Cisco Cisco IOS Software Release 12.2(18)SXE
Features
23
Cisco IOS Release 12.2(18)SXE
VPN Server Load Balancing
IOS SLB can balance Virtual Private Network (VPN) flows, including the following flows:
•
IP Security (IPSec) flows. An IPSec flow consists of a UDP control session and an ESP tunnel.
•
Point-to-Point Tunneling Protocol (PPTP) flows. A PPTP flow consists of a TCP control session and
a GRE tunnel.
a GRE tunnel.
Redundancy Features
An IOS SLB device can represent a single point of failure, and the servers can lose their connections to
the backbone, if either of the following occurs:
the backbone, if either of the following occurs:
•
The IOS SLB device fails.
•
A link from a switch to the distribution-layer switch becomes disconnected.
To reduce that risk, IOS SLB supports the following redundancy enhancements, based on HSRP:
•
•
•
Stateless Backup
Stateless backup provides high network availability by routing IP flows from hosts on Ethernet networks
without relying on the availability of a single Layer 3 switch. Stateless backup is particularly useful for
hosts that do not support a router discovery protocol (such as the Intermediate System-to-Intermediate
System [IS-IS] Interdomain Routing Protocol [IDRP]) and do not have the functionality to shift to a new
Layer 3 switch when their selected Layer 3 switch reloads or loses power.
without relying on the availability of a single Layer 3 switch. Stateless backup is particularly useful for
hosts that do not support a router discovery protocol (such as the Intermediate System-to-Intermediate
System [IS-IS] Interdomain Routing Protocol [IDRP]) and do not have the functionality to shift to a new
Layer 3 switch when their selected Layer 3 switch reloads or loses power.
Stateful Backup
Stateful backup enables IOS SLB to incrementally backup its load-balancing decisions, or “keep state,”
between primary and backup switches. The backup switch keeps its virtual servers in a dormant state
until HSRP detects failover; then the backup (now primary) switch begins advertising virtual addresses
and processing flows. You can use HSRP to configure how quickly the failover is detected.
between primary and backup switches. The backup switch keeps its virtual servers in a dormant state
until HSRP detects failover; then the backup (now primary) switch begins advertising virtual addresses
and processing flows. You can use HSRP to configure how quickly the failover is detected.
Stateful backup provides IOS SLB with a one-to-one stateful or idle backup scheme. This means that
only one instance of IOS SLB is handling client or server flows at a given time, and that there is at most
one backup platform for each active IOS SLB switch.
only one instance of IOS SLB is handling client or server flows at a given time, and that there is at most
one backup platform for each active IOS SLB switch.
GPRS load balancing without GTP cause code inspection enabled does not support stateful backup.
The Home Agent Director does not support stateful backup.
Active Standby
Active standby enables two IOS SLBs to load-balance the same virtual IP address while at the same time
acting as backups for each other. If a site has only one virtual IP address to load-balance, an access router
is used to direct a subset of the flows to each IOS SLB using policy-based routing.
acting as backups for each other. If a site has only one virtual IP address to load-balance, an access router
is used to direct a subset of the flows to each IOS SLB using policy-based routing.
IOS SLB firewall load balancing does not support active standby. That is, you cannot configure two pairs
of firewall load balancing devices (one pair on each side of the firewalls), with each device in each pair
handling traffic and backing up its partner.
of firewall load balancing devices (one pair on each side of the firewalls), with each device in each pair
handling traffic and backing up its partner.