IOS SLB RADIUS loadbalancing

Similar Messages

• IOS SLB versus CSM

  Hi,
  trying to figure out a possible solution for a 6500 and got a bit confused. According to my knowledge, IOS SLB is working either in L2 (MAC) or L3/4 (NAT), to ensure load balancing. CSM comes in the game, but offers much more, extending to L4/7. Are the two solutions substitude or complementary? Is it true that only with an CSM can you get HTTP probes to check your load balanced server farm? What other differences do you know about these two solutions?
  In the paper http://www.cisco.com/en/US/partner/products/hw/modules/ps2706/products_configuration_example09186a0080094066.shtml
  it is stated that "To run Cisco IOS SLB software, you must configure the mode using the show ip slb mode [csm | rp] command before any configuration. In the show ip slb mode command, the rp argument is default. You can only configure csm argument if you have the Content Switching Module (CSM)."
  While in
  http://www.cisco.com/en/US/partner/products/hw/modules/ps2706/products_configuration_example09186a008009452d.shtml
  cisco states that "You cannot run Cisco IOS® SLB software on the same switch as the CSM."
  Any ideas on that?
  Thanks in advance

  there are 2 ways to configure the csm.
  You can use the same ios slb command and just tell the switch that there is a csm with the command 'ip slb mode'.
  Or you can use the 'module contentswitching ' command.
  If you use the first method, you can't use both a CSM and ios slb on the same switch.
  If you use the second method, it is ok to have both ios slb and csm.
  IOS SLB offers L4-7 loadbalancing solution.
  Just be aware that as soon as you do L7 or do some nating, you poor performance with ios slb compare to a CSM.
  One advantage of ios slb is the capacity to do radius loadbalancing [inspecting radius packet to identify framed ip, ...]
  This is why in CMX solution we combine both ios slb and csm.
  IOS SLB is used to loadbalance radius and the CSM is used to loadbalance the rest of the traffic.
  Personally, I would say if you just need some vpn or firewall loadbalancing, ios slb is enough.
  If you need HTTP or any other traffic wthe CSM is a better choice.
  Regards,
  Gilles.

• IOS SLB Loab Balance Questions

  Forgive me if this is the wrong forum but it was the closest one I found relating to my issue.
  I've trying to load balance four of our radius servers using IOS SLB. The config works well and the radius servers are accepting requests fine. I follow this article which wasn't too bad to follow:
  http://www.cisco.com/application/pdf/en/us/guest/netsol/ns377/c649/cdccont_0900aecd800eb95f.pdf
  My two questions are:
  1. Sticky Option
  I understand it's used to make sure the client's accounting information
  goes to the correct real server, but I'm not sure how it really works
  and what's the best time to set it to.
  Eg:
  ip slb vserver RAD-UDP-1646
  virtual 210.x.x.224 udp 1646
  serverfarm RADFARM
  sticky 86400 group 10
  inservice
  a/ The documentation says "This configuraion causes the sticky database to store its entries for 86,400 seconds of inactivity". What do they mean by "inactivity" - no radius packets coming through? inactivity from the user's end?
  b/ It also says "the client's IP address is added to the IOS SLB database..." - is this the client's framed IP that the ISP assigns to the customer???
  c/ And what would be the optimum time to set the sticky timer to be?
  2. SLB connection statistics
  core1-router#sh ip slb reals
  real farm name weight state conns
  203.x.x.74 RADFARM 8 OPERATIONAL 0
  203.x.x.78 RADFARM 8 OPERATIONAL 0
  203.x.x.79 RADFARM 8 OPERATIONAL 0
  203.x.x.80 RADFARM 8 OPERATIONAL 2
  When you disconnect, the slb stats still show you as being connected to
  the real server (and both udp ports) which isn't very accurate. There is a default "delay" time which handles TCP disconnections and after being disconnected for 10 sec, the SLB stats are updated to reflect this (I've verified this works)- but nothing about how it handles UDP disconnections??? This
  would skew the stats and give us a very bad misrepresentation of the
  number of current and valid connections. Is there anyway to correct this???
  Thanks.
  Andy

  Inactivity for IOS SLB means that after specified time of inactivity, the client will be free to be load balanced to another server. As long as they remain active without an idle time , they will remain connected to the same real server. For the client's IP address which is added to the IOS SLB database I think it is the frammed IP address which the ISP assigns. The optimum time for the sticky timer will be its default value or say 60 seconds.

• IOS SLB and probe failure

  Hello,
  we use server-load-balancing with IOS 12.1(19)E1
  We have a problem if the server receives more connections following error messages “REAL 192.168.197.8 (HSSAT1-LX) has changed to PROBE_FAILED” and few seconds later “REAL 192.168.197.8 (HSSAT1-LX) has changed to OPERATIONAL” appears and so on.
  We checked the server and they works proper.
  What could be the reason for probe failed?
  My configuration:
  ip slb probe HS-PROBE tcp
  interval 5
  ip slb serverfarm HSSAT1-LX
  nat server
  predictor leastconns
  failaction purge
  probe HS-PROBE
  real 192.168.197.8 99
  reassign 2
  inservice
  real 192.168.197.9 99
  reassign 2
  inservice
  ip slb vserver HS.SAT1.DE
  virtual xxx.xxx.xxx.xxx tcp www
  serverfarm HSSAT1-LX
  advertise active
  inservice standby allvips
  How does a TCP probe works? – I could not find more exact information in the documents to configure probes.
  Is it better to use another probe (icmp)? – or without any probe?
  When does it make sense to use probes?
  Best regards
  Stefan

  HI Stefan,
  tcp probes do a complete TCP 3-way handshake and normaly terminate the session. A problem which I had some times timeout for a session to be established might be to short if the server is "heavy" loaded.
  Probing on a specific method (TCP HTTP ...) is most of the times the better solution. Imagine a WEB-Server which is properly pingable but the httpd died due to some internal error. If you would probe on a per ping basis the loadbalancer will never notice this but if you monitor tcp-port 80 by a tcp probe or better a http probe you will notice this and the server would be taken out of the serverfarm. Even better but afaik not possible in IOS SLB is to probe a certain page e.g. index.html. As you know that the httpd is up and running and pages can be displayed.
  Regarding the probing issue it might be usefull to read the follwing link describing healthmonitoring with the CSM
  http://www.cisco.com/en/US/products/hw/switches/ps708/products_installation_and_configuration_guide_chapter09186a00801c5899.html#1024967
  Hope that helped.
  Best Regards,
  Joerg

• IOS SLB and IBM Workload Manager

  Does anyone know if IOS SLB can function similar to Multinode Load Balancing (MNLB) in that the IOS router acts as a Services Manager which contacts the OS390 Worload Manager (WLM) who then reports back the best OS390 server for a particular connection.
  Under MNLB, the Local Director performs the task as the Services Manager, but can a IOS SLB router perform this task?
  Thank you for your help.

  Steve, thank you for the reply. I have a large-scale OS390 WLM request as I'm told that this is the method for providing server load-balancing in a sysplex environment. I wonder why it is not supported in version 4.X. Do you happen to know the long term goal for OS390 load balancing support?
  I appreciate your help, Thank you

• Cisco IOS SLB or CSM?

  I am trying to inform myself if Cisco IOS supports Server Load Balancing (SLB) without the CSM. It appears this software has been integrated into a hardware module known as a Content Switching Module. (CSM)
  Aside from cost and being a hardware module (faster) in a IOS based Catalyst 6500, Is there a functional advantage / disadvantage of using the Cisco CSM over Cisco IOS Server Load Balancing or vice versa. Any comments would be appreciated. Thanks.
  Mark

  IOS SLB shares the same software code base as Cisco IOS and has all the software features sets of Cisco IOS software. IOS SLB is recommended for customers desiring complete integration of SLB technology into traditional Cisco switches and routers.
  The CSM is specifically designed to meet the demands of large Internet service providers (ISPs), Co-location facilities, Application service providers (ASPs), and Enterprise web server farms.
  These links might help you gain a better understanding:
  http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121e/121e8/iosslb8e.htm#xtocid32
  http://www.cisco.com/en/US/partner/products/hw/modules/ps2706/products_qanda_item09186a0080092384.shtml
  http://www.cisco.com/warp/customer/cc/pd/si/casi/ca6000/prodlit/ccsm_ds.htm

• IOS SLB Exclusively for Internal Clients

  We would like to turn up IOS SLB in dispatched mode on (core) SUP720 MSFCs in an HSRP environment. We would sequester the farm(s) of IIS and Citrix servers on an 'SLB VLAN', with our internal client base on an 'Office VLAN'. All databases and other supporting servers for the SLB servers are also on the 'Office VLAN'.
  Question: are there any issues, caveats, or compromises related to the back-end SLB servers accessing required resources on the Office VLAN? I am thinking that normal database and supporting traffic initiated by the SLB servers would just traverse the MSFC (as the default gateway) via inter-VLAN routing and that only the client-initiated, VIP-destined traffic on the Office VLAN would be handled by the IOS SLB feature and policies. In this thinking, supporting traffic replies from the databases back to the SLB server would use the routed SLB server's real IP address.
  Thanks in advance for any input and experiences with this topology. I'm hoping that this is a forest-for-the-trees situation, but I haven't seen many references to an all-internal deployment of either IOS SLB or appliance-based SLBs.
  Thanks,
  Gene

  If you are using dispatched mode, it needs to be L2 adjacent.In dispatched mode, the virtual server address is known to the real servers and IOS SLB redirects packets to the real servers at the media access control (MAC) layer.Phase I of IOS SLB implements dispatch mode only for packet redirection.In this mode, the real servers must be Layer 2 adjacent to the device redirecting packets,not beyond an additional router.

• IOS SLB dns probe

  Hi,
  I'm trying to configure a DNS probe using IOS SLB, but it's not working.
  I followed the manual on how to configure a DNS probe, but it just doesn't make any sense.
  When using DNS probes on an ACE, you give a hostname which the DNS server should resolve to a configured IP Address.and configure an ip address, which makes sense.
  On the IOS SLB, it is not the case. Two variables can be configured:
  Router(config-slb-probe)# address ip-address]
  (Optional) Configures an IP address to which to send the Domain Name System (DNS) probe.
  Router(config-slb-probe)# lookup [ip-address]
  (Optional) Configures an IP address of a real server that a Domain Name System (DNS) server should supply in response to a domain name resolve request.
  What am I missing. Could someone please clearify??
  Tnx!

  To verify that a probe is configured correctly, use the show ip slb probe command:
  Router# show ip slb probe
  It may help you in troubleshooting purpose
  For the further description for configuration for the DNS Probe following guide may help you
  http://www.cisco.com/en/US/docs/ios/12_2/12_2z/12_2za/feature/guide/slbza5.html#wp2434837

• Cisco IOS SLB

  Hello Guys,
  I am wondering if cisco 3750 Series support Cisco IOS SLB for SMTP protocol,  Can anyone help me in this?
  Thanks in advance,
  Jagdev

  Hi Jagdev,
  Cisco supports IOS SLB only on Cat 6k, 7x00
  Siva

• Cat 6500 SupEng MSFC II IOS SLB performance

  Hello,
  anyone know which are the current cat 6500 Supervisor Engine II MSFC II IOS SLB performance ? I need to know the max tcp/udp cuncurrent active session and the max tcp/udp setup rate.
  Thanks a lot.
  Best regards
  Fabio Bellini

  check out the following link for the performance details :
  http://www.cisco.com/en/US/products/hw/modules/ps2706/products_data_sheet09186a00800887f3.html

• IOS SLB and FWSM

  Hi, this may be a silly question but is there any problem with configuring IOS SLB on a 6509 which also has a FWSM module in it and the Servers being load balanced are behind the FWSM?

  The only thing to consider is that by FWSM, you most likely will be running multiple VRFs on the switch and IOS-SLB has some limitations regarding VRF.
  IOS-SLB probes are sent to the global routing table (VRF default) and you will need to 'no advertise' and add static routes to null0 to the VRF for the virtual IPs.
  Other than that, IOS-SLB works fine with the FWSM and VRF...

• CSM - IOS SLB failover ?

  I can't see this from the documentation, but as far as I can see the configuration commands on the switch are the same for IOS SLB and for the CSM. Does this mean that if you have an CSM which fails, the subset of functions supported by IOS SLB will be ?
  I realise performance would be less and only 500 VIPs would be supported etc.
  Thanks
  Simon

  Simon,
  I do not think this is the case. If you look closely at the configuration you will see the command ip slb mode csm. This causes all SLB functions to be offloaded to the CSM. The default is ip slb mode rp which is IOS based. If the CSM fails then SLB will stop working. You will need to enter the command ip slb mode rp for it to work again.
  If you are running version 2.1 or above it is recommended you run ip slb mode rp and use the configuration command
  module ContentSwitchingModule X where X is the module number
  and the slb commands under this.
  Cheers
  Phil
  Cheers
  Phil

• IOS SLB inservice standby

  Hi,
  I would like to know what is the main purpose of use the "standby" at the "inservice standby <group>" defined under the virtual server?. It's just a information ("as description") to associate the HSRP standby into this virtual server or it's have another function?.
  Thanks,
  Marcelo

  Marcelo,
  IOS SLB "inservice standby" is used where you require stateless redundancy for vservers across 2 SLB routers or switches. Using this command makes the vserver state follow the HSRP state of the relevant interface, to prevent the situation where one router is processing routing traffic but the other router is active and listening for traffic directed to the vserver address. It is much more than a description for the HSRP group, it is the mechanism to allow redundancy to function.
  This page has details0
  http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ipcprt1/1cfsflb.htm#1001434
  Regards, Peter

• IOS SLB or CSS?

  Hi
  I am revieiwing SLB options for my client - real server and client side access subnets terminate on common 6500s/Sup720s....intial requirement is small so IOS SLB looks like a possible fit as tactical (would require feature set upgrade)....any known issues?
  If I go for CSS then I assume that I will need to use SLB-on-a-stick config and destination/source NAT given current access topology...right?...i.e. I do not weant to have to re-engineer/place layer 3 separation between client-side MSFC and server farms.

  Gilles
  Thanks for fast response....I assume this is 'dispatch mode' where dest IP remains constant/MAC is modified.
  My deployement issue is further complicated as SLB may need to enconmpass real servers being in subnets on both local 6500/Sup720 access vlans and those on peer (OSPF) remote
  6500/Sup720 access vlans.
  It seems to me that to avoid re-IPing, the best approach is to use CSS on a stick and use source/dest NAT....side affect of this is all clients appearing to real servers on single source IP = SLB VIP. Do you agree?
  Also, would above work if some of the real servers were on 'foreign' peer Sup720 access subnets L3 reachable to the local Sup720? On paper this would seem to be fine as long as L3 reachability exists between remote real server and the SLB VIP which will be the address by which all real servers recognise clients.
  Cheers for your input.
  Colin

• IOS SLB - Samba

  Hi,
  Is it possible, and can anyone provide an example, to configure IOS SLB for Samba services ?
  Thanks

  Thanks for the response Ivan,
  My level of account access wont allow me to view the link you have provided
  Here's what I am looking at trying to achieve....
  We have a file system that is accessed by many clients, the access is via a proprietary protocol. In order to support generic client access we mount the file system, using our own driver and share it as a Samba share. The systems hosting this Samba share are used for client access.
  So, we could potentially have multiple machines hosting the same file system via Samba.
  I would like to be able to present this architecture as an N+1 resilience model, which would require load balancing and failover on the machines hosting the Samba mount. IOS SLB seems like the right approach on paper, especially if you substitute Samba for FTP as an example.
  One concern I do have is whether the throughput is constrained by utilizing SLB. Do you have any comment on this ?
  I will look to see if I can dig up any L4 LB papers elsewhere in the mean time.
  Thanks for your input thus far.