CSM - ACE Migration

Unanswered Question
Aug 10th, 2010

I have a pair of 6509's with CSM and SSL modules. We are migrating these to ACE modules in a few days. I have the configuration (except for the interfaces) configured on the ACE, including exported/imported SSL certificates/keys. By not configuring the interfaces with service-policy, the VIP's nor the server IP addresses can conflict with the CSM.

Also, the supervisor config has already been set up to include the client and server vlans for the service linecard. That connectivity has been established, however, I will be changing the client side interface vlan to the one that the CSM was using as the existing one is temporary.

My plan is as follows:

1. Remove the vlan statements for server and client from the supervisor (from config mode, csm mod #).

2. Power down CSM and SSL modules from supervisor.

3. Session into ACE. Modify inteface vlans for both client and server side to use the IP addresses from the vlan server and vlan client configs.

At this time, the servers should begin to appear in the ACE modules' ARP table and the client VIP's should start responding.

Now, what or how do we clean up the rest of the CSM configuration in the supervisor?

If you see any flaws in this plan, please let me know.

Thanks in advance for your assistance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
yushimaz Mon, 08/16/2010 - 20:09

Regarding clean up the CSM configuration, please refer to the following discussion.

Erasing CSM configuration

https://supportforums.cisco.com/message/446477

You can remove CSM config with 'no mod csm [slot#]' command, where you have

to remove all vserver config before you issue this command as Phil said in above

discussion. (I checked with 12.2(18)SXF13 and the result was as below.)

#conf t

(config)#no mod csm 3

% Remove vserver before unconfiguring slot 3  <<==

(config)#

(config)#mod csm 3

(config-module-csm)#no vser test

(config-module-csm)#end

#coff t

(config)#no mod csm 3

(config)#end

#

Regarding migration step, probably it works fine.

When I migrate from CSM to ACE in my lab, I use the following step.

1) issue 'no power enable' command on the sup for the CSM

2) issue 'svclc vlan-group' command on the sup for the ACE module

#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

(config)#no power enable module 3

Aug 17 00:24:29.643: %C6KPWR-SP-4-DISABLED: power to module in slot 3 set off (admin request)

(config)#end

#conf t

(config)#svclc vlan-group 1  771,772

(config)#end

## sup config for ACE in slot4

#sh run | i svclc

svclc autostate

svclc multiple-vlan-interfaces

svclc module 4 vlan-group 1

svclc vlan-group 1  771,772

## CSM config in slot 3

#sh run mod 3

Building configuration...

Current configuration : 458 bytes

module ContentSwitchingModule 3

vlan 771 client

  ip address 192.168.71.250 255.255.255.0

!

vlan 772 server

  ip address 192.168.72.250 255.255.255.0

!

real SV1

  address 192.168.72.11

  inservice

real SV2

  address 192.168.72.12

  inservice

!

serverfarm SF

  nat server

  no nat client

  real name SV1

   inservice

  real name SV2

   inservice

!

vserver TEST

  virtual 192.168.71.100 any

  serverfarm SF

  persistent rebalance

  inservice

!

end

#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

(cnfig)#mod csm 3

(config-module-csm)#no vser test

(config-module-csm)#exit

(config)#no mod csm 3  <<== clear config

(config)#end

*Aug 17 00:31:07.619: %SYS-5-CONFIG_I: Configured from console by console

#sh run mod 3

Building configuration...

Current configuration : 5 bytes

end

## ACE config

ACE20/Admin# sh run

Generating configuration....

hostname ACE20

boot system image:c6ace-t1k9-mz.A2_3_1.bin

access-list all line 8 extended permit ip any any

rserver host sv1

  ip address 192.168.72.11

  inservice

rserver host sv2

  ip address 192.168.72.12

  inservice

serverfarm host sf

  rserver sv1 80

    inservice

  rserver sv2 80

    inservice

class-map match-all vip-l3

  2 match virtual-address 192.168.71.100 any

policy-map type loadbalance first-match lb

  class class-default

    serverfarm sf

policy-map multi-match client-vips

  class vip-l3

    loadbalance vip inservice

    loadbalance policy lb

    loadbalance vip icmp-reply

access-group input all

interface vlan 771

  ip address 192.168.71.250 255.255.255.0

  service-policy input client-vips

  no shutdown

interface vlan 772

  ip address 192.168.72.250 255.255.255.0

  no shutdown

Regards,

Yuji

aanelso1 Tue, 08/17/2010 - 04:52

Your assistance is much appreciated. I will give these instructions a go after submitting change request.

CONFIDENTIALITY NOTICE

This email message, including any attachment(s), is for the sole use of the intended recipient(s) and may contain confidential information. Any unauthorized review, use, disclosure or distribution is strictly prohibited. If you are not the intended recipient, please immediately contact the sender by email. Thank you

Al Nelson Jr.

ConocoPhillips

Analyst - Global Web Infrastructure

614-10 IC Building

420 South Keeler

Bartlesville, OK 74006

Phone: 918-661-0943

Cell: 918-841-2814

Actions

This Discussion