CSS 11503: VIP redundancy, load balancing, failover

Answered Question

Dear Pros!


I'd like to ask for your help in order to validate a design of mine concerning the deployment of two Cisco CSS 11503 switches for load balancing, failover, and high availability.

Currently I am at the very first phase of this deployment and the layer 2 parameters of both CSS switches have already been configured and it is fully functional. The next step will be the load balancing and failover scenarios and I've a question about whether it can be done or not.


Please review the attachments in order to understand what the scenario deployment looks like.


The scenario description is as follows:


- There are two Cisco CSS 11503 switches

- There are three backend Servers

- These servers run the end customer application + an Oracle (Timesten) database

- Each server has the same content and the Oracle databases are fully synchronized


So how things are supposed to work? Let's see:


1) The high availability between the two Cisco CSS will be Active/Standby. This includes VIP redundancy and Virtual Interface Redundancy


2) The end users will communicate with the VIP that represents the application, initiating the connections to that VIP.


3) The active CSS will handle the request from the end user and will load balance (round-robin) the requests to one of the three available servers.


4) The server on the other hand will initiate a connection to the database, which might be its own copy of Oracle/Timesten or not (it depends on which of the three servers is holding the “master” role).


5) So, therefore, the connection from the application to the database will be made through a second VIP and the Cisco CSS 11503 switches must NOT load balance in this case, since it could corrupt the entire database.


The following summarizes what we need to accomplish our goals: there will be two VIP addresses (one for the application and the second for the database), loadbalancing for the application VIP only, failover for the database VIP, and virtual redundancy to provide the servers with default gateway high availability.


I'm enclosing the initial configuration. I still need to insert the rest of the configuration parameters to fulfill my project's objectives. In order to do that, my questions are:


- How can I prevent the CSS switches from load balancing the requests from the application to the database? Load balancing must NOT occur as per the design's requirements.


- Since load balancing cannot be done, how would the CSS switches provide failover services in case of issues with the database on the master server?


I look forward to hearing from you soon.


Big thanks in advance!!


Leo




Correct Answer by Gilles Dufour about 8 years 1 month ago

You need some modifications to make your config works the way you want.


content Sintonia_IP_Database

add service BRK01IPA

add service BRK02IPA

add service BRK03IPA

vip address 10.125.174.41

balance destip

failover next

active



First, you need to remove all service but one (the master).

Then use the command "secondarySorryServer" to add the backup database server.


The failover command is useless unless your servers are statefull ...you can't start a tcp connection in the middle.

If there is a failure of the master, the backend server will have to start a new connection with the VIP and the CSS will send it to the backup.


Finally, since the backend server will open connection to themselves, you need to do client nat.


So you need to configure a group like this


group ClientNat

vip address 10.125.174.41

add service BRK01IPA

add service BRK02IPA

add service BRK03IPA

active


This should work.


Gilles.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
sachinga.hcl Mon, 06/01/2009 - 12:57
User Badges:
  • Silver, 250 points or more

Hi Leo,


As the config requires lot of discussion as the forum is limited to 4000 letters so I am sending you some really good links.


Here is the URL for the configuration for the Configuring VIP and Virtual IP Interface Redundancy follow the configuration guide which may help you


http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.20_v8.10/configuration/redundancy/guide/VIPRedun.html


http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.20_v8.10/configuration/redundancy/guide/ASR.html



Configuring Box to box redundancy:

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.20_v8.10/configuration/redundancy/guide/Redndncy.html



CSS 11500 Active-Active Stateful Failover ASR in One-Armed Mode Configuration Example


http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_example09186a00802206a3.shtml


Box-to-Box Redundancy on the CSS 11xxx Configuration Example - Ciscowiki

http://supportwiki.cisco.com/ViewWiki/index.php/Box-to-Box_Redundancy_on_the_CSS_11xxx_Configuration_Example



Kindly find full range of configuration examples on CSS here :

Cisco CSS 11500 Series Content Services Switches

Configuration Examples and TechNotes

http://www.cisco.com/en/US/products/hw/contnetw/ps792/prod_configuration_examples_list.html


Cisco CSS 11500 Series Content Services Switches


http://supportwiki.cisco.com/ViewWiki/index.php/Category:Cisco_CSS_11500_Series_Content_Services_Switches



Kindly see URL given below for my other articles


http://boardreader.com/fp/Cisco_Systems_Networking_Profe_309110/Application_Networking_543840.html#hot_threads



Still you want to discuss some thing in this regard then kindly mail me at [email protected] for any further discussion.



If you find the information above any useful to you please tell.


Sachin garg



Hello Sachin garg!


Thanks for your reply. Fortunately I've read - for the most part - the manuals and several of the examples available at Cisco.com, that's how I managed to come up with my current config.


I am enclosing the up-to-date configs.


Basically, what I need to accomplish is:


1) End users will communicate with VIP 10.125.174.7 and the CSS will load balance these requests to the backend servers accordingly.


2) In addition to the VIP, there is a Virtual Interface (10.125.174.8) which will offer higher availability. Networking devices in front of these two CSS boxes will be configured to send packets to that Virtual Interface IP address.


3) One of the backend servers will handle the end user's request, and the server itself will initiate a connection to a database through another VIP (10.125.174.41).


4) As a matter of fact, this database is present in all of the backend servers (it is the same database spanned throughout three different servers (Oracle/Timesten thing…), but there must be ONLY Master database. In other words, one of the servers will sync up with the others and they will establish a master/backup relationship.


So this is my major concern. The connections from the end users to the applications (the 1st VIP) can and will be load balanced. After that, the server will initiate a secondary connection to its database, which might not be its own (let's say that this particular server isn't the Master database server). The (master server) database will be reached through that second VIP (10.125.174.41) and the CSS switches must NOT load balance. The reason why is that it can and eventually will corrupt the databases.


I know it sounds like weird but this is how things are supposed to work. Application = load balancing and failover. Database = failover only.


Honestly I am not sure whether my proposed configuration will work and I can't test it right now. That's why I am asking for some advice!

I am seeking now for a true failover method and a way to implement VIP without load balancing, because apparently the only feature I need to the second VIP is the failover capability.


Thank you in advance


Leonardo





Attachment: 
Correct Answer
Gilles Dufour Wed, 06/03/2009 - 00:32
User Badges:
  • Cisco Employee,

You need some modifications to make your config works the way you want.


content Sintonia_IP_Database

add service BRK01IPA

add service BRK02IPA

add service BRK03IPA

vip address 10.125.174.41

balance destip

failover next

active



First, you need to remove all service but one (the master).

Then use the command "secondarySorryServer" to add the backup database server.


The failover command is useless unless your servers are statefull ...you can't start a tcp connection in the middle.

If there is a failure of the master, the backend server will have to start a new connection with the VIP and the CSS will send it to the backup.


Finally, since the backend server will open connection to themselves, you need to do client nat.


So you need to configure a group like this


group ClientNat

vip address 10.125.174.41

add service BRK01IPA

add service BRK02IPA

add service BRK03IPA

active


This should work.


Gilles.

Hello Gilles,


Thanks for contributing!

So if I understand you correctly, the configuration should look like:


content Sintonia_IP_Database

add service BRK01IPA

secondarySorryServer BRK02IPA

secondarySorryServer BRK03IPA

vip address 10.125.174.41

balance destip (keep this method or change/remove it?)

failover next (you said I could get rid of this line, right?)

active


group ClientNat (I should add this under the actual content Sintonia_IP_Database, right?)

vip address 10.125.174.41

add service BRK01IPA

add service BRK02IPA

add service BRK03IPA

active


As soon as I confirm these parameters I will perform the modifications. I will have a window of opportunity to test the entire application next week.


Thanks for your help!


Leo

Actions

This Discussion