Local director 417 replacement? CSS 11501 software 8.20

Similar Messages

• Password recovery, Local Director 417

  Greetings.
  I am looking to remove the login password from a Local Director 417. I have found directions for "Local Director Password Recovery", but they require a floppy drive. The 417 does not have a floppy drive.
  What would be the proper procedure for this?
  Thanks,
  - Tony

  Tony,
  Looking at some internal cases on the 417's, since there seems to be no docs on Passwd recovery I found that there is no passwd recovery for the 417's. In all cases where customers lost passwds a replacement 417 was needed to be RMA'd from Cisco.
  Hope this helps you,
  Don

• Local Director 417 in cluster situation

  Hi,
  I have a LD 417 to forward packets to 2 servers (A&B running redhat cluster suite). The IP address of server A and B are 10.10.10.1 and 10.10.10.2 respectively. The virtual ip for server A and B is 10.10.10.3.
  Since the 2 servers are clusters, only 1 server will be running a service at a time. The service runs at port 5000.
  My questions:
  1. LD 417 will need to route packets to the server which is running the service. How does LD 417 determines that the service is running at server A instead of B ? Is there any command such as keepalive ? what mechanism does LD 417 use ?
  2. If I set the bind as follow:
  bind 10.10.10.3:5000:0:tcp 10.10.10.3:5000:0:tcp
  How can I divert all other packets going to vip 10.10.10.3 to another server (10.10.10.11) ?
  Thanks for the help ?

  the LD uses inband health monitoring.
  It forwards client traffic to server and if the LD does not see a response from the server, it consider it as dead [there are thresholds associated with this].
  localdirector(config)# threshold ?
  usage: threshold
  There is also probes that can be generated but it is limited to dns and http.
  localdirector(config)# pro?
  probe
  probeconfig
  probedns
  probehttp
  If you want to redirect other traffic to another address, you first need to create a vserver to catch this traffic, a real server to receive the traffic an d then bind the 2 togethers.
  Gilles.

• CSS and Local Director comparison

  I am new to this technology and I want to know what are advantages and disadvantages of Local director over the CSS and vice versa besides the price. What functionality does one has that is not supported by the other ?

  If you are looking at implementing a load balancer then I would suggest to go for the CSS. The CSS is the next generation of load balancer and will replace the Local Director. The CSS functionality and extensibility is far greater than that of the local director. Another point is that feature developement is far more aggessive on the CSS.
  Phil

• Local Director replacement

  On Cisco site Local Director 400 series has been classified as End of Sales. Does anybody know what product replaces them?
  Also I would like to know if IOS Server Load Balancing feature does the same job of Local Director as far load balancing between Web server s is concerned.
  Thanks for any input.

  The Local Director has a few potential replacements.
  IOS SLB can perform the same function and if you have a 6500 already, it may be a good choice.
  Also, the Content Swtiching Module (CSM) is more robust and has additional fuinctionality such as one-armed load balancing and firewall load balancing, among others...
  The Content Services Switch (CSS) is a separate appliance that also has additional functions from the LD. It is comparable to the CSM in features.
  Both the CSM and CSS have optional SSL modules to integrate SSL temination allowing the Load Balancer to do layer 5 inspection of "encrypted" traffic.
  Hope this helps!
  -Steve

• Cisco local director

  now that the local director is eos. can anyone suggest what could i use that would serve the same purpose as the local director for the 2950 switch?

  The logical Cisco replacements would generally be the Content Services Switch (CSS 11500) or the Content Switching Module for the CAT 6000 (CSM)
  Michael

• CSS 11501 - Network reconnection issue

  Using a CSS 11501 switch to configure both Load balancing and server hot standby between two servers (of same config). Clients are connecting to the server using tcp/ip sessions.
  The configuration used is shown below:
  =========================================
  configure
  ip route 0.0.0.0 0.0.0.0 10.167.50.1 1
  !************************* INTERFACE
  interface e2
  bridge vlan 9
  interface e3
  bridge vlan 9
  !************************** CIRCUIT
  circuit VLAN1
  ip address 10.167.50.108 255.255.254.0
  circuit VLAN9
  ip address 10.167.70.1 255.255.254.0
  !************************** SERVICE
  service abc_service1
  ip address 10.167.70.2
  protocol tcp
  port 6300
  keepalive type tcp
  active
  service abc_service2
  ip address 10.167.70.3
  protocol tcp
  port 6300
  keepalive type tcp
  active
  !*************************** OWNER
  owner xxxxx
  content abc_crule
  vip address 10.167.50.109
  add service abc_service1
  add service abc_service2
  protocol tcp
  port 6300
  balance aca
  active
  ===============================
  We conducted three tests to verify the hot standby while client sending the data to server app thro tcp/ip.
  1) Brought down the service on one server 2) Restarted the OS (Windows 2003) on one server 3) Removed a network cable of one of the server connecting to CSS.
  client app lost the conn to the service/server, but when it tried reconnecting to the alternate server, it was successful.
  CSS status reflected the actual status of the service/server.
  But in third test (removing network conn) the service state changed from "Alive" to "Down" and client app lost conn to the server. Client app tried reconnecting and it was successful connecting to the alternate server.
  But when we connected the network cable back, the CSS state was continue to be in "Down". Also,the network connection between CSS and server was not available after reconnection. Also, the status of alternate server changed to "Down", but still client app was successfully transmitting to the alternate server. Stopping the client app and tried reconnecting,
  the connection was not going thro.
  The connection could be established between CSS and server boxes only after restarting the OS(running windows 2003).
  Issues:
  1. Service status in CSS continue to be down even after reconnecting the cable with the service running.
  2. CSS status of the first service also went down after reconnecting the other server.
  3. Client app could not reconnect to any of the servers.
  Are we missing any configuration parameter in CSS which will address the above?
  regards
  Param

  Param,
  what software version for the CSS ?
  Did you see an ARP entry on the server for the CSS ?
  Did you see an ARP entry on the CSS for the server ?
  is the server directly connected to the CSS or is there an L2 switch inbetween ?
  Could you configure 'bridge spanning-tree disabled' on the CSS and see if this improves the situation.
  Regards,
  Gilles.

• Does the Cisco Cache Engine Work with the Cisco Local Director ?

  I need to know if it is possible and how to use cisco local director to redirect traffic to the cache engine in reverse proxy configuration and transparent proxy configuration.

  In directed mode, the client browsers are configured to point to a proxy to a virtual IP address on the Local Director. I know the Local Director does not support a real server that does not have a virtual address defined so it can't transparently forward like the CSS.

• CSS 11501 Config Retrieval

  Hi,
  We have a fault with our CSS 11501 appliance where it is constantly rebooting and attempting to dump a crash file to filesystem but never succeeding.
  It doesn't look as if we have any offline configs in order to build another box.
  Is there any way to retrieve the config file by breaking the boot sequence?
  Regards
  Mike

  Param,
  what software version for the CSS ?
  Did you see an ARP entry on the server for the CSS ?
  Did you see an ARP entry on the CSS for the server ?
  is the server directly connected to the CSS or is there an L2 switch inbetween ?
  Could you configure 'bridge spanning-tree disabled' on the CSS and see if this improves the situation.
  Regards,
  Gilles.

• CSS 11501S GSLB DNS

  Hi
  I am in the process of planning for a GSLB failover solution for a web site. I have attached a very basic diagram showing an example of the topology.
  The aim is to have two sites. A primary site and a DR site to be used as a failover solution.
  The main site has two web servers that will need to be load balanced and the failover DR site will only have 1 web server.
  My initial plan was to use 2 Cisco CSS 11501S devices as I believe this would provide the load balancing and GSLB functionality I require.
  To achieve this I was going to use the CSS's as the primary and secondary name servers for the domain. This has raised a few question marks….
  Both of our sites are connected to a private WAN (with private IP ranges). See attached diagram. Our internet access is provide through a third party “Firewall Port” directly off the WAN. We don't manage the firewall that connects to the internet. This third party firewall provides the NAT for our public facing services (web servers, mail servers, ftp servers etc).
  So my questions are…
  * Because the CSS's and web servers are located on a private network will the CSS's be able to respond to the DNS requests with the PUBLIC IP address (as seeen from the internet) of the servers as apposed to the private IP address of the servers? If the firewall in front of the CSS's was connected to the internet this could be done via DNS doctoring but our firewall is on a private subnet!
  * Is it possible to get the CSS's to respond to DNS requests for other domain devices that do not reside behind the CSS - E.g. a MX record for a mail server that resides on another 'private' network?
  *Is there a better way to achieve this?
  Any assistance would be much appreciated!!

  Thanks for the reponse Gilles. When you say
  "If you configure the css to answer with the public ip address, you can't access your vip from the internal network anymore."
  Do you mean that you will only get the public ip address from a DNS query and therefore this won't work locally?
  If I have a host file entry providing the private address resolution for my internal hosts will this work?
  "Also, be aware we do not support GSLB on the CSS anymore.
  So, if this is a new install, it is better to start with a solution that we support - GSS"
  Why is this no longer supported? Are there a lot of problems with GSLB on the CSS? It is pretty hard to justify the cost of a solution including 2 GSS's for GSLB and 1 CSS for server load balancing when comapred to the price of 2 CSS's with the enhanced license for both GSLB and server load balancing.
  I have one client that wants to use their existing CSS's for a solution like this and another that is starting from scratch.
  Thanks

• Renew certificate CSS 11501

  I have a CSS 11501 running 08.10.1.06.  Is there a way to renew the existing SSL certificate on the box or must I create a new one?  All the doc I've read basically treats renewing the same as creating a new cert.  Thanks for your help.

  Hi,
  In the world of SSL certificates the concept of renewing doesn't exist. You always need to create a new certificate and import it to replace the old one.
  To generate this new certificate, you can either use the old private key or create a new one. If you use a new one, then, make sure to also import it along with the new certificate.

• Local Director network placement

  I need to move the Local Director in my network to a new location. Currently, it sits between my Cat 4003 (yes, I know that is really old) and the firewall - ASA. This placement has workd great up until now. I need to have a trunk link between the ASA and the 4003. What I have read states that I should us a multiple switch setup. What I am wondering is if I can use a multiple VLAN set up on the same switch. See attachment pictures for clarification. Would that work? If not, how can I set up LD to still work in my network, but have a trunk link up to the firewall? Thanks!

  This usually happens when the backend service is unavailable, and the LD tries to reassign a connection to it (to see if it has recovered).
  * Can you post the output from 'show real'?
  * What version of LD software are you running.
  ~Zach

• Local director Binding

  Local director binding to SSL port goes to TESTING automatically after some time..

  This usually happens when the backend service is unavailable, and the LD tries to reassign a connection to it (to see if it has recovered).
  * Can you post the output from 'show real'?
  * What version of LD software are you running.
  ~Zach

• Using the Cisco Local Director

  Hello All-
  We are attempting to set up a server farm that is load balanced with the Cisco Local Director and are experiencing difficulties with some clients whose networks have multiple proxy servers. We have used both the generic sticky command as well as the cookie-insert sticky without total success. Our next option looks like we should put our own proxy server in front of the LD and use SSL. Has anyone experienced these problems and come up with a solution. Unfortunately we don't have weblogic clustering licenses so our state is lost whe a client gets redirected to a new server. Thanks for your time!
  -Adam
  [email protected]
  415.887.9106

  In directed mode, the client browsers are configured to point to a proxy to a virtual IP address on the Local Director. I know the Local Director does not support a real server that does not have a virtual address defined so it can't transparently forward like the CSS.

• Migrating Local Director to CSM - commands "name" "oos"

  On a CSM v4.2(3) on a 6509: I'm trying to make the real servers have names (like on the local director) instead of IP addresses:
  VOC-SW15#conf t
  Enter configuration commands, one per line. End with CNTL/Z.
  VOC-SW15(config)#mod csm 4
  VOC-SW15(config-module-csm)#serverfarm TEST1
  VOC-SW15(config-slb-sfarm)#real ?
  A.B.C.D real server IP address
  name use a named real server
  VOC-SW15(config-slb-sfarm)#real name webtest
  % Config not found for module real WEBTEST
  VOC-SW15(config-slb-sfarm)#real name ?
  WORD real server name
  VOC-SW15(config-slb-sfarm)#real name webtest
  % Config not found for module real WEBTEST
  VOC-SW15(config-slb-sfarm)#
  VOC-SW15(config-slb-sfarm)#real webtest
  VOC-SW15(config-slb-module-real)#address 10.1.250.37
  This is what I end up with (I want the real server under server farm test1:
  real WEBTEST
  address 10.1.250.37
  serverfarm TEST1
  nat server
  no nat client
  real 10.1.250.38
  inservice
  Also, if anyone has an easy way to take a box out of service (like on the local director) please let me know. On CSM we're having to do this:
  VOC-SW15#conf t
  VOC-SW15(config)#mod csm 4
  VOC-SW15(config-module-csm)#serverfarm relays
  VOC-SW15(config-slb-sfarm)#real 10.1.11.23
  VOC-SW15(config-slb-real)#no inservice
  on ld it was just: oos real relay-01
  Thank you for all the posts. They have been tremendous help in getting the CSM in production.
  ps (Gilles, My Christmas wish is that you're working on a CSS/CSM Book for Cisco Press. One is definately needed)
  Thank you, Sheila

  We figured out the name configuration.
  real MLXWEBTEST
  address 10.1.250.36
  inservice
  serverfarm TEST1
  nat server
  no nat client
  real 10.1.250.38
  inservice
  real name MLXWEBTEST
  no inservice
  real server farm weight state conns/hits
  10.1.250.38 TEST1 8 OPERATIONAL 0
  MLXWEBTEST TEST1 8 OUTOFSERVICE 0
  Is this the best configuration? We have to migrate
  250+ servers over to the CSM. Thanks, sheila