string CDATA #REQUIRED
>
<!ELEMENT unidirectional EMPTY>
<!ATTLIST unidirectional
sense (yes | no | default) #IMPLIED
>
<!ELEMENT owner_ref EMPTY>
<!ATTLIST owner_ref
sense (yes | no) #IMPLIED
name CDATA #REQUIRED
>
<!--
offset is between 0 and 3999
length is between 1 and 4000
-->
<!ELEMENT ssl_sticky_offset EMPTY>
<!ATTLIST ssl_sticky_offset
sense (yes | no) #IMPLIED
offset NMTOKEN #REQUIRED
length NMTOKEN #REQUIRED
>
<!--
Maximum of 1023 domains per vserver
Default idle is 3600
Default pending is 30
-->
<!ELEMENT vserver (virtual?, vlan_id?, unidirectional?, owner_ref?,
maxconns?, ssl_sticky_offset?, idle?, pending?,
replicate_csrp?, advertise?, persistent?, parse_length?,
inservice?, url_hash?, policy_ref*, domain*,
serverfarm_ref?, sticky?, reverse_sticky?, client*)
>
<!ATTLIST vserver
sense (yes | no) #IMPLIED
name CDATA #REQUIRED
>
<!ELEMENT dns_vserver (inservice?, dns_policy_ref*)>
<!ATTLIST dns_vserver
sense (yes | no) #IMPLIED
name CDATA #REQUIRED
>
<!--
*************************************************************
Elements and attributes required for dfp
*************************************************************
-->
<!--
port is between 1 and 65535
-->
<!ELEMENT dfp_manager EMPTY>
<!ATTLIST dfp_manager
sense (yes | no) #IMPLIED
port NMTOKEN #REQUIRED
>
<!--
port is between 1 and 65535
timeout is between 0 and 65535
retry is between 0 and 65535 (must specify timeout)
interval is between 1 and 65535 (must specify retry)
-->
<!ELEMENT dfp_agent EMPTY>
<!ATTLIST dfp_agent
sense (yes | no) #IMPLIED
ipaddress NMTOKEN #REQUIRED
port NMTOKEN #REQUIRED
timeout NMTOKEN "0"
retry NMTOKEN "0"
interval NMTOKEN "180"
>
<!--
password is a string of length 1 to 64
timeout is between 0 and 65535
-->
<!ELEMENT dfp (dfp_manager?, dfp_agent*)>
<!ATTLIST dfp
sense (yes | no) #IMPLIED
password CDATA #IMPLIED
timeout NMTOKEN "180"
>
<!--
*************************************************************
Elements and attributes required for udp_capp
*************************************************************
-->
<!--
secret is a string of length 1 to 32
-->
<!ELEMENT capp_options EMPTY>
<!ATTLIST capp_options
sense (yes | no) #IMPLIED
ipaddress NMTOKEN #REQUIRED
encryption (md5) "md5"
secret CDATA #REQUIRED
>
<!--
value is between 1 and 65535
-->
<!ELEMENT capp_port EMPTY>
<!ATTLIST capp_port
sense (yes | no) #IMPLIED
value NMTOKEN #REQUIRED
>
<!ELEMENT capp_secure EMPTY>
<!ATTLIST capp_secure
sense (yes | no) #IMPLIED
>
<!--
Maximum of 16 capp_options
Default capp_port is 5002
-->
<!ELEMENT udp_capp (capp_port?, capp_secure?, capp_options*)>
<!ATTLIST udp_capp
sense (yes | no) #IMPLIED
>
<!--
*************************************************************
Elements and attributes required for ft
*************************************************************
-->
<!ELEMENT ft_preempt EMPTY>
<!ATTLIST ft_preempt
sense (yes | no) #IMPLIED
>
<!--
value is between 1 and 254
-->
<!ELEMENT ft_priority EMPTY>
<!ATTLIST ft_priority
sense (yes | no) #IMPLIED
value NMTOKEN #REQUIRED
>
<!--
value is between 1 and 65535
-->
<!ELEMENT ft_failover EMPTY>
<!ATTLIST ft_failover
sense (yes | no) #IMPLIED
value NMTOKEN #REQUIRED
>
<!--
value is between 1 and 65535
-->
<!ELEMENT ft_heartbeat EMPTY>
<!ATTLIST ft_heartbeat
sense (yes | no) #IMPLIED
value NMTOKEN #REQUIRED
>
<!--
group is between 1 and 254
vlan_id is between 2 and 4094, and must *not* match id of
existing client or server vlan configured for csm_module
Default ft_preempt is off
Default ft_priority is 10
Default ft_failover is 3
Default ft_heartbeat is 1
-->
<!ELEMENT ft (ft_preempt?, ft_priority?, ft_failover?, ft_heartbeat?)>
<!ATTLIST ft
sense (yes | no) #IMPLIED
group NMTOKEN #REQUIRED
vlan_id NMTOKEN #REQUIRED
>
<!--
*************************************************************
Elements and attributes required for static_nat
*************************************************************
-->
<!ELEMENT static_real EMPTY>
<!ATTLIST static_real
sense (yes | no) #IMPLIED
ipaddress NMTOKEN #REQUIRED
ipmask NMTOKEN "255.255.255.255"
>
<!--
ipaddress is required for type=ip
Global maximum of 16383 static_reals
-->
<!ELEMENT static_nat (static_real*)>
<!ATTLIST static_nat
sense (yes | no) #IMPLIED
type (drop | ip | virtual) #REQUIRED
ipaddress NMTOKEN #IMPLIED
>
<!--
*************************************************************
Elements and attributes required for static_arp
*************************************************************
-->
<!--
macaddress has the form "hhhh.hhhh.hhhh", where h is a hex digit
vlan_id is between 2 and 4094
-->
<!ELEMENT static_arp EMPTY>
<!ATTLIST static_arp
sense (yes | no) #IMPLIED
ipaddress NMTOKEN #REQUIRED
macaddress NMTOKEN #REQUIRED
vlan_id NMTOKEN #REQUIRED
>
<!--
*************************************************************
root definition for csm_module
*************************************************************
-->
<!--
slot is between 1 and MAXSLOT (depends on chassis)
Maximum of 4095 probes
Maximum of 1023 url_maps
Maximum of 1023 cookie_maps
Maximum of 1023 header_maps
Maximum of 1023 retcode_maps
Maximum of 1023 dns_maps
Maximum of 4095 serverfarms and dns_serverfarms
Maximum of 255 sticky_groups (including those id=0 groups created
implicitly for vservers)
Maximum of 4000 vservers and dns_vservers
Maximum of 255 owners
Maximum of 16383 static_arp entries
-->
<!ELEMENT csm_module (env_variable*, owner*, vlan*, script_file*, script_task*,
probe*, natpool*, url_map*, cookie_map*, header_map*,
retcode_map*, dns_map*, named_real_server*,
serverfarm*, dns_serverfarm*, sticky_group*,
policy*, dns_policy*, vserver*, dns_vserver*,
dfp?, udp_capp?, ft?, static_nat*, static_arp*)
>
<!ATTLIST csm_module
sense (yes | no) #IMPLIED
slot NMTOKEN #REQUIRED
>
<!--
*************************************************************
actions
*************************************************************
-->
<!--
error_tolerance is a 32-bit value, specified
in hex or decimal, which acts as a bitmask
for specifying which error types should be
ignored. See valid error types below. Default is 0x0048.
dtd_version is a string that specifies the set of
configurable CSM features, and should match the CSM version
specified at the top of this DTD. Default is "2.2".
Note that if the version is higher than the CSM can
handle, an error may be returned. In most cases,
the CSM will do its best to interpret the document,
even if dtd_version is missing or higher than expected.
-->
<!ELEMENT config (csm_module)>
<!ATTLIST config
error_tolerance NMTOKEN #IMPLIED
dtd_version NMTOKEN #IMPLIED
<!--
**************
In case of error, the response document will include an "error" child element
in the offending element. The error element takes the form:
<!ELEMENT error EMPTY>
<!ATTLIST error
code NMTOKEN #REQUIRED
>
The body of the error element is a description string.
Attribute "code" is a hex value representing a mask of possible error codes:
XML_ERR_INTERNAL = 0x0001 /* internal memory or coding error */
XML_ERR_COMM_FAILURE = 0x0002 /* communication failure */
XML_ERR_WELLFORMEDNESS = 0x0004 /* not a wellformed XML document */
XML_ERR_ATTR_UNRECOGNIZED = 0x0008 /* found an unrecognized attribute */
XML_ERR_ATTR_INVALID = 0x0010 /* found invalid value in attribute */
XML_ERR_ATTR_MISSING = 0x0020 /* required attribute missing */
XML_ERR_ELEM_UNRECOGNIZED = 0x0040 /* found an unrecognized element */
XML_ERR_ELEM_INVALID = 0x0080 /* found invalid element */
XML_ERR_ELEM_MISSING = 0x0100 /* required element missing */
XML_ERR_ELEM_CONTEXT = 0x0200 /* valid element found in wrong place */
XML_ERR_IOS_PARSER = 0x0400 /* IOS unable to parse command */
XML_ERR_IOS_MODULE_IN_USE = 0x0800 /* Another user is configuring CSM */
XML_ERR_IOS_WRONG_MODULE = 0x1000 /* Tried to configure unavailable CSM */
XML_ERR_IOS_CONFIG = 0x2000 /* IOS configuration error */
**************