How to 'fail-over' CSS11503-AC when ALL 5 Reals Servers (Services) die

T.SHAHI · ‎08-22-2006

Hi all,

Could anyone out there possibly provide an idea/config, of how it is possible to'fail-over' a CSS11503 set-up in Active/Standby mode with "ASR" enabled when:-

- ALL your real servers(Services) for a particular VIP 'die'/OR nic is faulty.

- So NOT just 1 of the real servers, but when ALL 5 are not reachable, I need to 'failover'

My initial thought are to use the "critical reporter" or "critical service" to report back to the 'active' CSS.

Anyone who has done this scenario before , please advise..

thanks

burn999 · ‎08-22-2006

I just lab'ed this, but isn?t in production yet:

Use GSS (I think there are some other cisco devices with GSLB functionality that can do this too) to to health check on the VIP and if the VIP fails the health check (can be a http get or scripted to check whatever), switch to another VIP or real IP.

Mine is for VPN, but I hear at networkers that a customer would fail to a URL that points to an "under construction" page so the user doesn?t think the server is down. I thought that was neat.

You could fail to whatever IP, via DNS, that you want to then HTTP redirect or whatever to get aroung your failed CSS. Lots of possibilities to maintain continuity when you have GSLB in the tookbox.

Free advice courtesy Force Networking, Inc.

"Our Kung Fu is the Best"

syediahm · ‎08-22-2006

Sample config:

ip virtual-router 100 priority 100

ip redundant-vip 100 200.1.1.1

ip critical-service 100 web1

ip critical-service 100 web2

ip critical-service 100 web3

ip critical-service 100 web4

service web1

ip address 2.2.2.2

type local

active

.

service web4

ip address 2.2.2.5

type local

active

if ALL 4 web servers fail, the VRID loses it's last local service and relinquishes mastership.

(failure of 1, 2, or 3 of the web servers DOES NOT cause the VRID to relinquish mastership.)

I would like to recommend that you test this design in your lab to ensure that it meets your requirements.

Thanks

Syed Iftekhar Ahmed

T.SHAHI · ‎08-24-2006

Thanks very much Syed fo rthis.I was thiking that no-one could answer this query.

After a little tsting, I set the following config in the lab and it works but is different to yours. I cannot seem to configure the servive as "type local". When I input 'type ?; I get options such as nci-direct-return, nci-info-only, proxy-cache, redirect etc...etc..NO 'local'...!!

Please advise..Thanks in advance

************************* INTERFACE ************************* interface 1/1 bridge vlan 800 phy 1Gbits-FD-no-pause

nterface 1/2

phy 1Gbits-FD-no-pause

bridge vlan 20

nterface Ethernet-Mgmt

description "Management Interface"

nterface 2/1

description "1st ASR Link"

isc-port-one

nterface 2/3

description "2nd ASR Link"

isc-port-two

************************** CIRCUIT ************************** circuit VLAN800

description "FE_CORE"

ip address 192.168.83.249 255.255.255.0

ip virtual-router 1 priority 110

ip redundant-vip 1 192.168.83.148

ip redundant-vip 1 192.168.83.158

ip critical-service 1 DTSFE01

ip critical-service 1 DTSFE02

ip critical-service 1 DTSFE03

ip critical-service 1 DTSFE04

ip critical-service 1 DTSFE05

ip critical-reporter 1 Physical_if_DWN

ip critical-reporter 1 r1

ircuit VLAN20

description "LBAL"

ip address 192.168.20.1 255.255.255.0

ip virtual-router 2 priority 110

ip redundant-interface 2 192.168.20.3

ip critical-service 2 DTSFE01

ip critical-service 2 DTSFE02

ip critical-service 2 DTSFE03

ip critical-service 2 DTSFE04

ip critical-service 2 DTSFE05

ip critical-reporter 2 Physical_if_DWN

ip critical-reporter 2 r1

************************** REPORTER **************************

reporter Physical_if_DWN

type critical-phy-all-up

phy 1/1

phy 1/2

active

reporter r1

type vrid-peering

vrid 192.168.83.249 1

vrid 192.168.20.1 2

active

************************** SERVICE **************************

service FE01

ip address 192.168.20.183

keepalive frequency 2

keepalive retryperiod 2

keepalive maxfailure 2

redundant-index 4

service FE02

ip address 192.168.20.184

keepalive frequency 2

keepalive retryperiod 2

keepalive maxfailure 2

redundant-index 5

service FE03

ip address 192.168.20.185

keepalive frequency 2

keepalive retryperiod 2

keepalive maxfailure 2

redundant-index 6

service FE04

ip address 192.168.20.186

keepalive frequency 2

keepalive retryperiod 2

keepalive maxfailure 2

redundant-index 7

service NWFE02

ip address 192.168.20.204

keepalive frequency 2

keepalive retryperiod 2

keepalive maxfailure 2

redundant-index 10

active

!*************************** OWNER *************************** owner SERVICES

content DTS_192.168.83.148_443

add service DTSFE01

add service DTSFE02

add service DTSFE03

add service DTSFE04

add service DTSFE05

vip address 192.168.83.148

port 443

protocol tcp

advanced-balance sticky-srcip

redundant-index 1

sticky-inact-timeout 5

owner NW_SERVICES

content NWCS_192.168.83.158_443

add service NWCSFE01

add service NWCSFE02

vip address 192.168.83.158

protocol tcp

port 443

sticky-inact-timeout 5

redundant-index 2

advanced-balance sticky-srcip

active

Gilles Dufour · ‎08-24-2006

type local is actually the default.

If you do a 'sho service ' you should be ably to see it.

CSS11503-2(config-service[linux1])# sho ser linux1

Name: linux1 Index: 4

Type: Local State: Alive

There is no command 'type local' but if you do 'no type' you get to the default which is type local.

Regards,

Gilles.