Content Networking Fundamentals

To ensure that your clients do not lose connectivity in the event of a content switch failure, you can configure high availability features. Both the CSS and CSM support high availability configurations.

CSS High Availability

To configure high availability on your CSS, you need to configure both redundant VIPs and interfaces with fate sharing and adaptive Session redundancy (ASR) as follows:

  • Redundant VIPs and interfaces with fate sharing You learned previously how to configure your client and server VLANs on the CSS. To configure redundancy, on your client VIPs and server interfaces you must configure the virtual routers that you want to be redundant. Using Virtual Router Redundancy Protocol (VRRP), your CSSs negotiate the master and standby CSS for a redundant VIP or interface, based on priorities you assign to your CSSs. The virtual routers you configure on two CSSs share the same IP and MAC address. When the two CSSs jockey for mastership, the CSS with the higher priority is assigned as master. The master for the virtual router responds to ARP requests for the VIP or interface, whereas the backup does not.

    Note

    When CSSs first elect the master virtual router, the CSS containing the master sends a gratuitous ARP to indicate to all attached Layer 2 switches the address to which all requests for the redundant VIP or interface should be sent. That is, the CSSs use Gratuitous ARP as a way to advertise mastership to the connected Layer 2 switches.

    To ensure that the client-side redundant VIPs and server-side redundant interfaces fail-over simultaneously, you must configure the VIPs and interfaces to share the same fate. When a VIP fail-over occurs on a CSS, the corresponding server-side interface should also fail-over. Otherwise, client-side TCP SYN segments will traverse one CSS, and their corresponding TCP SYN-ACK segments from the servers will traverse the other CSS, resulting in both CSSs dropping the connections.

  • Adaptive Session Redundancy (ASR) Once you configure your redundant VIPs and interfaces with fate sharing, you can enable ASR. With ASR, your redundant CSSs synchronize TCP-UDP flow information between each other. This way, when the CSS functioning as master fails, the standby can take over processing for existing flows transparently to your clients. The CSS does not synchronize its sticky table, so you should use stateless sticky with HTTP cookies if you want to enable the CSS high-availability features.

Figure 10-26 gives a sample redundant CSS configuration with a redundant client-side VIP, redundant server-side interface, and ASR.

Figure 10-26. CSS Virtual Router VIP and Interface Redundancy with ASR

To configure the high availability features given in Figure 10-26 on your CSS, you can use the configuration in Example 10-22. This configuration builds on the configuration you learned about previously in Example 10-4.

Example 10-22. Configuring CSS High Availability

CSS A !************************** INTERFACE ************************** interface e1 bridge vlan 10 interface e2 bridge vlan 20 interface e3 isc-port-one interface e4 isc-port-two !************************** CIRCUIT ************************** circuit VLAN10 ip address 10.1.10.1 255.255.255.0 ip virtual-router 1 priority 101 preempt ip redundant-vip 1 10.1.10.100 ip critical-service 1 share-fate circuit VLAN20 ip address 10.1.20.1 255.255.255.0 ip virtual-router 2 priority 101 preempt ip redundant-interface 2 10.1.20.3 ip critical-service 2 share-fate !************************** SERVICE ************************** service web01 ip address 10.1.20.10 redundant-index 1 active service web02 ip address 10.1.20.11 redundant-index 2 active service share-fate ip address 10.1.10.3 keepalive type script ap-kal-pinglist "10.1.10.3 10.1.20.4" active !*************************** OWNER *************************** owner cisco content http-vip vip address 10.1.10.100 redundant-index 3 protocol tcp port 80 add service web01 add service web02 active CSS B !************************** INTERFACE ************************** interface e1 bridge vlan 10 interface e2 bridge vlan 20 interface e3 isc-port-one interface e4 isc-port-two !************************** CIRCUIT ************************** circuit VLAN10 ip address 10.1.10.2 255.255.255.0 ip virtual-router 1 priority 100 ip redundant-vip 1 10.1.10.100 ip critical-service 1 share-fate circuit VLAN20 ip address 10.1.20.2 255.255.255.0 ip virtual-router 2 priority 100 ip redundant-interface 2 10.1.20.3 ip critical-service 2 share-fate !************************** SERVICE ************************** service web01 ip address 10.1.20.10 redundant-index 1 service web02 ip address 10.1.20.11 redundant-index 2 service share-fate ip address 10.1.10.3 keepalive type script ap-kal-pinglist "10.1.10.3 10.1.20.5" active !*************************** OWNER *************************** owner cisco content http-vip vip address 10.1.10.100 redundant-index 3 protocol tcp port 80 add service web01 add service web02 active

The interface section of the configurations of both CSS A and B contains the configuration for the client-side, server-side, and Inter-Switch Communications (ISC) interfaces. The CSS uses ISC to synchronize ASR flow and configuration information between the CSSs. To configure ASR between your CSSs, use the following command in service, content rule, or source group configuration mode:

redundant-index index-num

You must assign unique index numbers to your items, as Example 10-22 illustrates.

Use of ASR provides stateful failover from the master to the standby CSS, by synchronizing flow information between CSSs to ensure that the standby CSS has the necessary flow information to seamlessly resume processing. You should use stateful failover for your mission-critical applications.

The circuit VLANs contain the VRRP configuration. To configure a virtual router, use the following circuit interface configuration command:

ip virtual-router vrid {priority number} {preempt}

The VRID identifies the virtual router and must be unique between the circuit interfaces. You configure the virtual router's priority with the priority argument, and whether or not the CSS should preempt the current active CSS when it comes back online with the preempt argument. Notice that, in Example 10-22, the CSS A is configured with a higher priority and preempts CSS B when coming back online from a failure.

To configure a virtual router as a redundant VIP, use the command

ip redundant-vip vrid vip_address {range number} { shared}

Configure the range of IP addresses if you configured your VIPs to serve a range of IPs. The shared keyword indicates that both the active and standby virtual routers respond to requests to the same VIP. You will learn about this feature later in this section.

To configure a virtual router as a redundant interface, use the command

ip redundant-interface vrid ip_address

To ensure that both the redundant VIPs and interfaces fail-over simultaneously, you can configure critical services for your virtual routers. As the name indicates, critical services are critical to the functioning of the virtual router they are associated with. This means that, if the critical service fails, the CSS automatically fails the virtual router as well. In this case, the critical service fails if the ping tests fail to either the upstream router or downstream switch. For example, say that the client-facing physical interface Ethernet 0 of CSS fails. Then the ping test to the router will fail for both of the critical services that you configure for virtual routers with VRIDs 1 and 2 on CSS A. Therefore, the CSS will shut down both virtual routers simultaneously. CSS B will detect the failures to both virtual routers and take over as the active CSS for both.

Note

To detect virtual router failures, VRRP periodically sends heartbeat packets between the CSSs you configure with VRRP to the multicast address 224.0.0.18 over the Layer 2 domain. The standby CSS detects a failure and takes over processing for the active virtual router when the heartbeat stops on the active virtual router.

The critical service "share-fate" in Example 10-22 uses the script "ap-kal-pinglist" that is available to you on your CSS. This script takes the IP addresses of the upstream and downstream devices that you want the CSS to ping to test for physical connectivity. You should also assign the "share-fate" service the IP address of the upstream router (that is, 10.1.10.3).

The CSSs also support an active-active configuration, by either load sharing traffic of multiple VIPs across CSSs, or by sharing traffic from a single VIP across CSSs. To configure load-sharing, you need to configure two or more VIPs with VRRP, as Example 10-23 illustrates.

Example 10-23. VRRP Load Sharing with Multiple VIPs

CSS A !************************** CIRCUIT ************************** circuit VLAN10 ip address 10.1.10.1 255.255.255.0 ip virtual-router 1 priority 101 preempt ip virtual-router 2 priority 100 ip redundant-vip 1 10.1.10.100 ip redundant-vip 2 10.1.10.101 ip critical-service 1 share-fate ip critical-service 2 share-fate circuit VLAN20 ip address 10.1.20.1 255.255.255.0 ip virtual-router 3 priority 101 preempt ip virtual-router 4 priority 100 ip redundant-interface 3 10.1.20.3 ip redundant-interface 4 10.1.20.4 ip critical-service 3 share-fate ip critical-service 4 share-fate CSS B !************************** CIRCUIT ************************** circuit VLAN10 ip address 10.1.10.2 255.255.255.0 ip virtual-router 1 priority 100 ip virtual-router 2 priority 101 preempt ip redundant-vip 1 10.1.10.100 ip redundant-vip 2 10.1.10.101 ip critical-service 1 share-fate ip critical-service 2 share-fate circuit VLAN20 ip address 10.1.20.2 255.255.255.0 ip virtual-router 3 priority 100 ip virtual-router 4 priority 101 preempt ip redundant-interface 3 10.1.20.3 ip redundant-interface 4 10.1.20.4 ip critical-service 3 share-fate ip critical-service 4 share-fate

In Example 10-23, an additional VIP (10.1.10.101) and virtual redundant interface (10.1.20.4) is configured. You must configure your new real servers for the new VIP with the new virtual redundant interface as their default gateway. CSS A serves as master for VIP 10.1.10.100 and standby for VIP 10.1.10.101, and vice versa for CSS B.

You can configure active-active with only a single VIP using the shared keyword in the ip redundant-vip command. To share the load of a single VIP across two CSSs, use the configuration in Example 10-24.

Example 10-24. VRRP Load Sharing with a Single VIP

CSS A !************************** CIRCUIT ************************** circuit VLAN10 ip address 10.1.10.1 255.255.255.0 ip virtual-router 1 ip redundant-vip 1 10.1.10.100 shared circuit VLAN20 ip address 10.1.20.1 255.255.255.0 CSS B !************************** CIRCUIT ************************** circuit VLAN10 ip address 10.1.10.2 255.255.255.0 ip virtual-router 1 ip redundant-vip 1 10.1.10.100 shared circuit VLAN20 ip address 10.1.20.2 255.255.255.0

To distribute load across two CSSs for a single VIP, use the shared keyword of the ip redundant-vip command. This enables both CSSs to respond to traffic for the VIP. To distribute real server response traffic across the two CSSs, you must configure half of your real servers with 10.1.20.1 and the other with 10.1.20.2 as their default gateways. Also make sure you enable CEF per-flow load sharing on your upstream router. This way, the router will distribute incoming flow requests across your two CSSs, and thus preserve flow-state on your CSSs.

Note

If you do not require stateful fail-over or active-active load-sharing across your CSSs, you can configure CSS box-to-box redundancy. For more information on CSS box-to-box redundancy, refer to your product documentation.

CSM High Availability

To configure high availability on your CSM, you need to configure both fault-tolerant (FT) VLANS and redundant interfaces with Hot Standby Router Protocol (HSRP) tracking and connection and sticky table synchronization as follows:

  • FT VLANS and redundant interfaces with HSRP tracking In contrast to the operations you perform with CSS, you need only configure your interfaces with redundancy. You do not need to explicitly configure your VIPs with redundancy. You configure CSMs with an FT

    VLAN, which the standby CSM uses to learn the status of the active CSM. The CSMs use a proprietary multicast-based protocol to send heartbeat messages over the FT VLAN. The standby CSM detects when the active fails and takes over processing.

    You also need to configure HSRP between the MSFC routers involved in the redundant configuration. You must configure the external client network interface with HSRP tracking to ensure that flows traverse the same path in both directions. This is similar in concept to fate sharing with the CSS.

  • Connection and sticky table synchronization Once you configure your CSMs with FT VLANs and your routers with HSRP with fate sharing, you can enable connection and sticky table.

Note

You can use CSM high availability for active-backup only. The CSM handles connection and bandwidth loads such that support for an active-active (load-sharing) configuration is currently unnecessary.

Figure 10-27 gives a sample redundant CSM configuration.

Figure 10-27. CSM High Availability

To configure the high availability features shown in Figure 10-27 on your CSM, you can use the configuration in Example 10-25.

Example 10-25. Configuring CSM High Availability

CSM A interface fastethernet 4/1 description *** Server VLAN 20 *** switchport access vlan 20 interface fastethernet 4/2 description *** Fault-Tolerant VLAN 33 *** switchport access vlan 33 interface fastethernet 4/3 description *** External Client Network *** ip address 192.168.1.2 255.255.255.0 standby 1 priority 101 preempt standby 1 ip 192.168.1.1 interface vlan 10 description *** CSM Internet Client VLAN 10 ip address 10.1.10.2 255.255.255.0 standby 2 priority 101 preempt standby 2 ip 10.1.10.1 standby 2 track fastethernet 4/3 10 mod csm 5 vlan 10 client ip address 10.1.10.4 255.255.255.0 gateway 10.1.10.1 vlan 20 server ip address 10.1.20.2 255.255.255.0 alias 10.1.20.1 255.255.255.0 vlan 33 ft group 3 vlan 33 priority 101 preempt vserver webvip virtual 10.1.10.100 tcp www serverfarm webfarm replicate csrp connection replicate csrp sticky persistent rebalance inservice CSM B interface fastethernet 4/1 description *** Server VLAN 20 *** switchport access vlan 20 interface fastethernet 4/2 description *** Fault-Tolerant VLAN 33 *** switchport access vlan 33 interface fastethernet 4/3 description *** External Client Network *** ip address 192.168.1.3 255.255.255.0 standby 1 priority 100 standby 1 ip 192.168.1.1 interface vlan 10 description *** CSM Internet Client VLAN 10 ip address 10.1.10.3 255.255.255.0 standby 2 priority 100 standby 2 ip 10.1.10.1 standby 2 track fastethernet 4/3 10 mod csm 5 vlan 10 client ip address 10.1.10.5 255.255.255.0 gateway 10.1.10.1 vlan 20 server ip address 10.1.20.3 255.255.255.0 alias 10.1.20.1 255.255.255.0 vlan 33 ft group 3 vlan 33 priority 100 vserver webvip virtual 10.1.10.100 tcp www serverfarm webfarm replicate csrp connection replicate csrp sticky persistent rebalance inservice

On both CSMs in Example 10-25, port 4/1 is configured in the server VLAN for back-end real server connectivity. Port 4/2 is used for the FT VLAN, and port 4/3 is for upstream connectivity to external clients. You must configure HSRP on the upstream interfaces and on the internal VLAN 10 client interfaces. Notice that the client interfaces are configured with HSRP tracking. You should configure tracking so that, when the upstream connectivity fails-over to the other Catalyst IOS switch, traffic flowing from the internal network will traverse the same switch.

Example 10-25 configures CSM A as the master CSM, because it has a higher priority (101) than CSM B (100) for its HSRP configuration (groups 1 and 2) and FT VLAN (group 3).

If you configure router-mode fault-tolerance, as shown in Example 10-25, you must also specify an HSRP-like default gateway for the server VLAN (with the alias command). When the active CSM fails, the standby will respond to ARP requests for the shared default gateway.

Note

To configure bridge-mode fault tolerance, you can use the same configuration as in Example 10-25 with the exception of creating a shared default gateway on the server VLAN with the alias command. You also must specify the same IP address for the CSM client and server VLAN interfaces.

You configure the FT VLAN using the ft group command. To assign the CSM priority, you can use the priority FT configuration command. The CSM with the higher priority becomes master. The preempt command works in the same manner as with HSRP and VRRPwhen the master fails and comes back online, it becomes master once again. As you learned previously, CSMs send multicast heartbeat messages to one another over the FT VLAN. When the standby CSM does not receive a heartbeat within the default of three seconds, it becomes the master CSM. You can modify this default by changing the fail-over value, using the failover FT configuration mode command. To change the time between heartbeats, you can use the heartbeat-time command.

Now that you know how to configure FT VLANS and redundant interfaces with Hot Standby Router Protocol (HSRP) tracking, you can configure connection and sticky table synchronization. To enable your CSMs to transfer their connection table entries across the FT VLAN to one another, use the replicate csrp connection virtual server configuration command, as Example 10-25 illustrates. If you enable session stickiness on your CSM and you want your CSMs to transfer their sticky table entries across the FT VLAN to one another, use the replicate csrp sticky virtual server configuration command.

Note

The CSMs do not synchronize ARP table entries, but a standby CSM that becomes master will respond to ARP requests and learn the required ARP table entries automatically.

Категории