CSS 11000 Series: Device Configuration LAB€¦ · (.html, .gif, .cgi) ... Appliance Modular...
Transcript of CSS 11000 Series: Device Configuration LAB€¦ · (.html, .gif, .cgi) ... Appliance Modular...
1Technical Symposium2002:CSS Lab
CSS 11000 Series:
Device Configuration LABNick DiPietro
Ian Gallagher
Bill Kastelic
Louis Senecal
CSS 11000 Series:
Device Configuration LABNick DiPietro
Ian Gallagher
Bill Kastelic
Louis Senecal
222Technical Symposium2002:CSS Lab
Cisco Content SwitchingApplications
BronzeBronze
Gold
OverflowServers
InternetInternet
• Local Load Balancing= improved utilization and availability(servers, Firewalls, caches)
• User Prioritization= switch and stick by cookie(Silver, Gold, Platinum)
• Client Device Discrimination= switch and stick by client device(PC, PDA, wireless)
• Intelligent Content Positioning= switch by file type(.html, .gif, .cgi)
• Security Optimization= all of the above in SSL (HTTPS) environment
• Global Server Load Balancing= pick best site based on load and proximity(Tokyo, Paris, New York)
Silver
333Technical Symposium2002:CSS Lab
HostingSolution Engine
HostingSolution Engine
Data Center Load BalancingFor Internet and Intranet
Web Servers
ISP-1 ISP-2
Database Servers
PIX™
FirewallPIX™
Firewall
Secure ContentAccelerator
Content Switch Content Switch
Secure ContentAccelerator
444Technical Symposium2002:CSS Lab
CSS11500Management Options
• CLI
• Embedded device management GUI
• CiscoWorks 2000 CiscoView
• Hosting services engine
• SNMP, RMON, log files
• Programmatic management API
555Technical Symposium2002:CSS LabServers, CachesFirewalls, VPNs
Cisco Content Switching Product Line
Decision PointsCSS 11050 CSS 11503 CSM for
Catalyst® 6500
Standalone Standalone Standalone IntegratedAppliance Modular Modular Module
CSS 11506
Max density 1 GE, 8 FE 6 GE/2 GE,32 FE 12 GE/ 2 GE,80 FE 8-178 GE, 46-528 FE
Site activity/intensity Low Medium High Highest
Hardware scalability
Hardware redundancy No No Yes Yes
SSL acceleration External Internal Internal Future Blade
CS management
Session redundancy Future Yes Yes Yes
Layer 2/3 networking
Load balancing Servers, Caches, Firewalls
Form factor
666Technical Symposium2002:CSS Lab
CSS Software Session SpoofingCSS Software Session Spoofing
Internet or
Intranet
DATA DATA
200.20.30.100VIP=192.10.10.1
10.0.3.221
TCP SYN
ACK HTTP GET
TCP SYN ACK
Source IP 200.20.30.100Destination IP 192.10.10.1
TCP SYNTCP SYN ACK
Source IP 200.20.30.100Destination IP 10.0.3.221
Source IP 10.0.3.221Destination IP 200.20.30.100
Source IP 192.10.10.1Destination IP 200.20.30.100
Source IP 200.20.30.100Destination IP 192.10.10.1
Source IP 200.20.30.100Destination IP 10.0.3.221
Client WebServer
777Technical Symposium2002:CSS Lab
CSS Software File StructureCSS Software File Structure
C:/
Archive
startup-config
ap0310026 ap0302026 ap0310010 ap0400003
image/
core
log/script/
cli/startup-config
ap0400003
version build
release
888Technical Symposium2002:CSS Lab
Product Features
Server Load Balancing
Content Verification
HTTP Header Load Balancing
Sticky Connections
Support for Web Caching services
Domain Name Services
Network Proximity
HTTP Redirects
NAT Peering
999Technical Symposium2002:CSS Lab
Product Features (cont.)
Smart Content ReplicationReplication for dynamically scalable Web sitesReplication for distributing and updating content
RedundancyWeb Site SecurityFull command line interface (CLI)Embedded Device ManagementService Level Agreement support through:
MIBSNMPRMONLogging subsystem
101010Technical Symposium2002:CSS Lab
Command Line Interface (CLI)
ConsoleConnection
TelnetConnection
CSS1
CSS2
A line-oriented interface that has a set of commands for configuring, managing, and monitoring the CSS.
Accessed through a local console or Telnet connection
CS100#
111111Technical Symposium2002:CSS Lab
CLI Modes
CS100#
CS100(config)#
CS100>
Username:adminPassword: SuperUser Mode
User Mode
Global Configuration Mode
disable
configure exit or [Ctrl]z
enable(enter username and password)
Subordinate Configuration Modes
bootinterfacecircuit exit [Ctrl]z
.
.
.
Prompt reflects mode
121212Technical Symposium2002:CSS Lab
I C S O C
• Interfaces
• Circuits
• Services
• Owners
• Content Rules
Serviceswww_server1
ip address 10.1.1.1keepalive type httpkeepalive port 8001keepalive protocol tcpkeepalive uri “index.html”
www_server2ip address 10.1.1.2keepalive type httpkeepalive port 8001keepalive protocol tcpkeepalive uri “index.html”
Owneracme.com
content Layer5_rulevip address 192.1.1.1service www_server1service www_server2 balance roundrobinurl “/*”
xyz.comcontent Layer3_rule
vip address 192.1.1.2add service server1add service server 2
Interface 1/1bridge vlan 2
Circuit VLAN2ip address 192.1.1.254
Circuit VLAN1ip address 10.1.1.254
131313Technical Symposium2002:CSS Lab
ICSOC
• Interface
• Circuit
• Service
• Owner
• Content
141414Technical Symposium2002:CSS Lab
Interfaces, VLANs, and Circuits
IPForwarding
(Layer3)
CircuitIP Interfacefor VLAN1
CircuitIP Interfacefor VLAN2
Interface Ethernet-1Interface Ethernet-2
Interface Ethernet-3Interface Ethernet-4
Interface Ethernet-5Interface Ethernet-6
VLAN1
BridgingDomainvlan 1
158.3.7.58
10.3.6.60
Interface Ethernet-7Interface Ethernet-8
Interface Ethernet-9Interface Ethernet-10
Interface Ethernet-11Interface Ethernet-12
VLAN2
BridgingDomainvlan 2
151515Technical Symposium2002:CSS Lab
161616Technical Symposium2002:CSS Lab
CLILab01-a
•version
•sh installed-software
•sh running
•sh startup
•copy running startup
•configure terminal
•archive
•restore
Shutdown
sh boot-config
sh profile
sh alias
sh chassis
171717Technical Symposium2002:CSS Lab
Interface & CircuitLab01-b
!************************** GLOBAL ***************************
!************************* INTERFACE *************************interface e1
bridge vlan 100Interface e5
bridge vlan 10P Interface e6
bridge vlan 10P Interface e7
bridge vlan 10P Interface e8
bridge vlan 10P
!************************** CIRCUIT **************************circuit VLAN100
ip address 10.1.P.254 255.255.255.0
circuit VLAN10P
ip address 192.168.P.254 255.255.255.
P=POD Number
•sh phy
•sh circuit
•sh ip route
•sh ip config
•sh ip statistics
•sh interface
•sh arp
•ping
181818Technical Symposium2002:CSS Lab
ICSOC
• Interface
• Circuit
• Service
• Owner
• Content
191919Technical Symposium2002:CSS Lab
Service Overview
• A service is a destination location where a piece of content resides
• A service is created first and then added to content rules
• The service is identified by a name that can be associated by anIP address, and optionally, a protocol and port number
www.dogs.com
RASRAS
www.cats.com10.0.3.224 10.0.3.223 10.0.3.222 10.0.3.221
VIP=192.10.10.1
10.0.3.225
202020Technical Symposium2002:CSS Lab
Service Configuration
Configuring Server1:• CS100(config)# service Server1• CS100(config-service)[Server1]# type local• CS100(config-service)[Server1]# ip address 10.0.3.221• CS100(config-service)[Server1]# port 81• CS100(config-service)[Server1]# protocol tcp• CS100(config-service)[Server1]# max connections 10• CS100(config-service)[Server1]# weight 1• CS100(config-service)[Server1]# active
RASRAS
10.0.3.221
VIP=192.10.10.1
212121Technical Symposium2002:CSS Lab
Service Configuration (cont.)
Configuring Server1:• CS100(config)# service Server1
• CS100(config-service)[Server1]# suspend
• CS100(config-service)[Server1]# exit
• CS100(config)# no service Server1
RASRAS
10.0.3.221
VIP=192.10.10.1
222222Technical Symposium2002:CSS Lab
Service KeepaliveService Keepalive
• keepalive frequency
• keepalive maxfailure
• keepalive retryperiod
• keepalive port
• keepalive type
• keepalive method
• keepalive uri
Keepalive Default ping
RASRAS
10.0.3.221
VIP=192.10.10.1
232323Technical Symposium2002:CSS Lab
Displaying a Service
• The show service command enables you to display information for a specific service or all services currently configured.
• The show service-summary command displays just summary information for each service.
• The show service command displays the following information:
CS100# show service
Name: Server1 Index: 0 State: ALIVE
Type: Local
Rule ( 10.0.3.210 TCP 81 )
Keepalive: (HEAD:HTTP:/index.html 5 3 5 )
State Transitions: 1
Connections: 0 Max Connections: 0
Weight: 1 Avg Load: 254 Long Load: 0
Mtu 1500 QOS Avg Min Rate: 14400 QOS Min BW: 100000000
242424Technical Symposium2002:CSS Lab
Service LabLab02-Section 1
•sh service
•sh service summary
•sh keepalive
•sh keepalive-summary
•monitor “show service summary”
252525Technical Symposium2002:CSS Lab
ICSOC
• Interface
• Circuit
• Service
• Owner
• Content
262626Technical Symposium2002:CSS Lab
Owner Overview
• Owner = www.cisco.com
• The Owner allows for partitioning of content rules
• Content Rules are always configured under an Owner
• Can specify Owner case sensitivity
• Can specify Owner Address, Billing Information, and Email Address
www.dogs.com
RASRASVIP=192.10.10.1
Server3 Server2 Server110.0.3.223 10.0.3.222 10.0.3.221
272727Technical Symposium2002:CSS Lab
Owner Configuration
• When creating an owner, you may want to use the owner’s DNS namefor clarity:
CS100(config)# owner cisco.com
A service type local designates the service for local load balancing. Other options are proxy-cache, transparent-cache, and redirect.
When you create the owner, the CLI drops you into owner mode: CS100(config-owner[cisco.com])#
282828Technical Symposium2002:CSS Lab
Displaying an Owner
• The show owner command enables you to display information for a specific owner or all services currently configured.
• The show owner command displays the following information:
CS100# show owner cisco.comOwner Configuration:
Name : cisco.com
Billing Info: finance
Address: 235 Littleton Rd. Westford, MA 01886
Email Address: [email protected]
DNS Policy: none
Case Matching: insensitive
292929Technical Symposium2002:CSS Lab
Content Rule Overview
• Describes what content is accessible by visitors to the web site
• Describes how content is mirrored and load balanced to multiple services
• Translates the Owner VIP address using Network Address Translation (NAT) to the service’s IP address and port
• Checks for available services that match the content request
Request to 192.10.10.1www.dogs.com
NAT and Load balanced to 10.0.3.221
www.dogs.com
RASRAS
Server3 Server2 Server110.0.3.223 10.0.3.222 10.0.3.221
VIP=192.10.10.1
303030Technical Symposium2002:CSS Lab
Content Rule Overview
• An content rule is a hierarchical rule set containing individual rules that describe which content is accessible by visitors to the web site, how the content is mirrored, on which server the content resides, and how the CSS should process requests for the content.
• When a request for content is made, the CSS:
Uses the owner content rule to translate the owner Virtual IP Address (VIP) using Network Address Translation to the corresponding service IP address and port.
Checks for available services that match the content request.
Uses the content rule to choose which service can best process the request for content.
Applies all content rules to service the request for content (for example, load balancing method, redirects, failover, sticky, cookies)
313131Technical Symposium2002:CSS Lab
Creating Content Rules
• The CSS uses content rules to determine:
Where the content physically resides, whether local or remote.
Where to direct the request for content (which service or services).
Which load balancing method to use.
• The types of content rule are as follows:
A layer 3 content rule implies source IP address of the host or network.
A layer 4 content rule implies a combination of source IP address and port.
A layer 5 content rule implies a combination of source IP address, port, and URL that may contain an HTTP cookie.
323232Technical Symposium2002:CSS Lab
Assigning Content Rules
• To assign a content rule to an owner, use the content command. You assign content rules to an owner by creating the content rule in the mode for that owner.
• The following example creates a content rule named layer3 and assigns it to the owner cisco.com:
CS100(config-owner[cisco.com])# content layer3
• Once you assign a content rule to an owner, the CLI prompt changes to reflect the specific owner and content rule mode:
CS100(config-owner[cisco.com-layer3])#
From here, the content rule can be entered.
• To remove an existing content rule from an owner, issue the no content command from owner mode:
CS100{config-owner[cisco.com])# no content layer3
333333Technical Symposium2002:CSS Lab
Basic Content Rule Config
• To configure a Layer 3 content rule, enter the following from the owner mode:
(config-owner[cisco.com-layer3]# vip address 192.168.11.5
Configure a Virtual IP address for the owner content.
(config-owner[cisco.com-layer3]# balance aca
Specify a load balancing type
(config-owner[cisco.com-layer3]# add service serv1
(config-owner[cisco.com-layer3]# add service serv2
Add previously configured services to the content rule.
(config-owner[cisco.com-layer3]# active
Activates the content rule.
• This rule load balances based on VIP only.
• Only traffic destined for VIP address will get load balanced.
343434Technical Symposium2002:CSS Lab
Owner and Content RuleLab02 Section 2,3 and 4
•sh service
•sh service summary
•sh rule
•sh rule-summary
•sh summary
•monitor “show summary”
353535Technical Symposium2002:CSS Lab
Load Balancing Categories
• General Load Balancing
• Advanced Load Balancing (sticky)
363636Technical Symposium2002:CSS Lab
Server Load Balancing
• To specify the load balancing algorithm for a content rule, use the balance command available in content configuration mode:
balance aca - ArrowPoint Content Awareness algorithm. The CSS uses the normalized response time from client to server to determine the load on each service. ACA balances the traffic over the services based on load.
balance roundrobin - Round-robin algorithm (default)
balance weightedrr - Weighted round-robin load balancing. The CSS uses round-robin but weighs some services more heavily than others. You can configure the weight if a service when you add it to this rule.
balance leastconn - Least connections load balancing. The CSS chooses a running service that has the least number of connections.
373737Technical Symposium2002:CSS Lab
General PurposeLoad Balancing Algorithms
• Round Robin
• Weighted Round Robin
• Least Connections
• ACA
• Weighted ACA
383838Technical Symposium2002:CSS Lab
Round Robin
Server3Server2Server1
Flow 1,4...
Flow 2,5Flow3,6
content rule1vip address 192.10.10.1balance roundrobinadd service server1add service server2add service server3active
393939Technical Symposium2002:CSS Lab
Weighted Round Robin
Server3Server2Server1
content rule1vip address 192.10.10.1balance weightedrradd service server1 weight 3add service server2 weight 2add service server3 weight 1
Flow 1,2,3
Flow 4,5Flow 6
404040Technical Symposium2002:CSS Lab
Least Connections
Content Smart Switch keeps track of current connections to servers and serves requests to server with the least number of connections
Services:Name: serv1 Index: 0 State: ALIVEType: LocalRule ( 10.0.3.210 TCP 80 )Keepalive: (ICMP 5 3 5 )State Transitions: 0Connections: 2 Max Connections: 0
Name: serv2 Index: 1 State: ALIVEType: LocalRule ( 10.0.3.211 TCP 80 )Keepalive: (ICMP 5 3 5 )State Transitions: 0Connections: 0 Max Connections: 0
414141Technical Symposium2002:CSS Lab
• Arrowpoint Content Awareness algorithm
• Load balances servers based on normalized flowattributes calculated at flow tear down time
• Manages dynamic unpredictable server load andperformance
• Periodically calculates server load and dynamicallybalances more flows to fastest servers
• Prunes slow servers from eligible list
ACA Load BalancingACA Load Balancing
424242Technical Symposium2002:CSS Lab
• Load step msec dynamic - (10msec default) dynamicor static
• Load threshold - (254 default) is the maximum LoadNumber for service eligibility
• Load reporting - enable or disable
• Load teardown-timer seconds - (20 seconds default)
• Load ageout-timer seconds - (60 seconds default) Intervalto bring back removed services. Resets load to 2.
ACA ParametersACA Parameters
434343Technical Symposium2002:CSS Lab
ACA Load Calculation
Load response for 3 servers:Server Name Normalized Response
serverA 100msserverB 1100msserverC 120ms
2
254
Loads with load step-sizeequal to 10ms.
serverA->
serverC-> 4
serverB-> 102
130
2
130
254
serverA&serverC->
serverB-> 12
255255
Load with load step size equal to 100ms
Load Calculation Formula
Fastest Server Assigned = 2
Loadsx=resp sx - resp_fastest sx
+2load step
444444Technical Symposium2002:CSS Lab
Show Load
CS100(config)# show loadGlobal load information:
Step Size:Dynamic Configured:10 Actual:10Threshold:254 Ageout timer:60
Service load information:Load Number for Load Number for
Service Name Short Lived Flows Long Lived Flows--------------------------------------------------------------------serv1 2 2serv2 2 2serv3 10 12serv4 254 254
454545Technical Symposium2002:CSS Lab
Configuring Basic L7 Server Load BalancingLab03
•sh service
•sh service summary
•sh rule
•sh rule-summary
•sh summary
•monitor “show summary”
464646Technical Symposium2002:CSS Lab
Advanced Load Balancing Algorithms (sticky)
“Sticky” refers to when a load balancing algorithm sticks a client to a specific server based on certain credentials
advanced-balance sticky-srcip
advanced-balance sticky-srcip-dstport
advanced-balance cookies
advanced-balance url
advanced-balance cookieurl
advanced-balance arrowpoint-cookie
advanced-balance ssl
474747Technical Symposium2002:CSS Lab
Sticky IP
• advanced-balance sticky-srcipContent Smart Switch “sticks” a client to a server based on the client’s source IP address
Available Layer 3, 4, and 5 content rules
Referred to as Layer 3 Sticky
• advanced-balance sticky-srcip dstportContent Smart Switch “sticks” a client to a server based on the client’s source IP address and destination port
Available Layer 4, and 5 content rules
Referred to as Layer 4 Sticky
484848Technical Symposium2002:CSS Lab
Sticky-Mask
• Sticky Mask, masks a group of client ip addresses to preserve the client connection state
• Reduces entries in sticky table (32k Entries Max)
• Mask 255.255.255.0 would provide a single sticky entry for ip addresses with
the 1st 3 octets of ip address in common
Server
IBM CompatibleIBM Compatible
RASRAS
Remote client addresses200.20.30.1 - 200.20.30.254
Sticky mask255.255.255.0
494949Technical Symposium2002:CSS Lab
Sticky Cookie
• advanced-balance cookie
• Sticking on the Server that issued the cookie
• Content Smart Switch “sticks” a client to a server based on the cookie that the client sends
• Additional string tools
• Cookie configured for server
• Does not use sticky table
Server1
IBM Compatible
RASRAS
HTTP get
HTTP response cookie: server1;
HTTP get cookie: server1;
service server1ip address 10.0.3.221string server1active
10.0.3.221
content sticky-cookievip address 192.10.10.1url “/*”advanced- balance cookieadd service server1active
vip 192.10.10.1
505050Technical Symposium2002:CSS Lab
Sticky URL
• advanced-balanced url
• Enables the content rule to stick a client to a server based on a configured string found in the URL of the HTTP request.
• You can use this option with a Layer 5 HTTP content rule.
• This does not use the sticky table
Server1
IBM Compatible
RASRAS
10.0.3.221
vip 192.10.10.1
HTTP get http//www.dogs.com/spaniels
service server1ip address 10.0.3.221string spanielsactive
content sticky-cookievip address 192.10.10.1url “/*”advanced- balance urladd service server1active
515151Technical Symposium2002:CSS Lab
Sticky cookieurl
• Cookieurl provides a primary and fallback mechanism
• First try to match the string found in the service cookie
• If no cookie match found it will go to the
parameters (url extensions) that follows
• Cookieurl does not use the sticky table
Server1
IBM Compatible
RASRAS
10.0.3.221
vip 192.10.10.1
http//www.dogs.com/spaniels/products.jsp?ID=1007
service server1ip address 10.0.3.221string ID=1007active
content sticky-cookieurlvip address 192.10.10.1url “/*”advanced- balance cookieurladd service server1active
525252Technical Symposium2002:CSS Lab
Sticky SSL
• Enables the content rule to stick the client to the server basedon the SSL version 3 session ID
• If no session ID is present, the CSS uses the source IP address and destination port to maintain stickiness
• Sticky SSL does use the sticky table
535353Technical Symposium2002:CSS Lab
Sticky ArrowPoint Cookie
• Web applications do not need to be modified
• The CSS sets the cookie
• IP address of service can be configured to where the client will be stuck
• Expiration of the cookie can be configured
• Pre determine the path the cookie will use
Server1
IBM Compatible
RASRAS
10.0.3.221
vip 192.10.10.1
http//www.dogs.com/
service server1ip address 10.0.3.221string server1active
content arrowpointvip address 192.10.10.1url “/*”advanced- balance arrwowpoint-cookieadd service server1active
545454Technical Symposium2002:CSS Lab
Configuring Advanced L7 Server Load BalancingLab04
•sh service
•sh service summary
•sh rule
•sh rule-summary
•sh summary
•monitor “show summary”
555555Technical Symposium2002:CSS Lab 555555© 2002, Cisco Systems, Inc. All rights reserved.4515_03_2002_c1
565656Technical Symposium2002:CSS Lab
Overview ArrowPoint Cookie
• When a client makes a request that matches on a Content Rule that is configured to use the ArrowPoint Cookie, the CSS will set a cookie and redirect the client's request back to the site by using meta-tags. Each service will have a unique string configured to use for matching a client's requests to a particular server that will be included in the ArrowPoint Cookie. If no string is configured, the CSS will use the service’s IP address.
575757Technical Symposium2002:CSS Lab
Configuring the ArrowPoint Cookie
•arrowpoint-cookie
Assigns the cookie expiration
Assigns the cookie path
Assign string for each service in the content rule
Assigned in the content mode
585858Technical Symposium2002:CSS Lab
Configuring the ArrowPoint Cookie (cont.)
•Example:
•CSS11050 (config-owner-content [cisco-R1] )#
•arrowpoint-cookie expiration 08:04:02:08
•CSS11050 (config-owner-content [cisco-R1) #
•arrowpoint-cookie path “/cgi-bin/”
•CSS11050 (config-service [server1] )#
• string server1
595959Technical Symposium2002:CSS Lab
Configure Advanced Balance ArrowPoint Cookie
•advanced-balance arrowpoint-cookie
Enables the content rule to stick the client to the server
Assigned in the content mode
•Example:
•CSS11050 (config-owner-content [cisco-R1] ) #
•advanced-balance arrowpoint-cookie
606060Technical Symposium2002:CSS Lab
Sticky Serverdown Failover
• Use the sticky-serverdown-failover command to define what will happen when a sticky string is found, but the associated service has failed or is suspended.
• The sticky failover default method is for the CSS to use the configured load balancing method.
616161Technical Symposium2002:CSS Lab
Sticky Serverdown Failover
• sticky-serverdown-failover balanceSet the failover method to use a service based on the configured load balancing method.
• sticky-serverdown-failover redirectSet the failover method to use a service based on the currently configured redirect string. If a redirect string is not configured, the load balancing method is used.
• sticky-serverdown-failover rejectReject the content request.
• sticky-serverdown-failover sticky-srcipSet the failover method to use a service based on the client source IP address.
• sticky-serverdown-failover sticky-srcip-dstportSet the failover method to use a service based on the client source IP address and the server destination port.
626262Technical Symposium2002:CSS Lab
Stickyshow rule
Advanced Balance: cookiesSticky Mask: 255.255.255.255Sticky Group: 0Sticky Server Down Failover: BalanceString Match Criteria:String Range: 1 - 100String Prefix: "UID="String Eos-Char: ";" String Ascii-Conversion: EnabledString Skip-Len: 3 String Process-Len: 0String Operation: Match-Service-Cookie
636363Technical Symposium2002:CSS Lab
Caching Balance Methods
• balance domainhash/urlhash
Hashes host tag or url and load balances based on hash value.
• balance url
Uses the first 3 characters of the URL
• balance domain
Uses the first 3 characters of the domain from the host tag
646464Technical Symposium2002:CSS Lab
Caching Balance Methods
• balance srcipUses source ip address
• balance destipUses destination ip address
• params bypassAutomatic bypass of transparent cache
Based on a char of ? or # after url for L5 rules
This is a command in a content rule - disable is the default
656565Technical Symposium2002:CSS Lab
Cache Service Failover
• failover bypass
Bypass and send to the origin server
• failover linear
Distribute evenly over remaining servers
• failover next
Send the request to the next service based on configuration order
666666Technical Symposium2002:CSS Lab
Source Groups
• A Source Group is a collection of local servers that initiate flows from within the local web farm.
• The CSS lets you treat a group as a virtual server with its own source IP address, typically matching the inbound VIP.
• NATs private address of servers to Internet routable public addresses (VIP).
676767Technical Symposium2002:CSS Lab
Configuring Source Groups
• To configure source groups, use the following syntax:
CS100(config)# group Training
Training is the name of the newly created group
CS100(config-group[Training])# ip address 208.208.4.15
Virtual IP address of outbound connections. Same address as
inbound VIP
To connect to Internet, must be routable address.
CS100(config-group[Training])# add service training222
Adds corresponding service to each source group.
NOTE: A service may be assigned to only ONE source group.
CS100(config-group[Training])# active
Make the service active enable outbound connections.