Cisco IOS SLB

Hello Guys,
I am wondering if cisco 3750 Series support Cisco IOS SLB for SMTP protocol,  Can anyone help me in this?
Thanks in advance,
Jagdev

Hi Jagdev,
Cisco supports IOS SLB only on Cat 6k, 7x00
Siva

Similar Messages

  • Cisco IOS SLB or CSM?

    I am trying to inform myself if Cisco IOS supports Server Load Balancing (SLB) without the CSM. It appears this software has been integrated into a hardware module known as a Content Switching Module. (CSM)
    Aside from cost and being a hardware module (faster) in a IOS based Catalyst 6500, Is there a functional advantage / disadvantage of using the Cisco CSM over Cisco IOS Server Load Balancing or vice versa. Any comments would be appreciated. Thanks.
    Mark

    IOS SLB shares the same software code base as Cisco IOS and has all the software features sets of Cisco IOS software. IOS SLB is recommended for customers desiring complete integration of SLB technology into traditional Cisco switches and routers.
    The CSM is specifically designed to meet the demands of large Internet service providers (ISPs), Co-location facilities, Application service providers (ASPs), and Enterprise web server farms.
    These links might help you gain a better understanding:
    http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121e/121e8/iosslb8e.htm#xtocid32
    http://www.cisco.com/en/US/partner/products/hw/modules/ps2706/products_qanda_item09186a0080092384.shtml
    http://www.cisco.com/warp/customer/cc/pd/si/casi/ca6000/prodlit/ccsm_ds.htm

  • IOS SLB versus CSM

    Hi,
    trying to figure out a possible solution for a 6500 and got a bit confused. According to my knowledge, IOS SLB is working either in L2 (MAC) or L3/4 (NAT), to ensure load balancing. CSM comes in the game, but offers much more, extending to L4/7. Are the two solutions substitude or complementary? Is it true that only with an CSM can you get HTTP probes to check your load balanced server farm? What other differences do you know about these two solutions?
    In the paper http://www.cisco.com/en/US/partner/products/hw/modules/ps2706/products_configuration_example09186a0080094066.shtml
    it is stated that "To run Cisco IOS SLB software, you must configure the mode using the show ip slb mode [csm | rp] command before any configuration. In the show ip slb mode command, the rp argument is default. You can only configure csm argument if you have the Content Switching Module (CSM)."
    While in
    http://www.cisco.com/en/US/partner/products/hw/modules/ps2706/products_configuration_example09186a008009452d.shtml
    cisco states that "You cannot run Cisco IOS® SLB software on the same switch as the CSM."
    Any ideas on that?
    Thanks in advance

    there are 2 ways to configure the csm.
    You can use the same ios slb command and just tell the switch that there is a csm with the command 'ip slb mode'.
    Or you can use the 'module contentswitching ' command.
    If you use the first method, you can't use both a CSM and ios slb on the same switch.
    If you use the second method, it is ok to have both ios slb and csm.
    IOS SLB offers L4-7 loadbalancing solution.
    Just be aware that as soon as you do L7 or do some nating, you poor performance with ios slb compare to a CSM.
    One advantage of ios slb is the capacity to do radius loadbalancing [inspecting radius packet to identify framed ip, ...]
    This is why in CMX solution we combine both ios slb and csm.
    IOS SLB is used to loadbalance radius and the CSM is used to loadbalance the rest of the traffic.
    Personally, I would say if you just need some vpn or firewall loadbalancing, ios slb is enough.
    If you need HTTP or any other traffic wthe CSM is a better choice.
    Regards,
    Gilles.

  • IOS SLB Loab Balance Questions

    Forgive me if this is the wrong forum but it was the closest one I found relating to my issue.
    I've trying to load balance four of our radius servers using IOS SLB. The config works well and the radius servers are accepting requests fine. I follow this article which wasn't too bad to follow:
    http://www.cisco.com/application/pdf/en/us/guest/netsol/ns377/c649/cdccont_0900aecd800eb95f.pdf
    My two questions are:
    1. Sticky Option
    I understand it's used to make sure the client's accounting information
    goes to the correct real server, but I'm not sure how it really works
    and what's the best time to set it to.
    Eg:
    ip slb vserver RAD-UDP-1646
    virtual 210.x.x.224 udp 1646
    serverfarm RADFARM
    sticky 86400 group 10
    inservice
    a/ The documentation says "This configuraion causes the sticky database to store its entries for 86,400 seconds of inactivity". What do they mean by "inactivity" - no radius packets coming through? inactivity from the user's end?
    b/ It also says "the client's IP address is added to the IOS SLB database..." - is this the client's framed IP that the ISP assigns to the customer???
    c/ And what would be the optimum time to set the sticky timer to be?
    2. SLB connection statistics
    core1-router#sh ip slb reals
    real farm name weight state conns
    203.x.x.74 RADFARM 8 OPERATIONAL 0
    203.x.x.78 RADFARM 8 OPERATIONAL 0
    203.x.x.79 RADFARM 8 OPERATIONAL 0
    203.x.x.80 RADFARM 8 OPERATIONAL 2
    When you disconnect, the slb stats still show you as being connected to
    the real server (and both udp ports) which isn't very accurate. There is a default "delay" time which handles TCP disconnections and after being disconnected for 10 sec, the SLB stats are updated to reflect this (I've verified this works)- but nothing about how it handles UDP disconnections??? This
    would skew the stats and give us a very bad misrepresentation of the
    number of current and valid connections. Is there anyway to correct this???
    Thanks.
    Andy

    Inactivity for IOS SLB means that after specified time of inactivity, the client will be free to be load balanced to another server. As long as they remain active without an idle time , they will remain connected to the same real server. For the client's IP address which is added to the IOS SLB database I think it is the frammed IP address which the ISP assigns. The optimum time for the sticky timer will be its default value or say 60 seconds.

  • IOS SLB RADIUS loadbalancing

    Hi Guys,
    can anyone confirm or point out errors in this config that I wish to pop on our 6509. We don't have a test environment, so I need to get as much feedback as I can on this.
    Thanks in advance,
    James
    no natpool WSB_RADIUS 10.176.57.115 10.176.57.115 netmask 255.255.255.128
    no serverfarm WSB_RADIUS
    no serverfarm WSB_RADIUS_NAT
    no policy WSB_RADIUS_NAT
    no vserver WSB_RADIUS
    no probe WSB_RADIUS_AUTH udp
    ip slb serverfarm WSB_RADIUS
    nat server
    real 10.176.57.38
    faildetect numconns 8 numclients 1
    inservice
    real 10.176.57.39
    faildetect numconns 8 numclients 1
    inservice
    real 10.176.57.40
    faildetect numconns 8 numclients 1
    inservice
    real 10.176.57.41
    faildetect numconns 8 numclients 1
    inservice
    ip slb vserver WSB_RADIUS
    virtual 10.176.57.115 udp 1813 service radius
    serverfarm WSB_RADIUS
    idle radius request 2
    inservice standby WSB
    interface Vlan130
    standby 130 name WSB

    IOS SLB provides RADIUS load-balancing capabilities for RADIUS servers. In addition, IOS SLB can load-balance devices that proxy the RADIUS Authorization and Accounting flows in both traditional and mobile wireless networks, if desired. IOS SLB does this by correlating data flows to the same proxy that processed the RADIUS for that subscriber flow.
    http://www.cisco.com/en/US/products/sw/iosswrel/ps1833/products_feature_guide09186a00802081ce.html#wp2889077

  • IOS SLB dns probe

    Hi,
    I'm trying to configure a DNS probe using IOS SLB, but it's not working.
    I followed the manual on how to configure a DNS probe, but it just doesn't make any sense.
    When using DNS probes on an ACE, you give a hostname which the DNS server should resolve to a configured IP Address.and configure an ip address, which makes sense.
    On the IOS SLB, it is not the case. Two variables can be configured:
    Router(config-slb-probe)# address ip-address]
    (Optional) Configures an IP address to which to send the Domain Name System (DNS) probe.
    Router(config-slb-probe)# lookup [ip-address]
    (Optional) Configures an IP address of a real server that a Domain Name System (DNS) server should supply in response to a domain name resolve request.
    What am I missing. Could someone please clearify??
    Tnx!

    To verify that a probe is configured correctly, use the show ip slb probe command:
    Router# show ip slb probe
    It may help you in troubleshooting purpose
    For the further description for configuration for the DNS Probe following guide may help you
    http://www.cisco.com/en/US/docs/ios/12_2/12_2z/12_2za/feature/guide/slbza5.html#wp2434837

  • Cat 6500 SupEng MSFC II IOS SLB performance

    Hello,
    anyone know which are the current cat 6500 Supervisor Engine II MSFC II IOS SLB performance ? I need to know the max tcp/udp cuncurrent active session and the max tcp/udp setup rate.
    Thanks a lot.
    Best regards
    Fabio Bellini

    check out the following link for the performance details :
    http://www.cisco.com/en/US/products/hw/modules/ps2706/products_data_sheet09186a00800887f3.html

  • IOS SLB inservice standby

    Hi,
    I would like to know what is the main purpose of use the "standby" at the "inservice standby <group>" defined under the virtual server?. It's just a information ("as description") to associate the HSRP standby into this virtual server or it's have another function?.
    Thanks,
    Marcelo

    Marcelo,
    IOS SLB "inservice standby" is used where you require stateless redundancy for vservers across 2 SLB routers or switches. Using this command makes the vserver state follow the HSRP state of the relevant interface, to prevent the situation where one router is processing routing traffic but the other router is active and listening for traffic directed to the vserver address. It is much more than a description for the HSRP group, it is the mechanism to allow redundancy to function.
    This page has details0
    http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ipcprt1/1cfsflb.htm#1001434
    Regards, Peter

  • IOS SLB w/GLBP?

    Currently I'm using IOS SLB with stateless backup on a pair of switches running HSRP. We are installing another project with similar requirements except we are trying to move to GLBP for a variety of reasons.
    As best as I can determine the stateless backup features only seem to work with HSRP at least that's my guess from the documentation. Anyone have any experience with this?
    I really don't want to have to fall back to HSRP on this particular pair of switches.

    IOS SLB stateless backup does not support Gateway Load Balancing Protocol (GLBP). Only HSRP.
    http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ipcprt1/1cfsflb.htm#1001462

  • IOS SLB maximum connections

    Hi,
    New to this Forum, at least. Apologies if this is not appropriate for SLB questions...
    We have a standard IOS SLB setup with 2 x Cisco3725's running HSRP. IOS SLB setup for a few servers on private LAN. They're running www, ftp, https.
    We have a customer who needs figures for maximum connections supported for www, for example.
    We currently monitor the basic's(bandwidth :) ) via MRTG.
    Has anyone an idea how we would go about trying to estimate max xonnections for our setup. Are there general scalability guidelines on CCO?
    Thanks,
    Mark

    The Cisco IOS Server Load Balancing (SLB) feature is a Cisco IOS-based solution that provides server load balancing. This feature allows you to define a virtual server that represents a cluster of real servers, known as a server farm. When a client initiates a connection to the virtual server, the IOS SLB load balances the connection to a chosen real server, depending on the configured load-balance algorithm or predictor. To monitor HTTP access you could use the HTTP proble feature that is supported with IOS server load balancing. For more information refer to the following document.
    http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a0080094066.shtml

  • IOS SLB and probe failure

    Hello,
    we use server-load-balancing with IOS 12.1(19)E1
    We have a problem if the server receives more connections following error messages “REAL 192.168.197.8 (HSSAT1-LX) has changed to PROBE_FAILED” and few seconds later “REAL 192.168.197.8 (HSSAT1-LX) has changed to OPERATIONAL” appears and so on.
    We checked the server and they works proper.
    What could be the reason for probe failed?
    My configuration:
    ip slb probe HS-PROBE tcp
    interval 5
    ip slb serverfarm HSSAT1-LX
    nat server
    predictor leastconns
    failaction purge
    probe HS-PROBE
    real 192.168.197.8 99
    reassign 2
    inservice
    real 192.168.197.9 99
    reassign 2
    inservice
    ip slb vserver HS.SAT1.DE
    virtual xxx.xxx.xxx.xxx tcp www
    serverfarm HSSAT1-LX
    advertise active
    inservice standby allvips
    How does a TCP probe works? – I could not find more exact information in the documents to configure probes.
    Is it better to use another probe (icmp)? – or without any probe?
    When does it make sense to use probes?
    Best regards
    Stefan

    HI Stefan,
    tcp probes do a complete TCP 3-way handshake and normaly terminate the session. A problem which I had some times timeout for a session to be established might be to short if the server is "heavy" loaded.
    Probing on a specific method (TCP HTTP ...) is most of the times the better solution. Imagine a WEB-Server which is properly pingable but the httpd died due to some internal error. If you would probe on a per ping basis the loadbalancer will never notice this but if you monitor tcp-port 80 by a tcp probe or better a http probe you will notice this and the server would be taken out of the serverfarm. Even better but afaik not possible in IOS SLB is to probe a certain page e.g. index.html. As you know that the httpd is up and running and pages can be displayed.
    Regarding the probing issue it might be usefull to read the follwing link describing healthmonitoring with the CSM
    http://www.cisco.com/en/US/products/hw/switches/ps708/products_installation_and_configuration_guide_chapter09186a00801c5899.html#1024967
    Hope that helped.
    Best Regards,
    Joerg

  • IOS SLB and MRTG ?

    I've tried to run MRTG against IOS SLB to get stats on the VIPs, but can't get it to work.
    Anyone else had any luck with this ?
    Anyone monitoring individual VIPs or serverfarms some other way?
    Simon

    You could try using SNMP to poll the SLB instead. I also found that MRTG doesn't work too well with SLB.
    You could use MIBs to monitor VIP processor load and memory usage.
    This is the link to the MIB that will enable you to poll SLB through SNMP:
    ftp://ftp.cisco.com/pub/mibs/v2/CISCO-SLB-MIB.my

  • IOS SLB and Stateless failover

    Trying to compare CSM and IOS SLB features. Read where the CSM can have "stateful" failover (maintains sessions) in a box-to-box scenerio. I also read where the IOS SLB can only provide "stateless" failover (I assume during failover, state/connection information is lost) using HSRP.
    Can anyone confirm what I have written?
    Your help is much appreciated.

    That is correct.
    The CSM can maintain state on connections on a failover using the "replicate csrp" command. This command is not available on IOS SLB.
    The following are links to the CSM commands and IOS SLB commands for your reference...
    CSM Config guide, release notes and commands:
    http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/cfgnotes/csm_3_1/index.htm
    IOS SLB commands: http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps1835/products_command_summary_chapter09186a008008805e.html
    IOS SLB config guide:
    http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca75d.html
    hope that helps
    -Steve

  • IOS slb questions

    Hi,
    1. It is true that ip slb probe http is not working on 6509 without CSM card?
    2. Did someone had tested how many IOS SLB client connections can support a 6509 with SUP1A /MSFC2 without CSM card?
    Thanks,
    Yuti

    The Cisco CSM accommodates a wide range of common IP protocols?including TCP and User Datagram Protocol (UDP). Additionally, the Cisco CSM supports higher-level protocols, including HTTP, FTP, Telnet, Real Time Streaming Protocol (RTSP), Domain Name System (DNS), and Simple Mail Transfer Protocol (SMTP).
    The Cisco CSM allows full regular expression pattern matching for policies based on URLs, cookies, and HTTP header fields. The Cisco CSM supports any URL or cookie format?allowing it to load balance existing Web content without requiring URL or cookie format changes.

  • ISE 1.1.3 en Cisco IOS SCEP

    Hi,
    I'm running Cisco ISE 1.1.3.124 and a Cisco IOS 2811 (c2800nm-spservicesk9-mz.150-1.M2.bin) which I configured the be a SCEP server.
    PKI Authentication and enrollment of a Cisco switch with this SCEP server is running well but BYOD clients enrollment via EAP-TLS (1024/2048) giving me the following error on the Cisco IOS SCEP server:
    SCEP#
    .Mar 17 15:21:59.446: Sun, 17 Mar 2013 15:21:59 GMT 10.0.0.164 /cgi-bin/pkiclient.exe ok
            Protocol = HTTP/1.1 Method = GET Query = operation=PKIOperation&message=MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgU
    AMIAGCSqGSIb3DQEHAaCAJIAEggPoMIAGCSqGSIb3DQEHA6CAMIACAQAxggEvMIIBKwIBADATMA4xDDAKBgNVBAMTA2lzZQIBA
    TANBgkqhkiG9w0BAQEFAASCAQAmbK6WZ5L6gw+uh7h4Qi53XL76QsBNcY8E6cMxWDp8hWbLvujNOylSvJLF
    .Mar 17 15:21:59.446:
    .Mar 17 15:21:59.454: CRYPTO_CS: received a SCEP request, 3652 bytes
    .Mar 17 15:21:59.454: CRYPTO_CS: read SCEP: registered and bound service SCEP_READ_DB_10  
    .Mar 17 15:21:59.482: CRYPTO_CS: scep msg type - 19
    .Mar 17 15:21:59.482: CRYPTO_CS: trans id - 9871e81c65121310b77df8b341c7c887a5392da2
    .Mar 17 15:21:59.486: CRYPTO_CS: failed to open env data
    .Mar 17 15:21:59.486: CRYPTO_CS: read SCEP: unregistered and unbound service SCEP_READ_DB_10  
    .Mar 17 15:21:59.486: CRYPTO_CS: failed to read SCEP request
    .Mar 17 15:21:59.502: Sun, 17 Mar 2013 15:21:59 GMT 10.0.0.164 /cgi-bin/pkiclient.exe ok
    SCEP#
    I'm stuck now on the message: failed to open env data. So can anyone explain what the meaning is of this message or maybe know if IOS SCEP with ISE is supported ?
    Thanks in advance.
    greetz Michel
    btw the tracelog of the switch enrollment with IOS SCEP is below:
    SCEP#
    .Mar 17 14:57:10.932: Sun, 17 Mar 2013 14:57:10 GMT 10.0.0.161 /cgi-bin/pkiclient.exe ok
            Protocol = HTTP/1.0 Method = GET Query = operation=PKIOperation&message=MIIGWgYJKoZIhvcNAQcCoIIGSzCCBkcCAQExCzAJBgUrDgMCGgUAMIIDAAYJKoZI
    hvcNAQcBoIIC8QSCAu0wggLpBgkqhkiG9w0BBwOgggLaMIIC1gIBADGBujCBtwIB
    ADAgMBsxGTAXBgNVBAMTEGNhLndlc3R3aWp6ZXIubmwCAQEwDQYJKoZIhvcNAQEB
    BQAEgYAo/LNaINm+tcgzF8V8d7d5x
    .Mar 17 14:57:10.932:
    .Mar 17 14:57:10.936: CRYPTO_CS: received a SCEP request, 2210 bytes
    .Mar 17 14:57:10.940: CRYPTO_CS: read SCEP: registered and bound service SCEP_READ_DB_1   
    .Mar 17 14:57:10.948: CRYPTO_CS: scep msg type - 19
    .Mar 17 14:57:10.948: CRYPTO_CS: trans id - 59D142A6D0F525668626A435229BAAF1
    .Mar 17 14:57:11.040: CRYPTO_CS: read SCEP: unregistered and unbound service SCEP_READ_DB_1   
    .Mar 17 14:57:11.040: CRYPTO_CS: received an enrollment request
    .Mar 17 14:57:11.040: CRYPTO_PKI: creating trustpoint clone ise1
    .Mar 17 14:57:11.040: CRYPTO_CS: checking policy for enrollment request ID=1
    .Mar 17 14:57:11.040: CRYPTO_CS: request has been authorized, transaction id=59D142A6D0F525668626A435229BAAF1
    .Mar 17 14:57:11.040: CRYPTO_CS: locking the CS
    .Mar 17 14:57:11.040: CRYPTO_CS: added CDP extension
    .Mar 17 14:57:11.044: CRYPTO_CS: added key usage extension
    .Mar 17 14:57:11.044: CRYPTO_CS: Validity: 13:57:11 UTC Mar 17 2013-13:57:11 UTC Oct 3 2013
    .Mar 17 14:57:11.128: CRYPTO_CS: writing serial number 0x2.
    .Mar 17 14:57:11.180: CRYPTO_CS: file opened: nvram:ise.ser
    .Mar 17 14:57:11.180: CRYPTO_CS: Writing 32 bytes to ser file
    .Mar 17 14:57:13.864: CRYPTO_CS: reqID=1 granted, fingerprint=2
    .Mar 17 14:57:13.864: CRYPTO_CS: unlocking the CS
    .Mar 17 14:57:13.864: CRYPTO_CS: write SCEP: registered and bound service SCEP_WRTE_DB_1   
    .Mar 17 14:57:13.984: CRYPTO_CS: write SCEP: unregistered and unbound service SCEP_WRTE_DB_1   
    .Mar 17 14:57:13.988: CRYPTO_CS: Certificate generated and sent to requestor
    .Mar 17 14:57:13.988: CRYPTO_CS: removing trustpoint clone ise1

    Michel,
    Officially supported it is not:
    http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCud86973
    Some people mentioned varios degrees of "having it working".
    In your case it's the envelope data which appears to be a problem for IOS.
    M.

Maybe you are looking for

  • Associative Array error

    I am using a couple associative arrays in my code and comparing the data in one, and if it is an asterisk, I change it to use the data in the other. Here is the meat of my code. I am running into an error at the bolded line saying I have too many val

  • How do I get an iphoto library that is stored on an external HD to show up in apple tv?

    I recently moved my iphoto library from my iMac HD to an Airport Extreme Time Capsule because I ran out of space on my iMac's HD. Since the move, I can't view any of my photos through Apple TV like I had been able to when the library was on the iMac

  • How do I restore Safari and the App Store to my iPad?

    Safari and App Store are no longer on my iPad.  How do I restore them?

  • How does Aperture Face recognition work

    Just upgraded to Aperture 3 --- I'm a little baffled by the functionality of the face recognition. Aperture certainly found most (if not all) of the faces in my collection but I thought it was supposed to be able to actually do recognition (to some e

  • BTY sign in seal

    I can see the logic behind this feature, but I must be missing something Every time I upload a sign in seal the next time I go back to the sign in page its gone.  The only way to stop it vanishing, is to [wait for it] remain signed in! Anyone any off