The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
To add cookies to a cookie map, use the match protocol http cookie command in SLB cookie map configuration submode. Multiple match rules can be added to a cookie map. To remove the cookie map name from the cookie map, use the no form of this command.
match protocol http cookie cookie-name cookie-value cookie-value-expression
no match protocol http cookie cookie-name cookie-value cookie-value-expression
cookie-name |
Cookie name; the range is from 1 to 63 characters. |
cookie-value cookie-value-expression |
Specifies a cookie value expression; the range is from 1 to 255 characters. |
This command has no default settings.
SLB cookie map configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
Cookie regular expressions (see "Regular Expressions" section on page 2-3) are based on the UNIX filename specification. URL expressions are stored in a cookie map in the form cookie-name = cookie-value-expression. Cookie expressions allow spaces if they are escaped or quoted. You must match all cookies in the cookie map.
This example shows how to add cookies to a cookie map:
Cat6k-2(config-slb-map-cookie)# match protocol http cookie albert cookie-value 4*
cookie-map (policy submode)
map cookie
show module csm map
To enter the SLB DNS map mode and configure a DNS map, use the map dns command. To remove the DNS map from the configuration, use the no form of this command.
map dns-map-name dns
no map dns-map-name dns
dns-map-name |
Name of an SLB DNS map; the character string range is from 1 to |
This command has no default settings.
SLB DNS map configuration submode
|
|
---|---|
3.1(1) |
This command was introduced. |
Any match of a DNS regular expression in the DNS map results in a successful match. A maximum of 1023 DNS domains can be configured to a map.
This example shows how to group DNS domains:
Cat6k-2(config-module-csm)# map m1 dns
Cat6k-2(config-slb-map-dns)# exit
Cat6k-2(config)
match protocol dns domain (DNS map submode)
show module csm map
To add a DNS domain to a DNS map, use the match protocol dns domain command in the SLB DNS map configuration submode. To remove the DNS domain from the URL map, use the no form of this command.
match protocol dns domain name
no match protocol dns domain name
name |
Names the DNS domain being mapped. |
This command has no default settings.
SLB DNS map configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
4.1(1) |
HTTP method parsing support was introduced. |
This example shows how to add domains to a DNS map:
Cat6k-2(config-slb-map-dns)# match protocol dns domain cisco.com
To create a map group for specifying HTTP headers, and then enter the header map configuration submode, use the map header command. To remove the HTTP header group from the configuration, use the no form of this command.
map name header
no map name
name |
Map instance; the character string is from 1 to 15 characters. |
This command has no default settings.
Module CSM configuration submode
|
|
---|---|
2.1(1) |
This command was introduced. |
This example shows how to group HTTP headers and associate them with a content switching policy:
Cat6k-2(config-module-csm)# map upnready header
Cat6k-2(config-slb-map-header)# match protocol http header Accept header-value *jpeg*
Cat6k-2(config-slb-map-header)# match protocol http header User-Agent header-value *NT*
Cat6k-2(config-slb-map-header)# match protocol http header Host header-value www.myhome.com
Cat6k-2(config-slb-map-header)# exit
header-map (policy submode)
insert protocol http header (header map submode)
match protocol http header (header map submode)
show module csm map
To insert header fields and values into an HTTP request, use the insert protocol http header command in SLB header map configuration submode. To remove the header insert item from the header map, use the no form of this command.
insert protocol http header name header-value value
no insert protocol http header name
This command has no default settings.
SLB header map configuration submode
|
|
---|---|
3.1(1) |
This command was introduced. |
You can also use the %is and %id special parameters for header values. The %is value inserts the source IP into the HTTP header, and the %id value inserts the destination IP into the header. You can only specify each special parameter once per header map.
This example shows how to specify header fields and values to search upon a request:
Cat6k-2(config-slb-map-header)# insert protocol http header client header-value %is
header-map (policy submode)
map header
show module csm map
To specify header fields and values for the CSM to search for when receiving a request, use the match protocol http header command in SLB header map configuration submode. Multiple match rules can be added to a header map. To remove the header match rule from the header map, use the no form of this command.
match protocol http header field header-value expression
no match protocol http header field
This command has no default settings.
SLB header map configuration submode
|
|
---|---|
2.1(1) |
This command was introduced. |
There are predefined fields, for example, Accept-Language, User-Agent, or Host.
Header regular expressions(see "Regular Expressions" section on page 2-3) are based on the UNIX filename specification. URL expressions are stored in a header map in the form header-name = expression. Header expressions allow spaces provided that they are escaped or quoted. All headers in the header map must be matched
This example shows how to specify header fields and values to search upon a request:
Cat6k-2(config-slb-map-header)# match protocol http header Host header-value XYZ
header-map (policy submode)
insert protocol http header (header map submode)
map header
show module csm map
To enable return code checking, and then enter the return code map submode, use the map retcode command. To remove the return code checking from the configuration, use the no form of this command.
map name retcode
no map name
name |
Return error code map instance; the character string is limited to 15 characters. |
retcode |
Keyword to enter the return error code map submode. |
This command has no default settings.
CSM module submode
|
|
---|---|
2.2(1) |
This command was introduced. |
This example shows how to enable return error code checking:
Cat6k-2(config-module-csm)# map upnready retcode
cookie-map (policy submode)
match protocol http cookie (cookie map submode)
show module csm map
To specify return code thresholds, count and log return codes, and send syslog messages for return code events received from the servers, use the match protocol http retcode command in SLB return code map configuration submode. To remove the return code thresholds, use the no form of this command.
match protocol http retcode min max action {count | log | remove} threshold [reset seconds]
no match protocol http retcode min max
This command has no default settings.
SLB return code map configuration submode
|
|
---|---|
2.2(1) |
This command was introduced. |
The threshold and reset values are not configurable for the count action. These commands only are available for the log and remove actions.
This example shows how to specify return codes values to search for in an HTTP request:
Cat6k-2(config-slb-map-retcode)# match protocol http retcode 30 50 action log 400 reset 30
map retcode (SLB policy configuration submode)
To enter the SLB URL map mode and configure a URL map, use the map url command. To remove the URL map from the configuration, use the no form of this command.
map url-map-name url
no map url-map-name
url-map-name |
Name of an SLB URL map; the character string range is from 1 to |
This command has no default settings.
SLB URL map configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
Any match of a URL regular expression in the URL map results in a successful match. A maximum of 1023 URLs can be configured to a map.
This example shows how to group URLs and associate them with a content switching policy:
Cat6k-2(config-module-csm)# map m1 url
Cat6k-2(config-slb-map-url)# match protocol http url /index.html
Cat6k-2(config-slb-map-url)# match protocol http url /stocks/csco/
Cat6k-2(config-slb-map-url)# match protocol http url *gif
Cat6k-2(config-slb-map-url)# match protocol http url /st*
Cat6k-2(config-slb-map-url)# exit
Cat6k-2(config)
match protocol http url (URL map submode)
show module csm map
url-map (policy submode)
To add a URL regular expression to a URL map, use the match protocol http url command in the SLB URL map configuration submode. Multiple match rules can be added to a URL map. To remove the URL regular expression from the URL map, use the no form of this command.
match protocol http [method method-expression] url url-expression
no match protocol http [method method-expression] url url-expressionn
method method-expression |
(Optional) Specifies the method to match. |
url url-expression |
Specifies the regular expression range; the range is from 1 to 255 characters. |
This command has no default settings.
SLB URL map configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
4.1(1) |
HTTP method parsing support was introduced. |
URL regular expressions (see "Regular Expressions" section on page 2-3) are based on the UNIX filename specification. URL expressions are stored in a cookie map in the form urln. URL expressions do not allow spaces and only one of the URLs in the map must be matched
The method expression can either be one of the standard HTTP 1.1 method names (OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, or CONNECT) or a string you specify that must be matched exactly (PROTOPLASM).
This example shows how to add URL expressions to a URL map:
Cat6k-2(config-slb-map-url)# match protocol http url html
map url
show module csm map
url-map (policy submode)
To allow the association of load-balancing commands to a specific CSM module, and then enter the CSM module configuration submode for the specified slot, use the module csm command. To remove the module csm configuration, use the no form of this command.
Note The module ContentSwitching Module slot command is the full syntax; the module csm slot command is a valid shortcut.
module csm slot-number
no module csm slot-number
slot-number |
Slot number where the CSM resides. |
This command has no default settings.
Global configuration submode
|
|
---|---|
2.1(1) |
This command was introduced. |
If you want to use the multiple module configuration, you must change the ip slb mode command to rp. An existing CSM configuration is migrated to the new configuration when you change the mode from csm to rp. The default mode is rp, which allows multiple CSM support and allows the Catalyst operating system and Cisco IOS software to run on the same switch.
Migrating from a multiple module configuration to a single module configuration is supported. Migrating the Cisco IOS SLB configuration to the CSM configuration is not supported.
To remove connections to a real server, use the clear module csm X connnection command.
The CSM had its own ARP cache, which was populated with ARP entries through ARP learning. The addition of the arp option allows you to statically configure ARP entries.
This example shows how to configure a CSM:
Cat6k-2(config)# module csm 5
Cat6k-2(config-module-csm)# vserver VS1
To configure source NAT and create a client address pool, use the natpool command in module CSM configuration submode. To remove a natpool configuration, use the no form of this command.
natpool pool-name start-ip end-ip {netmask netmask | prefix-length leading_1_bits}
no natpool pool-name
This command has no default settings.
Module CSM configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
If you want to use client NAT, you must create at least one client address pool.
A maximum of 255 NAT pool addresses are available for any CSM.
This example shows how to configure a pool of addresses with the name web-clients, an IP address range from 128.3.0.1 through 128.3.0.254, and a subnet mask of 255.255.0.0:
Cat6k-2(config-module-csm)# natpool web-clients 128.3.0.1 128.3.0.254 netmask 255.255.0.0
nat client (serverfarm submode)
show module csm natpool
To specify the environmental variables in the configuration, use the variable command. To remove a environmental variables from the configuration, use the no form of this command.
variable name value
no variable name
name |
Specifies a name string for the variable. |
value |
Specifies a value string for the variable. |
This command has no default settings.
Module CSM configuration submode
|
|
---|---|
4.1(1) |
This command was introduced. |
This table lists the environmental values used by the CSM.
This example shows how to enable the environmental variables configuration:
Router(config-module-csm)# variable ARP_RATE 20
module csm
show module csm variable
To configure an owner object, use the owner command in module CSM configuration submode. To remove an owner configuration, use the no form of this command.
owner name
no owner
name |
Name of the object owner. |
This command has no default settings.
Module CSM configuration submode
|
|
---|---|
4.1(1) |
This command was introduced. |
You can define more than one virtual server to the same owner, associate multiple servers to an owner, and apply a connection watermark. After the sum of the number of open connections to all virtual servers in a particular owner reaches the VIP connection watermark level for that owner, new connections to any of these virtual servers are rejected by the CSM.
This example shows how to configure an owner object:
Cat6k-2(config-module-csm)# owner sequel
billing-info (owner submode)
contact-info (owner submode)
maxconns (owner submode)
To configure billing information for an owner object, use the billing-info command in the owner configuration submode. To remove billing information from the configuration, use the no form of this command.
billing-info billing-address-information
no billing-info
billing-address-information |
Specifies the owner's billing address. |
This command has no default settings.
Module CSM configuration submode
|
|
---|---|
3.1(1) |
This command was introduced. |
This example shows how to configure an owner object:
Cat6k-2(config-owner)# billing-info 300 cordera avenue
contact-info (owner submode)
owner
To configure an e-mail address for an owner object, use the contact-info command in owner configuration submode. To remove the contact information from the owner configuration, use the no form of this command.
contact-info string
no contact-info
string |
The owner's information. |
This command has no default settings.
Module CSM configuration submode
|
|
---|---|
3.1(1) |
This command was introduced. |
This example shows how to configure an owner object:
Cat6k-2(config-owner)# contact-info shaggy@angel.net
billing-info (owner submode)
owner
To configure the maximum number of concurrent connections allowed for an owner object, use the maxconns command in owner configuration submode. To remove the maximum connections from the owner configuration, use the no form of this command.
maxconns number
no maxconns
number |
The number of maximum connections to the owner object. |
This command has no default settings.
Module CSM configuration submode
|
|
---|---|
3.1(1) |
This command was introduced. |
When the maximum number of connections is reached, the connections are reset and the CSM does not accept further connections.
This example shows how to configure an owner object:
Cat6k-2(config-owner)# maxconns 300
billing-info (owner submode)
contact-info (owner submode)
owner
To configure policies, associate attributes to a policy, and then enter the policy configuration submode, use the policy command. In this submode, you can configure the policy attributes. The policy is associated with a virtual server in virtual server submode. To remove a policy, use the no form of this command.
policy policy-name
no policy policy-name
policy-name |
Name of an SLB policy instance; the character string is limited to 15 characters. |
This command has no default settings.
Module CSM configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
Policies establish rules for balancing connections to servers. They can contain URL maps, cookie maps, header maps, client groups, sticky groups, DSCP values, and server farms. The order in which policies are linked to a virtual server determines the precedence of the policy. When two or more policies match a requested URL, the policy with the highest precedence is selected.
Note All policies should be configured with a server farm.
This example shows how to configure a policy named policy_content:
Cat6k-2(config-module-csm)# policy policy_content
Cat6k-2(config-slb-policy)# serverfarm new_serverfarm
Cat6k-2(config-slb-policy)# url-map url_map_1
Cat6k-2(config-slb-policy)# exit
show module csm owner
slb-policy (virtual server submode)
To associate an access list with a policy, use the client-group command in SLB policy configuration submode. To remove an access list from a policy, use the no form of this command.
client-group {1-99 | std-access-list-name}
no client-group
1-99 |
Standard IP access list number. |
std-access-list-name |
Standard access list name. |
This command has no default settings.
SLB policy configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
Only client groups that you create with the ip access-list standard command can be associated with an SLB policy. You can only associate one client group with a given SLB policy.
This example shows how to configure a client group:
Cat6k-2(config-slb-policy)# client-group 44
Cat6k-2(config-slb-policy)# exit
ip access-list standard
policy
show module csm owner
To associate a list of cookies with a policy, use the cookie-map command in SLB policy configuration submode. To remove a cookie map, use the no form of this command.
cookie-map cookie-map-name
no cookie-map
cookie-map-name |
Name of the cookie list associated with a policy. |
This command has no default settings.
SLB policy configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
You can associate only one cookie map with a policy. To configure cookie maps use the map cookie command. The cookie map name must match the name specified in the map cookie command.
This example shows how to configure a cookie-based SLB policy named policy_content:
Cat6k-2(config-module-csm)# policy policy_content
Cat6k-2(config-slb-policy)# serverfarm new_serverfarm
Cat6k-2(config-slb-policy)# cookie-map cookie-map-1
Cat6k-2(config-slb-policy)# exit
Cat6k-2(config)
map cookie
policy
show module csm owner
To specify the HTTP header criteria to include in a policy, use the header-map command in SLB policy configuration submode. To remove a header map, use the no form of this command.
Note If any HTTP header information is matched, the policy rule is satisfied.
header-map name
no header-map
name |
Name of the previously configured HTTP header expression group. |
This command has no default settings.
SLB policy configuration submode
|
|
---|---|
2.1(1) |
This command was introduced. |
Only one header map can be associated with a policy. The header map name must match the name specified in the map header command on page A-18.
This example shows how to configure a header-based policy named policy_content:
Cat6k-2(config-module-csm)# policy policy_content
Cat6k-2(config-slb-policy)# serverfarm new_serverfarm
Cat6k-2(config-slb-policy)# header-map header-map-1
Cat6k-2(config-slb-policy)# exit
map header
policy
show module csm owner
To associate a server farm with a policy, use the serverfarm command in the SLB policy configuration submode. To remove the server farm from the policy, use the no form of this command.
serverfarm primary-serverfarm [backup sorry-serverfarm [sticky]]
no serverfarm
This command has no default settings.
SLB policy configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
3.1(1) |
The sorry server (backup server) option was added to this command. |
Use the serverfarm command to configure the server farm. Only one server farm can be configured per policy. The server farm name must match the name specified in the serverfarm module CSM configuration submode command. By default, the sticky option does not apply to the backup server farm. To remove the backup server farm, you can either use the serverfarm command without the backup option or use the no serverfarm command.
The backup sorry-serverfarm [sticky] value defines whether the sticky group applied to the primary server farm is also applied for the backup server farm. If you do not specify stickiness for the primary server farm, then stickiness also is not applied to the backup server farm.
For example, if you have a sticky group configured for a policy, the primary server farm in this policy becomes sticky. The client will be stuck to the configured real in the primary server farm. When all of the real servers in the primary server farm fail, new requests from this client are sent to the backup server farm. When the real server in the primary server farm is operational, the following actions result:
•The existing connections to the backup real server continue to be serviced by the backup real server.
•The new requests from the client are sent to the backup real server if the sticky option is enabled for the backup server farm.
•The new requests return to the primary real server if the sticky option is not used on the backup server farm.
This example shows how to associate a server farm named central with a policy:
Cat6k-2(config-module-csm)# policy policy
Cat6k-2(config-slb-policy)# serverfarm central backup domino sticky
policy
serverfarm (policy submode)
show module csm owner
To mark packets that match the policy with a DSCP value, use the set ip dscp command in the SLB policy configuration submode. To stop marking packet, use the no form of this command.
set ip dscp dscp-value
no set ip dscp
dscp-value |
The range is from 0 to 63. |
The default is that the CSM does not store DSCP values.
SLB policy configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to mark packets to match a policy named policy_content:
Cat6k-2(config-module-csm)# policy policy_content
Cat6k-2(config-slb-policy)# set ip dscp 22
To associate a sticky group and the sticky group attributes to the policy, use the sticky-group command in the SLB policy configuration submode. To remove the sticky group from the policy, use the no form of this command.
sticky-group group-id
no sticky-group
group-id |
ID of the sticky group to be associated with a policy. |
The default is 0, which means that no connections are sticky.
SLB policy configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
The group-id value must match the ID specified in the sticky command; the range is from 1 to 255.
This example shows how to configure a sticky group:
Cat6k-2(config-module-csm)# policy policy1
Cat6k-2(config-slb-policy)# sticky-group 5
policy
show module csm owner
show module csm sticky
sticky
To associate a list of URLs with the policy, use the url-map command in SLB policy configuration submode. To remove the URL map from the policy, use the no form of this command.
url-map url-map-name
no url-map
url-map-name |
Name of the URL list to be associated with a policy. |
The default is no URL map.
SLB policy configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
Only one URL map can be associated with a policy. To configure URL maps, use the map url command.
This example shows how to associate a list of URLs with a policy named assembly:
Cat6k-2(config-module-csm)# policy policy
Cat6k-2(config-slb-policy)# url-map assembly
map url
policy
show module csm owner
To configure a probe and probe type for health monitoring, and then enter the probe configuration submode, use the probe command. To remove a probe from the configuration, use the no form of this command.
probe probe-name {http | icmp | telnet | tcp | ftp | smtp | dns | udp | script}
no probe probe-name
This command has no default settings.
Module CSM configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
A probe can be assigned to a server farm in serverfarm submode. The UDP probe requires ICMP because otherwise the UDP probe will be unable to detect when a server has gone down or has been disconnected. You must associate UDP to the supervisor engine and then configure ICMP.
Because the UDP probe is a raw UDP probe, the CSM uses a single byte in the payload for probe responses. The CSM does not expect any meaningful response from the UDP application. The CSM uses the ICMP unreachable message to determine if the UDP application is not reachable. If there is no ICMP unreachable message in the receive timeout, then the CSM assumes that the probe is operating correctly.
If the IP interface of the real server is down or disconnected, the UDP probe does not know that the UDP application is unreachable. You must configure the ICMP probe in addition to the UDP probe for any server.
The CSM uses the DNS probe as the high-level UDP application. You also can use a TCL script to configure this probe.
When configuring Global Server Load Balancing (GSLB) type probes, the port submode command is not used to specify which destination UDP port to query. Use the CSM environment variable GSLB_KALAP_UDP_PORT instead. The default is port 5002.
To specify probe frequency and the number of retries for KAL-AP, ICMP, HTTP, and DNS probes when associated with a GSLB server farm environment, the following variables must be used instead of the probe configuration submode commands:
GSLB_KALAP_PROBE_FREQ 10
GSLB_KALAP_PROBE_RETRIES 3
GSLB_ICMP_PROBE_FREQ 10
GSLB_ICMP_PROBE_RETRIES 3
GSLB_HTTP_PROBE_FREQ 10
GSLB_HTTP_PROBE_RETRIES 2
GSLB_DNS_PROBE_FREQ 10
GSLB_DNS_PROBE_RETRIES 3
This example shows how to configure an HTTP probe named TREADER:
Cat6k-2(config-module-csm)# probe TREADER http
To specify a destination IP address for health monitoring, use the address command in SLB probe configuration submode. To remove the address, use the no form of this command.
address ip-address [routed]
no address ip-address
ip-address |
Specifies the real server's destination IP address. |
routed |
(Optional) Specifies that the probe is routed according to the CSM routing table. |
This command has no default settings.
SLB probe configuration submode
|
|
---|---|
2.1(1) |
This command was introduced. |
Multiple addresses can be configured for a DNS probe. For an ICMP probe, you can configure one address. Allows the probes to cross the firewall to check the link to the host on the other side. ICMP is the only probe that supports the address parameter without the routed option, which is used for firewall load balancing.
This example shows how to configure an IP address of the real server:
Cat6k-2(config-slb-probe-icmp)# address 101.23.45.36
To configure basic authentication values for an HTTP probe, use the credentials command in the SLB HTTP probe configuration submode. To remove the credentials configuration, use the no form of this command.
credentials username [password]
no credentials
username |
Name that appears in the HTTP header. |
password |
(Optional) Password that appears in the HTTP header. |
This command has no default settings.
SLB HTTP probe configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
This command is for HTTP probes.
This example shows how to configure authentication for an HTTP probe:
Cat6k-2(config-slb-probe-http)# credentials seamless abercrombie
To configure a status code for the probe, use the expect status command in the SLB HTTP/FTP/Telnet/SMTP probe configuration submode. To remove the status code from the configuration, use the no form of this command.
expect status min-number [max-number]
no expect status min-number [max-number]
min-number |
Single status code if the max-number value is not specified. |
max-number |
(Optional) Maximum status code in a range. |
The default range is 0 to 999 (any response from the server is valid).
SLB HTTP/FTP/Telnet/SMTP probe configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
This command is for HTTP, FTP, Telnet, and SMTP probes. You can specify multiple status code ranges with this command by entering one command at a time. If you specify the max-number value, this number is used as the minimum status code of a range. If you specify no maximum number, this command uses a single number (min-number). If you specify both min-number and max-number values, this command uses the range between the numbers.
Both the minimum number and the maximum number can be any number between 0 and 999 as long as the maximum number is not lower than the minimum number.
For example:
expect status 5 is the same as expect status 5 5
expect status 0 specifies a range of 0 to 4
expect status 900 999 specifies a range of 900 to 999.
You can specify many expected status ranges.
Note When you remove the expect status, you cannot set the range of numbers to 0 or as a range of numbers that includes the values you set for the expect status. The expect status state becomes invalid and does not restore the default range of 0 through 999. To remove the expect status, remove each set of numbers using the no expect status command. For example, enter the no expect status 0 3 command and then enter the no expect status 34 99 command.
This example shows how to configure an HTTP probe with multiple status code ranges:
Cat6k-2(config-slb-probe-http)# expect status 34 99
Cat6k-2(config-slb-probe-http)# expect status 0 33
Cat6k-2(config-slb-probe-http)#
To set the time to wait before probing a failed server, use the failed command in the SLB probe configuration submode. To reset the time to wait before probing a failed server to default, use the no form of this command.
failed failed-interval
no failed
failed-interval |
Specifies the interval in seconds before the probe retires a failed server; the range is from 2 to 65535. |
The default value for the failed interval is 300 seconds.
SLB probe configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
This command is used for all probe types.
This example shows how to configure a failed server probe for 200 seconds:
Cat6k-2(config-slb-probe-http)# failed 200
To configure a header field for the HTTP probe, use the header command in the SLB HTTP probe configuration submode. To remove the header field configuration, use the no form of this command.
header field-name [field-value]
no header field-name
field-name |
Name for the header being defined. |
field-value |
(Optional) Content for the header. |
This command has no default settings.
SLB HTTP probe configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
You can configure multiple headers for each HTTP probe. The length of the field-name value plus the length of the field-value value plus 4 (for ":", space, and CRLF) cannot exceed 255 characters. This command is for HTTP probes.
This example shows how to configure a header field for the HTTP probe:
Cat6k-2(config-slb-probe-http)# header abacadabra
To set the time interval between probes, use the interval command in the SLB probe configuration submode. To reset the time interval between probes to default, use the no form of this command.
interval seconds
no interval
seconds |
Number of seconds to wait between probes from the end of the previous probe to the beginning of the next probe; the range is from 2 to 65535. |
The default value for the interval between probes is 120 seconds.
SLB probe configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
This command is used for all probe types.
This example shows how to configure a probe interval of 150 seconds:
Cat6k-2(config-slb-probe-http)# interval 150
To configure a domain name for the DNS probe, use the name command in the SLB DNS probe configuration submode. To remove the name from the configuration, use the no form of this command.
name domain-name
no name
domain-name |
Domain name that the probe sends to the DNS server. |
This command has no default settings.
SLB DNS probe configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to specify the probe name that is resolved by the DNS server:
Cat6k-2(config-slb-probe-dns)# name astro
To set the time to wait for a TCP connection, use the open command in the SLB HTTP/TCP/FTP/Telnet/SMTP probe configuration submode. To reset the time to wait for a TCP connection to default, use the no form of this command.
open open-timeout
no open
open-timeout |
Maximum number of seconds to wait for the TCP connection; the range is from 1 to 65535. |
The default value for the open timeout is 10 seconds.
SLB HTTP/TCP/FTP/Telnet/SMTP probe configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
This command is not used for any non-TCP probes, such as ICMP or DNS.
Note There are two different timeout values: open and receive. The open timeout specifies how many seconds to wait for the connection to open (that is, how many seconds to wait for SYN ACK after sending SYN). The receive timeout specifies how many seconds to wait for data to be received (that is, how many seconds to wait for an HTTP reply after sending a GET/HHEAD request). Because TCP probes close as soon as they open without sending any data, the receive timeout is not used.
This example shows how to configure a time to wait for a TCP connection of 5 seconds:
Cat6k-2(config-slb-probe-http)# open 5
To configure an optional port for the DNS probe, use the port command in the SLB probe configuration submode. To remove the port from the configuration, use the no form of this command.
port port-number
no port
port-number |
Sets the port number. |
The default value for the port number is 0.
This command is available in all SLB probe configuration submodes except ICMP.
|
|
---|---|
3.1(1) |
This command was introduced. |
When the port of a health probe is specified as 0, the health probe uses the configured port number from the real server (if a real server is configured) or the configured port number from the virtual server (if a virtual server is configured and no port is configured for the real server). The default port value is 0. For the ICMP probes, where there is no port number, the port value is ignored. The port command is available for all probe types except ICMP.
This example shows how to specify the port for the DNS server:
Cat6k-2(config-slb-probe-dns)# port 63
To set the time to wait for a reply from a server, use the receive command in the SLB probe configuration submode. To reset the time to wait for a reply from a server to default, use the no form of this command.
receive receive-timeout
no receive
receive-timeout |
Number of seconds to wait for reply from a server; the range is from 1 to 65535. |
The default value for a receive timeout is 10 seconds.
SLB probe configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
This command is available for all probe types except TCP.
Note There are two different timeout values: open and receive. The open timeout specifies how many seconds to wait for the connection to open (that is, how many seconds to wait for SYN ACK after sending SYN). The receive timeout specifies how many seconds to wait for data to be received (that is, how many seconds to wait for an HTTP reply after sending a GET/HHEAD request). Because TCP probes close as soon as they open without sending any data, the receive timeout is not used.
This example shows how to configure a time to wait for a reply from a server to 5 seconds:
Cat6k-2(config-slb-probe-http)# receive 5
To configure the request method used by the HTTP probe, use the request command in the SLB HTTP probe configuration submode. To remove the request method from the configuration, use the no form of this command.
request [method {get | head}] [url path]
no request [method {get | head}] [url path]
The default path is /.
The default method is the get option.
SLB HTTP probe configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
The CSM supports only the get and head request methods. This command is for HTTP probes.
This example shows how to configure a request method for the probe configuration:
Cat6k-2(config-slb-probe-http)# request method head
To set the number of failed probes that are allowed before marking the server failed, use the retries command in the SLB probe configuration submode. To reset the number of failed probes allowed before marking a server as failed to default, use the no form of this command.
retries retry-count
no retries
retry-count |
Number of probes to wait before marking a server as failed; the range is from 0 to 65535. |
The default value for retries is 3.
SLB probe configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
This command is used for all probe types.
Note Set retries to 2 or more. If retries are set to 1, a single dropped probe packet will bring down the server. A setting of 0 places no limit on the number of probes that are sent. Retries are sent until the system reboots.
This example shows how to configure a retry count of 3:
Cat6k-2(config-slb-probe-http)# retries 3
To create a script for a probe, use the script command.
script script_name
script_name |
Specifies a probe script. |
This command has no default settings.
SLB probe script configuration submode
|
|
---|---|
3.1(1) |
This command was introduced. |
The script name should match a script in a configured script file.
This example shows how to create a script probe:
Cat6k-2(config-module-csm)# ip slb script file tftp://192.168.10.102/csmScripts
Cat6k-2(config-probe-script)# script echoProbe.tcl
Cat6k-2(config-probe-script)# interval 10
Cat6k-2(config-probe-script)# retries 1
Cat6k-2(config-probe-script)# failed 30
failed (probe submode)
interval (probe submode)
open (probe submode)
probe
receive (probe submode)
retries (probe submode)
script file
show module csm probe
To identify a real server that is a member of the server farm, and then enter the real server configuration submode, use the real command in the SLB serverfarm configuration submode. To remove the real server from the configuration, use the no form of this command.
real ip-address [port]
no real ip-address [port]
ip-address |
Real server IP address. |
port |
(Optional) Port translation for the real server; the range is from 1 to 65535. |
The default is no port translation for the real server.
SLB serverfarm configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
The IP address that you supply provides a load-balancing target for the CSM. This target can be any IP addressable object. For example, the IP addressable object may be a real server, a firewall, or an alias IP address of another CSM.
You can configure a real server as follows:
•no inservice—Using the no inservice command in the real server submode, the CSM is specified as out of service. There is no sticky and no new connections being applied.
Note If you specify no inservice, the CSM does not remove open connections. If you want to remove open connections. you must perform that task manually using the clear module csm slot conn command.
•inservice—Using the inservice command in the real server submode, the CSM is specified as in service. Sticky is allowed and new connections to the module can be made.
•inservice standby—Specifies that when in standby mode, the real server only accepts connections when the primary real server has failed.
This example shows how to identify a real server and enter the real server submode:
Cat6k-2(config-slb-sfarm)# real 102.43.55.60
Cat6k-2(config-slb-real)#
inservice (real server submode)
script task
show module csm real
show module csm serverfarm
To apply new connections to real servers when a primary server is down, use the backup real command in the SLB real server configuration submode. To remove a real server from service, use the no form of this command.
backup real {ip | name name} [port]
no backup real
ip |
Specifies the backup server's IP address. |
name name |
Specifies the real server name. |
port |
(Optional) Specifies the port where the backup real server is located. |
This command has no areguments or keywords.
SLB real server configuration submode
|
|
---|---|
3.2(1) |
This command was introduced. |
A weight of 0 is now allowed for graceful shutdown of existing connections. The backup real command can be used in these situations where a server farm is specified:
•Directly under a virtual server.
•In a policy and then associated to a virtual server.
This example shows how to enable a real server:
Cat6k-2(config-slb-real)# backup real 10.2.2.1 3
Cat6k-2(config-slb-real)#
failaction (serverfarm submode)
real (static NAT submode)
show module csm real
To configure a probe for the real server, use the health probe command in the SLB real server configuration submode. To remove the probe from the configuration, use the no form of this command.
health probe probe-name tag string
no health probe
probe-name |
Names the probe. |
tag |
Specifies a tag for the probe. |
string |
Specifies a string to identify the probe. |
This command has no default values.
SLB real server configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to configure a probe for a server:
Cat6k-2(config-slb-sfarm)# real 102.2.2.1
Cat6k-2(config-slb-real)# health probe mission tag 12345678
To enable the real servers, use the inservice command in the SLB real server configuration submode. To remove a real server from service, use the no form of this command.
inservice [standby]
no inservice
standby |
(Optional) Specifies that when in standby mode, the real server only accepts connections when the primary real server has failed. |
The default is that a real server is not in service.
SLB real server configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
3.2(1) |
This command was modified for firewall load-balancing (FWLB) reassignment. |
The standby keyword is used to remove a real server from rotation when you want to allow sticky and existing connections to continue. You can then set the real server to no inservice to remove the remaining active connections.
When you specify the no inservice command, the CSM will not remove open connections. To remove open connections, you must remove them using the clear module csm slot connection command.
The CSM performs graceful server shutdown when a real server is taken out of service when you enter the no inservice command. This command stops all new sessions from being load balanced to the specified real server while allowing existing sessions to complete or time out. New sessions are load balanced to other servers in the server farm for that virtual server.
This example shows how to remove a real server from service:
Router(config-slb-real)# no inservice
This example shows how to enable a real server:
Cat6k-2(config-slb-sfarm)# real 10.2.2.1
Cat6k-2(config-slb-real)# inservice
To limit the number of active connections to the real server, use the maxconns command in the SLB real server configuration submode. To change the maximum number of connections to its default value, use the no form of this command.
maxconns max-conns
no maxconns
max-conns |
Maximum number of active connections on the real server at any time; the range is from 1 to 4294967295. |
The default value is the maximum value or infinite (not monitored).
SLB real server configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
When you specify the minconns command, you must also specify the maxconns command.
This example shows how to limit the connections to a real server:
Cat6k-2(config-slb-sfarm)# real 10.2.2.1
Cat6k-2(config-slb-real)# maxconns 4000
minconns (real server submode)
real
show module csm real
To establish a minimum connection threshold for the real server, use the minconns command in the SLB real server configuration submode. To change the minimum number of connections to the default value, use the no form of this command.
minconns min-cons
no minconns
min-cons |
Minimum number of connections allowed on the real server; the range is from 0 to 4294967295. |
The default value is the set minumum number of connections.
SLB real server configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
When the threshold of the maxconns command is exceeded, the CSM stops sending connections until the number of connections falls below the minconns command threshold. This value must be lower than the maximum number of connections configured by the maxconns command. When you specify the minconns command, you must also specify the maxconns command.
This example shows how to establish a minimum connection threshold for a server:
Cat6k-2(config-slb-sfarm)# real 102.2.2.1
Cat6k-2(config-slb-real)# minconns 4000
maxconns (real server submode)
real
show module csm real
To configure a real server to receive traffic redirected by a redirect virtual server, use the redirect-vserver command in the SLB real server configuration submode. To specify that traffic is not redirected to the real server, use the no form of this command.
redirect-vserver name
no redirect-vserver
name |
Name of the virtual server that has its requests redirected. |
Traffic is not redirected to the server.
SLB real server configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
Mapping real servers to redirect virtual servers provides persistence for clients to real servers across TCP sessions. Before using this command, you must create the redirect virtual server in serverfarm submode with the redirect-vserver command.
This example shows how to map a real server to a virtual server:
Cat6k-2(config-slb-sfarm)# real 10.2.2.1
Cat6k-2(config-slb-real)# redirect-vserver timely
real
redirect-vserver
show module csm real
show module csm vserver redirect
To configure the capacity of the real servers in relation to the other real servers in the server farm, use the weight command in the SLB real server configuration submode. To change the server's weight to its default capacity, use the no form of this command.
weight weighting-value
no weight
weighting-value |
Value to use for the server farm predictor algorithm; the range is from 0 to 100. |
The weighting value default is 8.
SLB real server configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to configure the weight of a real server:
Cat6k-2(config-slb-sfarm)# real 10.2.2.1
Cat6k-2(config-slb-real)# weight 8
predictor (serverfarm submode)
real
show module csm real
To specify the name of a virtual server to receive traffic redirected by the server farm, and then enter redirect virtual server configuration submode, use the redirect-vserver command. To remove the redirect virtual server, use the no form of this command.
redirect-vserver name
no redirect-vserver name
name |
Name of the virtual server to receive traffic redirected by the server farm; the virtual server name can be no longer than 15 characters. |
This command has no default settings.
SLB serverfarm configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to name the virtual server:
Cat6k-2(config-slb-sfarm)# redirect-vserver quantico
real
redirect-vserver (real server submode)
script task
show module csm serverfarm
show module csm vserver redirect
To allow the CSM to advertise the IP address of the virtual server as the host route, use the advertise command in the SLB redirect virtual server configuration mode. To stop advertising the host route for this virtual server, use the no form of this command.
advertise [active]
no advertise
active |
(Optional) Allows the CSM to advertise the IP address of the virtual server as the host route. |
The default for network mask is 255.255.255.255 if the network mask is not specified.
SLB redirect virtual server configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
Without the active option, the CSM always advertises the virtual server IP address whether or not there is any active real server attached to this virtual server.
This example shows how to restrict a client from using the redirect virtual server:
Cat6k-2(config-slb-redirect-vs)# advertise 10.5.2.1 exclude
show module csm vserver redirect
virtual (virtual server submode)
To restrict which clients are allowed to use the redirect virtual server, use the client command in the SLB redirect virtual server configuration mode. To remove the client definition from the configuration, use the no form of this command.
client ip-address [network-mask] [exclude]
no client ip-address [network-mask]
ip-address |
Client's IP address. |
network-mask |
(Optional) Client's IP mask. |
exclude |
(Optional) Specifies that the IP address is disallowed. |
The default for network mask is 255.255.255.255 if the network mask is not specified.
SLB redirect virtual server configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
The network mask is applied to the source IP address of incoming connections and the result must match the IP address before the client is allowed to use the virtual server. If you do not specify the exclude option, the IP address and network mask combination is allowed.
This example shows how to restrict a client from using the redirect virtual server:
Cat6k-2(config-slb-redirect-vs)# client 10.5.2.1 exclude
client-group (policy submode)
show module csm vserver redirect
vserver
To specify the connection idle timer duration, use the idle command in the SLB redirect virtual server configuration submode. To disable the idle timer, use the no form of this command.
idle duration
no idle
duration |
SLB connection idle timer in seconds; the range is from 4 to 65535. |
The default is 3600.
SLB redirect virtual server configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to specify the connection idle timer duration:
Cat6k-2(config-slb-redirect-vs)# idle 7
redirect-vserver (real server submode)
show module csm vserver redirect
To enable the real server for use by the CSM, use the inservice command in the SLB redirect virtual server configuration submode. If this command is not specified, the virtual server is defined but not used. To disable the virtual server, use the no form of this command.
inservice
no inservice
This command has no arguments or keywords.
The virtual server is disabled.
SLB redirect virtual server configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to enable a redirect virtual server for use by the CSM:
Cat6k-2(config-slb-redirect-vs)# inservice
redirect-vserver
show module csm vserver redirect
To enable connection redundancy, use the replicate csrp command in the SLB redirect virtual server configuration submode. To remove connection redundancy, use the no form of this command.
replicate csrp
no replicate csrp
This command has no keywords or arguments.
Connection redundancy is removed.
SLB virtual server configuration submode
|
|
---|---|
2.1(1) |
This command was introduced. |
This example shows how to enable connection redundancy:
Cat6k-2(config-slb-redirect-vs)# replicate csrp
show module csm vserver redirect
vserver
To redirect an HTTP request to either HTTPS (SSL) or the FTP service, use the ssl command in the SLB redirect virtual server configuration submode. To reset the redirect of an HTTP request to an HTTP service, use the no form of this command.
ssl {https | ftp | ssl-port-number}
no ssl
https |
Specifies secure HTTP service. |
ftp |
Specifies FTP service. |
ssl-port-number |
SSL port number; the range is from 1 to 65535. |
HTTP service.
SLB redirect virtual server configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to enable SSL forwarding:
Cat6k-2(config-slb-redirect-vs)# ssl 443
redirect-vserver (real server submode)
show module csm vserver redirect
To specify the virtual server's IP address, the protocol used for traffic, and the port the protocol is using, use the virtual command in SLB redirect virtual server configuration submode. To reset the virtual server to its defaults, use the no form of this command.
virtual v_ipaddress tcp port
no virtual v_ipaddress
v_ipaddress |
Redirect virtual server's IP address. |
tcp |
Specifies the protocol used for redirect virtual server traffic. |
port |
Port number used by the protocol. |
The default IP address is 0.0.0.0, which prevents packet forwarding.
SLB redirect virtual server configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
This example shows how to specify the virtual server's IP address, the protocol for redirect virtual server traffic, and the port number used by the protocol:
Cat6k-2(config-slb-redirect)# virtual 130.32.44.50 tcp 80
redirect-vserver (real server submode)
show module csm vserver redirect
To define which source VLANs can be accessed on the redirect virtual server, use the vlan command in the SLB redirect virtual server submode. To remove the VLAN, use the no form of this command.
vlan {vlan-number | all}
no vlan
vlan-number |
The VLAN that the virtual server can access. |
all |
Specifies that all VLANs are accessed by the virtual server. |
The default is all VLANs are accessed.
SLB virtual server configuration submode
|
|
---|---|
2.1(1) |
This command was introduced. |
This example shows how to specify a VLAN for redirect virtual server access:
Cat6k-2(config-slb-redirect-vs)# vlan 5
sticky
sticky-group (policy submode)
show module csm sticky
show module csm vserver redirect
To specify a backup string sent in response to HTTP requests, use the webhost backup command in SLB redirect virtual server configuration submode. To disable the backup string, use the no form of this command.
webhost backup backup-string [301 | 302]
no webhost backup
The default status code is 302.
SLB redirect virtual server configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
This command is used in situations where the redirect virtual server has no available real servers. The 301 value or 302 value is used to specify the redirect code. The backup string may include a %p at the end to indicate inclusion of the path in the HTTP redirect location statement field.
This example shows how to specify a backup string that is sent in response to HTTP requests:
Cat6k-2(config-slb-redirect-vs)# webhost backup www.mybackup.com%p 301
redirect-vserver (real server submode)
show module csm vserver redirect
To specify a relocation string sent in response to HTTP requests, use the webhost relocation command in the SLB redirect virtual server configuration submode. To disable the relocation string, use the no form of this command.
webhost relocation relocation string [301 | 302]
no webhost relocation
The default status code is 302.
SLB redirect virtual server configuration submode
|
|
---|---|
1.1(1) |
This command was introduced. |
The backup string may include a %p at the end to indicate inclusion of the path in the HTTP redirect location statement field.
This example shows how to specify a relocation string that is sent in response to HTTP requests:
Cat6k-2(config-slb-redirect-vs)# webhost relocation www.myhome1.com%p 301
redirect-vserver (real server submode)
show module csm vserver redirect
To ensure that the CSM switches connections in the opposite direction and back to the original source, use the reverse-sticky command. To remove the reverse sticky option from the policy or the default policy of a virtual server, use the no form of this command.
reverse-sticky group-id
no reverse-sticky
group-id |
Number identifying the sticky group to which the virtual server belongs; the range is from 0 to 255. |
The default is that the reverse sticky option is not connected. Sticky connections are not tracked.
The group ID default is 0.
SLB virtual server configuration submode.
|
|
---|---|
1.1(1) |
This command was introduced. |
3.1(1) |
The IP reverse-sticky command is introduced. |
The sticky feature is not used for other virtual servers.
This example shows how to set the IP reverse-sticky feature:
Cat6k-2(config-module-csm)# vserver PUBLIC_HTTP
Cat6k-2(config-slb-vserver)# reverse-sticky 60
sticky
sticky-group (policy submode)
show module csm sticky
show module csm vserver redirect
To load scripts from a script file to the CSM, use the script file command. To remove the script file command from the configuration, use the no form of this command.
script file {file-url | bootflash: | const_nvram: | disk0: | flash: | ftp: | null: | nvram: | rcp: | slot0: | sup-bootflash: | sup-microcode: | sup-slot0: | system: | tftp:}
no script file
This command has no default settings.
Module CSM configuration submode
|
|
---|---|
3.1(1) |
This command was introduced. |
The file URL is a standard Cisco IOS file name such as bootflash:webprobe.tcl.
This example shows how to load scripts from a script file to the CSM:
Cat6k-2(config-module-csm)# script file file-url
To run a standalone task, use the script task command. To remove the standalone task from the configuration, use the no form of this command.
script task 1-100 script name
no script task 1-100 script name
1-100 |
Task ID that identifies a specific running script. |
script name |
Identifies the script by name. |
This command has no default settings.
Module CSM configuration submode
|
|
---|---|
3.1(1) |
This command was introduced. |
This example shows how to run a standalone script:
Cat6k-2(config-module-csm)# script task 30 filerun