Feedback
Contents
- L through W
- lookup
- manager (DFP agent)
- maxclients
- maxconns (firewall farm datagram protocol)
- maxconns (firewall farm TCP protocol)
- maxconns (server farm)
- mls aging slb normal
- mls aging slb process
- mls ip slb purge global
- mls ip slb search wildcard
- nat
- password (DFP agent)
- peer port
- peer secret
- port (custom UDP probe)
- port (DFP agent)
- port (HTTP probe)
- port (TCP probe)
- predictor
- predictor hash address (firewall farm)
- probe (firewall farm real server)
- probe (server farm)
- protocol datagram
- protocol tcp
- purge connection
- purge radius framed-ip acct on-off (virtual server)
- purge radius framed-ip acct stop (virtual server)
- purge sticky
- radius acct local-ack key
- radius inject acct key
- radius inject auth
- radius inject auth timer
- radius inject auth vsa
- rate
- real (firewall farm)
- real (server farm)
- real (static NAT)
- reassign
- replicate casa (firewall farm)
- replicate casa (virtual server)
- replicate interval (firewall farm)
- replicate interval (virtual server)
- replicate slave (firewall farm)
- replicate slave (virtual server)
- request (custom UDP probe)
- request (HTTP probe)
- response
- retry (real server)
- serverfarm
- show fm slb counters
- show ip dfp
- show ip slb conns
- show ip slb dfp
- show ip slb firewallfarm
- show ip slb fragments
- show ip slb gtp
- show ip slb map
- show ip slb natpool
- show ip slb probe
- show ip slb reals
- show ip slb replicate
- show ip slb serverfarms
- show ip slb sessions
- show ip slb static
- show ip slb stats
- show ip slb sticky
- show ip slb vservers
- show ip slb wildcard
- snmp-server enable traps slb
- sticky (firewall farm datagram protocol)
- sticky (firewall farm TCP protocol)
- sticky (virtual server)
- synguard (virtual server)
- timeout (custom UDP probe)
- url (WSP probe)
- username (IOS SLB)
- virtual
- weight (firewall farm real server)
- weight (real server)
L through W
lookup
To configure an IP address of a real server that a Domain Name System (DNS) server should supply in response to a domain name resolve request, use the lookupcommand in DNS probe configuration mode. To remove an IP address from the expected list, use the no form of this command.
Syntax Description
|
ip-address |
IP address of a real server that a DNS server should supply in response to a domain name resolve request. |
Command History
|
Release |
Modification |
|---|---|
|
12.1(11b)E |
This command was introduced. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
manager (DFP agent)
This command has been removed. Its function is now performed by the ip dfp agentglobal configuration command, and by the following DFP agent configuration commands:
- inservice (DFP agent)
- interval (DFP agent)
- password (DFP agent)
- port (DFP agent)
See the description of these commands for more information.
maxclients
To specify the maximum number of IOS Server Load Balancing (IOS SLB) RADIUS and GTP sticky subscribers that can be assigned to an individual virtual server, use the maxclientscommand in real server configuration mode. To remove the limit, use the no form of this command.
Syntax Description
|
maximum-number |
Maximum number of IOS SLB RADIUS and GTP sticky subscribers that can be assigned to an individual virtual server:
By default, there is no limit on the number of IOS SLB RADIUS and GTP sticky subscribers that can be assigned to an individual virtual server. |
Command Default
There is no limit on the number of IOS SLB RADIUS and GTP sticky subscribers that can be assigned to an individual virtual server.
Command History
|
Release |
Modification |
|---|---|
|
12.1(11b)E |
This command was introduced. |
|
12.1(12c)E |
This command was modified to support RADIUS load balancing for CDMA2000, a third-generation (3-G) version of Code Division Multiple Access (CDMA). |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
maxconns (firewall farm datagram protocol)
To limit the number of active datagram connections to the firewall farm, use the maxconns command in firewall farm datagram protocol configuration mode. To restore the default of 4294967295, use the no form of this command.
Syntax Description
|
maximum-number |
Maximum number of simultaneous active datagram connections using the firewall farm. Valid values range from 1 to 4294967295. The default is 4294967295. |
Command Default
The default maximum number of simultaneous active datagram connections using the firewall farm is 4294967295.
Command History
|
Release |
Modification |
|---|---|
|
12.1(3a)E |
This command was introduced. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
maxconns (firewall farm TCP protocol)
To limit the number of active TCP connections to the firewall farm, use the maxconns command in firewall farm TCP protocol configuration mode. To restore the default of 4294967295, use the no form of this command.
Syntax Description
|
maximum-number |
Maximum number of simultaneous active TCP connections using the firewall farm. Valid values range from 1 to 4294967295. The default is 4294967295. |
Command Default
The default maximum number of simultaneous active TCP connections using the firewall farm is 4294967295.
Command History
|
Release |
Modification |
|---|---|
|
12.1(3a)E |
This command was introduced. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
maxconns (server farm)
To limit the number of active connections to the real server, use the maxconns command in SLB server farm configuration mode. To restore the default of 4294967295, use the no form of this command.
Syntax Description
|
maximum-number |
Maximum number of simultaneous active connections on the real server. Valid values range from 1 to 4294967295. The default is 4294967295. |
|
sticky-override |
(Optional) Allow sticky load balancing to exceed maximum-numberfor this real server. |
Command Default
The default maximum number of simultaneous active connections on the real server is 4294967295.
Command History
|
Release |
Modification |
|---|---|
|
12.0(7)XE |
This command was introduced. |
|
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
|
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.1(18)E |
The sticky-override keyword was added. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
Examples
The following example limits the real server to a maximum of 1000 simultaneous active connections:
Router(config)# ip slb serverfarm PUBLIC Router(config-slb-sfarm)# real 10.10.1.1 Router(config-slb-real)# maxconns 1000
Related Commands
|
Command |
Description |
|---|---|
|
real (server farm) |
Identifies a real server by IP address and optional port number as a member of a server farm and enters real server configuration mode. |
|
show ip slb reals |
Displays information about the real servers. |
|
show ip slb severfarms |
Displays information about the server farm configuration. |
mls aging slb normal
To configure the aging time for flows, use the mls aging slb normalcommand in global configuration mode. To restore the default setting, use the noform of this command.
Command History
|
Release |
Modification |
|---|---|
|
12.1(8)E |
This command was introduced. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
Examples
The following example sets the idle time to 4000 milliseconds:
Router(config)# mls aging slb normal 4000
Related Commands
|
Command |
Description |
|---|---|
|
ip slb firewallfarm |
Identifies a firewall farm and initiates firewall farm configuration mode. |
|
ip slb serverfarm |
Associates a real server farm with a virtual server. |
|
ip slb vserver |
Identifies a virtual server. |
|
mls aging slb process |
Controls how often the aging process runs. |
mls aging slb process
To control how often the aging process runs, use the mls aging slb process command in global configuration mode. To restore the default setting, use the noform of this command.
Syntax Description
|
time |
Aging process interval, in milliseconds. The valid range is 1 millisecond to 10000 milliseconds. The default setting is 2000 seconds. |
Command History
|
Release |
Modification |
|---|---|
|
12.1(8)E |
This command was introduced. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
Examples
The following example sets the aging process interval to 4000 milliseconds:
Router(config)# mls aging slb process 4000
Related Commands
|
Command |
Description |
|---|---|
|
ip slb firewallfarm |
Identifies a firewall farm and initiates firewall farm configuration mode. |
|
ip slb serverfarm |
Associates a real server farm with a virtual server. |
|
ip slb vserver |
Identifies a virtual server. |
|
mls aging slb normal |
Configures the aging time for flows. |
mls ip slb purge global
To specify protocol-level purging of MLS entries from active TCP and UDP flow packets, use the mls ip slb purge globalcommand in global configuration mode. To disable purge throttling, use the no form of this command.
Command History
|
Release |
Modification |
|---|---|
|
12.2(1)SX |
This command was introduced. |
|
12.2(33)SRD2 |
The command was modified so that the default command no longer appears in the generated configuration. |
|
12.2(33)SXI2 |
The command was modified so that the default command no longer appears in the generated configuration. |
|
12.2(18)SXF17 |
The command was modified so that the default command no longer appears in the generated configuration. |
mls ip slb search wildcard
To specify the behavior of IOS Server Load Balancing (IOS SLB) wildcard searches, use the mls ip slb search wildcard command in global configuration mode. To restore the default setting, use the no form of this command.
Syntax Description
Command History
|
Release |
Modification |
|---|---|
|
12.1(7)E |
This command was introduced. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
Usage Guidelines
This command is supported for Catalyst 6500 family switches only.
If you configure IOS SLB and either input ACLs or firewall load balancing on the same Catalyst 6500 Family Switch, you can exceed the capacity of the TCAM on the PFC. To correct the problem, use the mls ip slb search wildcard rp command to reduce the amount of TCAM space used by IOS SLB. However, be aware that this command can result in a slight increase in route processor utilization.
nat
To configure Cisco IOS Server Load Balancing (IOS SLB) Network Address Translation (NAT) and specify a NAT mode, use the nat command in SLB server farm configuration mode. To remove a NAT configuration, use the no form of this command.
Syntax Description
|
client pool |
Configures the client address in load-balanced packets using addresses from the client address pool. The pool name must match the pool argument from a previous ip slb natpoolcommand. This mode is commonly referred to as directed client NAT , or simply client NAT. |
|
server |
Configures the destination address in load-balanced packets sent to the real server as the address of the real server chosen by the server farm load-balancing algorithm. This mode is commonly referred to as directed server NAT , or simply server NAT. |
Command History
|
Release |
Modification |
|---|---|
|
12.1(1)E |
This command was introduced. |
|
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
|
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
|
12.1(2)E |
The client keyword and pool argument were added. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
Usage Guidelines
The no nat command is allowed only if the virtual server was removed from service with the no inservice command.
Examples
The following example enters server farm configuration mode and configures NAT mode as server address translation on server farm FARM2:
Router# ip slb serverfarm FARM2 Router(config-slb-sfarm)# nat server
The following example configures the NAT mode on server farm FARM2 to client translation mode and, using the realcommand in server farm configuration mode, configures the real server IP address as 10.3.1.1:
Router(config-slb-sfarm)# nat client web-clients Router(config-slb-sfarm)# real 10.3.1.1
Related Commands
|
Command |
Description |
|---|---|
|
ip slb serverfarm |
Associates a real server farm with a virtual server. |
|
real (server farm) |
Identifies a real server by IP address and optional port number as a member of a server farm and enters real server configuration mode. |
|
show ip slb serverfarms |
Displays information about the server farm configuration. |
password (DFP agent)
To configure a Dynamic Feedback Protocol (DFP) agent password for Message Digest Algorithm Version 5 (MD5) authentication, use the password command in DFP agent configuration mode. To remove the DFP agent password, use the no form of this command.
Syntax Description
|
0 |
(Optional) Indicates that the password is unencrypted. This is the default setting. |
||
|
7 |
(Optional) Indicates that the password is encrypted. |
||
|
password |
Password value for MD5 authentication.
|
||
|
timeout |
(Optional) Delay period, in seconds, during which both the old password and the new password are accepted. The valid range is from 0 to 65535. The default is 180. |
Command Default
The password encryption default is 0 (unencrypted). The password timeout default is 180 seconds.
Command History
|
Release |
Modification |
|---|---|
|
12.1(8a)E |
This command was introduced. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.3(4)T |
This command was integrated into Cisco IOS Release 12.3(4)T. |
|
12.2(18)SXD |
This command was integrated into Cisco IOS Release 12.2(18)SXD. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
Usage Guidelines
The password specified on this command must match the password specified on the DFP manager.
The timeout option allows you to change the password without stopping messages between the DFP agent and its manager. The default value is 180 seconds.
During the timeout, the agent sends packets with the old password (or null, if there is no old password), and receives packets with either the old or new password. After the timeout expires, the agent sends and receives packets only with the new password; received packets that use the old password are discarded.
If you are changing the password for an entire load-balanced environment, set a longer timeout. Setting a longer timeout allows enough time for you to update the password on all agents and servers before the timeout expires. It also prevents mismatches between agents and servers that have begun running the new password and agents, and servers on which you have not yet changed the old password.
If you are running IOS SLB as a DFP manager, and you specify a password on the ip slb dfp command in global configuration mode, the password must match the one specified on the password command in DFP agent configuration mode in the DFP agent.
Examples
The following example sets the DFP agent password (unencrypted by default) to Password1 and the timeout to 360 seconds:
Router(config)# ip dfp agent slb Router(config-dfp)# password Password1 360
Related Commands
|
Command |
Description |
|---|---|
|
agent |
Identifies a DFP agent to which IOS SLB can connect. |
|
ip dfp agent |
Identifies a DFP agent subsystem and initiates DFP agent configuration mode. |
|
ip slb dfp |
Configures DFP, supplies an optional password, and initiates DFP configuration mode. |
|
replicate casa (firewall farm) |
Configures a stateful backup of IOS SLB decision tables to a backup switch. |
|
replicate casa (virtual server) |
Configures a stateful backup of IOS SLB decision tables to a backup switch. |
peer port
To specify the port to which the IOS SLB KeepAlive Application Protocol (KAL-AP) agent is to connect, use the peer portcommand in SLB Content Application Peering Protocol (CAPP) configuration mode. To restore the default settings, use the no form of this command.
Syntax Description
|
ip-address |
(Optional) IP address of the peer KAL-AP manager. |
|
port |
Content Application Peering Protocol (CAPP) User Datagram Protocol (UDP) port number to which the KAL-AP agent is to connect. Valid port numbers are 1 to 65535. |
Usage Guidelines
Use this command to specify a port number, other than port 5002, to be used by the KAL-AP agent.
You can configure any number of peer portcommands with the ip-addressargument, but only one without the ip-addressargument.
peer secret
To enable Message Digest Algorithm Version 5 (MD5) authentication for the IOS SLB KeepAlive Application Protocol (KAL-AP) agent, use the peer secretcommand in SLB Content Application Peering Protocol (CAPP) configuration mode. To disable MD5 authentication, use the no form of this command.
Syntax Description
|
ip-address |
(Optional) IP address of the peer KAL-AP. |
||
|
encrypt |
(Optional) Indicates how the secret-string is represented when the configuration is displayed (for example, show run), or how it is written to nonvolatile memory (for example, write memory). The possible values are 0 and 7:
|
||
|
secret-string |
1- to 64-character clear password value for MD5 authentication. All characters are valid; case is significant. This password must match the password configured on the host agent. The secret-stringis always sent in plain text when the configuration is downloaded. The secret-stringmust match the secret that is specified on the KAL-AP client. |
Usage Guidelines
You can configure any number of peer secretcommands with the ip-addressargument, but only one without the ip-addressargument.
port (custom UDP probe)
To specify the port to which a custom User Datagram Protocol (UDP) probe is to connect, use the portcommand in custom UDP probe configuration mode. To restore the default settings, use the no form of this command.
Command Default
In dispatched mode, the port number is inherited from the virtual server. If port translation is configured for the real server, that port number is used. See the real (server farm) command for more details.
Command History
|
Release |
Modification |
|---|---|
|
12.1(13)E3 |
This command was introduced. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
Examples
The following example configures a custom UDP probe named PROBE6, enters custom UDP probe configuration mode, and configures the probe to connect to port number 8:
Router(config)# ip slb probe PROBE6 custom UDP Router(config-slb-probe)# port 8
Related Commands
|
Command |
Description |
|---|---|
|
ip slb probe custom udp |
Configures a custom User Datagram Protocol (UDP) probe name and enters custom UDP probe configuration mode. |
|
real (server farm) |
Identifies a real server by IP address and optional port number as a member of a server farm and enters real server configuration mode. |
|
show ip slb probe |
Displays information about an IOS Server Load Balancing (IOS SLB) probe. |
port (DFP agent)
To define the port number to be used by the Dynamic Feedback Protocol (DFP) manager to connect to the DFP agent, use the portcommand in DFP agent configuration mode. To disable the port number definition and remove existing connections, use the no form of this command.
Syntax Description
|
port-number |
Port number used by a DFP manager to connect to a DFP agent. The valid range is from 1 to 65535. |
Command History
|
Release |
Modification |
|---|---|
|
12.1(8a)E |
This command was introduced. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.3(4)T |
This command was integrated into Cisco IOS Release 12.3(4)T. |
|
12.2(18)SXD |
This command was integrated into Cisco IOS Release 12.2(18)SXD. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
port (HTTP probe)
To specify the port to which an HTTP probe is to connect, use the portcommand in HTTP probe configuration mode. To restore the default settings, use the no form of this command.
Syntax Description
|
port |
TCP or User Datagram Protocol (UDP) port number to which the HTTP probe is to connect. |
Command Default
In dispatched mode, the port number is inherited from the virtual server. If port translation is configured for the real server, that port number is used. See the real(server farm) command for more details.
Command History
|
Release |
Modification |
|---|---|
|
12.1(3a)E |
This command was introduced. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
Examples
The following example configures an HTTP probe named PROBE2, enters HTTP probe configuration mode, and configures the probe to connect to port number 8:
Router(config)# ip slb probe PROBE2 http Router(config-slb-probe)# port 8
Related Commands
|
Command |
Description |
|---|---|
|
ip slb probe http |
Configures an HTTP probe name and enters HTTP probe configuration mode. |
|
real (server farm) |
Identifies a real server by IP address and optional port number as a member of a server farm and enters real server configuration mode. |
|
show ip slb probe |
Displays information about an IOS SLB probe. |
port (TCP probe)
To specify the port to which a TCP probe is to connect, use the portcommand in TCP probe configuration mode. To restore the default settings, use the no form of this command.
Command Default
In dispatched mode, the port number is inherited from the virtual server. If port translation is configured for the real server, that port number is used. See the real(server farm) command for more details.
Command History
|
Release |
Modification |
|---|---|
|
12.1(11b)E |
This command was introduced. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
Examples
The following example configures a TCP probe named PROBE5, enters TCP probe configuration mode, and configures the probe to connect to port number 8:
Router(config)# ip slb probe PROBE5 tcp Router(config-slb-probe)# port 8
Related Commands
|
Command |
Description |
|---|---|
|
ip slb probe tcp |
Configures a TCP probe name and enters TCP probe configuration mode. |
|
real (server farm) |
Identifies a real server by IP address and optional port number as a member of a server farm and enters real server configuration mode. |
|
show ip slb probe |
Displays information about an IOS SLB probe. |
predictor
To specify the load-balancing algorithm for selecting a real server in the server farm, use the predictorcommand in SLB server farm configuration mode. To restore the default load-balancing algorithm of weighted round robin, use the no form of this command.
Syntax Description
|
roundrobin |
(Optional) Uses the weighted round robin algorithm for selecting the real server to handle the next new connection for the server farm. See the Weighted Round Robin section for a detailed description of this algorithm. This algorithm is the default value. RADIUS load balancing requires the weighted round robin algorithm. General packet radio service (GPRS) load balancing without GPRS Tunneling Protocol (GTP) cause code inspection enabled requires the weighted round robin algorithm. The Home Agent Director requires the weighted round robin algorithm. |
|
leastconns |
(Optional) Uses the weighted least connections algorithm for selecting the real server to handle the next new connection for this server farm. See the Weighted Least Connections section for a detailed description of this algorithm. |
|
route-map mapname |
(Optional) Uses IOS policy-based routing (PBR) for selecting the real server to handle the next new connection for this server farm. The mapname argument identifies the IOS PBR route map to be used. See the Route Map section for a detailed description of this algorithm. The route map algorithm is supported only for RADIUS load balancing accelerated data plane forwarding. |
Command Default
If you do not enter a predictor command, or if you enter the predictor command without specifying a load-balancing algorithm, the weighted round robin algorithm is used.
Command History
|
Release |
Modification |
|---|---|
|
12.0(7)XE |
This command was introduced. |
|
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
|
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
|
12.2(33)SRC |
The route-map keyword and mapname argument were added. |
Usage Guidelines
RADIUS load balancing requires the weighted round robin algorithm.
The route map algorithm is supported only for RADIUS load balancing accelerated data plane forwarding. When you specify the predictor route-map command, no further commands in SLB server farm configuration mode or real server configuration mode are allowed.
GPRS load balancing without GTP cause code inspection enabled requires the weighted round robin algorithm. A server farm that uses weighted least connections can be bound to a virtual server providing GPRS load balancing without GTP cause code inspection enabled, but you cannot place the virtual server INSERVICE. If you try to do so, Cisco IOS SLB) issues an error message.
The Home Agent Director requires the weighted round robin algorithm. A server farm that uses weighted least connections can be bound to a Home Agent Director virtual server, but you cannot place the virtual server INSERVICE. If you try to do so, Cisco IOS SLB issues an error message.
predictor hash address (firewall farm)
To specify the load-balancing algorithm for selecting a firewall in the firewall farm, use the predictor hash addresscommand in firewall farm configuration mode. To restore the default load-balancing algorithm, use the no form of this command.
Syntax Description
|
port |
(Optional) Uses the source and destination TCP or User Datagram Protocol (UDP) port numbers, in addition to the source and destination IP addresses, when selecting a firewall. |
Command Default
IOS Server Load Balancing (IOS SLB) uses the source and destination IP addresses when selecting a firewall.
Command History
|
Release |
Modification |
|---|---|
|
12.1(3a)E |
This command was introduced. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
probe (firewall farm real server)
To associate a probe with a firewall farm, use the probecommand in firewall farm real server configuration mode. To remove the association, use the no form of this command.
Command History
|
Release |
Modification |
|---|---|
|
12.1(3a)E |
This command was introduced. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
Usage Guidelines
You can configure more than one probe for each firewall in a firewall farm.
If you configure probes in your network, you must also do one of the following:
- Configure the exclude keyword on the client command on the virtual server, to exclude connections initiated by the client IP address from the load-balancing scheme.
- Configure IP addresses on the IOS Server Load Balancing (IOS SLB) device that are Layer 3-adjacent to the real servers used by the virtual server.
probe (server farm)
To associate a probe with a server farm, use the probecommand in server farm configuration mode. To remove the association, use the no form of this command.
Command History
|
Release |
Modification |
|---|---|
|
12.1(2)E |
This command was introduced. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
Usage Guidelines
You can configure more than one probe for each server farm.
If you configure probes in your network, you must also do one of the following:
- Configure the exclude keyword on the client command on the virtual server, to exclude connections initiated by the client IP address from the load-balancing scheme.
- Configure IP addresses on the IOS Server Load Balancing (IOS SLB) device that are Layer 3-adjacent to the real servers used by the virtual server.
protocol datagram
To enter firewall farm datagram protocol configuration mode, use the protocol datagramcommand in firewall farm configuration mode.
Command History
|
Release |
Modification |
|---|---|
|
12.1(11b)E |
This command was introduced, replacing the udp command. |
|
12.1(12c)E |
This command was integrated into Cisco IOS Release 12.1(12c)E, replacing the protocol udpcommand. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
Usage Guidelines
Firewall farm datagram protocol configuration applies to the Encapsulation Security Payload (ESP), Generic Routing Encapsulation (GRE), IP in IP encapsulation, and User Datagram Protocol (UDP) protocols.
protocol tcp
To enter firewall farm TCP protocol configuration mode, use the protocol tcpcommand in firewall farm configuration mode.
Command History
|
Release |
Modification |
|---|---|
|
12.1(11b)E |
This command was introduced, replacing the tcp command. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
purge connection
To enable IOS SLB firewall load balancing to send purge requests for connections, use the purge connectioncommand in firewall farm configuration mode. To prevent the sending of purge requests, use the no form of this command.
Usage Guidelines
By default, IOS SLB firewall load balancing sends purge requests for connections. However, if a large number of purge requests are sent, the CPU might be impacted. To prevent this problem, use the no form of this command to prevent the sending of purge requests.
purge radius framed-ip acct on-off (virtual server)
To enable IOS SLB to purge entries in the IOS SLB RADIUS framed-ip sticky database upon receipt of an Accounting ON or OFF message, use the purge radius framed-ip acct on-off command in virtual serverconfiguration mode. To disable this behavior, use the no form of this command.
Command Default
IOS SLB purges entries in the IOS SLB RADIUS framed-ip sticky database upon receipt of an Accounting ON or OFF message.
Command History
|
Release |
Modification |
|---|---|
|
12.1(11b)E |
This command was introduced. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
purge radius framed-ip acct stop (virtual server)
To enable IOS Server Load Balancing to purge entries in the IOS SLB RADIUS framed-ip sticky database upon receipt of an Accounting-Stop message, use the purge radius framed-ip acct stop in virtual serverconfiguration mode. To disable this behavior, use the no form of this command.
Syntax Description
|
attribute-number |
RADIUS attribute number. |
|
26 |
RADIUS attribute number 26. |
|
vsa |
Vendor-specific attribute number. |
|
vendor-ID |
Vendor ID. |
|
3gpp |
Third Generation Partnership Project (3GPP) vendor ID. |
|
3gpp2 |
Third Generation Partnership Project 2 (3GPP2) vendor ID. |
|
sub-attribute-number |
Sub-attribute number. |
Command Default
IOS SLB purges entries in the IOS SLB RADIUS framed-ip sticky database upon receipt of an Accounting-Stop message.
Command History
|
Release |
Modification |
|---|---|
|
12.2(14)ZA5 |
This command was introduced. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
purge sticky
To enable IOS SLB firewall load balancing to send purge requests for sticky connections when the sticky timer expires, use the purge stickycommand in firewall farm configuration mode. To prevent the sending of purge requests when the timer expires, use the no form of this command.
Usage Guidelines
By default, IOS SLB firewall load balancing sends purge requests for sticky connections when the sticky timer expires. However, large volumes of purge requests can impact the CPU. To prevent this problem, use the no form of this command to prevent the sending of purge requests when the sticky timer expires.
To configure a sticky timer for IOS SLB firewall load balancing, use the sticky command in either firewall farm datagram protocol or firewall farm TCP protocol configuration mode.
Examples
The following example prevents the sending of purge requests for sticky connections:
Router(config-slb-fw)# no purge sticky
Related Commands
|
mls ip slb purge global |
Specifies protocol-level purging of MLS entries from active TCP and UDP flow packets. |
|
purge connection |
Enables IOS SLB firewall load balancing to send purge requests for connections. |
|
sticky (firewall farm datagram protocol) |
Assigns all connections from a client to the same firewall. |
|
sticky (firewall farm TCP protocol) |
Assigns all connections from a client to the same firewall. |
radius acct local-ack key
To enable a RADIUS virtual server to acknowledge RADIUS accounting messages, use the radius acct local-ack keycommand in SLB virtual server configuration mode. To restore the default behavior, use the no form of this command.
Syntax Description
|
encrypt |
(Optional) Indicates how the secret-string is represented when the configuration is displayed (for example, show run), or how it is written to nonvolatile memory (for example, write memory). The possible values are 0 and 7:
|
||
|
secret-string |
1- to 64-character clear password value for MD5 authentication. All characters are valid; case is significant. This password must match the password configured on the host agent. The secret-stringis always sent in plain text when the configuration is downloaded. The secret-stringmust match the secret that is specified on the RADIUS client (for example, the gateway general packet radio service [GPRS] support node [GGSN]). |
Command Default
By default, this command is not enabled. When this command is enabled, the RADIUS load balancing device, not the real server, acknowledges RADIUS accounting messages. If you configure this command but you do not specify the 7 keyword, the secret-string is stored in the plain text.
radius inject acct key
To configure a vendor-specific attribute (VSA) correlation group for an IOS SLB RADIUS load balancing accelerated data plane forwarding accounting virtual server, and to enable Message Digest Algorithm Version 5 (MD5) authentication for VSA correlation, use the radius inject acct keycommand in SLB virtual server configuration mode. To disable VSA correlation on this virtual server, use the no form of this command.
Syntax Description
|
group-number |
VSA correlation group number to be used for VSA correlation in the RADIUS Accounting-Start packets. |
||
|
encrypt |
(Optional) Indicates how the secret-string is represented when the configuration is displayed (for example, show run), or how it is written to nonvolatile memory (for example, write memory). The possible values are 0 and 7:
|
||
|
secret-string |
1- to 64-character clear password value for MD5 authentication. All characters are valid; case is significant. This password must match the password configured on the host agent. The secret-stringis always sent in plain text when the configuration is downloaded. |
Examples
The following example configures VSA correlation group 1 and configures plain text secret string SECRET_STRING for VSA correlation:
Router(config-slb-vserver)# radius inject acct 1 key 0 SECRET_STRING
Related Commands
|
Command |
Description |
|---|---|
|
radius inject auth |
Configures a vendor-specific attribute (VSA) correlation group for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server, and specifies whether IOS SLB is to create VSA correlation entries based on RADIUS calling station IDs or RADIUS usernames. |
|
radius inject auth timer |
Configures a timer for vendor-specific attribute (VSA) correlation for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server. |
|
radius inject auth vsa |
Buffers vendor-specific attributes (VSAs) for VSA correlation for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server. |
radius inject auth
To configure a vendor-specific attribute (VSA) correlation group for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server, and to specify whether IOS SLB is to create VSA correlation entries based on RADIUS calling station IDs or RADIUS usernames, use the radius inject auth command in SLB virtual server configuration mode. To disable VSA correlation on this virtual server, use the no form of this command.
Syntax Description
|
group-number |
VSA correlation group number. |
|
calling-station-id |
Specifies that IOS SLB is to create VSA correlation entries based on the RADIUS calling station ID attribute in the RADIUS payload when RADIUS Access-Request messages are exchanged. |
|
username |
Specifies that IOS SLB is to create VSA correlation entries based on the RADIUS username attribute in the RADIUS payload when RADIUS Access-Request messages are exchanged. |
Usage Guidelines
For a given authentication virtual server, you can configure a single radius inject auth group-number calling-station-id command or a single radius inject auth group-number usernamecommand, but not both.
This command is valid only for VSA correlation authentication virtual servers.
Examples
The following example configures VSA correlation group 1 and specifies that IOS SLB is to create VSA correlation entries based on the RADIUS calling station ID attribute:
Router(config-slb-vserver)# radius inject auth 1 calling-station-id
Related Commands
|
Command |
Description |
|---|---|
|
calling-station-id |
Configures an ASCII regular expression string to be matched against the calling station ID attribute in the RADIUS payload. |
|
radius inject acct key |
Configures a vendor-specific attribute (VSA) correlation group for an IOS SLB RADIUS load balancing accelerated data plane forwarding accounting virtual server, and enables Message Digest Algorithm Version 5 (MD5) authentication for VSA correlation. |
|
radius inject auth timer |
Configures a timer for vendor-specific attribute (VSA) correlation for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server. |
|
radius inject auth vsa |
Buffers vendor-specific attributes (VSAs) for VSA correlation for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server. |
|
username |
Configures an ASCII regular expression string to be matched against the username attribute in the RADIUS payload. |
radius inject auth timer
To configure a timer for vendor-specific attribute (VSA) correlation for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server, use the radius inject auth timercommand in SLB virtual server configuration mode. To delete the VSA correlation timer from the configuration, use the no form of this command.
Syntax Description
|
seconds |
Time, in seconds, that IOS SLB maintains an entry in the VSA correlation database. Valid range is 1 to 255. |
Examples
The following example configures a VSA correlation timer of 45 seconds:
Router(config-slb-vserver)# radius inject auth timer 45
Related Commands
|
Command |
Description |
|---|---|
|
radius inject acct key |
Configures a vendor-specific attribute (VSA) correlation group for an IOS SLB RADIUS load balancing accelerated data plane forwarding accounting virtual server, and enables Message Digest Algorithm Version 5 (MD5) authentication for VSA correlation. |
|
radius inject auth |
Configures a vendor-specific attribute (VSA) correlation group for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server, and specifies whether IOS SLB is to create VSA correlation entries based on RADIUS calling station IDs or RADIUS usernames. |
|
radius inject auth vsa |
Buffers vendor-specific attributes (VSAs) for VSA correlation for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server. |
radius inject auth vsa
To buffer vendor-specific attributes (VSAs) for VSA correlation for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server, use the radius inject auth vsacommand in SLB virtual server configuration mode.
Syntax Description
|
vendor-id |
VSA to be buffered:
|
Examples
The following example buffers the Cisco VSA:
Router(config-slb-vserver)# radius inject auth vsa cisco
Related Commands
|
Command |
Description |
|---|---|
|
radius inject acct key |
Configures a vendor-specific attribute (VSA) correlation group for an IOS SLB RADIUS load balancing accelerated data plane forwarding accounting virtual server, and enables Message Digest Algorithm Version 5 (MD5) authentication for VSA correlation. |
|
radius inject auth |
Configures a vendor-specific attribute (VSA) correlation group for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server, and specifies whether IOS SLB is to create VSA correlation entries based on RADIUS calling station IDs or RADIUS usernames. |
|
radius inject auth timer |
Configures a timer for vendor-specific attribute (VSA) correlation for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server. |
rate
To specify the maximum number of connections allowed for a real server in a server farm, use the ratecommand in real server configuration mode. To remove the rate limit, use the no form of this command.
Syntax Description
|
maximum-rate |
Maximum number of connections allowed for the real server. Valid values range from 1 to 4294967295. |
|
burst burst-rate |
(Optional) Maximum connection burst rate allowed for the real server. Configure a burst rate if you expect the real server to receive connection requests at random intervals. Valid values range from (maximum-rate/10) + 1 to maximum-rate. The default burst rate is (maximum-rate/10) connections per second. We recommend that you specify a burst rate of at least (maximum-rate/4). For example, if maximum-rate is set to 3212, the valid range is 322 to 3212; the default burst rate is (3212/10), or 321 connections per second; and we recommend a burst rate of at least (3212/4), or 803 connections per second. |
Command Default
There is no limit on the number of connection allowed for the real server. If you do not configure a burst rate, the default burst rate is (maximum-rate/10) connections per second.
Usage Guidelines
The rate command is valid only for real servers in server farms. It is not valid for real servers in firewall farms.
If the rate limit for a real server is exceeded, and a new connection request is received, IOS SLB assigns the new connection request to the next rate-configured real server in the server farmâs queue. If no other rate-configured real server is available in the server farm, IOS SLB drops the connection request.
The rate limit also applies to sticky connections. That is, if the rate limit for a real server is exceeded, and a new sticky connection request is received, IOS SLB drops the sticky connection request.
IOS SLB uses slow start even if a real server has a rate limit configured.
real (firewall farm)
To identify a firewall as a member of a firewall farm and enter real server configuration mode, use the real command in firewall farm configuration mode. To remove the firewall from the IOS Server Load Balancing (IOS SLB) configuration, use the no form of this command.
Command History
|
Release |
Modification |
|---|---|
|
12.1(3a)E |
This command was introduced. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
Usage Guidelines
A firewall farm comprises a number of firewalls. The firewalls are the physical devices that provide the firewall load-balanced services.
real (server farm)
To identify a real server as a member of a server farm and enter real server configuration mode, use the real command in SLB server farm configuration mode. To remove the real server from the IOS Server Load Balancing (IOS SLB) configuration, use the no form of this command.
Syntax Description
|
ipv4-address |
Real server IPv4 address. |
|
ipv6 ipv6-address |
(Optional) For dual-stack, real server IPv6 address. |
|
port |
(Optional) Port translation for the server. Valid values range from 1 to 65535. |
Command History
|
Release |
Modification |
|---|---|
|
12.0(7)XE |
This command was introduced. |
|
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
|
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
|
12.1(2)E |
The port argument was added. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
|
15.0(1)S |
The ipv6 keyword and ipv6-address argument were added. |
Usage Guidelines
A server farm comprises a number of real servers. The real servers are the physical devices that provide the load-balanced services.
In general packet radio service (GPRS) load balancing, this command identifies a gateway GPRS support node (GGSN) that is a member of the server farm. Also, remember that the Cisco GGSN IP addresses are virtual template IP addresses, not real interface IP addresses.
IOS SLB supports GPRS Tunneling Protocol (GTP) v0, v1, and v2 real servers. A GTP v2 real server can be either a Packet Data Network Gateway (PGW) or a serving gateway (SGW).
- A GTP v2 PGW can also manage GTP v0 and v1 requests.
- A GTP v2 SGW cannot manage GTP v0 or v1 requests.
- A GTP v0 or v1 real server cannot manage GTP v2 requests. Therefore, you must configure separate virtual servers for GTPv2 real servers and GTP v0 or v1 real servers.
IOS SLB supports dual-stack addresses for GTP load balancing only. To support dual-stack addresses, you must configure the real server as a dual-stack real server, with the IPv4 and IPv6 addresses, using this command.
In Virtual Private Network (VPN) server load balancing, this command identifies a real server acting as a VPN terminator.
Examples
The following example identifies a real server as a member of the server farm:
Router(config)# ip slb serverfarm PUBLIC Router(config-slb-sfarm)# real 10.1.1.1
The following example identifies a dual-stack real server as a member of the server farm:
Router(config)# ip slb serverfarm DUAL-PUBLIC Router(config-slb-sfarm)# real 10.1.1.1 ipv6 12AB:0000:0000:CD31:0000:0000:0000:0000/64
real (static NAT)
To configure one or more real servers to use static Network Address Translation (NAT), use the real command in static NAT configuration mode. To restore the default behavior, use the no form of this command.
Syntax Description
|
ip-address |
IP address of the real server that is to use static NAT. |
|
port |
(Optional) Layer 4 source port number, used by IOS Server Load Balancing (IOS SLB) to differentiate between User Datagram Protocol (UDP) responses from the real server and connections initiated by the real server. |
Command History
|
Release |
Modification |
|---|---|
|
12.1(11b)E |
This command was introduced. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
Usage Guidelines
If no port number is specified, IOS SLB uses static NAT for all packets outbound from the real server.
reassign
To specify the threshold of consecutive unacknowledged SYNchronize sequence numbers (SYNs) or Create Packet Data Protocol (PDP) requests that, if exceeded, result in an attempted connection to a different real server, use the reassign command in SLB real server configuration mode. To restore the default reassignment threshold, use the no form of this command.
Syntax Description
|
threshold |
Number of unacknowledged TCP SYNs (or Create PDP requests, in general packet radio service [GPRS] load balancing) that are directed to a real server before the connection is reassigned to a different real server. An unacknowledged SYN is one for which no SYN or ACKnowledgment (ACK) is detected before the next SYN arrives from the client. IOS Server Load Balancing (IOS SLB) allows 30 seconds for the connection to be established or for a new SYN to be received. If neither of these occurs within that time, the connection is removed from the IOS SLB database. The 30-second timer is restarted for each SYN as long as the number of connection reassignments specified in the faildetect numconns (real server)command is not exceeded. See the faildetect numconns (real server) command for more information. Valid threshold values range from one 1 to 4. The default value is 3. |
Command History
|
Release |
Modification |
|---|---|
|
12.0(7)XE |
This command was introduced. |
|
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
|
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
|
12.1(9)E |
This command was modified to support general packet radio service (GPRS) load balancing. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(14)SX |
Support for this command was introduced on the Cisco 7600 series routers that are configured with a Supervisor Engine 720. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
Usage Guidelines
This command is not supported on Cisco 7600 series routers that are configured with a Supervisor Engine 2.
IOS SLB does not reassign sticky connections if either of the following conditions is true:
- The real server is not OPERATIONAL or MAXCONNS_THROTTLED.
- The connection is the first for this sticky connection.
In GPRS load balancing, this command specifies the number of consecutive unacknowledged Create PDP requests (not TCP SYNs) that are directed to a gateway GPRS support node (GGSN) before the connection is reassigned to a different GGSN. You must specify a reassign threshold less than the N3-REQUESTS counter value of the serving GRPS support node (SGSN).
Examples
The following example shows how to set the threshold of unacknowledged SYNs to 2:
Router(config)# ip slb serverfarm PUBLIC Router(config-slb-sfarm)# real 10.10.1.1 Router(config-slb-real)# reassign 2
Related Commands
|
Command |
Description |
|---|---|
|
faildetect numconns |
Specifies the conditions that indicate a server failure. |
|
inservice (real server) |
Enables the real server for use by the IOS SLB feature. |
|
real (server farm) |
Identifies a real server by IP address and optional port number as a member of a server farm and enters real server configuration mode. |
|
show ip slb reals |
Displays information about the real servers. |
|
show ip slb serverfarms |
Displays information about the server farm configuration. |
replicate casa (firewall farm)
To configure a stateful backup of IOS Server Load Balancing (IOS SLB) decision tables to a backup switch, use the replicate casacommand in firewall farm configuration mode. To remove a this configuration, use the no form of this command.
Syntax Description
|
listen-ip |
Listening IP address for state exchange messages that are advertised. |
||
|
remote-ip |
Destination IP address for all state exchange signals. |
||
|
port |
TCP or User Datagram Protocol (UDP) port number or port name for all state exchange signals. |
||
|
interval |
(Optional) Maximum replication delivery interval from 1 to 300 seconds. The default value is 10 seconds.
|
||
|
password |
(Optional) Specifies the password for Message Digest Algorithm Version 5 (MD5) authentication. |
||
|
encrypt |
(Optional) Indicates how the secret-string is represented when the configuration is displayed (for example, show run), or how it is written to nonvolatile memory (for example, write memory). The possible values are 0 and 7:
|
||
|
secret-string |
(Optional) 1- to 64-character clear password value for MD5 authentication. All characters are valid; case is significant. This password must match the password configured on the host agent. The secret-stringis always sent in plain text when the configuration is downloaded. The secret-stringmust match the secret that is specified on the RADIUS client (for example, the gateway general packet radio service [GPRS] support node [GGSN]). |
||
|
timeout |
(Optional) Delay period, in seconds, during which both the old password and the new password are accepted. The default value is 180 seconds. |
Command Default
The default interval is 10 seconds. The default password encryption is 0 (unencrypted). The default password timeout is 180 seconds.
Command History
|
Release |
Modification |
|---|---|
|
12.1(3a)E |
This command was introduced. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
Usage Guidelines
The timeout option allows you to change the password without stopping messages between the backup and primary Layer 3 switches. The default value is 180 seconds.
During the timeout, the backup sends packets with the old password (or null, if there is no old password), and receives packets with either the old or new password. After the timeout expires, the backup sends and receives packets only with the new password.
When setting a new password timeout, remember the following considerations:
- If you are configuring a new backup, set the timeout to 0 (send packets with the new password immediately). This configuration prevents password mismatches between the new backup and its primary.
- If you are changing the password for an existing backup, set a longer timeout to allow enough time for you to update the password on the primary before the timeout expires. Setting a longer timeout also prevents mismatches between the backup and primary.
If you configure this command but you do not specify the 7 keyword, the secret-string is stored in the plain text.
replicate casa (virtual server)
To configure a stateful backup of IOS Server Load Balancing (IOS SLB) decision tables to a backup switch, use the replicate casa command in virtual server configuration mode. To remove this configuration, use the no form of this command.
Syntax Description
|
listen-ip |
Listening IP address for state exchange messages that are advertised. |
||
|
remote-ip |
Destination IP address for all state exchange signals. |
||
|
port |
TCP or User Datagram Protocol (UDP) port number or port name for all state exchange signals. |
||
|
interval |
(Optional) Maximum replication delivery interval from 1 to 300 seconds. The default value is 10 seconds.
|
||
|
password |
(Optional) Specifies the password for Message Digest Algorithm Version 5 (MD5) authentication. |
||
|
encrypt |
(Optional) Indicates how the secret-string is represented when the configuration is displayed (for example, show run), or how it is written to nonvolatile memory (for example, write memory). The possible values are 0 and 7:
|
||
|
secret-string |
(Optional) 1- to 64-character clear password value for MD5 authentication. All characters are valid; case is significant. This password must match the password configured on the host agent. The secret-stringis always sent in plain text when the configuration is downloaded. The secret-stringmust match the secret that is specified on the RADIUS client (for example, the gateway general packet radio service [GPRS] support node [GGSN]). |
||
|
timeout |
(Optional) Delay period, in seconds, during which both the old password and the new password are accepted. The default value is 180 seconds. |
Command Default
The default interval is 10 seconds. The default password encryption is 0 (unencrypted). The default password timeout is 180 seconds.
Command History
|
Release |
Modification |
|---|---|
|
12.1(2)E |
This command was introduced. |
|
12.1(3a)E |
The 0and 7keywords were added. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
Usage Guidelines
The timeout option allows you to change the password without stopping messages between the backup and primary Layer 3 switches. The default value is 180 seconds.
During the timeout, the backup sends packets with the old password (or null, if there is no old password), and receives packets with either the old or new password. After the timeout expires, the backup sends and receives packets only with the new password.
When setting a new password timeout, remember the following considerations:
- If you are configuring a new backup, set the timeout to 0 (send packets with the new password immediately). This configuration prevents password mismatches between the new backup and its primary.
- If you are changing the password for an existing backup, set a longer timeout to allow enough time for you to update the password on the primary before the timeout expires. Setting a longer timeout also prevents mismatches between the backup and primary.
General packet radio service (GPRS) load balancing without GPRS Tunneling Protocol (GTP) cause code inspection enabled does not support the replicate casacommand in virtual server configuration mode.
The Home Agent Director does not support the replicate casacommand in virtual server configuration mode.
If you configure this command but you do not specify the 7 keyword, the secret-string is stored in the plain text.
replicate interval (firewall farm)
To set the replication delivery interval for an IOS Server Load Balancing (IOS SLB) firewall farm, use the replicate interval command in firewall farm configuration mode. To restore the default interval, use the no form of this command.
Syntax Description
|
interval |
Maximum replication delivery interval, in seconds. Replication updates are sent to the peer device (CASA or slave) when the interval expires, or when the send buffer (1500 bytes) is full. The valid range is 1 to 300 seconds. The default value is 10 seconds. |
Command History
|
Release |
Modification |
|---|---|
|
12.2(14)ZA5 |
This command was introduced. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
Usage Guidelines
General packet radio service (GPRS) load balancing without GPRS Tunneling Protocol (GTP) cause code inspection enabled does not support the replicate intervalcommand in firewall farm configuration mode.
The Home Agent Director does not support the replicate intervalcommand in firewall farm configuration mode.
Examples
The following example configures a replication interval of 20 seconds:
Router(config)# ip slb firewallfarm FIRE1 Router(config-slb-fw)# replicate interval 20
Related Commands
|
Command |
Description |
|---|---|
|
ip slb replicate slave rate |
Sets the replication message rate for IOS Server Load Balancing (IOS SLB) slave replication. |
|
replicate casa (firewall farm) |
Configures a stateful backup of IOS Server Load Balancing (IOS SLB) decision tables to a backup switch |
|
replicate slave (firewall farm) |
Enables stateful backup of redundant route processors for an IOS Server Load Balancing (IOS SLB) firewall farm. |
|
show ip slb replicate |
Displays the configuration of IOS Server Load Balancing (IOS SLB) IP replication. |
|
show ip slb vservers |
Displays information about the virtual servers defined to IOS Server Load Balancing (IOS SLB). |
replicate interval (virtual server)
To set the replication delivery interval for an IOS Server Load Balancing (IOS SLB) virtual server, use the replicate interval command in virtual server configuration mode. To restore the default interval, use the no form of this command.
Syntax Description
|
interval |
Maximum replication delivery interval, in seconds. Replication updates are sent to the peer device (CASA or slave) when the interval expires, or when the send buffer (1500 bytes) is full. The valid range is 1 to 300 seconds. The default value is 10 seconds. |
Command History
|
Release |
Modification |
|---|---|
|
12.2(14)ZA5 |
This command was introduced. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
Usage Guidelines
General packet radio service (GPRS) load balancing without GPRS Tunneling Protocol (GTP) cause code inspection enabled does not support the replicate intervalcommand in virtual server configuration mode.
The Home Agent Director does not support the replicate intervalcommand in virtual server configuration mode.
Examples
The following example configures a replication interval of 20 seconds:
Router(config)# ip slb vserver VS1 Router(config-slb-vserver)# replicate interval 20
Related Commands
|
Command |
Description |
|---|---|
|
ip slb replicate slave rate |
Sets the replication message rate for IOS Server Load Balancing (IOS SLB) slave replication. |
|
replicate casa (virtual server) |
Configures a stateful backup of IOS Server Load Balancing (IOS SLB) decision tables to a backup switch |
|
replicate slave (virtual server) |
Enables stateful backup of redundant route processors for an IOS Server Load Balancing (IOS SLB) virtual server. |
|
show ip slb replicate |
Displays the configuration of IOS Server Load Balancing (IOS SLB) IP replication. |
|
show ip slb vserver |
Displays information about the virtual servers defined to IOS Server Load Balancing (IOS SLB). |
replicate slave (firewall farm)
To enable stateful backup of redundant route processors for an IOS Server Load Balancing (IOS SLB) firewall farm, if the slave device is present, use the replicate slavecommand in firewall farm configuration mode. To disable stateful backup of redundant route processors, use the no form of this command.
Command History
|
Release |
Modification |
|---|---|
|
12.2(14)ZA5 |
This command was introduced. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
Usage Guidelines
General packet radio service (GPRS) load balancing without GPRS Tunneling Protocol (GTP) cause code inspection enabled does not support the replicate slavecommand in firewall farm configuration mode.
The Home Agent Director does not support the replicate slavecommand in firewall farm configuration mode.
Examples
The following example enables stateful backup of redundant route processors:
Router(config)# ip slb firewallfarm FIRE1 Router(config-slb-fw)# replicate slave
Related Commands
|
Command |
Description |
|---|---|
|
ip slb replicate slave rate |
Sets the replication message rate for IOS SLB slave replication. |
|
replicate casa (firewall farm) |
Configures a stateful backup of IOS SLB decision tables to a backup switch |
|
replicate interval (firewall farm) |
Sets the replication delivery interval for an IOS SLB firewall farm. |
|
show ip slb replicate |
Displays the configuration of IOS SLB IP replication. |
|
show ip slb vservers |
Displays information about the virtual servers defined to IOS SLB. |
replicate slave (virtual server)
To enable stateful backup of redundant route processors for an IOS Server Load Balancing (IOS SLB) virtual server, if the slave device is present, use the replicate slave command in virtual server configuration mode. To disable stateful backup of redundant route processors, use the no form of this command.
Command History
|
Release |
Modification |
|---|---|
|
12.2(14)ZA5 |
This command was introduced. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
Usage Guidelines
General packet radio service (GPRS) load balancing without GPRS Tunneling Protocol (GTP) cause code inspection enabled does not support the replicate slavecommand in virtual server configuration mode.
The Home Agent Director does not support the replicate slavecommand in virtual server configuration mode.
If you are using a single Supervisor with replicate slave configured, you might receive out-of-sync messages on the Supervisor.
Examples
The following example enables stateful backup of redundant route processors:
Router(config)# ip slb vserver VS1 Router(config-slb-vserver)# replicate slave
Related Commands
|
Command |
Description |
|---|---|
|
ip slb replicate slave rate |
Sets the replication message rate for IOS SLB slave replication. |
|
replicate casa (virtual server) |
Configures a stateful backup of IOS SLB decision tables to a backup switch |
|
replicate interval (virtual server) |
Sets the replication delivery interval for an IOS SLB virtual server. |
|
show ip slb replicate |
Displays the configuration of IOS SLB IP replication. |
|
show ip slb vservers |
Displays information about the virtual servers defined to IOS SLB. |
request (custom UDP probe)
To define the payload of the User Datagram Protocol (UDP) request packet to be sent by a custom UDP probe, use the requestcommand in custom UDP probe configuration mode.
Syntax Description
|
data start-byte |
Identifies the payload offset at which the hex-data-stringis to be placed into the packet. |
|
data continue |
String of characters represented by the hex-data-stringargument is to be placed after the last defined byte in the request packet. |
|
hex-data-string |
Payload of the UDP request packet, up to 100 bytes of data in hexadecimal format. |
Command History
|
Release |
Modification |
|---|---|
|
12.1(13)E3 |
This command was introduced. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
Examples
The following example generates custom UDP probe PROBE6, with the specified 119-byte UDP payload.
Router(config)# ip slb probe PROBE6 custom UDP Router(config-slb-probe)# request data 0 05 04 00 77 18 2A D6 CD 0A AD 53 4D F1 29 29 CF C1 96 59 CB Router(config-slb-probe)# request data 20 01 07 63 68 72 69 73 28 06 00 00 00 01 2C 0A 30 30 30 30 30 Router(config-slb-probe)# request data 40 30 30 42 07 06 00 00 00 07 1E 10 63 75 66 66 2E 63 69 73 63 Router(config-slb-probe)# request data 60 6F 2E 63 6F 6D 1F 0C 39 31 39 33 39 32 39 31 36 39 08 06 0A Router(config-slb-probe)# request data 80 0A 01 01 2D 06 00 00 00 01 3D 06 00 00 00 05 05 06 00 00 00 Router(config-slb-probe)# request data 100 00 06 06 00 00 00 02 04 06 0A 0A 18 0A 29 06 00 00 00 00
request (HTTP probe)
To configure an HTTP probe to check the status of the real servers, use the requestcommand in HTTP probe configuration mode. To remove a requestconfiguration, use the no form of this command.
Syntax Description
|
method |
(Optional) Configures the way the data is requested from the server. |
|
get |
Configures the Get method to request data from the server. |
|
post |
Configures the Post method to request data from the server. |
|
head |
Configures the header data type to request data from the server. |
|
name name |
Configures the name string of the data to send to the servers to request data. The character string is limited to 15 characters. |
|
url path |
(Optional) Configures the path from the server. |
Command History
|
Release |
Modification |
|---|---|
|
12.1(2)E |
This command was introduced. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
Usage Guidelines
The request command configures the Cisco IOS Server Load Balancing (Cisco IOS SLB) HTTP probe method used to receive data from the server. Only one Cisco IOS SLB HTTP probe can be configured for each server farm.
If no values are configured following the method keyword, the default is Get.
If no URL path is set to the server, the default is /.
Examples
The following example configures an IOS SLB HTTP probe named PROBE2, enters HTTP probe configuration mode, and configures HTTP requests to use the post method and the URL /probe.cgi?all:
Router(config)# ip slb probe PROBE2 http Router(config-slb-probe)# request method post url /probe.cgi?all
response
To define the data string to match against custom User Datagram Protocol (UDP) probe response packets, use the responsecommand in custom UDP probe configuration mode.
Syntax Description
|
clause-number |
Identifies the response clause that is being modified. Up to 8 response clauses can be specified, on individual response commands. |
|
data start-byte |
Byte in the UDP response packet at which the hex-data-stringis to be matched. |
|
hex-data-string |
Up to 100 bytes of data, in hexadecimal format, that is to be matched against the UDP response packet payload. If the data does not match, the probe fails. |
Command History
|
Release |
Modification |
|---|---|
|
12.1(13)E3 |
This command was introduced. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
Usage Guidelines
You can enter up to 8 individual response commands, to parse up to 8 non-contiguous bytes of data.
Examples
In the following example, if the 26th and 27th bytes of the response from PROBE6 are not FF FF , and the 44th and 45th bytes are not DD DD , the probe fails.
Router(config)# ip slb probe PROBE6 custom UDP Router(config-slb-probe)# response 1 data 26 FF FF Router(config-slb-probe)# response 2 data 44 DD DD
retry (real server)
To specify how long to wait before a new connection is attempted to a failed server, use the retry command in SLB real server configuration mode. To restore the default retry value, use the no form of this command.
Syntax Description
|
retry-value |
Time, in seconds, to wait after the detection of a server failure before a new connection to the server is attempted. If the new connection attempt succeeds, the real server is placed in OPERATIONAL state. If the connection attempt fails, the timer is reset, the connection is reassigned, and the process repeats until it is successful or until the server is placed in the OUTOFSERVICE state by the network administrator. Valid values range from 1 to 3600. The default value is 60 seconds. A value of 0 means do not attempt a new connection to the server when it fails. |
Command History
|
Release |
Modification |
|---|---|
|
12.0(7)XE |
This command was introduced. |
|
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
|
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
Examples
The following example specifies that 120 seconds must elapse after the detection of a server failure before a new connection is attempted:
Router(config)# ip slb serverfarm PUBLIC Router(config-slb-sfarm)# real 10.10.1.1 Router(config-slb-real)# retry 120
Related Commands
|
Command |
Description |
|---|---|
|
real (server farm) |
Identifies a real server by IP address and optional port number as a member of a server farm and enters real server configuration mode. |
|
show ip slb reals |
Displays information about the real servers. |
|
show ip slb serverfarms |
Displays information about the server farm configuration. |
serverfarm
To associate an IPv4 server farm with a virtual server, and optionally configure an IPv4 backup server farm, an IPv6 server farm and backup server farm, and specify that sticky connections are to be used in the IPv4 backup server farm, use the serverfarm command in SLB virtual server configuration mode. To remove the server farm association from the virtual server configuration, use the no form of this command.
Syntax Description
|
primary-farm |
Name of a primary server farm that has already been defined using the ip slb serverfarmcommand.
|
|
backup backup-farm |
(Optional) Name of a backup server farm that has already been defined using the ip slb serverfarmcommand.
|
|
sticky |
(Optional) Specifies that sticky connections are to be used in the backup server farm. |
|
ipv6-primary ipv6-primary-farm |
(Optional) For dual-stack, name of the primary IPv6 server farm that has already been defined using the ip slb serverfarmcommand. |
|
ipv6-backup ipv6-backup-farm |
(Optional) For dual-stack, name of the backup IPv6 server farm that has already been defined using the ip slb serverfarmcommand. |
|
map map-id priority priority |
(Optional) Associates an IOS SLB GPRS Tunneling Protocol (GTP) or RADIUS map with the server farm for general packet radio service (GPRS) or RADIUS load balancing. The map ID identifies a specific map that has already been defined using the ip slb map command. The priority specifies the order of preference of the specified map. A lower number indicates a higher priority. The range of priorities is 1 to 255. Priorities for different maps do not have to be contiguous. That is, you can have three maps with priorities 1, 5, and 10, respectively. When IOS SLB searches for a match, it does so on the basis of both the map ID and the map priority. Each map ID and each map priority must be unique across all server farms associated with the virtual server. That is, you cannot configure more than one map with the same ID or priority. |
Command Default
No real server farm is associated with a virtual server. If backup backup-farm is not specified, no IPv4 backup server farm is configured. If backup backup-farm is specified but the sticky keyword is not specified, sticky connections are not used in the IPv4 backup server farm. If ipv6-primary ipv6-primary-farm is not specified, no dual-stack backup server farm is configured. If ipv6-backup ipv6-backup-farm is not specified, no dual-stack backup server farm is configured.
Command History
|
Release |
Modification |
|---|---|
|
12.0(7)XE |
This command was introduced. |
|
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
|
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
|
12.1(8a)E |
The backup and sticky keywords and the backup-farm argument were added. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRB |
The map and priority keywords and the map-id and priorityarguments were added. |
|
15.0(1)S |
The ipv6-primaryand ipv6-backupkeywords and the ipv6-primary-farmand ipv6-backup-farm arguments were added. |
Usage Guidelines
RADIUS load balancing and the Home Agent Director do not support the sticky keyword.
You can associate more than one server farm with a given virtual server by configuring more than one serverfarm command, each with a unique map ID and a unique priority. (That is, each map ID and each map priority must be unique across all server farms associated with the virtual server.)
For GPRS load balancing, if a real server is defined in two or more server farms, each server farm must be associated with a different virtual server.
IOS SLB supports dual-stack addresses for GTP load balancing only.
All IPv4 or IPv6 server farms that are associated with the same virtual server must have the same NAT configuration.
If you associate a primary server farm with a backup server farm, then all of the server farm maps that use that primary server farm must also be configured to use that same backup serverfarm. You cannot configure a server farm map that uses that primary server farm and no backup server farm.
- For example, if you configure primary server farm SF1 with backup server farm SF2, then all of the server farm maps that are configured with SF1 as the primary serverfarm must also be configured with SF2 as the backup serverfarm, as follows:
ip slb vserver RADIUS virtual 2.2.2.2 udp 0 service radius serverfarm SF1 backup SF2 map 1 priority 1 serverfarm SF1 backup SF2 inservice
- Furthermore, if you configure primary server farm SF1 with backup server farm SF2, you cannot then configure a server farm map to use SF1 as the primary server farm with no backup server farm. That is, the following is not allowed:
ip slb vserver RADIUS virtual 2.2.2.2 udp 0 service radius serverfarm SF1 map 1 priority 1 serverfarm SF1 backup SF2 inservice
- The backup server farm associated with an IOS SLB protocol map cannot be associated as a backup server farm with any other map in a given virtual server.
Examples
The following example shows how the ip slb vserver, virtual, and serverfarm commands are used to associate the real server farm named PUBLIC with the virtual server named PUBLIC_HTTP.
Router(config)# ip slb vserver PUBLIC_HTTP Router(config-slb-vserver)# virtual 10.0.0.1 tcp www Router(config-slb-vserver)# serverfarm PUBLIC
show fm slb counters
To display information about the Feature Manager (FM) IOS Server Load Balancing (IOS SLB) counters, use the show fm slb counterscommand in privileged EXEC mode.
Examples
The following sample output from the show fm slb counterscommand shows counter information for virtual server 10.11.11.11:
Router# show fm slb counters
FM SLB Purge Counters:
Global Purges: 0
TCP Purges: 0
UDP Purges: 0
Virtual Purges: 0
Flow Purges: 0
FM SLB Netflow Install Counters
[Slot 6 ] Install Request Sent 3
The table below describes the fields shown in the display.
|
Field |
Description |
|---|---|
|
Global Purges |
Number of global purges sent by FM IOS SLB. |
|
TCP Purges |
Number of TCP purges sent by FM IOS SLB. |
|
UDP Purges |
Number of UDP purges sent by FM IOS SLB. |
|
Virtual Purges |
Number of virtual purges sent by FM IOS SLB. |
|
Flow Purges |
Number of flow purges sent by FM IOS SLB. |
|
Install Request Sent |
Number of install requests sent by IOS SLB. |
show ip dfp
To display information about Dynamic Feedback Protocol (DFP) agents and their subsystems, use the show ip dfp command inprivilegedEXEC mode.
Command Default
If no options are specified, the command displays output for all DFP agents identified by ip dfp agentcommands, regardless of whether those agents are currently in service (Inservice: yes) or active (AppActive: yes).
Usage Guidelines
Detailed output for the show ip dfp command includes information about all DFP agents configured with ip slb agent commands, regardless of whether those agents are currently in service.
Examples
The following example shows basic information for DFP agent slb:
Router# show ip dfp agent slb
Unexpected errors: 0
DFP Agent for service: SLB
Port: 666 Interval: 10
Current passwd: <none> Pending passwd: <none>
Passwd timeout: 0
Inservice: yes AppActive: yes
Manager IP Address Timeout
------------------ -------
172.16.45.27 0
The following example shows detailed information for DFP agent slb:
Router# show ip dfp agent slb detail
Unexpected errors: 0
DFP Agent for service: SLB
Port: 666 Interval: 10
Current passwd: <none> Pending passwd: <none>
Passwd timeout: 0
Inservice: yes AppActive: yes
Manager IP Address Timeout
------------------ -------
172.16.45.27 0
Weight Table Report for Agent SLB
Weights for Port: 80 Protocol: TCP
IP Address Bind ID Weight
--------------- ------- -------
10.1.1.1 0 65535
Weights for Port: 0 (wildcard) Protocol: 0 (wildcard)
IP Address Bind ID Weight
--------------- ------- -------
10.0.0.0 65534 0
Bind ID Table Report for Agent SLB
Bind IDs for Port: 80 Protocol: TCP
Bind ID Client IP Client Mask
------- --------------- ---------------
0 10.0.0.0 0.0.0.0
The table below describes the fields shown in the display.
|
Field |
Description |
|---|---|
|
Port |
TCP port number of the agent. |
|
Interval |
Number of seconds to wait before recalculating weights. |
|
Current passwd |
Current DFP password for Message Digest Algorithm Version 5 (MD5) authentication. |
|
Pending passwd |
Pending new DFP password for MD5 authentication. |
|
Passwd timeout |
Delay period, in seconds, during which both the current password and the new password are accepted. |
|
Inservice |
Indicates whether the DFP agent is enabled for communication with a DFP manager. |
|
AppActive |
Indicates whether the DFP agent is active. |
|
Manager IP Address |
IP address of the manager to which weights are being sent. |
|
Timeout |
Time period, in seconds, during which the DFP manager must receive an update from the DFP agent. A value of 0 means there is no timeout. |
|
Weights for Port |
Port for which the following weights are reported. 0 indicates a wildcard value. |
|
Protocol |
Protocol used for the port. 0 indicates a wildcard value. |
|
IP Address |
IP address for which weight is reported. |
|
Bind ID |
Bind ID associated with the IP address. |
|
Weight |
Weight calculated for the IP address. |
|
Bind IDs for Port |
Port for which the following bind IDs are reported. |
|
Protocol |
Protocol used for the port. |
|
Bind ID |
Bind ID of this instance of the real server. |
|
Client IP |
IP address of client using the virtual server. |
|
Client Mask |
IP network mask of client using the virtual server. |
show ip slb conns
To display the active IOS Server Load Balancing (IOS SLB) connections (or sessions, in GPRS load balancing and the Home Agent Director), use the show ip slb connscommand in privileged EXEC mode.
Syntax Description
|
vserver virtual-server |
(Optional) Displays only those connections (or sessions, in GPRS load balancing and the Home Agent Director) associated with the specified virtual server. |
|
client ip-address |
(Optional) Displays only those connections (or sessions, in GPRS load balancing and the Home Agent Director) associated with the specified client IP address. |
|
firewall firewall-farm |
(Optional) Displays only those connections (or sessions, in GPRS load balancing and the Home Agent Director) associated with the specified firewall farm. |
|
detail |
(Optional) Displays detailed information about the connection (or session, in GPRS load balancing and the Home Agent Director). |
Command History
|
Release |
Modification |
|---|---|
|
12.0(7)XE |
This command was introduced. |
|
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
|
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
|
12.1(7)E |
The firewall keyword and firewall-farm argument were added. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
Usage Guidelines
If no options are specified, the command displays output for all active IOS SLB connections (or sessions, in GPRS load balancing and the Home Agent Director).
Examples
The following is sample output from the show ip slb conns command:
Router# show ip slb conns
vserver prot client real state
----------------------------------------------------------------------------
TEST TCP 10.150.72.183:328 10.80.90.25:80 INIT
TEST TCP 10.250.167.226:423 10.80.90.26:80 INIT
TEST TCP 10.234.60.239:317 10.80.90.26:80 ESTAB
TEST TCP 10.110.233.96:747 10.80.90.26:80 ESTAB
TEST TCP 10.162.0.201:770 10.80.90.30:80 CLOSING
TEST TCP 10.22.225.219:995 10.80.90.26:80 CLOSING
TEST TCP 10.2.170.148:169 10.80.90.30:80 ZOMBIE
The table below describes the fields shown in the display.
|
Field |
Description |
|---|---|
|
vserver |
Name of the virtual server associated with the connection (or session, in GPRS load balancing and the Home Agent Director). |
|
prot |
Protocol being used by the connection (or session, in GPRS load balancing and the Home Agent Director). |
|
client |
Client IP address associated with the connection (or session, in GPRS load balancing and the Home Agent Director). |
|
real |
Real server IP address associated with the connection (or session, in GPRS load balancing and the Home Agent Director). |
|
state |
Current state of the connection (or session, in GPRS load balancing and the Home Agent Director). |
show ip slb dfp
To display Dynamic Feedback Protocol (DFP) manager and agent information, such as passwords, timeouts, retry counts, and weights, use the show ip slb dfpcommand in privileged EXEC mode.
Syntax Description
|
agent |
(Optional) Displays information about an agent. |
|
agent-ip |
(Optional) Agent IP address. |
|
port |
(Optional) Agent TCP or User Datagram Protocol (UDP) port number. |
|
manager |
(Optional) Displays information about the specified manager. |
|
manager-ip |
(Optional) Manager IP address. |
|
detail |
(Optional) Displays all data available. |
|
weights |
(Optional) Displays information about weights assigned to real servers for load balancing. |
Command History
|
Release |
Modification |
|---|---|
|
12.0(7)XE |
This command was introduced. |
|
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
|
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
|
12.1(5a)E |
The manager keyword and manager-ip argument were added. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
Examples
The following sample output from the show ip slb dfp command displays high-level information about all DFP agents and managers:
Router# show ip slb dfp
DFP Manager:
Current passwd:NONE Pending passwd:NONE
Passwd timeout:0 sec
Agent IP Port Timeout Retry Count Interval
---------------------------------------------------------------
172.16.2.34 61936 0 0 180 (Default)
The table below describes the fields shown in the display.
|
Field |
Description |
|---|---|
|
DFP Manager |
Indicates that the following information applies to the DFP manager. |
|
Current passwd |
Current password for the DFP manager, if any. |
|
Pending passwd |
Pending password for the DFP manager, if any. |
|
Passwd timeout |
For the DFP manager, delay period, in seconds, during which both the current password and the pending password are accepted. |
|
Agent IP |
IP address of the agent about which information is being displayed. |
|
Port |
TCP or UDP port number of the agent. The valid range is 1 to 65535. |
|
Timeout |
Time period, in seconds, during which the DFP manager must receive an update from the DFP agent. A value of 0 means there is no timeout. |
|
Retry Count |
Number of times the DFP manager attempts to establish the TCP connection to the DFP agent. A value of 0 means there are infinite retries. |
|
Interval |
Interval, in seconds, between retries. |
The following example displays detailed information about DFP agents and managers:
Router# show ip slb dfp detail
DFP Manager
Current passwd <none> Pending passwd <none>
Passwd timeout 0 sec
Unexpected errors 0
% No DFP Agents configured
The table below describes the fields shown in the display.
|
Field |
Description |
|---|---|
|
DFP Manager |
Indicates that the following information applies to the DFP manager. |
|
Current passwd |
Current DFP password for MD5 authentication. |
|
Pending passwd |
Pending new DFP password for MD5 authentication. |
|
Passwd timeout |
Delay period, in seconds, during which both the current password and the pending password are accepted. |
|
Unexpected errors |
Number of unexpected errors encountered by the DFP manager. |
|
No DFP Agents configured |
Indicates that there are no DFP agents associated with the DFP manager. |
The following example displays detailed information about DFP manager 10.0.0.0:
Router# show ip slb dfp manager 10.0.0.0
DFP Manager 10.0.0.0 Connection state Connected
Timeout = 20
Last message sent 033537 UTC 01/02/00
The table below describes the fields shown in the display.
|
Field |
Description |
|---|---|
|
DFP Manager |
Indicates that the following information applies to the DFP manager. |
|
Connection state |
Current connection state of the DFP manager. |
|
Timeout |
Time period, in seconds, during which the DFP manager must receive an update from the DFP agent. A value of 0 means there is no timeout. |
|
Last message sent |
Date and time of the last message sent by the DFP manager. |
The following example displays detailed information about weights assigned to real servers for load balancing:
Router# show ip slb dfp weights
Real IP Address 10.0.10.10 Protocol TCP Port 22 Bind_ID 111 Weight 111
Set by Agent 172.16.2.3458490 at 132241 UTC 12/03/99
Real IP Address 10.17.17.17 Protocol TCP Port www Bind_ID 1 Weight 1
Set by Agent 172.16.2.3458490 at 132241 UTC 12/03/99
Real IP Address 10.68.68.68 Protocol TCP Port www Bind_ID 4 Weight 4
Set by Agent 172.16.2.3458490 at 132241 UTC 12/03/99
Real IP Address 10.85.85.85 Protocol TCP Port www Bind_ID 5 Weight 5
Set by Agent 172.16.2.3458490 at 132241 UTC 12/03/99
The table below describes the fields shown in the display.
|
Field |
Description |
|---|---|
|
Real IP Address |
IP address of the real server for which weight is reported. |
|
Protocol |
Protocol used for the port. |
|
Port |
Port for which the following bind ID is being reported. |
|
Bind_ID |
Bind ID of this instance of the real server. |
|
Weight |
Weight calculated for the real IP address. |
|
Set by Agent |
Agent that set the weight, and the date and time the weight was set. |
show ip slb firewallfarm
To display firewall farm information, use the show ip slb firewallfarmcommand in privileged EXEC mode.
Examples
The following is sample output from the show ip slb firewallfarmcommand:
Router# show ip slb firewallfarm
firewall farm hash state reals
------------------------------------------------
FIRE1 IPADDR OPERATIONAL 2
The table below describes the fields shown in the display.
|
Field |
Description |
|---|---|
|
firewall farm |
Name of the firewall farm. |
|
hash |
Load-balancing algorithm used to select a firewall for the firewall farm:
See the predictor hash address (firewall farm)command for more details. |
|
state |
Current state of the firewall farm: |
|
reals |
Number of firewalls that are members of the firewall farm. |
show ip slb fragments
To display information from the Cisco IOS Server Load Balancing (IOS SLB) fragment database, use the show ip slb fragmentscommand in privileged EXEC mode.
Examples
The following sample output from the show ip slb fragmentscommand shows fragment information for virtual server 10.11.11.11:
Router# show ip slb fragments
ip src id forward src nat dst nat
---------------------------------------------------------------------
10.11.2.128 12 10.11.2.128 10.11.11.11 10.11.2.128
10.11.2.128 13 10.11.2.128 10.11.11.11 10.11.2.128
10.11.2.128 14 10.11.2.128 10.11.11.11 10.11.2.128
10.11.2.128 15 10.11.2.128 10.11.11.11 10.11.2.128
10.11.2.128 16 10.11.2.128 10.11.11.11 10.11.2.128
The table below describes the fields shown in the display.
|
Field |
Description |
|---|---|
|
ip src |
Source IP address of the fragment. |
|
id |
IP ID of the fragment, set by the packet originator. |
|
forward |
IP address to which the fragment is being forwarded. |
|
src nat |
If using Network Address Translation (NAT), new source IP address after NAT. |
|
dst nat |
If using NAT, new destination IP address after NAT. |
show ip slb gtp
To display IOS Server Load Balancing (IOS SLB) general packet radio service (GPRS) Tunneling Protocol (GTP) information, use the show ip slb gtpcommand in privileged EXEC mode.
Syntax Description
|
gsn |
(Optional) Displays IOS SLB database information for the specified gateway GPRS support node (GGSN) or serving GPRS support node (SGSN). |
|
gsn-ip-address |
(Optional) IP address of the GGSN or SGSN for which information is to be displayed. If you do not specify a gsn-ip-address, IOS SLB displays information for all GGSNs and SGSNs. |
|
nsapi |
(Optional) Displays IOS SLB database information for the specified Network Service Access Point Identifier (NSAPI). |
|
nsapi-key |
(Optional) Key of the NSAPI for which information is to be displayed. If you do not specify an nsapi-key, IOS SLB displays information for all NSAPIs. |
|
detail |
(Optional) Displays additional, more detailed information. |
Command Default
If you specify gsn and you do not specify a gsn-ip-address, IOS SLB displays information for all GGSNs and SGSNs. If you specify nsapi and you do not specify an nsapi-key, IOS SLB displays information for all NSAPIs.
Examples
The following is sample output from the show ip slb gtp gsncommand for a specific GGSN or SGSN:
Router# show ip slb gtp gsn 10.0.0.0
type ip recovery-ie purging
------------------------------------------
SGSN 10.0.0.0 UNKNOWN N
The table below describes the fields shown in the display.
|
Field |
Description |
|---|---|
|
type |
Type of GSN (either GGSN or SGSN). |
|
ip |
IP address of the GGSN or SGSN. |
|
recovery-ie |
Last seen recovery IE for this GGSN or SGSN. |
|
purging |
Indicates whether Packet Data Protocol (PDP) contexts belonging to this GGSN or SGSN are being purged as a result of path failure: |
The following is sample output from the show ip slb gtp nsapicommand:
Router# show ip slb gtp nsapi
nsapi key real nsapi count session count
-----------------------------------------------------------------
11111111111111F1 172.16.0.0 1 1
The following is sample output from the show ip slb gtp nsapicommand for a specific NSAPI key:
Router# show ip slb gtp nsapi 11111111111111F1
nsapi key real nsapi count session count
-----------------------------------------------------------------
11111111111111F1 172.16.0.0 1 1
The table below describes the fields shown in the display.
|
Field |
Description |
|---|---|
|
nsapi key |
Key for the session. This is the IMSI. |
|
real |
Real server to which the session is assigned. |
|
nsapi count |
Number of NSAPIs bound to the session. This is the number of PDP contexts (mobile sessions) on the GGSN associated with the IMSI. |
|
session count |
Number of sessions to which the NSAPI is currently bound. Normally, the NSAPI is bound to one session, but it is bound to two sessions in transition during an update. |
The following is sample output from the show ip slb gtp nsapi detailcommand:
Router# show ip slb gtp nsapi detail
IMSI key = 11111111111111F1, real = 172.16.0.1, nsapi count = 1, session count = 1
no vserver key client state seq
---------------------------------------------------------------------------
5 SERVER1 0009E8810009E881 10.0.0.0:2123 GTP_INIT 0
The table below describes the fields shown in the display.
|
Field |
Description |
|---|---|
|
IMSI key |
IMSI key for the session. |
|
real |
Real server to which the session is assigned. |
|
nsapi count |
Number of NSAPIs bound to the session. This is the number of PDP contexts (mobile sessions) on the GGSN associated with this IMSI. |
|
session count |
Number of sessions to which the NSAPI is currently bound. Normally, the NSAPI is bound to one session, but it is bound to two sessions in transition during an update. |
|
no |
NSAPI number. |
|
vserver |
Name of the virtual server. |
|
key |
Session key. |
|
client |
SGSN IP address and port number. |
|
state |
State of the session. Possible states are: |
|
seq |
Sequence number in the last delete request. |
show ip slb map
To display information about IOS SLB protocol maps, use the show ip slb mapcommand in privilegedEXEC mode.
Examples
The following is sample output from the show ip slb mapcommand:
Router# show ip slb map
ID: 1, Service: GTP
APN: Cisco.com, yahoo.com
PLMN ID(s): 11122, 444353
SGSN access list: 100
ID: 2, Service: GTP
PLMN ID(s): 67523, 345222
PDP Type: IPv4, PPP
ID: 3, Service: GTP
PDP Type: IPv6
ID: 4, Service: RADIUS
Calling-station-id: â?919*â
ID: 5, Service: RADIUS
Username: â..778cisco.*â
The table below describes the fields shown in the display.
|
Field |
Description |
|---|---|
|
ID |
Identifier of the map about which information is being displayed. Information about each map is displayed on a separate line. |
|
Service |
Protocol associated with the map. Valid protocols are: |
|
APN |
One or more access point names (APNs) associated with the GTP map |
|
PLMN ID(s) |
One or more public land mobile networks (PLMNs) associated with the GTP map. |
|
SGSN access list |
Serving GPRS Support Node (SGSN) access list associated with the GTP map. |
|
PDP Type |
One or more packet data protocol (PDP) types associated with the GTP map. |
|
Calling-station-id |
String to be matched against the calling station ID attribute in the RADIUS payload. |
|
Username |
String to be matched against the username attribute in the RADIUS payload. |
show ip slb natpool
To display the IP Cisco IOS Server Load Balancing (IOS SLB) Network Address Translation (NAT) configuration, use the show ip slb natpoolcommand in privileged EXEC mode.
Examples
The following is sample output from the default show ip slb natpoolcommand:
Router# show ip slb natpool
nat client B 209.165.200.225 1.1.1.6 1.1.1.8 Netmask 255.255.255.0
nat client A 10.1.1.1 1.1.1.5 Netmask 255.255.255.0
The following is sample output from the show ip slb natpoolcommand with the detail keyword:
Router# show ip slb natpool detail
nat client A 1.1.1.1 1.1.1.5 Netmask 255.255.255.0
Start NAT Last NAT Count ALLOC/FREE
-------------------------------------------------------
10.1.1.1:11001 10.1.1.1:16333 0005333 ALLOC
10.1.1.1:16334 10.1.1.1:19000 0002667 ALLOC
10.1.1.1:19001 10.1.1.5:65535 0264675 FREE
nat client B 1.1.1.6 1.1.1.8 Netmask 255.255.255.0
Start NAT Last NAT Count ALLOC/FREE
-------------------------------------------------------
10.1.1.6:11001 10.1.1.6:16333 0005333 ALLOC
10.1.1.6:16334 10.1.1.6:19000 0002667 ALLOC
10.1.1.6:19001 10.1.1.8:65535 0155605 FREE
The table below describes the fields shown in the display.
|
Field |
Description |
|---|---|
|
Start NAT |
Starting NAT address in a range of addresses in the client NAT pool. |
|
Last NAT |
Last NAT address in a range of addresses in the client NAT pool. |
|
Count |
Number of NAT addresses in the range. |
|
ALLOC/FREE |
Indicates whether the range of NAT addresses has been allocated or is free. |
show ip slb probe
To display information about a Cisco IOS Server Load Balancing (IOS SLB) probe, use the show ip slb probecommand in privileged EXEC mode.
Examples
The following is sample output from the show ip slb probecommand:
Router# show ip slb probe
Server:Port State Outages Current Cumulative
----------------------------------------------------------------
10.10.4.1:0 OPERATIONAL 0 never 00:00:00
10.10.5.1:0 FAILED 1 00:00:06 00:00:06
The table below describes the fields shown in the display.
|
Field |
Description |
|---|---|
|
Server:Port |
IP address and port of the real server. |
|
State |
Operational state of the probe:
For a detailed listing of real server states, see the show ip slb realscommand. |
|
Outages |
Number of intervals between successful probes. |
|
Current |
Time since the last probe success. That is, the duration (so far) of the current outage. |
|
Cumulative |
Total time the real server has been under test by the probe and has failed the probe test. This value is the sum of the Current time plus the total time of all previous outages. |
show ip slb reals
To display information about the real servers, use the show ip slb realscommand in privileged EXEC mode.
Command History
|
Release |
Modification |
|---|---|
|
12.0(7)XE |
This command was introduced. |
|
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
|
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
|
12.1(13)E |
The vserver keyword and virtual-serverargument were replaced with the sfarm keyword and server-farm argument. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
|
12.2(33)SRC |
The output for the detail keyword for a real server in a server farm was updated to display the configured maximum number of connections allowed (rate). |
|
15.0(1)S |
The output for the detail keyword for a real server in a server farm was updated to display the real server's IPv4, IPv6, or dual-stack address. |
Usage Guidelines
If no options are specified, the command displays information about all real servers.
In a configuration with stateful backup, if a probe changes state at the same time that the primary IOS SLB device fails over to the backup IOS SLB device, the output from the show ip slb reals command for the backup device displays the state of the probe before the failover, not the actual current state.
Examples
The following is sample output from the show ip slb realscommand:
Router# show ip slb reals
real farm name weight state conns
--------------------------------------------------------------------
10.80.2.112 FRAG 8 OUTOFSERVICE 0
10.80.5.232 FRAG 8 OPERATIONAL 0
10.80.15.124 FRAG 8 OUTOFSERVICE 0
10.254.2.2 FRAG 8 OUTOFSERVICE 0
10.80.15.124 LINUX 8 OPERATIONAL 0
10.80.15.125 LINUX 8 OPERATIONAL 0
10.80.15.126 LINUX 8 OPERATIONAL 0
10.80.90.25 SRE 8 OPERATIONAL 220
10.80.90.26 SRE 8 OPERATIONAL 216
10.80.90.27 SRE 8 OPERATIONAL 216
10.80.90.28 SRE 8 TESTING 1
10.80.90.29 SRE 8 OPERATIONAL 221
10.80.90.30 SRE 8 OPERATIONAL 224
10.80.30.3 TEST 100 READY_TO_TEST 0
10.80.30.4 TEST 100 READY_TO_TEST 0
10.80.30.5 TEST 100 READY_TO_TEST 0
10.80.30.6 TEST 100 READY_TO_TEST 0
The table below describes the fields shown in the display.
|
Field |
Description |
|---|---|
|
real |
IP address of the real server about which information is being displayed. Used to identify each real server. Information about each real server is displayed on a separate line. |
|
farm name |
Name of the server farm or firewall farm with which the real server is associated. |
|
weight |
Weight assigned to the real server. The weight identifies the real serverâs capacity, relative to other real servers in the server farm. |
|
state |
Current state of the real server.
|
|
|
|
conns |
Number of connections associated with the real server. In general packet radio service (GPRS) load balancing, number of sessions associated with the real server. In per-packet server load balancing, number of request packets that have been load balanced to each real server, using the connection count. |
The following is sample output from the show ip slb reals detailcommand for a dual-stack real server in a server farm:
Router# show ip slb reals detail
172.16.88.5, SF1, state = OPERATIONAL, type = server
ipv6 = 2342:2342:2343:FF04:2388:BB03:3223:8912
conns = 0, dummy_conns = 0, maxconns = 4294967295
weight = 8, weight(admin) = 8, metric = 0, remainder = 0
reassign = 3, retry = 60
failconn threshold = 8, failconn count = 0
failclient threshold = 2, failclient count = 0
total conns established = 0, total conn failures = 0
server failures = 0
The following is sample output from the show ip slb reals detailcommand for a real server in a firewall farm:
Router# show ip slb reals detail
10.10.3.2, F, state = OPERATIONAL, type = firewall
conns = 0, dummy_conns = 0, maxconns = 4294967295
weight = 8, weight(admin) = 8, metric = 0, remainder = 0
total conns established = 8377, hash count = 0
server failures = 0
interface FastEthernet1/0, MAC 0000.0c41.1063
The table below describes the fields shown in the above detail displays.
|
Field |
Description |
|---|---|
|
IPv4 or IPv6 address |
IPv4 or IPv6 address of the real server about which information is being displayed. Used to identify each real server. Information about each real server is displayed on a separate line. |
|
farm name |
Name of the server farm or firewall farm with which the real server is associated. |
|
state |
Current state of the real server.
|
|
type |
Indicates whether the real server is associated with a server farm (server) or firewall farm (firewall). |
|
ipv6 |
IPv6 address of the real server about which information is being displayed, if dual-stack. |
|
conns |
Number of connections associated with the real server. In general packet radio service (GPRS) load balancing, number of sessions associated with the real server. In per-packet server load balancing, number of request packets that have been load balanced to each real server, using the connection count. |
|
dummy_conns |
Internal counter used in debugging. |
|
maxconns |
Maximum number of active connections allowed on the real server at one time. |
|
weight |
Weight assigned to the real server. The weight identifies the real serverâs capacity, relative to other real servers in the server farm. This value could be changed by DFP. |
|
weight(admin) |
Configured (or default) weight assigned to the real server. |
|
metric |
Internal counter used in debugging. |
|
remainder |
Internal counter used in debugging. |
|
reassign |
Total number of consecutive unacknowledged SYNchronize sequence numbers (SYNs) or Create Packet Data Protocol (PDP) requests since the last time the clear ip slb counterscommand was issued. |
|
retry |
Interval, in seconds, to wait between the detection of a failure on the real server and the next attempt to connect to the server. |
|
rate |
Maximum number of connections per second allowed on the real server. |
|
failconn threshold |
Maximum number of consecutive connection failures allowed before the real server is considered to have failed. |
|
failconn count |
Total number of consecutive connection failures since the last time the clear ip slb counterscommand was issued. |
|
failclient threshold |
Maximum number of unique client connection failures allowed before the real server is considered to have failed. |
|
failclient count |
Total number of unique client connection failures since the last time the clear ip slb counterscommand was issued. |
|
total conns established |
Total number of successful connection assignments since the last time the clear ip slb counterscommand was issued. |
|
total conn failures |
Total number of unsuccessful connection assignments since the last time the clear ip slb counterscommand was issued. |
|
server failures |
Total number of times this real server has been marked failed. |
|
hash count |
Total number of times the hash algorithm has been called. |
|
interface |
Type of interface. |
|
MAC |
MAC address of the firewall. |
show ip slb replicate
To display the Cisco IOS Server Load Balancing (IOS SLB) replication configuration, use the show ip slb replicatecommand in privileged EXEC mode.
Command History
|
Release |
Modification |
|---|---|
|
12.1(2)E |
This command was introduced. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(14)ZA5 |
This command was modified to support slave replication. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
Examples
The following is sample output from the show ip slb replicatecommand:
Router# show ip slb replicate
VS1, state = NORMAL, interval = 10
Slave Replication: Enabled
Slave Replication statistics:
unsent conn updates: 0
conn updates received: 0
conn updates transmitted: 0
update messages received: 0
update messages transmitted: 0
Casa Replication:
local = 10.1.1.1 remote = 10.2.2.2 port = 1024
current password = <none> pending password = <none>
password timeout = 180 sec (Default)
Casa Replication statistics:
unsent conn updates: 0
conn updates received: 0
conn updates transmitted: 0
update packets received: 0
update packets transmitted: 0
failovers: 0
The table below describes the fields shown in the display.
|
Field |
Description |
|---|---|
|
state |
Current replication state of the virtual server: |
|
interval |
Replication buffering interval, in seconds. |
|
Slave Replication |
Indicates whether Slave Replication is enabled or disabled. |
|
unsent conn updates |
Number of Slave Replication or CASA Replication connection updates waiting to be sent. |
|
conn updates received |
Number of Slave Replication or CASA Replication connection updates received. |
|
conn updates transmitted |
Number of Slave Replication or CASA Replication connection updates sent. |
|
update packets received |
Number of Slave Replication or CASA Replication connection update packets received. |
|
update packets transmitted |
Number of Slave Replication or CASA Replication connection update packets sent. |
|
local |
Listening IP address for CASA Replication state exchange messages that are advertised. |
|
remote |
Destination IP address for all CASA Replication state exchange signals. |
|
port |
TCP or User Datagram Protocol (UDP) port number or port name for all CASA Replication state exchange signals. |
|
current password |
Current CASA Replication password for Message Digest Algorithm Version 5 (MD5) authentication, if any. |
|
pending password |
Pending CASA Replication password for MD5 authentication, if any. |
|
failovers |
Number of CASA Replication failovers detected. |
show ip slb serverfarms
To display information about the server farms, use the show ip slb serverfarmscommand in privilegedEXEC mode.
Command History
|
Release |
Modification |
|---|---|
|
12.0(7)XE |
This command was introduced. |
|
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
|
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
|
12.2(33)SRC |
The output for the detail keyword was updated to display RADIUS load balancing enhancements and information about the IOS SLB KeepAlive Application Protocol (KAL-AP) agent. |
|
15.0(1)S |
The output for the detail keyword was updated to display the real server's IPv4, IPv6, or dual-stack address. |
Examples
The following is sample output from the show ip slb serverfarmscommand:
Router# show ip slb serverfarms
server farm predictor nat reals bind id interface(s)
GGSN ROUNDROBIN none 0 0 <any>
GGSN1 ROUNDROBIN S 5 0 <any>
GGSN_IPV6 ROUNDROBIN S 5 0 <any>
The table below describes the fields shown in the display.
|
Field |
Description |
|---|---|
|
server farm |
Name of the server farm about which information is being displayed. Information about each server farm is displayed on a separate line. |
|
predictor |
Type of load-balancing algorithm (ROUNDROBIN, LEASTCONNS, or ROUTEMAP) used by the server farm |
|
nat |
NAT setting for the server farm: |
|
reals |
Number of real servers configured in the server farm |
|
bind id |
Bind ID configured on the server farm. |
|
interface(s) |
Interface used by the server farm |
The following is sample output from the show ip slb serverfarms detailcommand, if RADIUS load balancing is configured with the route map predictor:
Router# show ip slb serverfarms detail
SF1, predictor = ROUNDROBIN, nat =SERVER, interface(s) = Vl88
virtuals inservice: 1, reals = 1, bind id = 0
Real servers:
172.16.88.5, weight = 8, OPERATIONAL, conns = 0
ipv6 = 2342:2342:2343:FF04:2388:BB03:3223:8912
Total connections = 0
For RADIUS load balancing with the route map predictor configured, specifying the detail keyword displays:
- predictor = ROUTE-MAP --Indicates that the route-map keyword is configured on the predictor command in SLB server farm configuration mode.
- routemap name --Name of the IOS policy-based routing (PBR) route map. If the route map is invalid or is not present, IOS SLB also displays Not Configured/Valid.
The following is sample output from the show ip slb serverfarms detailcommand, if a KAL-AP request was received for this server farm:
SF, predictor = ROUNDROBIN, nat = SERVER, interface(s) = <any> virtuals inservice: 1, reals = 2, bind id = 0 KAL-AP tag: âchicago.comâ, farm weight: 400
For the KAL-AP agent, specifying the detail keyword displays:
show ip slb sessions
To display information about sessions handled by Cisco IOS Server Load Balancing (IOS SLB), use the show ip slb sessionscommand in privileged EXEC mode.
Syntax Description
|
asn |
(Optional) Displays information about set of Access Service Network (ASN) gateways sessions being handled by IOS SLB. |
|
gtp |
(Optional) Displays IPv4 information about general packet radio service (GPRS) Tunneling Protocol (GTP) sessions being handled by IOS SLB. |
|
ipv6 |
(Optional) Displays detailed information about the IPv6 sessions being handled by GTP load balancing. |
|
gtp-inspect |
(Optional) Displays information about GTP sessions being handled by IOS SLB that have GTP cause code inspection enabled. |
|
ipmobile |
(Optional) Displays information about Mobile IP sessions being handled by IOS SLB. |
|
radius |
(Optional) Displays information about RADIUS sessions being handled by IOS SLB. |
|
vserver virtual-server |
(Optional) Displays information about sessions being handled by the specified virtual server. |
|
client ipv4-address ipv4-netmask |
(Optional) Displays information about sessions associated with the specified client IPv4 address or subnet |
|
detail |
(Optional) Displays detailed information. |
Command History
|
Release |
Modification |
|---|---|
|
12.1(11b)E |
This command was introduced. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.1(13)E3 |
The gtp and gtp-inspect keywords were added. |
|
12.2(14)ZA2 |
The ipmobile keyword was added. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
|
12.2(33)SRC1 |
The asnkeyword was added. |
|
15.0(1)S |
The ipv6keyword was added. |
Examples
The following is sample output from the show ip slb sessionscommand for RADIUS sessions:
Router# show ip slb sessions radius
Source Dest Retry
Addr/Port Addr/Port Id Count Real Vserver
------------------------------------------------------------------------------
10.10.11.1/1645 10.10.11.2/1812 15 1 10.10.10.1 RADIUS_ACCT
The table below describes the fields shown in the display.
|
Field |
Description |
|---|---|
|
Source Addr/Port |
Source IPv4 address and port number for the session. |
|
Dest Addr/Port |
Destination IPv4 address and port number for the session. |
|
Id |
RADIUS identifier for the session. |
|
Retry Count |
Number of times a RADIUS request was sent by a RADIUS client without receiving a response from the RADIUS server (proxy or otherwise). |
|
Real |
IPv4 address of the SSG RADIUS server (proxy or otherwise). |
|
Vserver |
Name of the virtual server whose sessions are being monitored and displayed. |
The following example shows GTP IPv4 session data:
Router# show ip slb sessions gtp
vserver key client real state
----------------------------------------------------------------------------------
10.10.10.10 1234567890123456 10.5.5.5 10.10.1.1 GTP_ESTAB
The table below describes the fields shown in the display.
|
Field |
Description |
|---|---|
|
vserver |
Name of the virtual server whose GTP sessions are being monitored and displayed. Information about each session is displayed on a separate line. |
|
key |
Network Service Access Point Identifier (NSAPI) key being used by the GTP session. |
|
client |
Client IPv4 address being used by the GTP session. |
|
real |
Real IPv4 address of the GTP session. |
|
state |
Current state of the GTP session:
|
The following example shows GTP IPv6 session data:
Router# show ip slb sessions gtp ipv6
vserver = VS, key = 1112131415180030
client = 3:3:3:3:3:3:3:9
real = 4:4:4:4:4:4:4:4
state = SLB_IPV6_GTP_ESTAB
The following example shows IOS SLB Mobile IP session data:
Router# show ip slb sessions ipmobile
vserver NAI hash client real retries
---------------------------------------------------------------------------
VIRTUAL_HA 0xFFFF 10.1.1.1/434 10.10.1.1 1
The table below describes the fields shown in the display.
|
Field |
Description |
|---|---|
|
vserver |
Name of the virtual server whose Mobile IP sessions are being monitored and displayed. Information about each session is displayed on a separate line. |
|
NAI hash |
Network access identifier (NAI) in the Registration Request (RRQ), used by Cisco IOS SLB as a unique identifier. |
|
client |
Client IPv4 address being used by the Mobile IP session. |
|
real |
Real IPv4 address of the Mobile IP session. |
|
retries |
Number of foreign agent retries for the Mobile IP session. |
The following is sample output from the show ip slb sessions asncommand for ASN sessions:
Router# show ip slb sessions asn vserver MSID Base Station real state ------------------------------------------------------------------------------ 10.10.10.10 001646013fc0 5.5.5.5 10.10.1.1 ASN_REQ
The table below describes the fields shown in the display.
|
Field |
Description |
|---|---|
|
vserver |
Name of the virtual server whose ASN sessions are being monitored and displayed. Information about each session is displayed on a separate line. |
|
MSID |
Mobile Station Identifier (MSID), used by Cisco IOS SLB as a unique identifier. |
|
Base Station |
IPv4 address of the base station associated with the ASN session. |
|
real |
Real IPv4 address of the ASN session. |
|
state |
Current state of the ASN session:
|
show ip slb static
To display the Cisco IOS Server Load Balancing (IOS SLB) server Network Address Translation (NAT) configuration, use the show ip slb staticcommand in privileged EXEC mode.
Examples
The following is sample output from the show ip slb staticcommand:
Router# show ip slb static
real action address counter
---------------------------------------------------------------
10.11.3.4 drop 0.0.0.0 0
10.11.3.1 NAT 10.11.11.11 3
10.11.3.2 NAT sticky 10.11.11.12 0
10.11.3.3 NAT per-packet 10.11.11.13 0
The table below describes the fields shown in the display.
|
Field |
Description |
|---|---|
|
real |
IP address of the real server. |
|
action |
Action to be taken by the real server:
|
|
address |
Virtual IP address used by the real server when translating addresses using server NAT. Address 0.0.0.0 means the real server is not configured for server NAT. |
|
counter |
For actions drop and NAT per-packet, indicates the number of packets processed by the real server. For actions NAT and NAT sticky, indicates the number of packets received by, but not necessarily processed by, the real server. |
show ip slb stats
To display IOS Server Load Balancing (IOS SLB) statistics, use the show ip slb statscommand in privileged EXEC mode.
Command History
|
Release |
Modification |
|---|---|
|
12.0(7)XE |
This command was introduced. |
|
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
|
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
|
12.1(9)E |
This command was modified to support general packet radio service (GPRS) load balancing. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
|
12.2(33)SRC |
The kal-ap keyword was added, and the output for the command was updated to display correlation inject failures for RADIUS load balancing accelerated data plane forwarding. |
|
12.2(33)SRC1 |
The output for the command was updated to display packet fragment drops for Access Service Network (ASN) R6 load balancing. |
Examples
The following is sample output from the show ip slb statscommand:
Router# show ip slb stats
Pkts via normal switching: 108247
Pkts via special switching: 4307026
Pkts via slb routing: 1376241
Pkts Dropped: 0
Connections Created: 933131
Connections Established: 350042
Connections Destroyed: 639323
Connections Reassigned: 0
Zombie Count: 0
Connections Reused: 0
Connection Flowcache Purges: 2665
Failed Connection Allocs: 0
Failed Real Assignments: 0
RADIUS framed-ip Sticky Count: 524288
RADIUS username Sticky Count: 0
RADIUS cstn-id Sticky Count: 0
GTP imsi Sticky Count: 0
Route Flows Created: 1691177
Failed Route Flow Allocs: 0
Failed Correlation Injects: 0
Pkt fragments drops in ssv: 0
ASN MSID sticky count: 1
The table below describes the fields shown in the display.
|
Field |
Description |
|---|---|
|
Pkts via normal switching |
Number of packets handled by IOS SLB via normal switching since the last time counters were cleared. Normal switching is when IOS SLB packets are handled on normal IOS switching paths (CEF, fast switching, and process level switching). |
|
Pkts via special switching |
Number of packets handled by IOS SLB via special switching since the last time counters were cleared. Special switching is when IOS SLB packets are handled on hardware-assisted switching paths. |
|
Pkts via slb routing |
Number of packets handled by IOS SLB via SLB routing since the last time counters were cleared. |
|
Pkts dropped |
Number of packets dropped or consumed by IOS SLB since the last time counters were cleared. The Pkts dropped field can increase for one or more of the following reasons:
|
|
Connections Created |
Number of connections (or sessions, in general packet radio service [GPRS] load balancing and the Home Agent Director) created since the last time counters were cleared. |
|
Connections Established |
Number of connections (or sessions, in GPRS load balancing and the Home Agent Director) created and that have become established since the last time counters were cleared. |
|
Connections Destroyed |
Number of connections (or sessions, in GPRS load balancing and the Home Agent Director) destroyed since the last time counters were cleared. |
|
Connections Reassigned |
Number of connections (or sessions, in GPRS load balancing and the Home Agent Director) reassigned to a different real server since the last time counters were cleared. |
|
Zombie Count |
Number of connections (or sessions, in GPRS load balancing and the Home Agent Director) that are currently pending destruction (awaiting a timeout or some other condition to be met). |
|
Connections Reused |
Number of zombie connections (or sessions, in GPRS load balancing and the Home Agent Director) reused since the last time counters were cleared. A zombie connection is reused if it receives a TCP SYNchronize sequence number (SYN) or User Datagram Protocol (UDP) packet and succeeds in connecting to a real server. The zombie connection becomes a real connection and the zombie count is decremented. |
|
Connection Flowcache Purges |
Number of times the connection flow cache was purged since the last time counters were cleared. |
|
Failed Connection Allocs |
Number of times the allocation of a connection (or session, in GPRS load balancing) failed since the last time counters were cleared. |
|
Failed Real Assignments |
Number of times the assignment of a real server failed since the last time counters were cleared. |
|
RADIUS framed-ip Sticky Count |
Number of entries in the RADIUS framed-IP sticky database. |
|
RADIUS username Sticky Count |
Number of entries in the RADIUS username sticky database. |
|
RADIUS cstn-id Sticky Count |
Number of entries in the RADIUS calling-station-ID sticky database. |
|
GTP imsi Sticky Count |
Number of entries in the GTP IMSI sticky database. |
|
Route Flows Created |
Number of route flows created. |
|
Failed Route Flows Allocs |
Number of failed route flow allocations. |
|
Failed Correlation Injects |
Number of failed correlation injects. |
|
Pkt fragments drops in ssv |
Number of packet fragments drops in the SSV. |
|
ASN MSID sticky count |
Number of sticky objects in the ASN MSID sticky database. |
The following is sample output from the show ip slb kal-ap stats kal-apcommand:
Router# show ip slb kal-ap stats kal-ap
KAL-AP Mgr: (default), Socket state: OPEN, Socket retry: 0
KAL-AP Mgr: 2.2.2.2, Socket state: FAILED, Socket retry: 10
UDP Port: 5002, vrf: vrf1
KAL-AP Mgr: 10.77.161.34, Socket state: FAILED, Socket retry: 10
UDP Port: 5002, Secret: test
KAL-AP Packet Statistics:
Packet Received: 84
Bytes Received: 3966
Packet Sent: 30
Bytes Sent: 1080
Encrypt Errors: 0
Recv Failures: 0
Sent Failures: 0
KAL-AP Manager: 2.2.2.2 Secret: Yes
KAL-AP Manager: 3.3.3.3 Secret: Yes
CAPP UDP Port: 5001
Pkt Recd: 100 Bytes Recd: 12345
Pkt Sent: 100 Bytes Sent: 12121
MD5 checksum failed: 0 Error packets: 0
show ip slb sticky
To display the IOS Server Load Balancing (IOS SLB) sticky database, use the show ip slb stickycommand in privileged EXEC mode.
Syntax Description
|
asn msid msid |
(Optional) Displays only those sticky database entries associated with the specified Access Service Network (ASN) Mobile Station ID (MSID). |
|
asn nai nai |
(Optional) Displays only those sticky database entries associated with the specified ASN network address identifier (NAI). |
|
client ipv4-address ipv4-netmask |
(Optional) Displays only those sticky database entries associated with the specified client IPv4 address or subnet. |
|
gtp imsi |
(Optional) Displays only entries associated with the IOS SLB general packet radio service (GPRS) Tunneling Protocol (GTP) International Mobile Subscriber ID (IMSI) sticky database, and shows all of the Network Service Access Point Identifiers (NSAPIs) that the user has used as primary Packet Data Protocols (PDPs). |
|
ipv6 |
(Optional) Displays only IPv6 entries associated with the IOS SLB GTP IMSI sticky database, and shows all of the NSAPIs that the user has used as primary PDPs. |
|
id imsi |
(Optional) Displays only those sticky database entries associated with the specified IMSI. |
|
radius calling-station-id |
(Optional) Displays only entries associated with the IOS SLB RADIUS calling-station-ID sticky database. |
|
id string |
(Optional) Displays only those sticky database entries associated with the specified calling station ID. |
|
radius framed-ip |
(Optional) Displays only entries associated with the IOS SLB RADIUS framed-IP sticky database. |
|
radius username |
(Optional) Displays only entries associated with the IOS SLB RADIUS username sticky database. |
|
name string |
(Optional) Displays only those sticky database entries associated with the specified username. |
Command Default
If no options are specified, the command displays information about all virtual servers.
Command History
|
Release |
Modification |
|---|---|
|
12.0(7)XE |
This command was introduced. |
|
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
|
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
|
12.1(11b)E |
The radius keyword was added. |
|
12.1(12c)E |
The framed-ip, username, name, netmask, and string keywords and arguments were added. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(14)ZA5 |
The calling-station-idand id keywords and the stringargument were added. |
|
12.2(18)SXE |
The gtp imsiand id keywords and the imsiargument were added. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
|
12.2(33)SRE |
The asn, msid, and naikeywords and the msidand naiarguments were added. |
|
15.0(1)S |
The ipv6keyword was added. The output was updated to display the real server's GTP version and IPv4, IPv6, or dual-stack address. |
Examples
The following is sample output from the show ip slb stickycommand:
Router# show ip slb sticky
client netmask group real conns
-----------------------------------------------------------------------
10.10.2.12 255.255.0.0 4097 10.10.3.2 1
The table below describes the fields shown in the display.
|
Field |
Description |
|---|---|
|
client |
Client IPv4 address or subnet which is bound to this sticky assignment. |
|
netmask |
IPv4 subnet mask for this sticky assignment. |
|
group |
Group ID for this sticky assignment. |
|
real |
Real server used by all clients connecting with the client IPv4 address or subnet detailed on this line. |
|
conns |
Number of connections currently sharing this sticky assignment. |
The following is sample output from the show ip slb sticky gtp imsicommand:
Router# show ip slb sticky gtp imsi
IMSI Real Ver Group ID vs_index refcount nsapi
----------------------------------------------------------------------
11111111111111FF 10.10.10.1 1 5 10 1 6
11123411111111FF 10.10.10.2 1 5 10 1 9
The table below describes the fields shown in the display.
|
Field |
Description |
||
|---|---|---|---|
|
IMSI |
IMSI bound to this sticky assignment in the IOS SLB GTP IMSI sticky database. |
||
|
Real |
IPv4 address of the GTP IMSI real server. |
||
|
Ver |
GTP version: v0, v1, or v2 |
||
|
Group ID |
Group ID for this sticky assignment. |
||
|
vs_index |
Virtual index, out of a maximum of 500. |
||
|
refcount |
Number of NSAPIs used as primary PDPs. |
||
|
nsapi |
NSAPI used as a primary PDP.
|
The following is sample output from the show ip slb sticky gtp imsi ipv6command:
Router# show ip slb sticky gtp imsi ipv6
IMSI Real Ver Group Id vs_index refcount NSAPIs
--------------------------------------------------------------------------
11121314151800F0 21.21.21.1 2 4099 7 1 3
2342:2342:2343:FF04:2342:AA03:2323:8912
The following is sample output from the show ip slb sticky radius calling-station-idcommand:
Router# show ip slb sticky radius calling-station-id
calling-station-id group id server real framed-ips
-----------------------------------------------------
6228212 15 10.10.10.1 1
The table below describes the fields shown in the display.
|
Field |
Description |
|---|---|
|
calling-station-id |
Calling station ID bound to an SSG RADIUS proxy in the IOS SLB RADIUS calling-station-ID sticky database. |
|
group id |
Group ID for this sticky assignment. |
|
server real |
IPv4 address of the SSG RADIUS proxy server. |
|
framed-ips |
Number of IPv4 addresses bound to the SSG RADIUS proxy in the IOS SLB RADIUS framed-IP sticky database. |
The following is sample output from the show ip slb sticky radius framed-ipcommand:
Router# show ip slb sticky radius framed-ip
framed-ip group id server real route i/f
-----------------------------------------------------
1.1.1.1 15 10.10.10.1 <any>
The table below describes the fields shown in the display.
|
Field |
Description |
|---|---|
|
framed-ip |
IPv4 address bound to a Cisco Service Selection Gateway (SSG) RADIUS proxy in the IOS SLB RADIUS framed-IP sticky database. |
|
group id |
Group ID for this sticky assignment. |
|
server real |
IPv4 address of the SSG RADIUS proxy server. |
|
route i/f |
Route interface. |
The following is sample output from the show ip slb sticky radius usernamecommand:
Router# show ip slb sticky radius username
username group id server real framed-ips
-----------------------------------------------------
9198783355 15 10.10.10.1 1
The table below describes the fields shown in the display.
|
Field |
Description |
|---|---|
|
username |
Username bound to an SSG RADIUS proxy in the IOS SLB RADIUS username sticky database. |
|
group id |
Group ID for this sticky assignment. |
|
server real |
IPv4 address of the SSG RADIUS proxy server. |
|
framed-ips |
Number of IPv4 addresses bound to the SSG RADIUS proxy in the IOS SLB RADIUS framed-IP sticky database. |
The following is sample output from the show ip slb sticky asncommand:
Router# show ip slb sticky asn
MSID Real Group Id vs_index NAI
-------------------------------------------------------
ABCD.12FE.3467 10.10.10.1 5 10 abc@cisco.com
2247.1130.8642 10.10.10.2 5 10 bcd@abc.com
The table below describes the fields shown in the display.
|
Field |
Description |
|---|---|
|
MSID |
MSID bound to this sticky assignment in the IOS SLB ASN sticky database. |
|
Real |
IPv4 address of the ASN real server. |
|
Group ID |
Group ID for this sticky assignment. |
|
vs_index |
Virtual index, out of a maximum of 500. |
|
NAI |
NAI bound to this sticky assignment in the IOS SLB ASN sticky database. |
The following is sample output from the show ip slb sticky asn nai abc@cisco.comcommand:
Router# show ip slb sticky asn nai abc@cisco.com
MSID Real Group Id vs_index NAI
-------------------------------------------------------
ABCD.12FE.3467 10.10.10.1 5 10 abc@cisco.com
The table below describes the fields shown in the display.
|
Field |
Description |
|---|---|
|
MSID |
MSID bound to this sticky assignment in the IOS SLB ASN sticky database. |
|
Real |
IPv4 address of the ASN real server. |
|
Group ID |
Group ID for this sticky assignment. |
|
vs_index |
Virtual index, out of a maximum of 500. |
|
NAI |
NAI bound to this sticky assignment in the IOS SLB ASN sticky database. |
show ip slb vservers
To display information about the virtual servers, use the show ip slb vserverscommand in privilegedEXEC mode.
Command History
|
Release |
Modification |
|---|---|
|
12.0(7)XE |
This command was introduced. |
|
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
|
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(18)SXF |
The output for this command was modified to reflect the GTP sticky query option on the idle (virtual server) command. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
|
12.2(33)SRC |
The output for the detail keyword was updated to display information about the IOS SLB KeepAlive Application Protocol (KAL-AP) agent. |
|
12.2(33)SRC1 |
The output for the detail keyword was updated to display information about Access Service Network (ASN) virtual servers. |
|
15.0(1)S |
The output was updated to display the virtual server's IPv4 or dual-stack address. |
Usage Guidelines
If no options are specified, the command displays information about all virtual servers.
Examples
The following is sample output from the show ip slb vserverscommand:
Router# show ip slb vservers
slb vserver prot virtual state conns interface(s)
--------------------------------------------------------------------------------------
GGSN_SERVER1 UDP 4.3.2.1/32:0 OPERATIONAL 0 <any>
2342:2342:2343:FF04:2342:AA03:2323:8912/128
VS1 UDP 4.3.2.2/32:0 OPERATIONAL 0 <any>
2342:2342:2343:FF04:2343:AA03:2323:8912/128
VS2 UDP 4.3.2.3/32:0 OPERATIONAL 0 <any>
2342:2342:2343:FF04:2341:AA03:2323:8912/128
The table below describes the fields shown in the display.
|
Field |
Description |
|---|---|
|
slb vserver |
Name of the virtual server about which information is being displayed. Information about each virtual server is displayed on a separate line. |
|
prot |
Protocol being used by the virtual server. |
|
virtual |
Virtual IPv4 or dual-stack address of the virtual server, including the network mask, if configured. |
|
state |
Current state of the virtual server:
|
|
conns |
Number of connections (or sessions, in general packet radio service [GPRS] load balancing and the Home Agent Director) associated with the virtual server. |
|
interface |
Type of interface. |
The following sample output from the show ip slb vservers detailcommand shows detailed data for a virtual server with route health injection (advertise=TRUE):
Router# show ip slb vservers detail
VS, state = OPERATIONAL, v_index = 7, interface(s) = <any>
virtual = 3.3.3.3/32:2123, UDP, service = GTP, advertise = TRUE
ipv6 = 3:3:3:3:3:3:3:3/128
serverfarm maps:
map 1: priority = 1, serverfarm = SF, backup serverfarm= SF3
ipv6 serverfarm = SF1 ipv6 backup serverfarm = SF2
map 2: priority = 2, serverfarm = SF3, backup serverfarm= SF
ipv6 serverfarm = SF2 ipv6 backup serverfarm = SF1
serverfarm = <not assigned>, backup serverfarm = <not assigned>
backup_serverfarm_hits = 0
delay = 10, idle = 3600
gtp: request idle = 30
slb notification retry = 2
gtp sticky query: <disabled>
max retries: 0
sticky: <none>
group id = 0
synguard counter = 0, synguard period = 0
conns = 0, total conns = 0, syns = 0, syn drops = 0
standby group = None
The following sample output from the show ip slb vservers name detailcommand shows detailed data for virtual server GGSN_SERVER with GTP sticky query enabled:
Router# show ip slb vservers name GGSN_SERVER detail
GGSN_SERVER, state = OPERATIONAL, v_index = 7, interface(s) = <any>
virtual = 10.10.195.1/32:0, UDP, service = GTP, advertise = TRUE
server farm = GGSN, delay = 10, idle = 3600
gtp: request idle = 30, slb notification retry = 2
gtp sticky query: <enabled>, max retries: 3
sticky: <none>
sticky: group id = 4097 <assigned>
synguard counter = 0, synguard period = 0
conns = 0, total conns = 17192, syns = 0, syn drops = 0
standby group = None
The table below describes the fields shown in the display.
|
Field |
Description |
|---|---|
|
GGSN_SERVER |
Name of the virtual server about which information is being displayed (in this case, GGSN_SERVER). |
|
state |
Current state of the virtual server: FAILED--Real server represented by this virtual server has been removed from use by the predictor algorithms; retry timer started. OPERATIONAL--Functioning properly. OUTOFSERVICE--Removed from the load-balancing predictor lists. STANDBY--Backup virtual server, ready to become operational if active virtual server fails. |
|
v_index |
Virtual index, out of a maximum of 500. |
|
interface(s) |
Type of interface. |
|
virtual |
Virtual IPv4 or dual-stack address of the virtual server, including the network mask, if configured. |
|
UDP |
Protocol being used by the virtual server (in this case, UDP). |
|
service |
Service, such as GTP, HTTP, or Telnet, associated with the virtual server (in this case, GTP). |
|
advertise |
Current state of host route advertisement for this virtual server: TRUE--Host route is being advertised. FALSE--Host route is not being advertised. |
|
ipv6 |
For dual-stack, IPv6 address of the virtual server |
|
server farm |
Name of the server farm associated with the virtual server. |
|
delay |
Delay timer duration, in seconds, for this virtual server. |
|
idle |
Idle connection timer duration, in seconds, for this virtual server. |
|
gtp request idle |
GTP idle connection timer duration in seconds. |
|
slb notification |
Number of times IOS SLB can reassign a rejected Create PDP Context to a new real Cisco gateway GPRS support node (GGSN). |
|
gtp sticky query |
For GTP IMSI sticky, indicates whether IOS SLB is to query the GGSN before deleting any GTP IMSI sticky objects. |
|
max retries |
Maximum number of queries IOS SLB is to send to the GGSN when there is no response from the GGSN. |
|
sticky |
Indicates whether sticky connections are enabled for this virtual server. |
|
sticky group id |
Sticky group in which this virtual server is placed, for coupling of services. |
|
synguard counter |
Number of unacknowledged SYNchronize sequence numbers (SYNs) that are allowed to be outstanding to this virtual server. |
|
synguard period |
Interval, in milliseconds, for SYN threshold monitoring for this virtual server. |
|
conns |
Number of active connections currently associated with the virtual server. |
|
total conns |
Total number of connections that have been associated with the virtual server since coming INSERVICE. |
|
syns |
Number of SYNs handled by the virtual server in this period. |
|
syn drops |
Number of SYNs dropped by the virtual server in this period. |
|
standby group |
Hot Standby Router Protocol (HSRP) group name with which the virtual server is associated. |
The following sample output from the show ip slb vservers name detailcommand shows detailed data for GTP virtual server GGSN_SERVER with maps enabled:
Router# show ip slb vservers name GGSN_SERVER detail
GGSN_SERVER, state = OPERATIONAL, v_index = 9, interface(s) = <any>
virtual = 10.10.10.10/32:0, UDP, service = GTP, advertise = TRUE
serverfarm maps:
map 4: priority = 1, serverfarm = FARM4, backup = <none>
map 1: priority = 3, serverfarm = FARM1, backup = FARM2
map 5: priority = 4, serverfarm = FARM5, backup = <none>
server farm = <not assigned>, delay = 10, idle = 3600
gtp: request idle = 30, slb notification retry = 2
gtp sticky query: <disabled>, max retries: 0
sticky: <none>
sticky: group id = 0
synguard counter = 0, synguard period = 0
conns = 0, total conns = 0, syns = 0, syn drops = 0
standby group = None
The table below describes the fields shown in the display.
|
Field |
Description |
|---|---|
|
GGSN_SERVER |
Name of the RADIUS virtual server about which information is being displayed (in this case, GGSN_SERVER). |
|
state |
Current state of the virtual server: FAILED--Real server represented by this virtual server has been removed from use by the predictor algorithms; retry timer started. OPERATIONAL--Functioning properly. OUTOFSERVICE--Removed from the load-balancing predictor lists. STANDBY--Backup virtual server, ready to become operational if active virtual server fails. |
|
v_index |
Virtual index, out of a maximum of 500. |
|
interface(s) |
Type of interface. |
|
virtual |
Virtual IPv4 or dual-stack address of the virtual server, including the network mask, if configured. |
|
UDP |
Protocol being used by the virtual server (in this case, UDP). |
|
service |
Service, such as GTP, HTTP, or Telnet, associated with the virtual server (in this case, GTP). |
|
advertise |
Current state of host route advertisement for this virtual server: TRUE--Host route is being advertised. FALSE--Host route is not being advertised. |
|
serverfarm maps |
List of IOS SLB server farm maps associated with this virtual server. Information about each map is displayed on a separate line. |
|
priority |
Priority of the map. |
|
serverfarm |
Server farm with which the map is associated. |
|
backup |
Backup server farm, if any. |
|
server farm |
Name of the server farm associated with the virtual server. Information about each server farm is displayed on a separate line. |
|
map ID |
Map associated with the server farm. |
|
priority |
Priority of the map. |
|
delay |
Delay timer duration, in seconds, for this virtual server. |
|
idle |
Idle connection timer duration, in seconds, for this virtual server. |
|
gtp request idle |
GTP idle connection timer duration in seconds. |
|
slb notification |
Number of times IOS SLB can reassign a rejected Create PDP Context to a new real Cisco gateway GPRS support node (GGSN). |
|
gtp sticky query |
For GTP IMSI sticky, indicates whether IOS SLB is to query the GGSN before deleting any GTP IMSI sticky objects. |
|
max retries |
Maximum number of queries IOS SLB is to send to the GGSN when there is no response from the GGSN. |
|
sticky |
Indicates whether sticky connections are enabled for this virtual server. |
|
sticky group id |
Sticky group in which this virtual server is placed, for coupling of services. |
|
synguard counter |
Number of unacknowledged SYNchronize sequence numbers (SYNs) that are allowed to be outstanding to this virtual server. |
|
synguard period |
Interval, in milliseconds, for SYN threshold monitoring for this virtual server. |
|
conns |
Number of active connections currently associated with the virtual server. |
|
total conns |
Total number of connections that have been associated with the virtual server since coming INSERVICE. |
|
syns |
Number of SYNs handled by the virtual server in this period. |
|
syn drops |
Number of SYNs dropped by the virtual server in this period. |
|
standby group |
Hot Standby Router Protocol (HSRP) group name with which the virtual server is associated. |
The following sample output from the show ip slb vservers name detailcommand shows detailed data for an ASN virtual server:
Router# show ip slb vservers name ASN_VSERVER detail
ASN_VSERVER, state = OPERATIONAL, v_index = 10, interface(s) = <any>
virtual = 2.2.2.2/32:0, UDP, service = ASNR6, advertise = TRUE
server farm = SF, delay = 10, idle = 3600
asn: request idle = 90
asn: delete notif recvd = 2, nai-update notif recvd = 2
asn: Notification Errors: Deletes = 1, nai-updates = 0
sticky: <none>
sticky: group id = 4097 <assigned>
synguard counter = 0, synguard period = 0
conns = 0, total conns = 156, syns = 0, syn drops = 0
standby group = None
--------------------------------------------------------
| delete | nai-updates
Real commn: |--------+--------+--------+-------------
port = 63082 | Recv | Errors | Recv | Errors
---------------+--------+--------+--------+-------------
15.15.15.4 1 1 1 0
15.15.15.5 1 0 1 0
The table below describes the fields shown in the display.
|
Field |
Description |
|---|---|
|
ASN_VSERVER |
Name of the ASN virtual server about which information is being displayed (in this case, ASN_VSERVER). |
|
state |
Current state of the virtual server: FAILED--Real server represented by this virtual server has been removed from use by the predictor algorithms; retry timer started. OPERATIONAL--Functioning properly. OUTOFSERVICE--Removed from the load-balancing predictor lists. STANDBY--Backup virtual server, ready to become operational if active virtual server fails. |
|
v_index |
Virtual index, out of a maximum of 500. |
|
interface(s) |
Type of interface. |
|
virtual |
Virtual IPv4 or dual-stack address of the virtual server, including the network mask, if configured. |
|
UDP |
Protocol being used by the virtual server (in this case, UDP). |
|
service |
Service, such as GTP, HTTP, or Telnet, associated with the virtual server (in this case, ASNR6). |
|
advertise |
Current state of host route advertisement for this virtual server: TRUE--Host route is being advertised. FALSE--Host route is not being advertised. |
|
server farm |
Name of the server farm associated with the virtual server. Information about each server farm is displayed on a separate line. |
|
delay |
Delay timer duration, in seconds, for this virtual server. |
|
idle |
Idle connection timer duration, in seconds, for this virtual server. |
|
asn: request idle |
ASN idle connection timer duration in seconds. |
|
asn: delete notif recvd |
Number of delete notifications received. |
|
asn: nai-update notif recvd |
Number of NAI-update notifications received. |
|
asn: Notification Errors: Deletes |
Number of delete notification errors. |
|
asn: Notification Errors: nai-updates |
Number of NAI-update notification errors. |
|
sticky |
Indicates whether sticky connections are enabled for this virtual server. |
|
sticky group id |
Sticky group in which this virtual server is placed, for coupling of services. |
|
synguard counter |
Number of unacknowledged SYNchronize sequence numbers (SYNs) that are allowed to be outstanding to this virtual server. |
|
synguard period |
Interval, in milliseconds, for SYN threshold monitoring for this virtual server. |
|
conns |
Number of active connections currently associated with the virtual server. |
|
total conns |
Total number of connections that have been associated with the virtual server since coming INSERVICE. |
|
syns |
Number of SYNs handled by the virtual server in this period. |
|
syn drops |
Number of SYNs dropped by the virtual server in this period. |
|
standby group |
Hot Standby Router Protocol (HSRP) group name with which the virtual server is associated. |
|
Real commn: port |
Port used by the real server. |
show ip slb wildcard
To display information about the wildcard representation for irtual servers, use the show ip slb wildcardcommand in privilegedEXEC mode.
Command History
|
Release |
Modification |
|---|---|
|
12.2(33)SRE |
This command was introduced. |
|
15.0(1)S |
The output was updated to display the virtual server's IPv4, IPv6, or dual-stack address. |
Examples
The following is sample output from the show ip slb wildcardcommand:
Router# show ip slb wildcard
Interface Source Address Port Destination Address Port Prot
ANY 0.0.0.0/0 0 3.3.3.3/32 2123 UDP
ANY 0.0.0.0/0 0 3.3.3.3/32 0 UDP
ANY 0.0.0.0/0 0 0.0.0.0/0 0 ICMP
Interface: ANY
Source Address [Port]: : :/0[0]
Destination Address [Port]: 2342:2342:2343:FF04:2341:AA03:2323:8912/128[0]
Protocol: ICMPV6
Interface: ANY
Source Address [Port]: : :/0[0]
Destination Address [Port]: 2342:2342:2343:FF04:2341:AA03:2323:8912/128[2123]
Protocol: UDP
snmp-server enable traps slb
To enable IOS SLB traps for real- and virtual-server state changes, use the snmp-server enable traps slb command in global configuration mode. To disable the traps use the no form of this command.
Syntax Description
|
real |
Enables traps for real server state changes. |
|
virtual |
Enables traps for virtual server state changes. |
sticky (firewall farm datagram protocol)
To assign all connections from a client to the same firewall, use the sticky command in firewall farm datagram protocol configuration mode. To remove the client/server coupling, use the no form of this command.
Syntax Description
|
seconds |
Sticky timer duration in seconds. Valid values range from 0 to 65535. |
|
netmask netmask |
(Optional) Places the virtual server as part of a sticky subnet, for coupling of services. |
|
source |
(Optional) Bases sticky on source IP address. |
|
destination |
(Optional) Bases sticky on destination IP address. |
Command History
|
Release |
Modification |
|---|---|
|
12.1(3a)E |
This command was introduced. |
|
12.2(12c)E |
The source and destination keywords were added. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
Examples
The following example specifies that if a clientâs subsequent request for a firewall farm is made within 60 seconds of the previous request, then the same firewall is used for the connection:
Router(config)# ip slb firewallfarm FIRE1 Router(config-slb-fw)# protocol datagram Router(config-slb-fw-udp)# sticky 60
sticky (firewall farm TCP protocol)
To assign all connections from a client to the same firewall, use the sticky command in firewall farm TCP protocol configuration mode. To remove the client/server coupling, use the no form of this command.
Syntax Description
|
seconds |
Sticky timer duration in seconds. Valid values range from 0 to 65535. |
|
netmask netmask |
(Optional) Places the virtual server as part of a sticky subnet, for coupling of services. |
|
source |
(Optional) Bases sticky on source IP address. |
|
destination |
(Optional) Bases sticky on destination IP address. |
Command History
|
Release |
Modification |
|---|---|
|
12.1(3a)E |
This command was introduced. |
|
12.2(12c)E |
The source and destination keywords were added. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
Examples
The following example specifies that if a clientâs subsequent request for a firewall farm is made within 60 seconds of the previous request, then the same firewall is used for the connection:
Router(config)# ip slb firewallfarm FIRE1 Router(config-slb-fw)# protocol tcp Router(config-slb-fw-tcp)# sticky 60
sticky (virtual server)
To assign all connections from a client to the same real server, use the sticky command in SLB virtual server configuration mode. To remove the client/server coupling, use the no form of this command.
Syntax Description
|
duration |
Sticky timer duration in seconds. Valid values range from 0 to 65535. |
|
group group-id |
(Optional) Places the virtual server in the specified sticky group, for coupling of services. All virtual servers that have the same sticky group ID share the sticky entry for a user. In essence, the group keyword and group-id argument tie multiple virtual servers together. Valid values range from 0 to 255. |
|
netmask netmask |
(Optional) Places the virtual server as part of the specified sticky subnet, for coupling of services. Client sessions whose source IP addresses fall within the netmask are directed to the same real server. |
|
asn msid |
Enables IOS SLB to load-balance Access Service Network (ASN) sessions to the same real server that processed all previous sessions for a given Mobile Station ID (MSID). |
|
gtp imsi |
Enables IOS SLB to load-balance general packet radio service (GPRS) Tunneling Protocol (GTP) Packet Data Protocol (PDP) context create requests to the same real server that processed all previous create requests for a given International Mobile Subscriber ID (IMSI). |
|
radius calling-station-id |
Enables IOS SLB to create the IOS SLB RADIUS calling-station-ID sticky database and direct RADIUS requests from a given calling station ID to the same service gateway. |
|
radius framed-ip |
Enables IOS Server Load Balancing (IOS SLB) to create the IOS SLB RADIUS framed-IP sticky database and direct RADIUS requests and non-RADIUS flows from a given end user to the same service gateway. |
|
radius username |
Enables IOS SLB to create the IOS SLB RADIUS username sticky database and direct RADIUS requests from a given end user to the same service gateway. |
|
msid-cisco |
(Optional) Enables IOS SLB to support Cisco PDSNs that provide MSID-based access (also known as MSID-based access, Cisco variant). |
Command Default
Sticky connections are not tracked. Virtual servers are not associated with any groups.
Command History
|
Release |
Modification |
|---|---|
|
12.0(7)XE |
This command was introduced. |
|
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
|
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
|
12.1(2)E |
The netmask keyword and netmask argument were added. |
|
12.1(11b)E |
The radius framed-ip keywords were added. |
|
12.1(12c)E |
The radius username and msid-cisco keywords were added. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(14)ZA5 |
The radius calling-station-id keywords were added. |
|
12.2(18)SXE |
The gtp imsikeywords were added. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
|
12.2(33)SRE |
The asn msidkeywords were added. |
Usage Guidelines
The last real server that was used for a connection from a client is stored for the set duration seconds. If a new connection from the client to the virtual server is initiated during that time, the same real server that was used for the previous connection is chosen for the new connection. If two virtual servers are placed in the same group, coincident connection requests for those services from the same IP address are handled by the same real server.
In Virtual Private Network (VPN) server load balancing, remember the following requirements:
- For IPsec flows, you must specify a sticky connection between the User Datagram Protocol (UDP) virtual server and the Encapsulation Security Payload (ESP) virtual server.
- For PPTP flows, you must specify a sticky connection between the TCP virtual server and the Generic Routing Encapsulation (GRE) virtual server.
- You must specify a duration of at least 15 seconds.
In general packet radio service (GPRS) load balancing and the Home Agent Director, the stickycommand is not supported.
In RADIUS load balancing, remember the following requirements:
- If you configure the sticky radius framed-ipcommand, you must also configure the virtual command with the service radiuskeywords specified.
- If you configure the sticky radius calling-station-idcommand or the sticky radius usernamecommand, you must also configure the virtual command with the service radiuskeywords specified, and you must configure the sticky radius framed-ipcommand.
- You cannot configure both the sticky radius calling-station-id command and the sticky radius username command on the same virtual server.
- If you configure the sticky radius calling-station-idcommand, you must configure all RADIUS maps to match against the RADIUS calling station ID attribute.
- If you configure the sticky radius usernamecommand, you must configure all RADIUS maps to match against the RADIUS username attribute.
For GTP load balancing:
- IOS SLB creates a sticky database object when it processes the first GTP PDP create request for a given IMSI. IOS SLB removes the sticky object when it receives a notification to do so from the real server, or as a result of inactivity. When the last PDP belonging to an IMSI is deleted on the GGSN, it sends a notification to IOS SLB to remove the sticky object.
- If you configure the sticky gtp imsi command, you must also configure the virtual command with the service gtpkeywords specified.
For ASN load balancing, if you configure the sticky asn msid command, you must also configure the virtual command with the service asnkeywords specified.
Examples
The following example specifies that if a clientâs subsequent request for a virtual server is made within 60 seconds of the previous request, then the same real server is used for the connection. This example also places the virtual server in group 10.
Router(config)# ip slb vserver VS1 Router(config-slb-vserver)# sticky 60 group 10
synguard (virtual server)
To limit the rate of TCP SYNchronize sequence numbers (SYNs) handled by a virtual server to prevent a SYN flood denial-of-service attack, use the synguard command in SLB virtual server configuration mode. To remove the threshold, use the no form of this command.
Syntax Description
|
syn-count |
Number of unacknowledged SYNs that are allowed to be outstanding to a virtual server. Valid values range from 0 (off) to 4294967295. The default is 0. |
|
interval |
(Optional) Interval, in milliseconds, for SYN threshold monitoring. Valid values range from 50 to 5000. The default is 100 milliseconds (ms). |
Command Default
The default number of unacknowledged SYNs that are allowed to be outstanding to a virtual server is 0 (off). The default interval is 100 ms.
Command History
|
Release |
Modification |
|---|---|
|
12.0(7)XE |
This command was introduced. |
|
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
|
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
Usage Guidelines
In general packet radio service (GPRS) load balancing and the Home Agent Director, the synguard command has no meaning and is not supported.
timeout (custom UDP probe)
To set a timeout for custom User Datagram Protocol (UDP) probes, use the timeoutcommand in custom UDP probe configuration mode. To restore the default timeout, use the no form of this command.
Syntax Description
|
seconds |
Time, in seconds, that IOS SLB waits for a response packet from the server after sending a custom UDP probe request packet. Valid range is 1 to 255. The default value is 30 seconds. |
url (WSP probe)
To specify the URL path that a Wireless Session Protocol (WSP) probe is to request from the server, use the urlcommand in WSP probe configuration mode. To restore the default settings, use the no form of this command.
Command History
|
Release |
Modification |
|---|---|
|
12.1(5a)E |
This command was introduced. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
username (IOS SLB)
To configure an ASCII regular expression string to be matched against the username attribute for RADIUS load balancing, use the username (IOS SLB)command in SLB RADIUS map configuration mode. To delete the username match string, use the no form of this command.
Syntax Description
|
string |
ASCII regular expression string to be matched against the username attribute in the RADIUS payload. For information about regular expressions and how to use them in Cisco IOS software configurations, refer to the Understanding Regular Expressions section of the Using the Cisco IOS Command-Line Interface chapter of the Cisco IOS Configuration Fundamentals Configuration Guide . |
Usage Guidelines
For a given IOS SLB RADIUS map, you can configure a single calling-station-id command or a single username (IOS SLB)command, but not both.
Examples
The following example specifies that, for IOS SLB RADIUS map 1, string ...?525* is to be matched against the username attribute in the RADIUS payload:
Router(config)# ip slb map 1 radius Router(config-slb-radius-map)# username ...?525*
Related Commands
|
Command |
Description |
|---|---|
|
calling-station-id |
Configures an ASCII regular expression string to be matched against the calling station ID attribute in the RADIUS payload. |
|
ip slb map |
Configures an IOS SLB protocol map and enters SLB map configuration mode. |
|
show ip slb map |
Displays information about IOS SLB protocol maps. |
virtual
To configure virtual server attributes, use the virtual command in SLB virtual server configuration mode. To remove the attributes, use the no form of this command.
Encapsulation Security Payload (ESP) and Generic Routing Encapsulation (GRE) Protocols
TCP and User Datagram Protocol (UDP)
Syntax Description
|
ipv4-address |
IPv4 address for this virtual server instance, used by clients to connect to the IPv4 real servers through the IPv4 server farm. |
|
ipv4-netmask |
(Optional) IPv4 network mask for transparent web cache load balancing. The default is 0.0.0.0 (all subnets). |
|
group |
(Optional) Allows the virtual subnet to be advertised. If you do not specify the group keyword, the virtual subnet cannot be advertised. |
|
esp |
Performs load balancing for only Encapsulation Security Payload (ESP) connections. |
|
gre |
Performs load balancing for only Generic Routing Encapsulation (GRE) connections. |
|
protocol |
Protocol for which load balancing is performed. The valid range is 2 to 127. |
|
ipv6 ipv6-address |
(Optional) For dual-stack, IPv6 address for this virtual server instance, used by IPv6 clients to connect to IPv6 real servers through the IPv6 server farm. |
|
prefix ipv6-prefix |
(Optional) For dual-stack, IPv6 prefix. |
|
tcp |
Performs load balancing for only TCP connections. |
|
udp |
Performs load balancing for only User Datagram Protocol (UDP) connections. |
|
port |
(Optional) IOS Server Load Balancing (IOS SLB) virtual port (the TCP or UDP port number or port name). If specified, only the connections for the specified port on the server are load-balanced. The ports and the valid name or number for the port argument are as follows:
|
|
port (continued) |
Specify a port number of 0 to configure an all-port virtual server (that is, a virtual server that accepts flows destined for all ports except GTP ports). |
|
any |
(Optional) Performs load balancing on all ports. |
|
service service |
(Optional) Couples connections associated with a given service, such as HTTP or Telnet, so all related connections from the same client use the same real server. The following are the valid types of connection coupling:
|
Command History
|
Release |
Modification |
|---|---|
|
12.0(7)XE |
This command was introduced. |
|
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
|
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
|
12.1(5a)E |
The wsp, wsp-wtp, wsp-wtls, and wsp-wtp-wtls keywords were added. |
|
12.1(9)E |
The gtp option was added as a new value on the service argument. |
|
12.1(11b)E |
The following keywords, arguments, and options were added:
The wsp, wsp-wtp, wsp-wtls, and wsp-wtp-wtls keywords were changed to options for the portargument. |
|
12.1(12c)E |
The group keyword was added. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.1(13)E3 |
The gtp-inspect option was added as a new value on the service argument. |
|
12.2(14)ZA2 |
The ipmobile option was added as a new value on the service argument. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
|
12.2(33)SRC |
The asnoption was added on the serviceargument. |
|
15.0(1)S |
The ipv6 ipv6-address and prefix ipv6-prefix options were added. |
Usage Guidelines
The no virtual command is allowed only if the virtual server was removed from service by the no inservice command.
For some applications, it is not feasible to configure all the virtual server TCP or UDP port numbers for IOS SLB. To support such applications, you can configure IOS SLB virtual servers to accept flows destined for all ports. To configure an all-port virtual server, specify a port number of 0 or any.
 Note | In general, you should use port-bound virtual servers instead of all-port virtual servers. When you use all-port virtual servers, flows can be passed to servers for which no application port exists. When servers reject these flows, IOS SLB might fail the server and remove it from load balancing. |
Specifying port 9201 for connection-oriented WSP mode also activates the Wireless Application Protocol (WAP) finite state machine (FSM), which monitors WSP and drives the session FSM accordingly.
In RADIUS load balancing, IOS SLB maintains session objects in a database to ensure that re-sent RADIUS requests are load-balanced to the same real server.
IOS SLB supports general packet radio service (GPRS) Tunneling Protocol (GTP) v0, v1, and v2 real servers. A GTP v0 or v1 real server cannot manage GTP v2 requests. Therefore, you must configure separate virtual servers for GTPv2 real servers and for GTP v0 or v1 real servers.
IOS SLB supports dual-stack addresses for GTP load balancing only. To support dual-stack addresses:
- You must configure the virtual server as a dual-stack virtual server, with the virtual IPv4 and IPv6 addresses and the optional IPv6 prefix, using this command.
- You must associate an IPv6 server farm with the dual-stack virtual server.
Examples
The following example specifies that the virtual server with the IPv4 address 10.0.0.1 performs load balancing for TCP connections for the port named www. The virtual server processes HTTP requests.
Router(config)# ip slb vserver PUBLIC_HTTP Router(config-slb-vserver)# virtual 10.0.0.1 tcp www
The following example specifies that the virtual server with the IPv4 address 10.0.0.13 performs load balancing for UDP connections for all ports. The virtual server processes HTTP requests.
Router(config)# ip slb vserver PUBLIC_HTTP Router(config-slb-vserver)# virtual 10.0.0.13 udp 0
weight (firewall farm real server)
To specify a real serverâs capacity, relative to other real servers in the firewall farm, use the weight command in firewall farm real server configuration mode. To restore the default weight value, use the no form of this command.
Syntax Description
|
setting |
Weight setting to use for the real server predictor algorithm. Valid settings range from 1 to 255. The default weight setting is 8. |
Command History
|
Release |
Modification |
|---|---|
|
12.1(3a)E |
This command was introduced. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
Examples
The following example specifies the relative weights of three real servers as 16, 8 (by default), and 24, respectively:
Router(config)# ip slb firewallfarm FIRE1 Router(config-slb-fw)# real 10.10.1.1 Router(config-slb-fw-real)# weight 16 Router(config-slb-fw-real)# inservice Router(config-slb-fw-real)# exit Router(config-slb-fw)# real 10.10.1.2 Router(config-slb-fw-real)# inservice Router(config-slb-fw-real)# exit Router(config-slb-fw)# real 10.10.1.3 Router(config-slb-fw-real)# weight 24
Related Commands
|
Command |
Description |
|---|---|
|
real (server farm) |
Identifies a real server by IP address and optional port number as a member of a server farm and enters real server configuration mode. |
|
show ip slb firewallfarm |
Displays information about the firewall farm configuration. |
|
show ip slb reals |
Displays information about the real servers. |
weight (real server)
To specify a real serverâs capacity, relative to other real servers in the server farm, use the weight command in SLB real server configuration mode. To restore the default weight value, use the no form of this command.
Syntax Description
|
setting |
Weight setting to use for the real server predictor algorithm. Valid settings range from 1 to 255. The default weight setting is 8. |
Command History
|
Release |
Modification |
|---|---|
|
12.0(7)XE |
This command was introduced. |
|
12.1(5)T |
This command was integrated into Cisco IOS Release 12.1(5)T. |
|
12.2 |
This command was integrated into Cisco IOS Release 12.2. |
|
12.2(14)S |
This command was integrated into Cisco IOS Release 12.2(14)S. |
|
12.2(18)SXE |
This command was integrated into Cisco IOS Release 12.2(18)SXE. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.2(33)SRA. |
Usage Guidelines
The static weights you define using this command are overridden by the weights calculated by Dynamic Feedback Protocol (DFP). If DFP is removed from the network, IOS Server Load Balancing (IOS SLB) reverts to these static weights.
Examples
The following example specifies the relative weights of three real servers as 16, 8 (by default), and 24, respectively:
Router(config)# ip slb serverfarm PUBLIC !-----First real server Router(config-slb-sfarm)# real 10.10.1.1 !-----Assigned weight of 16 Router(config-slb-real)# weight 16 !-----Enabled Router(config-slb-real)# inservice Router(config-slb-real)# exit !-----Second real server Router(config-slb-sfarm)# real 10.10.1.2 !-----Enabled with default weight Router(config-slb-real)# inservice Router(config-slb-real)# exit !-----Third real server Router(config-slb-sfarm)# real 10.10.1.3 !-----Assigned weight of 24, not enabled Router(config-slb-real)# weight 24
Related Commands
|
Command |
Description |
|---|---|
|
real (server farm) |
Identifies a real server by IP address and optional port number as a member of a server farm and enters real server configuration mode. |
|
show ip slb reals |
Displays information about the real servers. |
|
show ip slb serverfarms |
Displays information about the server farm configuration. |