Cisco catalyst 6500 series, catalyst 6000 series Configuration Note

Catalyst 6500 Series Content Switching Module Configuration Note

Software Release 3.2(1) September, 2003

Corporate Headquarters

Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 526-4100

Text Part Number: OL-4612-01

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL

C i C E N P t

A b

STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The following inform ation is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be required to correct the interference at their own expense.

The following information is for FCC compliance of Class B devices: The equipment described in this manual generates and may radiate radio-frequency energy. If it is not installed in accordance with Cisco’s installation instructions, it may cause interference with radio and television reception. This equipment has been tested and found to comply with the limits for a Class B digital device in accordance with the specifications in part 15 of the FCC rules. These specifications are designed to provide reasonable protection against such interference in a residential installation. However, there is no guarantee that interference will not occur in a particular installation.

Modifying the equipment without Cisco’s written authorization may result in the equipment no longer complying with FCC requirements for Class A or Class B digital devices. In that event, your right to use the equipment may be limited by FCC regulations, and you may be required to correct any interference to radio or television communications at your own expense.

You can determine whether your equipment is causing interference by turning it off. If the interference stops, it was probably caused by the Cisco equipment or one of its peripheral devices. If the equipment causes interference to radio or television reception, try to correct the interference by using one or more of the following measures:

• Turn the television or radio antenna until the interference stops.

• Move the equipment to one side or the other of the television or radio.

• Move the equipment farther away from the television or radio.

• Plug the equipment into an outlet that is on a different circuit from the television or radio. (That is, make certain the equipment and the television or radio are on circuits controlled by different circuit breakers or fuses.)

Modifications to this product not authorized by Cisco Systems, Inc. could void the FCC approval and negate your authority to operate the product.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES

CSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and

Quick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco

ertified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, nterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ et Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Pac k et , PIX, Post-Routing, Pre-Routing,

roConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StrataView Plus, TeleRouter, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered

rademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

ll other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship

etween Cisco and any other company. (0502R)

Catalyst 6500 Series Content Switching Module Configuration Note

Software License Agreement

THIS AGREEMENT IS AVAILABLE IN LANGUAGES OTHER THAN ENGLISH; PLEASE SEE YOUR CISCO SYSTEMS, INC. (“CISCO”) RESELLER OR VISIT OUR WEBSITE AT WWW.CISCO.COM. PLEASE READ THIS SOFTWARE LICENSE AGREEMENT CAREFULLY BEFORE DOWNLOADING, INSTALLING OR USING CISCO OR CISCO-SUPPLIED SOFTWARE. BY DOWNLOADING OR INSTALLING THE SOFTWARE, OR USING THE EQUIPMENT THAT CONTAINS THIS SOFTWARE, YOU ARE CONSENTING TO BE BOUND BY THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, THEN (A) DO NOT DOWNLOAD, INSTALL OR USE THE SOFTWARE, AND (B) YOU MAY RETURN THE SOFTWARE FOR A FULL REFUND, OR, IF THE SOFTWARE IS SUPPLIED AS PART OF ANOTHER PRODUCT, YOU MAY RETURN THE ENTIRE PRODUCT FOR A FULL REFUND. YOUR RIGHT TO RETURN AND REFUND EXPIRES 30 DAYS AFTER PURCHASE FROM CISCO OR AN AUTHORIZED CISCO RESELLER, AND APPLIES ONLY IF YOU ARE THE ORIGINAL PURCHASER. The following terms govern your use of the Software except to the extent a particular program (a) is the subject of a separat e written agreement with Cisco or (b) includes a separate “click-on” license agreement as part of the installation process. License. Subject to the terms and conditions of and except as otherwise provided in this Agreement, Cisco Systems, Inc. (“Cisco”) and its suppliers grant to Custo mer (“Customer”) a nonexclusive and nontransferable license to use the specific Cisco program modules, feature se t(s) or feature(s) for which Customer has paid the required license fees (the “Software”), in object code form only. In addition, the foregoing license shall also be subject to each of the following limitations:

• Unless otherwise expressly provided in the documentation, Customer shall use the Software solely as embedded in, for execution on, or (where the applicable documentation permits installation on non-Cisco equipment) for communication with Cisco equipment owned or leased by Customer;

• Customer’s use of the Software shall be limited to use on a single hardware chassis, on a single central processing unit, as applicable, or use on such greater number of chassis or central processing units as Customer may have paid Cisco the required license fee; and

• Customer’s use of the Software shall also be limited as applicable to the number of issued and outstanding IP addresses, central processing unit performance, number of ports, and any other restrictions set forth in Cisco’s product catalog for the Software.

NOTE: For evaluation or beta copies for which Cisco does not charge a license fee, the above requirement to pay a license fee does not apply. General Limitations. Except as otherwise expressly provided under this Agreement, Custo mer shall have no right, and Customer specifically agrees not to: (i) transfer, assign or sublicense

its license rights to any other person, or use the Software on unauthorized or secondhand Cisco equipment, and any such attempted transfer, assignment or sublicense shall be void; (i i) make error corrections to or otherwise modify or adapt the Software or create derivative works based upon the Software, or to permit third parties to do the same ; or (iii) decompile, decrypt, reverse engineer, disassemble or otherwise reduce the Software to human-readable form to gain access t o trade secrets or confidential information in the Software. To the extent required by law, at Customer’s request, Cisco shall provide Customer with the interface information needed to achieve interoperability between the Software and another independently created program, on payment of Cisco’s applicable fee. Customer shall observe strict obligations of confidentiality with respect to such information. Upgrades and Additional Copies. For purposes of this Agreement, “Software” shall include (and the terms and conditions of this Agreement shall apply to) any upgrades, updates, bug fixes or modified versions (collectively, “Upgrades”) or backup copies of the Software licensed or provided to Customer by Cisco or an authorized distributor for which Customer has paid the applicable license fees. NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT: (1) CUSTOMER HAS NO LICENSE OR RIGHT TO USE ANY SUCH ADDITIONAL COPIES OR UPGRADES UNLESS CUSTOMER, AT THE TIME OF ACQUIRING SUCH COPY OR UPGRADE, ALREADY HOLDS A VALID LICENSE TO THE ORIGINAL SOFTWARE AND HAS PAID THE APPLICABLE FEE FOR THE UPGRADE; (2) U SE OF UPGRADES IS LIMITED TO CISCO EQUIPMENT FOR WHICH CUSTOMER IS THE ORIGINAL END USER PURCHASER OR LESSEE OR WHO OTHERWISE HOLDS A VALID LICENSE TO USE THE SOFTWARE WHICH IS BEING UPGRADED; AND (3) USE OF ADDITIONAL COPIES IS LIMITED TO BACKUP PURPOSES ONLY. Proprietary Notices. Customer agrees to maintain and reproduce all copyright and other proprietary notices on all copies, in any form, of the Software in the same form and manner that such copyright and other proprietary notices are included on the Software. Except as expressly authorized in this Agreement, Customer shall not make any copies or duplicates or any Software without the prior written permission of Cisco. Customer may make such backup cop ies of the Software as may be necessary for Customer’s lawful use, provided Customer affixes to such copies all copyright, confidentiality, and proprietary notices that appear on the original. Protection of Information. Customer agrees that aspects of the Software and associated documentation, including the specific design and structure of individual programs, constitute trade secrets and/or copyrighted material of Cisco. Customer shall not disclose, provide, or otherwise make available such trade secrets or copyrighted material in any form to any third party without the prior written consent of Cisco. Customer shall implement reas onable security measures to protect such trade secrets and copyrighted material. Title to Software and documentation shall remain solely with Cisco. Limited Warranty. If Customer obtained the Software directly from Cisco, then Cisco warrants that during the Warranty Period (as defined below): (i) the media on which the Software is furnished will be free of defects in materials and workmanship under normal use; and (ii) the Software will substantially conform to its published specifications. The “Warranty Period means a period beginning on the date of Customer’s receipt of the Software and ending on the later of (a) ninety (90) days from the date of initial shipment of the Software by Cisco, or (b) the end of the minimum period required by the law of the applicable jurisdiction. In addition, Cisco may provide an additional limited Year 2000 warranty for the Software; information regarding this warranty and its applicability to the Software may be found at the web site address www.cisco.com/warp/public/779/smbiz/service/y2k/y2k_comp.htm. The limited warranties extend only to Customer as the original licensee. Customer's sole and exclusive remedy and the entire liability of Cisco and its suppliers under these limited warranties will be, at Cisco or its service center's option, repair, replacement, or refund of the Software if reported (or, upon request, returned) to Cisco or its designee. Except as expressly granted in this Agreement, the Software is provided AS IS. Cisco does not warrant that the Software is error free or that C ustomer will be able to operate the Software with out problems or interruptions. In addition, due to the continual development of new techniques for intruding upon and attacking networks, Cisco does not warrant that the Software or any equipment, system or network on which the Software is used will be free of vulnerability to intrusion or attack. This warranty does not apply if the Software (a) is licensed for beta, evaluation, testing or demonstration purposes for which Cisco does not receive a license fee, (b) has been altered, except by Cisco, (c) has not been installed, operated, repaired, or maintained in accordance with instructions supplied by Cisco, (d) has been subjected to abnormal physical or electrical stress, misuse, negligence, or accident, or (e) is used in ultrahazardous activities. If Customer obtained the Software from a Cisco reseller, the terms of any warranty shall be as provided by such distributor, and Cisco provides Customer no warranty with respect to such Software. Disclaimer of Warranties. EXCEPT AS SPECIFIED IN THIS WARRANTY, ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OR CONDITION OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, SATISFACTORY QUALITY OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE, ARE HEREBY EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE LAW. TO THE EXTENT AN IMPLIED WARRANTY CANNOT BE EXCLUDED, SUCH WARRANTY IS LIMITED IN DURATION TO THE WARRANTY PERIOD. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY LASTS, THE ABOVE LIMITATION MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, AND YOU MAY ALSO HAVE OTHER RIGHTS WHICH VARY FROM JURISDICTION TO JURISDICTION. Disclaimer of Liabilities. IN NO EVENT WILL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY LOST REVENUE, PROFIT, OR DATA, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL, OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY ARISING OUT OF THE USE OF OR INABILITY TO USE THE SOFTWARE EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. In no event shall Cisco's or its suppliers' liability to Customer, whether in contract, tort (including negligence), or otherwise, exceed the price paid by Cus tomer. The foregoing limitations shall apply even if the above-stated warranty fails of its essential purpose. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATION OR EXCLUSION OF CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO YOU. Term and Termination. This Agreement is effective until terminated. Customer may terminate this Agreement at any time by destroying all copies of Software including any documentation. Customer’s license rights under this Agreement will termin ate immediately without notice from Cisco if Customer fails to comply with any provision of this Agreement. Upon termination, Customer must destroy all copies of Software in its possession or control. Customer Records. Customer grants to Cisco and its i ndependent accountants the right to examine Customer’s books, records and accounts during Customer’s normal business hours to verify compliance with this Agreement.In the event such audit discloses non-compliance with this Agreement, Customer shall promptly pay to Cisco the appropriate licensee fees. Export. Software, including technical data, may be subject to U.S. export control laws, including the U.S. Export Administration Act and its associated regulations, and may be subject to export or import regulations in other countries. Customer agrees to comply strictly with all such regulations and acknowledges that it has the responsibility to obtain licenses to export, re-export, or import Software.

Restricted Rights. Cisco’s commercial software and commercial computer software docum entation is provided to United States Government agencies in accordance with the terms of this Agreement, and per subparagraph “(c)” of the “Commercial Computer Software - Restricted Rights” clause at FAR 52.227-19 (June 1987). For DOD agencies, the restrictions set forth in the “Technical Data-Commercial Items” clause at DFARS 252.227-7015 (Nov 1995) shall also apply. General. This Agreement shall be governed by and construed in accordance with the laws of the State of California, United States of America, as if performed wholly within the state and without giving effect to the principles of conflict of law. If any portion hereof is found to be void or unenforceable, the remaining provisions of this Agreement shall remain in full force a nd effect. Cisco hereby specifically disclaims the UN Convention on Contracts for the International Sale of Goods. Except as expressly provided herein, this Agreement constitutes the entire agreement between the parties with respect to the license of the Software and supercedes any conflicting or additional terms contained in the purchase order.

Preface xi

Audience xi

Organization xi

Conventions xii

Safety Overview xiv

Preface

This preface describes who should read the Catalyst 6500 Series Content Switching Module Installation and Configuration Note, how it is organized, and its document conventions.

Note Except where specifically differentiated, the term “Catalyst 6500 series switches” includes both Catalyst

6500 series and Catalyst 6000 series switches.

This publication does not contain the instructions to install the Catalyst 6500 series switch chassis. For information on installing the switch chassis, refer to the Catalyst 6500 Series Switch Installation Guide.

Note For translations of the warnings in this publication, see the “Safety Overview” section on page xiv.

Audience

Only trained and qualified service personnel (as defined in IEC 60950 and AS/NZS3260) should install, replace, or service the equipment described in this publication.

Organization

This publication is organized as follows:

Chapter Title Description

Chapter 1 Product Overview Presents an overview of the Catalyst 6500 series Content

Switching Module (CSM).

Chapter 2 Networking with the Content Switching Module Describes how the CSM operates on a network.

Chapter 3 Getting Started Provides quick start guide to content switching on the

CSM.

Chapter 4 Configuring VLANs Describes how to set up client and server VLANs for the

CSM.

Chapter 5 Configuring Real Servers and Server Farms Describes how to configure load balancing on the CSM.

Chapter 6 Configuring Virtual Servers, Maps, and Policies Describes how to configure health monitoring on the CSM.

OL-4612-01

Catalyst 6500 Series Content Switching Module Configuration Note

Preface

Conventions

Chapter Title Description

Chapter 7 Configuring Redundant Connections Describes how to configure fault tolerance, HSRP,

connection redundancy, and hitless upgrades.

Chapter 8 Configuring Additional Features and Options Describes how to configure sticky groups and route health

injection (RHI), Global Server Load Balancing (GSLB), and network management.

Chapter 9 Configuring Health Monitoring Describes how to configure and monitor the health of

servers and server farms.

Chapter 10 Configuring CSM Scripts Describes how to use Toolkit Command Language (TCL)

scripts to configure the CSM.

Chapter 11 Configuring Firewall Load Balancing Describes firewalls in a load-balancing configuration with

the CSM.

Appendix A Configuration Examples Lists sample CSM configurations.

Appendix B Troubleshooting and System Messages Provides troubleshooting information and lists system

messages.

Appendix C CSM XML Document Type Definition Lists CSM error messages with explanations about why

they occurred and actions required to correct the problem.

Conventions

This publication uses the following conventions:

Convention Description

boldface font Commands, command options, and keywords are in

boldface.

italic font Arguments for which you supply values are in italics.

[ ] Elements in square brackets are optional.

{ x | y | z } Alternative keywords are grouped in braces and

separated by vertical bars.

[ x | y | z ] Optional alternative keywords are grouped in brackets

and separated by vertical bars.

string A nonquoted set of characters. Do not use quotation

marks around the string or the string will include the quotation marks.

screen font Terminal sessions and information the system displays

are in

screen font.

boldface screen

Information you must enter is in boldface screen font.

font

italic screen font Arguments for which you supply values are in italic

screen font.

xii

Catalyst 6500 Series Content Switching Module Configuration Note

OL-4612-01

Preface

Conventions

Convention Description

^ The symbol ^ represents the key labeled Control—for

example, the key combination ^D in a screen display means hold down the Control key while you press the D key.

< > Nonprinting characters, such as passwords are in angle

brackets.

Notes use the following conventions:

Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the

publication.

Tips use the following conventions:

Tip Means the following information will help you solve a problem. The tips information might not be

troubleshooting or even an action, but it could be useful information, similar to a Timesaver.

Cautions use the following conventions:

Caution Means reader be careful. In this situation, you might do something that could result in equipment

damage or loss of data.

OL-4612-01

Catalyst 6500 Series Content Switching Module Configuration Note

xiii

Safety Overview

Safety warnings appear throughout this publication in procedures that, if performed incorrectly, may harm you. A warning symbol precedes each warning statement.

IMPORTANT SAFETY INSTRUCTIONS

Preface

Warning

Waarschuwing

Varoitus

This warning symbol means danger. You are in a situation that could cause bodily injury. Before you work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar with standard practices for preventing accidents. Use the statement number provided at the end of each warning to locate its translation in the translated safety warnings that accompanied this device.

SAVE THESE INSTRUCTIONS

BELANGRIJKE VEILIGHEIDSINSTRUCTIES

Dit waarschuwingssymbool betekent gevaar. U verkeert in een situatie die lichamelijk letsel kan veroorzaken. Voordat u aan enige apparatuur gaat werken, dient u zich bewust te zijn van de bij elektrische schakelingen betrokken risico's en dient u op de hoogte te zijn van de standaard praktijken om ongelukken te voorkomen. Gebruik het nummer van de verklaring onderaan de waarschuwing als u een vertaling van de waarschuwing die bij het apparaat wordt geleverd, wilt raadplegen.

BEWAAR DEZE INSTRUCTIES

TÄRKEITÄ TURVALLISUUSOHJEITA

Tämä varoitusmerkki merkitsee vaaraa. Tilanne voi aiheuttaa ruumiillisia vammoja. Ennen kuin käsittelet laitteistoa, huomioi sähköpiirien käsittelemiseen liittyvät riskit ja tutustu onnettomuuksien yleisiin ehkäisytapoihin. Turvallisuusvaroitusten käännökset löytyvät laitteen mukana toimitettujen käännettyjen turvallisuusvaroitusten joukosta varoitusten lopussa näkyvien lausuntonumeroiden avulla.

Statement 1071

xiv

SÄILYTÄ NÄMÄ OHJEET

Attention

Catalyst 6500 Series Content Switching Module Configuration Note

IMPORTANTES INFORMATIONS DE SÉCURITÉ

Ce symbole d'avertissement indique un danger. Vous vous trouvez dans une situation pouvant entraîner des blessures ou des dommages corporels. Avant de travailler sur un équipement, soyez conscient des dangers liés aux circuits électriques et familiarisez-vous avec les procédures couramment utilisées pour éviter les accidents. Pour prendre connaissance des traductions des avertissements figurant dans les consignes de sécurité traduites qui accompagnent cet appareil, référez-vous au numéro de l'instruction situé à la fin de chaque avertissement.

CONSERVEZ CES INFORMATIONS

OL-4612-01

Preface

Safety Overview

Warnung

Avvertenza

Advarsel

WICHTIGE SICHERHEITSHINWEISE

Dieses Warnsymbol bedeutet Gefahr. Sie befinden sich in einer Situation, die zu Verletzungen führen kann. Machen Sie sich vor der Arbeit mit Geräten mit den Gefahren elektrischer Schaltungen und den üblichen Verfahren zur Vorbeugung vor Unfällen vertraut. Suchen Sie mit der am Ende jeder Warnung angegebenen Anweisungsnummer nach der jeweiligen Übersetzung in den übersetzten Sicherheitshinweisen, die zusammen mit diesem Gerät ausgeliefert wurden.

BEWAHREN SIE DIESE HINWEISE GUT AUF.

IMPORTANTI ISTRUZIONI SULLA SICUREZZA

Questo simbolo di avvertenza indica un pericolo. La situazione potrebbe causare infortuni alle persone. Prima di intervenire su qualsiasi apparecchiatura, occorre essere al corrente dei pericoli relativi ai circuiti elettrici e conoscere le procedure standard per la prevenzione di incidenti. Utilizzare il numero di istruzione presente alla fine di ciascuna avvertenza per individuare le traduzioni delle avvertenze riportate in questo documento.

CONSERVARE QUESTE ISTRUZIONI

VIKTIGE SIKKERHETSINSTRUKSJONER

Dette advarselssymbolet betyr fare. Du er i en situasjon som kan føre til skade på person. Før du begynner å arbeide med noe av utstyret, må du være oppmerksom på farene forbundet med elektriske kretser, og kjenne til standardprosedyrer for å forhindre ulykker. Bruk nummeret i slutten av hver advarsel for å finne oversettelsen i de oversatte sikkerhetsadvarslene som fulgte med denne enheten.

Aviso

¡Advertencia!

TA VARE PÅ DISSE INSTRUKSJONENE

INSTRUÇÕES IMPORTANTES DE SEGURANÇA

Este símbolo de aviso significa perigo. Você está em uma situação que poderá ser causadora de lesões corporais. Antes de iniciar a utilização de qualquer equipamento, tenha conhecimento dos perigos envolvidos no manuseio de circuitos elétricos e familiarize-se com as práticas habituais de prevenção de acidentes. Utilize o número da instrução fornecido ao final de cada aviso para localizar sua tradução nos avisos de segurança traduzidos que acompanham este dispositivo.

GUARDE ESTAS INSTRUÇÕES

INSTRUCCIONES IMPORTANTES DE SEGURIDAD

Este símbolo de aviso indica peligro. Existe riesgo para su integridad física. Antes de manipular cualquier equipo, considere los riesgos de la corriente eléctrica y familiarícese con los procedimientos estándar de prevención de accidentes. Al final de cada advertencia encontrará el número que le ayudará a encontrar el texto traducido en el apartado de traducciones que acompaña a este dispositivo.

GUARDE ESTAS INSTRUCCIONES

OL-4612-01

Catalyst 6500 Series Content Switching Module Configuration Note

Safety Overview

Preface

Varning!

VIKTIGA SÄKERHETSANVISNINGAR

Denna varningssignal signalerar fara. Du befinner dig i en situation som kan leda till personskada. Innan du utför arbete på någon utrustning måste du vara medveten om farorna med elkretsar och känna till vanliga förfaranden för att förebygga olyckor. Använd det nummer som finns i slutet av varje varning för att hitta dess översättning i de översatta säkerhetsvarningar som medföljer denna anordning.

SPARA DESSA ANVISNINGAR

xvi

Catalyst 6500 Series Content Switching Module Configuration Note

OL-4612-01

Preface

Obtaining Documentation

Cisco provides several ways to obtain documentation, technical assistance, and other technical resources. These sections explain how to obtain technical information from Cisco Systems.

Cisco.com

You can access the most current Cisco documentation on the World Wide Web at this URL:

http://www.cisco.com/univercd/home/home.htm

You can access the Cisco website at this URL:

http://www.cisco.com

International Cisco websites can be accessed from this URL:

OL-4612-01

http://www.cisco.com/public/countries_languages.shtml

Catalyst 6500 Series Content Switching Module Configuration Note

xvii

Obtaining Technical Assistance

Documentation CD-ROM

Cisco documentation and additional literature are available in a Cisco Documentation CD-ROM package, which may have shipped with your product. The Documentation CD-ROM is updated regularly and may be more current than printed documentation. The CD-ROM package is available as a single unit or through an annual or quarterly subscription.

Registered Cisco.com users can order a single Documentation CD-ROM (product number DOC-CONDOCCD=) through the Cisco Ordering tool:

http://www.cisco.com/en/US/partner/ordering/ordering_place_order_ordering_tool_launch.html

All users can order annual or quarterly subscriptions through the online Subscription Store:

http://www.cisco.com/go/subscription

Ordering Documentation

You can find instructions for ordering documentation at this URL:

http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm

You can order Cisco documentation in these ways:

Preface

• Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from

the Networking Products MarketPlace:

http://www.cisco.com/en/US/partner/ordering/index.shtml

• Nonregistered Cisco.com users can order documentation through a local account representative by

calling Cisco Systems Corporate Headquarters (California, USA.) at 408 526-7208 or, elsewhere in North America, by calling 800 553-NETS (6387).

Documentation Feedback

You can submit comments electronically on Cisco.com. On the Cisco Documentation home page, click Feedback at the top of the page.

You can send your comments in e-mail to bug-doc@cisco.com.

You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:

Cisco Systems Attn: Customer Document Ordering 170 West Tasman Drive San Jose, CA 95134-9883

We appreciate your comments.

Obtaining Technical Assistance

For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, the Cisco Technical Assistance Center (TAC) provides 24-hour, award-winning technical support services, online and over the phone. Cisco.com features the Cisco TAC website as an online starting point for technical assistance.

Catalyst 6500 Series Content Switching Module Configuration Note

xviii

OL-4612-01

Preface

Cisco TAC Website

The Cisco TAC website (http://www.cisco.com/tac) provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The Cisco TAC website is available 24 hours a day, 365 days a year.

Accessing all the tools on the Cisco TAC website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a login ID or password, register at this URL:

http://tools.cisco.com/RPF/register/register.do

Opening a TAC Case

The online TAC Case Open Tool (http://www.cisco.com/tac/caseopen) is the fastest way to open P3 and P4 cases. (Your network is minimally impaired or you require product information). After you describe your situation, the TAC Case Open Tool automatically recommends resources for an immediate solution. If your issue is not resolved using these recommendations, your case will be assigned to a Cisco TAC engineer.

For P1 or P2 cases (your production network is down or severely degraded) or if you do not have Internet access, contact Cisco TAC by telephone. Cisco TAC engineers are assigned immediately to P1 and P2 cases to help keep your business operations running smoothly.

Obtaining Technical Assistance

To open a case by telephone, use one of the following numbers:

Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227) EMEA: +32 2 704 55 55 USA: 1 800 553-2447

For a complete listing of Cisco TAC contacts, go to this URL:

http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml

TAC Case Priority Definitions

To ensure that all cases are reported in a standard format, Cisco has established case priority definitions.

Priority 1 (P1)—Your network is “down” or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.

Priority 2 (P2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.

Priority 3 (P3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.

Priority 4 (P4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.

OL-4612-01

Catalyst 6500 Series Content Switching Module Configuration Note

xix

Obtaining Additional Publications and Information

Information about Cisco products, technologies, and network solutions is available from various online and printed sources.

• The Cisco Product Catalog describes the networking products offered by Cisco Systems, as well as

ordering and customer support services. Access the Cisco Product Catalog at this URL:

http://www.cisco.com/en/US/products/products_catalog_links_launch.html

• Cisco Press publishes a wide range of networking publications. Cisco suggests these titles for new

and experienced users: Internetworking Terms and Acronyms Dictionary, Internetworking Technology Handbook, Internetworking Troubleshooting Guide, and the Internetworking Design Guide. For current Cisco Press titles and other information, go to Cisco Press online at this URL:

http://www.ciscopress.com

• Packet magazine is the Cisco quarterly publication that provides the latest networking trends,

technology breakthroughs, and Cisco products and solutions to help industry professionals get the most from their networking investment. Included are networking deployment and troubleshooting tips, configuration examples, customer case studies, tutorials and training, certification information, and links to numerous in-depth online resources. You can access Packet magazine at this URL:

Preface

http://www.cisco.com/go/packet

• iQ Magazine is the Cisco bimonthly publication that delivers the latest information about Internet

business strategies for executives. You can access iQ Magazine at this URL:

http://www.cisco.com/go/iqmagazine

• Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering

professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:

http://www.cisco.com/en/US/about/ac123/ac147/about_cisco_the_internet_protocol_journal.html

• Training—Cisco offers world-class networking training. Current offerings in network training are

listed at this URL:

http://www.cisco.com/en/US/learning/le31/learning_recommended_training_list.html

Catalyst 6500 Series Content Switching Module Configuration Note

OL-4612-01

CHAPTER

Product Overview

The Catalyst 6500 series Content Switching Module (CSM) provides high-performance server load balancing (SLB) among groups of servers, server farms, firewalls, caches, VPN termination devices, and other network devices, based on Layer 3 as well as Layer 4 through Layer 7 packet information.

Server farms are groups of load-balanced devices. Server farms that are represented as virtual servers can improve scalability and availability of services for your network. You can add new servers and remove failed or existing servers at any time without affecting the virtual server’s availability.

Clients connect to the CSM directing their requests to the virtual IP (VIP) address of the virtual server. When a client initiates a connection to the virtual server, the CSM chooses a real server (a physical device that is assigned to a server farm) for the connection based on configured load-balancing algorithms and policies (access rules). Policies manage traffic by defining where to send client connections.

Sticky connections limit traffic to individual servers by allowing multiple connections from the same client to stick (or attach) to the same real server using source IP addresses, source IP subnets, cookies, and the secure socket layer (SSL) or by redirecting these connections using Hypertext Transfer Protocol (HTTP) redirect messages.

These sections describe the CSM:

• Features, page 1-2

• Front Panel Description, page 1-5

• Operation, page 1-7

• Traffic Flow, page 1-8

OL-4612-01

Catalyst 6500 Series Content Switching Module Configuration Note

1-1

Features

Chapter 1 Product Overview

Table 1 -1 lists the new CSM features in this release.

Table 1-1 New CSM Feature Set Description

Features New in this Release Description

Added management features from release 3.1(1) Includes the XML DTD (document definition

type), the Cisco IOS MIB extensions for the CSM, and the system object identifier (SYSOB ID MIB).

Backup (sorry server) Allows a backup at the real server level.

Denial of service (DoS) improvements Allows TCP termination for all connections to

the CSM providing SYN attacks.

Failover improvements Provides enhancements for preempt delay, the

forced failover command, Layer 2 MAC address rewrites, and improved tracking.

Idle and pending timeouts Allows for the configuration of the idle and

pending timeouts for server-initiated connections.

Improved TCL (Toolkit Command Language) functionality

Increased VLAN support Supports up to 512 server and client VLANs.

Jumbo Frame support Jumbo Frame support has been added to the

Limited MIB write support Allow you to change the weights of servers.

Load balancing per packet Allows the CSM to make load balancing

Route lookup Allows the CSM to work more efficiently with

Stateful Firewall Load Balancing (FWLB) Allows all connections, both existing and new,

Static ARP entry Provides the ability to manually add entries to

Static sticky entries The sticky table can be prepopulated with

Provides User Datagram Protocol (UDP) socket and global variable support.

CSM software release 3.2 to allow support of frames of up to 9 KB for Layer 4 load balancing.

decisions without creating a flow. This feature is useful when load balancing UDP traffic with flows that exist for a short time period, such as DNS.

upstream gateways regardless of their redundancy implementation (HSRP, VRRP, proprietary, etc.)

to failover to the secondary firewall in a redundant pair. This feature works only with active-active stateful firewall configurations.

the CSM ARP table.

entries to force certain users to connect to specific servers.

1-2

Catalyst 6500 Series Content Switching Module Configuration Note

OL-4612-01

Chapter 1 Product Overview

Table 1-1 New CSM Feature Set Description (continued)

Features New in this Release Description

Sticky debug tools Includes a show command for the number of

TCP fragments Provides support for fragmented TCP packets.

UDP Probe Provides the ability to send UDP probes to

XML configuration from TCL scripts Adds the ability to send CSM configuration

Table 1 -2 lists the CSM features available in this release and previous releases.

Table 1-2 CSM Feature Set Description

Features

sticky table entries and the ability to enter a specific IP address and receive the sticky information for that IP address.

specified ports to verify that the CSM does not receive a “port unreachable” message.

commands within a TCL script.

Features

Supported Hardware

Supervisor 1A with MSFC and PFC

Supervisor 2 with MSFC and PFC

Supervisor 720—requires CSM software release 3.1(4) or later

Supported Protocols

TCP load balancing

UDP generic IP protocol load balancing

Special application-layer support for FTP and the Real Time Streaming Protocol (RTSP)

Layer 7 Functionality

Full regular expression matching

URL, cookie switching, Generic HTTP header parsing, HTTP method parsing

Miscellaneous Functionality

VIP connection watermarks

Backup (sorry server) and server farm

Optional port for health probes

IP reassembly

TCL (Toolkit Command Language) scripting

XML configuration interface

SNMP

GSLB (Global Server Load Balancing)–requires a license

Resource usage display

Configurable idle and pending connection timeout

Idle timeout for unidirectional flows

OL-4612-01

Catalyst 6500 Series Content Switching Module Configuration Note

1-3

Features

Chapter 1 Product Overview

Table 1-2 CSM Feature Set Description (continued)

Features

STE integration for SSL load balancing

Real server names

TCP connection redundancy for all types of flows (TCP, UDP, and IP)

Fault tolerant show command enhancements

IOS SLB FWLB interoperation (IP reverse-sticky)

Multiple CSMs in a chassis

CSM and IOS-SLB functioning simultaneously in a chassis

Configurable HTTP 1.1 persistence (either all GETs are made to the same server or are balanced to multiple servers)

Fully configurable NAT

Server-initiated connections

Route health injection

Load-balancing Algorithms

Round-robin

Weighted round-robin (WRR)

Least connections

Weighted least connections

URL hashing

Source IP hashing (configurable mask)

Destination IP hashing (configurable mask)

Source and Destination IP hashing (configurable mask)

Load Balancing Supported

Server load balancing (TCP, UDP, or generic IP protocols)

Firewall load balancing

DNS load balancing

Stealth firewall load balancing

Transparent cache redirection

Reverse proxy cache

SSL off-loading

VPN-Ipsec load balancing

Generic IP devices and protocols

Stickiness

Cookie sticky with configurable offset and length

SSL ID

Source IP (configurable mask)

HTTP redirection

Redundancy

1-4

Catalyst 6500 Series Content Switching Module Configuration Note

OL-4612-01

Chapter 1 Product Overview

Table 1-2 CSM Feature Set Description (continued)

Features

Health Checking

Management

Front Panel Description

Sticky state

Full stateful failover (connection redundancy)

HTTP

ICMP

Telne t

TCP

FTP

SMTP

DNS

Return error-code checking

Inband health checking

User-defined TCL scripts

SNMP traps

Full SNMP and MIB support

XML interface for remote CSM configuration

Front Panel Description

Figure 1-1 shows the CSM front panel.

Figure 1-1 Content Switching Module Front Panel

Status

LED

Note The RJ-45 connector is covered by a removable plate.

RJ-45 (Test) connector

CSG

47525

OL-4612-01

Catalyst 6500 Series Content Switching Module Configuration Note

1-5

Front Panel Description

Status LED

Note For more information on the supervisor engine LEDs, refer to the Catalyst 6500 Series Switch Module

Chapter 1 Product Overview

When the CSM powers up, it initializes various hardware components and communicates with the supervisor engine. The Status LED indicates the supervisor engine operations and the initialization results. During the normal initialization sequence, the status LED changes from off to red, orange, and green.

Installation Guide.

Table 1 -3 describes the Status LED operation.

Table 1-3 Content Switching Module Status LED

Color Description

Off

• The module is waiting for the supervisor engine to provide power.

• The module is not online.

• The module is not receiving power, which could be caused by the following:

–

Power is not available to the CSM.

–

Module temperature is over the limit1.

Red • The module is released from reset by the supervisor engine and is booting.

• If the boot code fails to run, the LED stays red after power up.

Orange

• The module is initializing hardware or communicating with the supervisor

engine.

• A fault occurred during the initialization sequence.

• The module has failed to download its Field Programmable Gate Arrays

(FPGAs) on power up but continues with the remainder of the initialization sequence and provides the module online status from the supervisor engine.

• The module has not received module online status from the supervisor engine.

This problem could be caused by the supervisor engine detecting a failure in an external loopback test that it issued to the CSM.

Green

• The module is operational; the supervisor engine has provided module online

status.

Green to orange

• The module is disabled through the supervisor engine CLI

using the set

module disable mod command.

1. Enter the show environment temperature mod command to display the temperature of each of four sensors on the CSM.

2. CLI = command-line interface.

RJ-45 Connector

The RJ-45 connector, which is covered by a removable plate, is used to connect a management station device or a test device. This connector is used by field engineers to perform testing and to obtain dump information.

Catalyst 6500 Series Content Switching Module Configuration Note

1-6

OL-4612-01

Chapter 1 Product Overview

Operation

Clients and servers communicate through the CSM using Layer 2 and Layer 3 technology in a specific VLAN configuration. (See Figure 1-2.) In a simple Server Load Balancing (SLB) deployment, clients connect to the client-side VLAN and servers connect to the server-side VLAN. Servers and clients can exist on different subnets. Servers can also be located one or more Layer 3 hops away and connect to the CSM through routers.

A client sends a request to one of the module’s VIP addresses. The CSM forwards this request to a server that can respond to the request. The server then forwards the response to the CSM, and the CSM forwards the response to the client.

When the client-side and server-side VLANs are on the same subnets, you can configure the CSM in single subnet (bridge) mode. For more information, see the “Configuring the Single Subnet (Bridge)

Mode” section on page 2-1.

When the client-side and server-side VLANs are on different subnets, you can configure the CSM to operate in a secure (router) mode. For more information, see the “Configuring the Secure (Router)

Mode” section on page 2-4.

You can set up a fault-tolerant configuration in either the secure (router) or single subnet (bridged) mode using redundant CSMs. For more information, see the “Configuring Fault Tolerance” section on

page 7-1.

Single subnet (bridge) mode and secure (router) mode can coexist in the same CSM with multiple VLANs.

Figure 1-2 Content Switching Module and Servers

Catalyst 6500 chassis

Router

Internet

Client

Content services gateway

4 gigabit

Switching

fabric

Internet

47527

Content

provider

OL-4612-01

Catalyst 6500 Series Content Switching Module Configuration Note

1-7

Traffic Flow

This section describes how the traffic flows between the client and server in a CSM environment. (See Figure 1-3.)

Figure 1-3 Traffic Flow Between Client and Server

Chapter 1 Product Overview

www.example.com

IP address

www.example.com

Note The numbers in Figure 1-3 correspond to the steps in the following procedure.

W Server

X Server

Y Server

Z Server

Server pool

www.example.com

IP address

client

DNS

IP address

Content

Switching

Module

www.example.com

IP address

www.example.com

When you enter a request for information by entering a URL, the traffic flows as follows:

1. Yo u en te r a UR L . ( Figure 1-3 shows www.example.com as an example.)

2. The client contacts a DNS server to locate the IP address associated with the URL.

47528

1-8

3. The DNS server sends the IP address of the virtual IP (VIP) to the client.

4. The client uses the IP address (CSM VIP) to send the HTTP request to the CSM.

5. The CSM receives the request with the URL, makes a load-balancing decision, and selects a server.

For example, in Figure 1-3, the CSM selects a server (X server) from the www.example.com server pool, replacing its own VIP address with the address of the X server (directed mode), and forwards the traffic to the X server. If the NAT server option is disabled, the VIP address remains unchanged (dispatch mode).

6. The CSM performs Network Address Translation (NAT) and eventually TCP sequence numbers

translation.

Catalyst 6500 Series Content Switching Module Configuration Note

OL-4612-01

Networking with the Content Switching Module

This chapter describes networking the CSM and contains these sections:

• Configuring Modes for Networking, page 2-1

• CSM Networking Topologies, page 2-4

• Routing with the CSM, page 2-7

• Protecting Against Denial-of-Service Attacks, page 2-8

Configuring Modes for Networking

You can configure the CSM in a single subnet or bridged mode and a secure or router mode. These sections describe the modes:

• Configuring the Single Subnet (Bridge) Mode, page 2-1

CHAPTER

• Configuring the Secure (Router) Mode, page 2-4

Configuring the Single Subnet (Bridge) Mode

In the single subnet (bridge) mode configuration, the client-side and server-side VLANs are on the same subnets. Figure 2-1 shows how the single subnet (bridge) mode configuration is set up.

OL-4612-01

Catalyst 6500 Series Content Switching Module Configuration Note

2-1

Configuring Modes for Networking

Figure 2-1 Single Subnet (Bridge) Mode Configuration

Gateway

192.158.38.20

Router A

Virtual server 1

192.158.38.30

Chapter 2 Networking with the Content Switching Module

Content Switching Module

Client-side Server-side

192.158.38.10 192.158.39.10

VLAN 3

Client

workstation

NAS

router

VLAN 2

Content provider

Router B

Gateway

192.158.38.21

Server A

Server B

Server Farm 1

99427

Note The addresses in Figure 2-1 refer to the steps in the following task table.

Note You configure single subnet (bridge) mode by assigning the same IP address to the CSM client and server

VLANs.

To configure content switching for the single subnet (bridge) mode, perform this task:

Command Purpose

Step 1

Step 2 Step 3 Step 4 Step 5

Step 6

Step 7

Step 8

Router(config-module-csm)# vlan database

Router(vlan)# vlan 2

Router(vlan)# vlan 3

Router(vlan)# exit

Router(config-module-csm)# vlan 2

client

Router(config-slb-vlan-client)# ip addr 192.158.38.10 255.255.255.0

Router(config-slb-vlan-client)# gateway 192.158.38.20

Router(config-slb-vlan-client)# gateway 192.158.38.21

Enters the VLAN mode1.

Configures a client-side VLAN2.

Configures a server-side VLAN.

Exits the mode for the configuration to take effect.

Creates the client-side VLAN 2 and enters the SLB VLAN mode

Assigns the CSM IP address on VLAN 2.

Defines the client-side VLAN gateway to Router A.

Defines the client-side VLAN gateway to Router B.

2-2

Catalyst 6500 Series Content Switching Module Configuration Note

OL-4612-01

+ 182 hidden pages

Cisco catalyst 6500 series, catalyst 6000 series Configuration Note

Specifications and Main Features

Frequently Asked Questions

User Manual

CONTENTS

Preface

Audience

Organization

Conventions

Safety Overview

Related Documentation

Obtaining Documentation

Cisco.com

Obtaining Technical Assistance

Documentation CD-ROM

Ordering Documentation

Documentation Feedback

Cisco TAC Website

Opening a TAC Case

TAC Case Priority Definitions

Obtaining Additional Publications and Information

Product Overview

Features

Front Panel Description

Status LED

RJ-45 Connector

Operation

Traffic Flow

Networking with the Content Switching Module

Configuring Modes for Networking

Configuring the Single Subnet (Bridge) Mode