Cisco Cisco IOS Software Release 12.2(33)SRE
Features
9
Cisco IOS Release 12.2(33)SRB
Bind ID Support
The bind ID allows a single physical server to be bound to multiple virtual servers and report a different
weight for each one. Thus, the single real server is represented as multiple instances of itself, each having
a different bind ID. Dynamic Feedback Protocol (DFP) uses the bind ID to identify for which instance
of the real server a given weight is specified. The bind ID is needed only if you are using DFP.
weight for each one. Thus, the single real server is represented as multiple instances of itself, each having
a different bind ID. Dynamic Feedback Protocol (DFP) uses the bind ID to identify for which instance
of the real server a given weight is specified. The bind ID is needed only if you are using DFP.
GPRS load balancing and the Home Agent Director do not support bind IDs.
Client-Assigned Load Balancing
Client-assigned load balancing allows you to limit access to a virtual server by specifying the list of
client IP subnets that are permitted to use that virtual server. With this feature, you can assign a set of
client IP subnets (such as internal subnets) connecting to a virtual IP address to one server farm or
firewall farm, and assign another set of clients (such as external clients) to a different server farm or
firewall farm.
client IP subnets that are permitted to use that virtual server. With this feature, you can assign a set of
client IP subnets (such as internal subnets) connecting to a virtual IP address to one server farm or
firewall farm, and assign another set of clients (such as external clients) to a different server farm or
firewall farm.
GPRS load balancing and the Home Agent Director do not support client-assigned load balancing.
Content Flow Monitor Support
IOS SLB supports the Cisco Content Flow Monitor (CFM), a web-based status monitoring application
within the CiscoWorks2000 product family. You can use CFM to manage Cisco server load-balancing
devices. CFM runs on Windows NT and Solaris workstations, and is accessed using a web browser.
within the CiscoWorks2000 product family. You can use CFM to manage Cisco server load-balancing
devices. CFM runs on Windows NT and Solaris workstations, and is accessed using a web browser.
Delayed Removal of TCP Connection Context
Because of IP packet ordering anomalies, IOS SLB might “see” the termination of a TCP connection (a
finish [FIN] or reset [RST]) followed by other packets for the connection. This problem usually occurs
when there are multiple paths that the TCP connection packets can follow. To correctly redirect the
packets that arrive after the connection is terminated, IOS SLB retains the TCP connection information,
or context, for a specified length of time. The length of time the context is retained after the connection
is terminated is controlled by a configurable delay timer.
finish [FIN] or reset [RST]) followed by other packets for the connection. This problem usually occurs
when there are multiple paths that the TCP connection packets can follow. To correctly redirect the
packets that arrive after the connection is terminated, IOS SLB retains the TCP connection information,
or context, for a specified length of time. The length of time the context is retained after the connection
is terminated is controlled by a configurable delay timer.
Firewall Load Balancing
As its name implies, firewall load balancing enables IOS SLB to balance flows to firewalls. Firewall load
balancing uses a load-balancing device on each side of a group of firewalls (called a firewall farm) to
ensure that the traffic for each flow travels to the same firewall, ensuring that the security policy is not
compromised.
balancing uses a load-balancing device on each side of a group of firewalls (called a firewall farm) to
ensure that the traffic for each flow travels to the same firewall, ensuring that the security policy is not
compromised.
You can configure more than one firewall farm in each load-balancing device.
Layer 3 firewalls, which have ip-addressable interfaces, are supported by IOS SLB firewall load
balancing if they are subnet-adjacent to the firewall load-balancing device and have unique MAC
addresses. The device does not modify the IP addresses in the user packet. To send the packet to the
chosen firewall, the device determines which interface to use and changes the Layer 2 headers
accordingly. This type of routing is the standard dispatched routing used by IOS SLB.
balancing if they are subnet-adjacent to the firewall load-balancing device and have unique MAC
addresses. The device does not modify the IP addresses in the user packet. To send the packet to the
chosen firewall, the device determines which interface to use and changes the Layer 2 headers
accordingly. This type of routing is the standard dispatched routing used by IOS SLB.
Layer 2 firewalls, which do not have IP addresses, are transparent to IOS SLB firewall load balancing.
IOS SLB supports Layer 2 firewalls by placing them between two ip-addressable interfaces.
IOS SLB supports Layer 2 firewalls by placing them between two ip-addressable interfaces.
Whereas many Layer 3 firewalls might exist off a single Layer 3 interface on the load-balancing device
(for example, a single LAN), only one Layer 2 firewall can exist off each interface.
(for example, a single LAN), only one Layer 2 firewall can exist off each interface.
When configuring the load-balancing device, you configure a Layer 3 firewall using its IP address, and
a Layer 2 firewall using the IP address of the interface of the device on the “other side” of the firewall.
a Layer 2 firewall using the IP address of the interface of the device on the “other side” of the firewall.