The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
To identify a server farm, and then enter the serverfarm configuration submode, use the serverfarm command. To remove the server farm from the configuration, use the no form of this command.
serverfarm serverfarm-name
no serverfarm serverfarm-name
serverfarm-name |
Character string used to identify the server farm; the character string is limited to 15 characters. |
This command has no default settings.
Module CSM configuration submode
|
|
---|---|
CSM release 1.1(1) |
This command was introduced. |
CSM-S release 1.1(1) |
This command was introduced. |
Use this command to enter the server farm configuration submode to configure the load-balancing algorithm (predictor), a set of real servers, and the attributes (NAT, probe, and bindings) of the real servers.
This example shows how to identify a server farm named PUBLIC and change the CLI to server farm configuration mode:
Cat6k-2(config-module-csm)# serverfarm PUBLIC
script task
serverfarm (policy submode)
show module csm serverfarm
To assign a unique ID to allow the DFP agent to differentiate a real server in one server farm versus another server farm, use the bindid command in the SLB serverfarm configuration submode. To disable the bind identification, use the no form of this command.
bindid [bind-id]
no bindid
bind-id |
(Optional) Identification number for each binding; the range is from 0 to 65533. |
The default is 0.
SLB serverfarm configuration submode
|
|
---|---|
CSM release 1.1(1) |
This command was introduced. |
CSM-S release 1.1(1) |
This command was introduced. |
The single real server is represented as multiple instances of itself, each having a different bind identification. DFP uses this identification to identify a given weight for each instance of the real server.
This example shows how to bind a server to multiple virtual servers:
Cat6k-2(config-slb-sfarm)# bindid 7
dfp
script task
show module csm serverfarm
To set the behavior of connections when the real servers have failed, use the failaction command in the SLB serverfarm configuration submode. To disable the behavior of connections to real servers that have failed, use the no form of this command.
failaction {purge | reassign}
no failaction {purge | reassign}
purge |
Specifies that the connection is removed. |
reassign |
Specfies that the connection is reassigned to another real server. |
The default is that no action is taken.
SLB serverfarm configuration submode
|
|
---|---|
CSM release 3.2(1) |
This command was introduced. |
CSM-S release 1.1(1) |
This command was introduced. |
With this command enabled, connections to a real server in the server farm are purged or reassigned when the real server goes down. This feature is required for stateful firewall load balancing.
This example shows how to set the behavior of connections to real servers that have failed:
Cat6k-2(config-slb-sfarm)# failaction purge
backup real (real server submode)
dfp
inservice (real server submode)
script task
show module csm serverfarm
To set the retry attempts to real servers that have failed, use the health command in the SLB serverfarm configuration submode. To disable the retries or the time to wait for connections to real servers that have failed, use the no form of this command.
health retries count failed seconds
no health
There are no default settings.
SLB serverfarm configuration submode
|
|
---|---|
CSM release 2.2(1) |
This command was introduced. |
CSM-S release 1.1(1) |
This command was introduced. |
This example shows how to set the behavior of connections to real servers that have failed:
Cat6k-2(config-slb-sfarm)# health retries 20 failed 200
dfp
script task
show module csm serverfarm
To specify a set of client NAT pool addresses that should be used to perform the NAT function on clients connecting to this server farm, use the nat client command in SLB serverfarm configuration submode. To remove the NAT pool from the configuration, use the no form of this command.
nat client {client-pool-name | static}
no nat client
client-pool-name |
Client pool name. |
static |
Enables static NAT. |
This command has no default settings.
SLB serverfarm configuration submode
|
|
---|---|
CSM release 1.1(1) |
This command was introduced. |
CSM release 3.2(1) |
This command was modified to include the static option. |
CSM-S release 1.1(1) |
This command was introduced. |
Use this command to enable client NAT. If client NAT is configured, the client address and port number in load-balanced packets are replaced with an IP address and port number from the specified client NAT pool. This client pool name must match the pool name entered from a previous natpool command.
This example shows how to specify NAT on the client:
Cat6k-2(config-slb-sfarm)# nat client whishers
natpool (module CSM submode)
nat server (serverfarm submode)
predictor (serverfarm submode)
script task
show module csm serverfarm
static
To specify NAT to servers in this server farm, use the nat server command in SLB serverfarm configuration submode. To disable server NAT, use the no form of this command.
nat server [source-mac]
no nat server
source-mac |
(Optional) Specifies that the request is forwarded back to the source MAC address. |
Server NAT is enabled by default.
SLB server farm configuration submode
|
|
---|---|
CSM release 1.1(1) |
This command was introduced. |
CSM release 4.1(1) |
The source-mac value is added. |
CSM-S release 1.1(1) |
This command was introduced. |
Use this command to enable server NAT. If server NAT is configured, the server address and port number in load-balanced packets are replaced with an IP address and port number of one of the real servers in the server farm.
Note The nat server command has no effect when predictor forward is configured, because no servers can be configured.
The source-mac value encrypts traffic for the SSL service and is specific to SSL devices. The source-mac value sends the request back to the SSL device for encryption, the CSM load balances to the server through the SSL encryption. This value supports back end encruption.
This example shows how to specify NAT on the server:
Cat6k-2(config-slb-sfarm)# nat server
nat client (serverfarm submode)
predictor (serverfarm submode)
script task
show module csm serverfarm
To specify the load-balancing algorithm for the server farm, use the predictor command in the SLB serverfarm configuration submode. To remove the load-balancing algorithm, use the no form of this command.
predictor {roundrobin | leastconns | hash url | hash address [source | destination] [ip-netmask] | forward]}
no predictor
The default algorithm is round robin.
SLB serverfarm configuration submode
Use this command to define the load-balancing algorithm used in choosing a real server in the server farm. If you do not specify the predictor command, the default algorithm is roundrobin. Using the no form of this command changes the predictor algorithm to the default algorithm.
Note The nat server command has no effect when predictor forward is configured, because no servers can be configured.
The portion of the URL to hash is based on the expressions configured for the virtual server submode url-hash command.
No real servers are needed. The server farm is actually a route forwarding policy with no real servers associated with it.
Cache servers perform better using URL hash. However, the hash methods do not recognize weight for the real servers. The weight assigned to the real servers is used in the round-robin and least connection predictor methods. To create different weights for real servers, you can list multiple IP addresses of the cache server in the server farm. You can also use the same IP address with a different port number.
Note The only time the sequence of servers starts over at the beginning (with the first server) is when there is a configuration or server state change (either a probe or DFP agent).
When the least connection predictor is configured, a slow-start mechanism is implemented to avoid sending a high rate of new connections to the servers that have just been put in service. The real server with the fewest number of active connections will get the next connection request for the server farm with the leastconns predictor. A new environment variable, REAL_SLOW_START_ENABLE controls the rate at which a real server ramps up when it put into service. The slow start ramping up is only for a serverfarm configured with the "least-conns" method.
The configurable range for this variable is 0 to 10. The setting of 0 disables the slowstart feature. The value from 1 to 10 specifies how fast the newly activated server should ramp up. The value of 1 is the slowest ramp up rate. The value of 10 specifies that the CSM would assign more requests to the newly activated server. The value of 3 is the default value.
If the configuration value is N, the CSM assigns 2 ^ N (2 raised to the N power) new requests to the newly active server from the start (assuming no connections were terminated at that time). As this server finishes or terminates more connections, a faster ramping occurs. The ramp up stops when the newly activated server has the same number of current opened connections as the other servers in a serverfarm.
This example shows how to specify the load-balancing algorithm for the server farm:
Cat6k-2(config-module-csm)# serverfarm PUBLIC
Cat6k-2(config-slb-sfarm)# predictor leastconns
This example shows how to configure a server farm, named p1_nat, using the least-connections (leastconns) algorithm.
Router(config-module-csm)# serverfarm pl_nat
Router(config-slb-sfarm)# predictor leastconns
Router(config-slb-sfarm)# real 10.1.0.105
Router(config-slb-real)# inservice
Router(config-slb-sfarm)# real 10.1.0.106
Router(config-slb-real)# inservice
maxconns (owner submode)
minconns (real server submode)
nat client (serverfarm submode)
nat server (serverfarm submode)
script task
serverfarm (virtual server submode)
show module csm serverfarm
To associate a probe with a server farm, use the probe command in the SLB serverfarm configuration submode. To disable a specific probe, use the no form of this command.
probe probe-name
no probe probe-name
probe-name |
Probe name associated with the server farm. |
This command has no default settings.
SLB serverfarm configuration submode
|
|
---|---|
CSM release 1.1(1) |
This command was introduced. |
CSM-S release 1.1(1) |
This command was introduced. |
Each server farm can be associated with multiple probes of the same or different protocols. Protocols supported by the CSM include HTTP, ICMP, TCP, FTP, SMTP, Telnet, and DNS.
This example shows how to associate a probe with a server farm:
Cat6k-2(config-slb-sfarm)# probe general
probe
script task
show module csm probe
show module csm serverfarm
To assign a return code map to a server farm, use the retcode-map command in the SLB serverfarm configuration submode. To disable a specific probe, use the no form of this command.
retcode-map retcodemap_name
no retcode-map
retcodemap_name |
Return code map name associated with the server farm. |
This command has no default settings.
SLB serverfarm configuration submode
|
|
---|---|
CSM release 2.2(1) |
This command was introduced. |
CSM-S release 1.1(1) |
This command was introduced. |
This example shows how to associate a probe with a server farm:
Cat6k-2(config-slb-sfarm)# retcode-map return_stats
map retcode
script task
show module csm serverfarm
To display information about the CSM module, use the show module csm command.
show module csm slot [group-id]
slot |
Slot where the CSM resides. |
group-id |
(Optional) Group ID to which the CSM belongs. |
This command has no default settings.
Privileged EXEC
|
|
---|---|
CSM release 3.2(1) |
This command was introduced as show ip slb. |
CSM-S release 1.1(1) |
This command was introduced. |
This example shows how to display static data:
Cat6k-2# show module csm 4 7
module csm
real (static NAT submode)
static
To display the CSM ARP cache, use the show module csm arp command.
show module csm slot arp
slot |
Slot where the CSM resides. |
This command has no default settings.
Privileged EXEC
This example shows how to display the CSM ARP cache:
Cat6k-2# show module csm 4 arp
Internet Address Physical Interface VLAN Type Status
--------------------------------------------------------------------
10.10.3.100 00-01-64-F9-1A-02 0 VSERVER local
10.10.3.1 00-D0-02-58-B0-00 11 GATEWAY up(0 misses)
10.10.3.2 00-30-F2-71-6E-10 11/12 --SLB-- local
10.10.3.10 00-D0-B7-82-38-97 12 REAL up(0 misses)
10.10.3.20 00-D0-B7-82-38-97 12 REAL up(0 misses)
10.10.3.30 00-D0-B7-82-38-97 12 REAL up(0 misses)
10.10.3.40 00-00-00-00-00-00 12 REAL down(1 misses)
To display active connections, use the show module csm conns command.
show module csm slot conns [vserver virtserver-name] [client ip-address] [detail]
If no options are specified, the command displays output for all active connections.
Privileged EXEC
The following connection state definitions are displayed in the output of this command.
This example shows how to display active connection data:
Cat6k-2# show module csm 4 conns
prot vlan source destination state
----------------------------------------------------------------------
In TCP 11 100.100.100.2:1754 10.10.3.100:80 ESTAB
Out TCP 12 100.100.100.2:1754 10.10.3.20:80 ESTAB
In TCP 11 100.100.100.2:1755 10.10.3.100:80 ESTAB
Out TCP 12 100.100.100.2:1755 10.10.3.10:80 ESTAB
Cat6k-2# show module csm 4 conns detail
prot vlan source destination state
----------------------------------------------------------------------
In TCP 11 100.100.100.2:1754 10.10.3.100:80 ESTAB
Out TCP 12 100.100.100.2:1754 10.10.3.20:80 ESTAB
vs = WEB_VIP, ftp = No, csrp = False
In TCP 11 100.100.100.2:1755 10.10.3.100:80 ESTAB
Out TCP 12 100.100.100.2:1755 10.10.3.10:80 ESTAB
vs = WEB_VIP, ftp = No, csrp = False
To display DFP agent and manager information, such as passwords, timeouts, retry counts, and weights, use the show module csm dfp command.
show module csm slot dfp [agent [detail | ip-address port] | manager [ip_addr] | detail | weights]
If no options are specified, the command displays summary information.
Privileged EXEC
This example shows all available DFP data:
Cat6k-2# show module csm 4 dfp detail
This example shows information about weights:
Cat6k-2# show module csm 4 dfp weights
This example, with no options specified, shows summary information:
Cat6k-2# show module csm 4 dfp
agent (DFP submode)
dfp
manager (DFP submode)
module csm
To display statistics and counters for the CSM fault-tolerant pair, use the show module csm ft command.
show module csm slot ft [detail]
slot |
Slot where the CSM resides. |
detail |
(Optional) Displays more detailed information. |
No values are displayed.
Privileged EXEC
This example shows how to display the statistics and counters for the CSM fault-tolerant pair:
Cat6k-2# show module csm 4 ft
FT group 2, vlan 30
This box is active
priority 10, heartbeat 1, failover 3, preemption is off
To display information about URL maps, use the show module csm map command.
show module csm slot map [url | cookie | header | retcode] [name map-name] [detail]
This command has no default settings.
Privileged EXEC
This example shows how to display URL maps associated with a content switching policy:
Cat6k-2# show module csm 4 map url
URL map UHASH_UMAP
COOKIE map UHASH_CMAP1
COOKIE map UHASH_CMAP2
6k#show ip slb map detail
URL map UHASH_UMAP rules:
*aabb*
COOKIE map UHASH_CMAP1 rules:
name:foo value:*asdgjasgdkjsdkgjsasdgsg*
COOKIE map UHASH_CMAP2 rules:
name:bar value:*asdgjasgdkjsdkgjsasdgsg*
This example shows how to display return code maps:
Cat6k-2# show module csm 5 map retcode detail
RETCODE map HTTPCODES rules:
return codes:401 to 401 action:log threshold:5 reset:120
return codes:402 to 415 action:count threshold:0 reset:0
return codes:500 to 500 action:remove threshold:3 reset:0
return codes:503 to 503 action:remove threshold:3 reset:0
map cookie
map header
map url
module csm
To display information about memory use, use the show module csm memory command.
show module csm slot memory [vserver vserver-name] [detail]
This command has no default settings.
Privileged EXEC
This example shows how to display the memory usage of virtual servers:
Cat6k-2# show module csm 4 memory
slb vserver total bytes memory by type
-----------------------------------------------------------------------
WEB_VIP 0 0 0
FTP_VIP 0 0 0
Total(s): 0 0
Out of Maximum: 261424 261344
module csm
parse-length (virtual server submode)
To display NAT configurations, use the show module csm natpool command.
show module csm slot natpool [name pool-name] [detail]
This command has no default settings.
Privileged EXEC
This example shows how to display results of the default show module csm slot natpool command:
Cat6k-2# show module csm 4 natpool
nat client B 1.1(1).6 1.1(1).8 Netmask 255.255.255.0
nat client A 1.1(1).1 1.1(1).5 Netmask 255.255.255.0
This example shows how to display results of the show module csm slot natpool command with the detail variable:
Cat6k-2# show module csm 4 natpool detail
nat client A 1.1(1).1 1.1(1).5 Netmask 255.255.255.0
Start NAT Last NAT Count ALLOC/FREE
-------------------------------------------------------
1.1(1).1:11001 1.1(1).1:16333 0005333 ALLOC
1.1(1).1:16334 1.1(1).1:19000 0002667 ALLOC
1.1(1).1:19001 1.1(1).5:65535 0264675 FREE
module csm
natpool (module CSM submode)
To display the current connections count for the specified owner objects, use the show module csm slot owner command.
show module csm slot owner [name owner-name] [detail]
This command has no default settings.
Privileged EXEC
|
|
---|---|
CSM release 3.1(1) |
This command was introduced. |
CSM-S release 1.1(1) |
This command was introduced. |
Detailed information about an owner object lists the virtual servers in that group with each virtual server's state and current connections count.
The MAXCONNS state is displayed for a virtual server when the current connections counter is equal to the configured maxconns value. Counters for the number of connections dropped due to the virtual server being in this state are added. The show module csm slot stats and show module csm slot vserver detail command output displays these counters on a global and per-virtual server basis, respectively.
This example shows how to display results of the default show module csm slot owner command:
Cat6k-2# show module csm 4 owner
This example shows how to display results of the show module csm slot owner command with the detail variable:
Cat6k-2# show module csm 4 owner detail
module csm
owner (virtual server submode)
To display a policy configuration, use the show module csm policy command.
show module csm slot policy [name policy-name]
slot |
Slot where the CSM resides. |
name |
(Optional) Displays a specific policy. |
policy-name |
(Optional) Policy name string to display. |
This command has no default settings.
Privileged EXEC
This example shows how to display a policy configuration:
Cat6k-2# show module csm 4 policy
policy: PC1_UHASH_T1
sticky group: 20
serverfarm: SF_UHASH_T1
policy: PC1_UHASH_T2
sticky group: 30
serverfarm: SF_UHASH_T2
policy: PC1_UHASH_T3
url map: UHASH_UMAP
serverfarm: SF_UHASH_T3
policy: PC1_UHASH_T4
cookie map: UHASH_CMAP1
serverfarm: SF_UHASH_T4
policy: PC2_UHASH_T4
cookie map: UHASH_CMAP2
serverfarm: SF_UHASH_T4
Cat6k-2#
To display HTTP or ping probe data, use the show module csm probe command.
show module csm slot probe [http | icmp | telnet | tcp | ftp | smtp | dns] [name probe_name] [detail]
This command has no default settings.
Privileged EXEC
This example shows how to display probe data:
Cat6k-2# show module csm 4 probe
probe type interval retries failed open receive
--------------------------------------------------------------------
PB_ICMP1 icmp 60 1 5 10
PB_HTTP1 http 60 1 10 10 10
PB_TCP1 tcp 60 1 10 10 10
PB_FTP1 ftp 60 1 10 10 10
PB_TELNET1 telnet 60 1 10 10 10
PB_SMTP1 smtp 60 1 10 10 10
module csm
probe (serverfarm submode)
To display probe script data, use the show module csm probe script command.
show module csm slot probe script [name probe-name] [detail]
slot |
Slot where the CSM resides. |
name |
(Optional) Displays information about the specific probe named. |
probe-name |
(Optional) Probe name to display. |
detail |
(Optional) Displays detailed information. |
This command has no default settings.
Privileged EXEC
|
|
---|---|
CSM release 3.1(1) |
This command was introduced. |
CSM-S release 1.1(1) |
This command was introduced. |
This example shows how to display probe data:
Cat6k-2# show module csm 4 probe script detail
module csm
probe (serverfarm submode)
script (probe submode)
To display information about real servers, use the show module csm real command.
show module csm slot real [sfarm sfarm-name] [detail]
If no options are specified, the command displays information about all real servers.
Privileged EXEC
This example shows Cisco IOS SLB real server data:
Cat6k-2# show module csm 4 real
real server farm weight state conns
-------------------------------------------------------------------
10.10.3.10 FARM1 20 OPERATIONAL 0
10.10.3.20 FARM1 16 OUTOFSERVICE 0
10.10.3.30 FARM1 10 OPERATIONAL 0
10.10.3.40 FARM1 10 FAILED 0
Cat6k-2# show mod csm 5 real detail
10.1.0.102, FARM1, state = OPERATIONAL
Inband health:remaining retries = 3
conns = 0, maxconns = 4294967295, minconns = 0
weight = 8, weight(admin) = 8, metric = 0, remainder = 0
total conns established = 0, total conn failures = 0
10.1.0.101, FARM1, state = OPERATIONAL
Inband health:remaining retries = 3
conns = 0, maxconns = 4294967295, minconns = 0
weight = 8, weight(admin) = 8, metric = 0, remainder = 0
total conns established = 0, total conn failures = 0
10.1.0.101, FARM2, state = OPERATIONAL
conns = 2, maxconns = 4294967295, minconns = 0
weight = 8, weight(admin) = 8, metric = 0, remainder = 2
total conns established = 7, total conn failures = 0
Table 2-1 describes the fields in the display.
module csm
real (static NAT submode)
To display information about the return code configuration, use the show module csm real retcode command.
show module csm slot real retcode [sfarm sfarm-name] [detail]
If no options are specified, the command displays information about all real servers.
Privileged EXEC
|
|
---|---|
CSM release 2.2.1 |
This command was introduced. |
CSM-S release 1.1(1) |
This command was introduced. |
This example shows Cisco IOS SLB real server return code data:
Cat6k-2# show module csm 5 real retcode
10.1.0.101, FARM2, state = OPERATIONAL
retcode-map = HTTPCODES
retcode action count reset-seconds reset-count
------------------------------------------------------
401 log 3 0 1
404 count 62 0 0
500 remove 1 0 0
module csm
real (static NAT submode)
To display the contents of all loaded scripts, use the show module csm script command.
show module csm slot script [name full_file_URL] [code]
slot |
Slot where the CSM resides. |
name |
(Optional) Displays information about a particular script. |
full_file_URL |
(Optional) Name of the script. |
code |
(Optional) Displays the contents of the script. |
This command has no default settings.
Privileged EXEC
|
|
---|---|
CSM release 3.1(1) |
This command was introduced. |
CSM-S release 1.1(1) |
This command was introduced. |
This example shows how to display script file contents:
Cat6k-2# show module csm 3 script name probe1 xxx
To display all loaded scripts, use the show module csm script task command.
show module csm slot script task [index script-index] [detail]
This command has no default settings.
Privileged EXEC
|
|
---|---|
CSM release 3.1(1) |
This command was introduced. |
CSM-S release 1.1(1) |
This command was introduced. |
This example shows how to display a running script:
Cat6k-2# show module csm 3 script
module csm
script file
script task
show module csm script
To display information about a server farm, use the show module csm serverfarm command.
show module csm slot serverfarm [name serverfarm-name] [detail]
This command has no default settings.
Privileged EXEC
This example shows how to display server farm data:
Cat6k-2# show module csm 4 serverfarm
server farm predictor nat reals redirect bind id
-------------------------------------------------------------
FARM1 RoundRobin S 4 0 0
VIDEO_FARM RoundRobin S 5 0 0
AUDIO_FARM RoundRobin S 2 0 0
FTP RoundRobin S 3 0 0
Table 2-2 describes the fields in the display.
This example shows how to display only the details for one server farm:
Cat6k-2# show mod csm 5 serverfarm detail
FARM1, predictor = RoundRobin, nat = SERVER, CLIENT(CLNAT1)
virtuals inservice:4, reals = 2, bind id = 0, fail action = none
inband health config:retries = 3, failed interval = 200
retcode map = <none>
Real servers:
10.1.0.102, weight = 8, OPERATIONAL, conns = 0
10.1.0.101, weight = 8, OPERATIONAL, conns = 0
Total connections = 0
FARM2, predictor = RoundRobin, nat = SERVER, CLIENT(CLNAT1)
virtuals inservice:2, reals = 1, bind id = 0, fail action = none
inband health config:<none>
retcode map = HTTPCODES
Real servers:
10.1.0.101, weight = 8, OPERATIONAL, conns = 2
Total connections = 2
module csm
serverfarm (virtual server submode)
To display information about server NAT configurations, use the show module csm static command.
show module csm slot static [drop | nat {ip-address | virtual}]
This command has no default settings.
Privileged EXEC
This example shows how to display static data:
Cat6k-2# show module csm 4 static nat
module csm
real (static NAT submode)
static
To display information about actual servers that are having NAT performed, use the show module csm static server command.
show module csm slot static server [ip-address] [drop | nat {ip-address | virtual} | pass-through]
This command has no default settings.
Privileged EXEC
This example shows how to display static server data:
Cat6k-2# show module csm 4 static server
Server NAT Type
----------------------------------------------
10.10.3.10 NAT to 100.100.100.100
10.10.3.20 No NAT
10.10.3.30 NAT to 100.100.100.100
10.10.3.40 No NAT
Cat6k-1#
module csm
real (static NAT submode)
static
To display SLB statistics, use the show module csm stats command.
show module csm slot stats
slot |
Slot where the CSM resides. |
This command has no default settings.
Privileged EXEC
The statistics counters are 32-bit.
This example shows how to display SLB statistics:
Cat6k-2# show module csm 4 stats
Connections Created: 180
Connections Destroyed: 180
Connections Current: 0
Connections Timed-Out: 0
Connections Failed: 0
Server initiated Connections:
Created:0, Current:0, Failed:0
L4 Load-Balanced Decisions:180
L4 Rejected Connections: 0
L7 Load-Balanced Decisions:0
L7 Rejected Connections:
Total:0, Parser:0,
Reached max parse len:0, Cookie out of mem:0,
Cfg version mismatch:0, Bad SSL2 format:0
L4/L7 Rejected Connections:
No policy:0, No policy match 0,
No real:0, ACL denied 0,
Server initiated:0
Checksum Failures: IP:0, TCP:0
Redirect Connections:0, Redirect Dropped:0
FTP Connections: 0
MAC Frames:
Tx:Unicast:1506, Multicast:0, Broadcast:50898,
Underflow Errors:0
Rx:Unicast:2385, Multicast:6148349, Broadcast:53916,
Overflow Errors:0, CRC Errors:0
Table 2-3 describes the fields in the display.
To display if the CSM is online, use the show module csm status command. If the CSM is online, this command shows the CSM chassis slot location and indicates if the configuration download is complete.
show module csm slot status
slot |
Slot where the CSM resides. |
This command has no default settings.
Privileged EXEC
This example shows how to display CSM status:
Cat6k-2# show module csm 4 status
SLB Module is online in slot 4.
Configuration Download state:COMPLETE, SUCCESS
To display the sticky database, use the show module csm sticky command.
show module csm slot sticky [groups | client ip_address]
If no options are specified, the command displays information about all clients.
Privileged EXEC
This command only displays the database of the clients that are using IP stickiness; it does not show cookie or SSL entries.
This example shows how to display the sticky database:
Cat6k-2# show module csm 4 sticky groups
Group Timeout Type
------------------------------------------------------------
20 100 netmask 255.255.255.255
30 100 cookie foo
This example shows how to display the sticky configuration:
Cat6k-2# show module csm 4 sticky configuration
Group CurrConns Timeout Type
------------------------------------------------------------
7 12 2 ssl
Table 2-4 describes the fields in the display.
module csm
sticky
sticky (virtual server submode)
To display the status of a script, use the show module csm tech-script command.
show module csm slot tech-script
slot |
Slot where the CSM resides. |
If no options are specified, the command displays all information.
Privileged EXEC
|
|
---|---|
CSM release 3.1(1) |
This command was introduced. |
CSM-S release 1.1(1) |
This command was introduced. |
This example shows how to display the technical support information for the CSM:
Cat6k-2# show module csm 4 tech-script
To display technical support information for the CSM, use the show module csm tech-support command.
show module csm slot tech-support [all | processor num | redirect | slowpath | probe | fpga | core-dump]
If no options are specified, the command displays all information.
Privileged EXEC
This example shows how to display the technical support information for the CSM:
Cat6k-2# show module csm 4 tech-support ?
all All tech output
core-dump Most recent core dump
fpga FPGA info output
ft Fault Tolerance info output
probe Probe info output
processor Processor info output
redirect HTTP redirect info output
slowpath Slowpath info output
Cat6k-2# show module csm 4 tech-support processor 2
--------------------------------------------------------------
----------------------- TCP Statistics -----------------------
--------------------------------------------------------------
Aborted rx 3350436013 66840864
New sessions rx 180 0
Total Packets rx 16940 0
Total Packets tx 0 0
Packets Passthrough 697 0
Packets Dropped 0 0
Persistent OOO Packets Dropped 0 0
Persistent Fastpath Tx 0 0
Total Persistent Requests 0 0
Persistent Same Real 0 0
Persistent New Real 0 0
Data Packets rx 877 0
L4 Data Packets rx 877 0
L7 Data Packets rx 0 0
Slowpath Packets rx 7851 0
Relinquish Requests rx 8031 0
TCP xsum failures 0 0
Session Mismatch 0 0
Session Reused while valid 0 0
Unexpected Opcode rx 0 0
Unsupported Proto 0 0
Session Queue Overflow 0 0
Control->Term Queue Overflow 0 0
t_fifo Overflow 0 0
L7 Analysis Request Sent 0 0
L7 Successful LB decisions 0 0
L7 Need More Data decisions 0 0
L7 Unsuccessful LB decisons 0 0
L4 Analysis Request Sent 180 0
L4 Successful LB decisions 180 0
L4 Unsuccessful LB decisons 0 0
Transmit:
SYN 0 0
SYN/ACK 0 0
ACK 0 0
RST/ACK 0 0
data 0 0
Retransmissions: 0 0
Receive:
SYN 180 0
SYN/ACK 0 0
ACK 340 0
FIN 0 0
FIN/ACK 340 0
RST 17 0
RST/ACK 0 0
data 0 0
Session Redundancy Standby:
Rx Fake SYN 0 0
Rx Repeat Fake SYN 0 0
Rx Fake Reset 0 0
Fake SYN Sent to NAT 0 0
Tx Port Sync 0 0
Encap Not Found 0 0
Fake SYN, TCP State Invalid 0 0
Session Redundancy Active:
L4 Requests Sent 0 0
L7 Requests Sent 0 0
Persistent Requests Sent 0 0
Rx Fake SYN 0 0
Fake SYN Sent to NAT 0 0
Session's torn down 180 0
Rx Close session 1 0
Slowpath(low pri) buffer allocs 7843 0
Slowpath(high pri) buffer allocs 8 0
Small buffer allocs 180 0
Medium buffer allocs 0 0
Large buffer allocs 0 0
Session table allocs 180 0
Slowpath(low pri) buffer alloc failures 0 0
Slowpath(high pri) buffer alloc failures 0 0
Small buffer allocs failures 0 0
Medium buffer allocs failures 0 0
Large buffer allocs failures 0 0
Session table allocs failures 0 0
Outstanding slowpath(low pri) buffers 0 0
Outstanding slowpath(high pri) buffers 0 0
Outstanding small buffers 0 0
Outstanding medium buffers 0 0
Outstanding large buffers 0 0
Outstanding sessions 0 0
To display the environmental variables in the configuration, use the show module csm variable command.
show module csm slot variable [name name] [detail]
name name |
(Optional) Displays the named variable information. |
detail |
(Optional) Displays the variable details. |
This command has no default settings.
Privileged EXEC
|
|
---|---|
CSM release 3.1(1) |
This command was introduced. |
CSM-S release 1.1(1) |
This command was introduced. |
For a list of the CSM environmental variables, refer to the variable (module CSM submode) command description.
You can display the current set of CSM environmental variables by using the show module csm slot variable command:
Cat6k-2# show module csm 5 variable
variable value
----------------------------------------------------------------
ARP_INTERVAL 300
ARP_LEARNED_INTERVAL 14400
ARP_GRATUITOUS_INTERVAL 15
ARP_RATE 10
ARP_RETRIES 3
ARP_LEARN_MODE 1
ADVERTIZE_RHI_FREQ 10
DEST_UNREACHABLE_MASK 0xffff
HTTP_CASE_SENSITIVE_MATCHING 1
MAX_PARSE_LEN_MULTIPLIER 1
NAT_CLIENT_HASH_SOURCE_PORT 0
variable value
----------------------------------------------------------------
ROUTE_UNKNOWN_FLOW_PKTS 0
VSERVER_ICMP_ALWAYS_RESPOND false
Cat6k-2#
You can display the details of a current set of CSM environmental variables by using the show module csm slot variable detail command:
Cat6k-2# show module csm 5 variable detail
Name: ARP_INTERVAL Rights: RW
Value: 300
Default: 300
Valid values: Integer (15 to 31536000)
Description:
Time (in seconds) between ARPs for configured hosts
Name: ARP_LEARNED_INTERVAL Rights: RW
Value: 14400
Default: 14400
Valid values: Integer (60 to 31536000)
Description:
Time (in seconds) between ARPs for learned hosts
Name: ARP_GRATUITOUS_INTERVAL Rights: RW
Value: 15
Default: 15
Valid values: Integer (10 to 31536000)
Description:
Time (in seconds) between gratuitous ARPs
Name: ARP_RATE Rights: RW
Value: 10
Default: 10
Valid values: Integer (1 to 60)
Description:
Seconds between ARP retries
Name: ARP_RETRIES Rights: RW
Value: 3
Default: 3
Valid values: Integer (2 to 15)
Description:
Count of ARP attempts before flagging a host as down
!
To display the list of VLANs, use the show module csm vlan command.
show module csm slot vlan [client | server | ft] [id vlan-id] [detail]
If no options are specified, the command displays information about all VLANs.
Privileged EXEC
This example shows how to display the VLAN configurations:
Cat6k-2# show module csm 4 vlan
vlan IP address IP mask type
---------------------------------------------------
11 10.10.4.2 255.255.255.0 CLIENT
12 10.10.3.1 255.255.255.0 SERVER
30 0.0.0.0 0.0.0.0 FT
Cat6k-2#
Cat6k-2#
Cat6k-2# show module csm 4 vlan detail
vlan IP address IP mask type
---------------------------------------------------
11 10.10.4.2 255.255.255.0 CLIENT
GATEWAYS
10.10.4.1
12 10.10.3.1 255.255.255.0 SERVER
30 0.0.0.0 0.0.0.0 FT
To display the list of virtual servers, use the show module csm vserver redirect command.
show module csm slot vserver redirect
slot |
Slot where the CSM resides. |
If no options are specified, the command displays information about all clients.
Privileged EXEC
This example shows how to display the CSM virtual servers:
Cat6k-2# show module csm 4 vserver
slb vserver prot virtual vlan state conns
---------------------------------------------------------------------------
FTP_VIP TCP 10.10.3.100/32:21 ALL OUTOFSERVICE 0
WEB_VIP TCP 10.10.4.100/32:80 ALL OPERATIONAL 0
Cat6k-2#
Cat6k-2#
Cat6k-2# show module csm 4 vserver detail
FTP_VIP, state = OUTOFSERVICE, v_index = 3
virtual = 10.10.3.100/32:21, TCP, service = NONE, advertise = FALSE
idle = 3600, replicate csrp = none, vlan = ALL
max parse len = 600, persist rebalance = TRUE
conns = 0, total conns = 0
Policy Tot Conn Client pkts Server pkts
------------------------------------------------------
(default) 0 0 0
WEB_VIP, state = OPERATIONAL, v_index = 4
virtual = 10.10.4.100/32:80, TCP, service = NONE, advertise = FALSE
idle = 3600, replicate csrp = none, vlan = ALL
max parse len = 600, persist rebalance = TRUE
conns = 0, total conns = 140
Default policy:
server farm = FARM1
sticky:timer = 0, subnet = 0.0.0.0, group id = 0
Policy Tot Conn Client pkts Server pkts
------------------------------------------------------
(default) 140 672 404
To display a list of extensible markup language XML statistics, use the show module csm xml stats command.
show module csm xml stats
If no options are specified, the command displays information about all clients.
Privileged EXEC
|
|
---|---|
CSM release 3.1(1) |
This command was introduced. |
CSM-S release 1.1(1) |
This command was introduced. |
This example shows how to display the CSM XML statistics:
Cat6k-2# show module csm 4 xml stats
XML config:inservice, port = 80, vlan = <all>, client list = <none>
connection stats:
current = 0, total = 5
failed = 2, security failed = 2
requests:total = 5, failed = 2
To enable or disable fault-tolerant traps, use the snmp enable traps slb ft command. To disable fault-tolerant traps, use the no form of this command.
snmp enable traps slb ft
no snmp enable traps slb ft
This command has no default settings.
Module CSM configuration submode
|
|
---|---|
CSM release 3.1(1) |
This command was introduced. |
CSM-S release 1.1(1) |
This command was introduced. |
A fault-tolerant trap allows the CSM to send an SNMP trap when the CSM transitions from standby to active after detecting a failure in its fault tolerant peer.
This example shows how to enable fault tolerant traps:
Cat6k-2(config-module-csm)# snmp enable traps slb ft
To configure the server NAT behavior, and then enter the NAT configuration submode, use the static command. This command configures the CSM to support connections initiated by real servers. Both client NAT and server NAT can exist in the same configuration. To remove NAT from the CSM configuration, use the no form of this command.
static {drop | nat {virtual | ip-address}}
no static {drop | nat {virtual | ip-address}}
This command has no default settings.
Module CSM configuration submode
|
|
---|---|
CSM release 1.1(1) |
This command was introduced. |
CSM-S release 1.1(1) |
This command was introduced. |
This example shows how to configure the CSM to support connections initiated by the real servers:
Cat6k-2(config-module-csm)# static nat virtual
module csm
nat client (serverfarm submode)
show module csm static
To specify the address for a real server or the subnet mask for multiple real servers performing server NAT, use the real command in SLB static NAT configuration submode. To remove the address of a real server or the subnet mask of multiple real servers so they are no longer performing NAT, use the no form of this command.
real real-ip-address [real-netmask]
no real real-ip-address [real-netmask]
real-ip-address |
Real server IP address performing NAT. |
real-netmask |
(Optional) Range of real servers performing NAT. If not specified, the default is 255.255.255.255 (a single real server). |
This command has no default settings.
SLB static NAT configuration submode
|
|
---|---|
CSM release 1.1(1) |
This command was introduced. |
CSM-S release 1.1(1) |
This command was introduced. |
This example shows how to specify the address for a real server:
Cat6k-2(config-slb-static)# real 10.0.0.0 255.0.0.0
To ensure that connections from the same client that match the same SLB policy use the same real server on subsequent connections and enter the sticky submode, use the sticky command. To remove a sticky group, use the no form of this command.
sticky sticky-group-id {netmask netmask | cookie name [insert] | ssl} [address [source | destination | both]] [timeout sticky-time]
no sticky sticky-group-id
The sticky time default value is 1440 minutes (24 hours).
Module CSM configuration submode
Specifying a net mask permits sticky connections based on the masked client IP address.
Use the sticky time option to ensure that connections from the same client that match the same SLB policy use the same real server. If you specify a nonzero value, the last real server that was used for a connection from a client is remembered for the sticky-time value after the end of the client's latest connection.
New connections from the client to the virtual server initiated before the sticky time expires and that match SLB policy are balanced to the same real server that was used for the previous connection.
A sticky time of 0 means sticky connections are not tracked.
The cookie insert feature allows the CSM to insert a cookie in the Set-Cookie header in the HTTP response.
This example shows how to create an IP sticky group:
Cat6k-2(config-module-csm)# sticky 5 netmask 255.255.255.255 timeout 20
Cat6k-2(config-slb-sticky-ip)#
cookie offset (sticky submode)
cookie secondary (sticky submode)
show module csm sticky
sticky (virtual server submode)
sticky-group (policy submode)
To maintain a connections persistence by specifying a portion of the cookie to use to "stick" the connection, use the cookie offset command in the sticky configuration submode. To remove the offset, use the no form of this command.
cookie offset offset [length length]
no cookie offset
offset offset |
Specifies the byte offset count. Range is from 0 to 3999. |
length length |
(Optional) Specifies the length of the portion of the cookie you are using. Range is from 1 to 4000. |
This command has not default settings.
Sticky configuration submode
|
|
---|---|
CSM release 4.1(1) |
This command was introduced. |
CSM-S release 1.1(1) |
This command was introduced. |
Specify the offset in bytes counting from the first byte of the cookie value. The length (in bytes) is the portion of the cookie you are using to maintain the sticky connection. These values are stored in the sticky tables.
This example shows how to specify a cookie offset and length:
Cat6k-2(config-slb-sticky-cookie)# cookie offset 20 length 66
cookie secondary (sticky submode)
show module csm sticky
sticky
sticky (virtual server submode)
sticky-group (policy submode)
To stick a connection based on an alternate cookie name appearing in the URL string, and add a secondary sticky entry, use the cookie secondary command in the name configuration submode. To remove a secondary sticky, use the no form of this command.
cookie secondary name
no cookie secondary
name |
Specifies a cookie name. |
This command has not default settings.
Sticky configuration submode
|
|
---|---|
CSM release 4.1(1) |
This command was introduced. |
CSM-S release 1.1(1) |
This command was introduced. |
This command is used for the URL-cookie-learn feature. The secondary name may be the same as the primary name.
This example shows how to specify a secondary sticky entry:
Cat6k-2(config-slb-sticky-cookie)# cookie secondary ident2
show module csm sticky
sticky
sticky (virtual server submode)
sticky-group (policy submode)
To add a static sticky entry, use the static command. To remove a sticky group, use the no form of this command.
static client source ip-address [destination ip-address] real ip-address
static cookie value real ip-address
static ssl id real ip-address
no static
This command has not default settings.
Sticky configuration submode
|
|
---|---|
CSM release 3.2(1) |
This command was introduced. |
CSM-S release 1.1(1) |
This command was introduced. |
This example shows how to create an IP sticky group:
Cat6k-2(config-module-csm)# sticky 5 netmask 255.255.255.255 timeout 20
Cat6k-2(config-slb-sticky-ip)#
show module csm sticky
sticky
sticky (virtual server submode)
sticky-group (policy submode)
To identify a virtual server, and then enter the virtual server configuration submode, use the vserver command. To remove a virtual server from the configuration, use the no form of this command.
vserver virtserver-name
no vserver virtserver-name
virtserver-name |
Character string used to identify the virtual server; the character string is limited to 15 characters. |
This command has no default settings.
Module CSM configuration submode
|
|
---|---|
CSM release 1.1(1) |
This command was introduced. |
CSM-S release 1.1(1) |
This command was introduced. |
This example shows how to identify a virtual server named PUBLIC_HTTP and change the CLI to virtual server configuration mode:
Cat6k-2(config-module-csm)# vserver PUBLIC_HTTP
redirect-vserver
show module csm vserver redirect