Home > Articles > Cisco Network Technology > General Networking > Cisco LAN Switching Configuration : Server Load Balancing (SLB)

Cisco LAN Switching Configuration : Server Load Balancing (SLB)

Contents

  1. 10-1: SLB
  2. 10-2: SLB Firewall Load Balancing
  3. 10-3: SLB Probes

Chapter Description

This chapter covers the steps required to load balance traffic to one or more server farms and firewall farms, and also explains the steps needed to define probes that test server and firewall farm functionality.

10-3: SLB Probes

  • Probes can be used to test for server or firewall connectivity and proper operation.
  • Probes can be defined to simulate requests for these protocols:

    • ICMP: Sends ICMP echo (ping) requests to a real server.
    • HTTP: Sends HTTP requests to a real server, using TCP port 80.
    • WSP: Requests and verifies the replies using Wireless Access Protocol (WAP), port 9201.
    • Telnet: Opens and closes a Telnet connection (TCP port 23) to a real server.
    • TCP: Establishes and resets TCP connections to a real server. This can be used to support any TCP port, including HTTPS or SSL, port 443.
    • FTP: Opens and closes an FTP connection (TCP ports 20 and 21) to a real server.
    • SMTP: Opens and closes an SMTP connection (TCP port 25) to a real server.
    • DNS: Sends requests to and verifies the replies from a real DNS server.

Configuration

  1. Define the probe:

    (global) ip slb probe name {ping | http | wsp}

    The probe is named name (text string up to 15 characters) and can be referenced by other SLB server and firewall farm commands. IOS SLB allows these probe types: ping (ICMP), http, or wsp (WAP port 9201). (Optional) Define the target address:

    (probe) address [ip-address]

    For a server farm, this command is not used. The ip-address used by the probe is inherited from each real server in the server farm. With IOS SLB, addresses are not inherited when the probe is used for a firewall farm. You must use this command to define the address of a target firewall.

  2. Set the probe behavior:

    1. (Optional) Set the time between probes:

      (probe) interval seconds

      Probes are sent toward the target at intervals of seconds (IOS SLB: 1 to 65,535 seconds; default 1 second; CSM: 5 to 65,535 seconds; default 120 seconds).

    2. (Optional) Define the criteria for a failure:

      (probe) faildetect retry-count

      With IOS SLB, a server or firewall is considered to have failed if retry-count (1 to 255; default 10) consecutive ping probes are unanswered. With a CSM, the target has failed if retry-count (0 to 65,535; default 3) probes of any type are unanswered.

  3. (Optional; HTTP probe only) Define the HTTP probe operation:

    1. (Optional) Set the port number:

      (probe) port port-number

      Usually, an HTTP probe uses port-number 80. If the port-number is unspecified, however, it is inherited from the virtual server. For a firewall probe, the port-number must be given (1 to 65,535). The target device must answer an HTTP request for the probe to work.

    2. (Optional) Define the HTTP probe method:

      (probe) request [method {get | post | head | name name}] [url path]

      The probe requests information from the server using the get (the default), post, head (request a header data type), or name (request the data named name) method. A URL can also be given, specifying the server path (text string URL; default /).

    3. (Optional) Specify the probe header information:

      (probe) header field-name [field-value]

      The probe header name is set to field-name (text string up to 15 characters), with a value of field-value. A colon is automatically inserted between the name and value. By default, the request contains these headers:

      Accept: */*
      Connection: close
      User-Agent: cisco-slb-probe/1.0
      Host: virtual-IP-address
    4. (Optional) Specify the HTTP authentication values:

      (probe) credentials username [password]

      If HTTP authentication is required, a username (text string, up to 15 characters) and a password (text string up to 15 characters) can be given for the probe.

    5. (Optional) Expect a specific status code to be returned:

      (probe) expect [status status-code] [regex regular-expression]

      A real server or a firewall is considered to have failed if it either does not respond to an HTTP probe or if it returns a status-code (100 to 599, default 200) other than the one specified. For firewalls, the status-code should be set to 401. For a CSM, the status code must be within the range min-number (default 0) and max-number (optional, default 999).

      With IOS SLB, you can also expect a regular expression along with the status code. Use the regex keyword and specify a regular-expression (text string, no default). Only the first 2920 bytes of the probe reply are searched for a match.

  4. (Optional; WSP probe only) Define the target URL:

    (probe) url [path]

    A URL can also be given, specifying the server path (text string URL; default /).

Displaying Information About SLB Probes

To display helpful configuration and status information about SLB probes, enter the following command:

(exec) show ip slb probe [name probe_name] [detail]