VIP Route Health Injection (RHI) allows the ServerIron ADX to advertise the availability of a VIP address (instead of a real host) throughout the network. Multiple ServerIrons with identical VIP addresses and services can exist throughout the network. This feature allows the ServerIron ADX VIP to be used in lieu of the same VIP on other ServerIrons if the VIP is no longer healthy on those devices. A VIP can also provide the services because it is logically closer to the client systems than the other ServerIrons.
Specifically, you can configure an ServerIron ADX to check the health of a VIP configured on the ServerIron ADX and inject a VIP route into the network to force a preferred route to the VIP. VIP RHI checks the VIP health and reports one of the following:
|
•
|
VIP is healthy. If the VIP is healthy, the ServerIron ADX injects a VIP host route into its IP route table for the VIP. The ServerIron ADX then advertises the route to other routers using an IGP routing protocol, such as OSPF or RIP.
|
|
•
|
VIP is not healthy. The ServerIron ADX removes the IP host route to the VIP from its IP route table. As a result, the route ages out and is no longer used by upstream routers. The upstream routers instead use another route to the same VIP.
|
Routers receiving client traffic for the VIP select the best route to the VIP. As a result, clients enjoy fast response time regardless of their location because their gateway routers use the best path to the VIP. RHI also prevents client traffic from being routed to a VIP that is unavailable.
VIP Route health injection advertises the host route to the VIP instead of a network route to the VIP's subnet. This approach ensures that the clients' gateway routers receive a route to the IP address only if that VIP is available.
NOTE: Disabling the real ports of all real servers using server disable-all-real causes the respective virtual port's RHI state to become "Not Healthy", and the VIP host route will not be advertised. See
show server virtual-name-or-ip. In contrast, when you disable the virtual port of virtual server, the RHI state of a virtual port will not become "Not Healthy", and the ServerIron ADX will keep advertising the VIP host route.
You can configure any of the traditional health checks supported for the real servers. When a real server port fails the health check, the ServerIron ADX will check if the real server port is bound to a VIP port whose VIP has the RHI feature enabled. If this is the case, the ServerIron ADX will determine how many real server ports bound to the VIP port are healthy. If the amount is below the threshold (if percentage threshold is configured) or if none of the other real server ports are healthy (if percentage threshold is not configured), then the VIP port will be declared unhealthy. If you have configured the option where a VIP should be considered healthy if at least one VIP port is healthy, then the ServerIron ADX will check if there are any other healthy VIP ports. If there are none, it will delete the VIP route. If you have not configured this option (a VIP should be considered healthy only if all VIP ports are healthy), then the ServerIron ADX will delete the VIP route.
Similarly, when a real server port transitions from the failed to the active state, the ServerIron ADX will check if the real server port is bound to a VIP port whose VIP has the RHI feature enabled. If this is the case, ServerIron ADX will determine how many real server ports bound to the VIP port are healthy. If you have configured a percentage threshold, and if this number is above the threshold, then ServerIron ADX will declare this VIP port healthy. If you have not configured a threshold, then the ServerIron ADX will declare this VIP healthy. If you have configured the option where a VIP should be considered healthy if at least one VIP port is healthy and the VIP was previously unhealthy, then it will inject the VIP route. If you have not configured this option (a VIP should be considered healthy only if all VIP ports are healthy), then the ServerIron ADX will check if all other VIP ports are healthy. If they are, the ServerIron ADX will inject the VIP route.
|
•
|
Static route redistribution — It is required to redistribute the host route for the VIP into OSPF. To enable redistribution of static routes, enter commands such as the following:
|
ServerIron(config)# router ospf
ServerIron(config-ospf-router)# area 0
ServerIron(config-ospf-router)# redistribution static
|
•
|
Virtual server constraints — Only a single virtual server with VIP RHI enabled should be associated with the subnet for an interface. For example, if you enable VIP RHI for a virtual server 1.1.1.101 and the associated interface has an IP address 1.1.1.106/24, do not enable VIP RHI on any other virtual server in the subnet prefix 1.1.1.0/24. User should not configure two VIPs in the same subnet prefix with VIP RHI enabled for these two virtual servers.
|
|
•
|
Disabling network route advertisement for an interface associated with VIP RHI — The ip dont-advertise command configures the ServerIron ADX to block advertisement of the network on the interface. If you do not block advertisement of the network, the ServerIron ADX will advertise a route to the network containing the VIP even if the VIP itself is unavailable. After you enter the ip dont-advertise command, the ServerIron ADX advertises only a host route to the VIP address. Thus, if the VIP is not healthy, the ServerIron ADX will remove the static host route for the VIP address and also not advertise a network route for the network containing the VIP address.
|
ServerIron(config)# interface ethernet 4/15
ServerIron(config-if-4/15)# ip address 10.1.1.99 255.255.255.0
ServerIron(config-if-4/15)# ip dont-advertise 10.1.1.99 255.255.255.0
Syntax: ip dont-advertise <ip-addr> <mask> I <ip-addr>/<mask-bits>
The ServerIron ADX can enable VIP RHI globally or at the VIP sublevel.
ServerIron(config)#server global-advertise-vip-route
Syntax: [no] server global-advertise-vip-route
ServerIron(config)# server virtual-name-or-ip vs1
ServerIron(config-vs-vs1# advertise-vip-route
Syntax: [no] advertise-vip-route
ServerIron(config)# server virtual-name-or-ip vs1
ServerIron(config-vs-vs1# disable-advertise-vip-route
ServerIron(config-vs-vs1)# end
Syntax: [no] disable-advertise-vip-route
ServerIron(config)# server rhi-active-bindings-threshold 20
If the <percent> parameter is not set, the percentage is 0. In this case, the default method will be used to determine the health of the VIP port. For example, a VIP port will be considered healthy as long as there is at least one healthy real server port bound to it.
As another example, consider a virtual server 1.1.1.101 with port http configured. This port http of the virtual server is bound to port http of real server 1.1.1.15 and port http of real server 1.1.1.44. If you have not configured any active bindings threshold percentage, then port http of VIP 1.1.1.101 will be considered healthy as long as at least one of the two bound real server ports is healthy.
If you configure an active bindings threshold percentage of 100, then this setting requires all bound real server ports for the VIP port to be healthy, in order to consider the VIP port as healthy. If real server port http for real server 1.1.1.15 goes down, then VIP port http is no longer considered healthy because only 50% of the bound real server ports are healthy. The configuration in this example requires 100% of the bound real server ports to be up in order to consider the VIP port as healthy.
Syntax: [no] server rhi-one-vip-port-up
ServerIronA(config)# server virtual-name-or-ip dns-p1
ServerIronA(config-vs-dns-p1)# port ftp rhi-dont-use-port
Syntax: [no] port <port> rhi-dont-use-port
As another example, assume port http and
port ftp have been configured for virtual server vs1. You then bind port ftp of real server rs1 and port ftp of real server rs2 to port ftp of virtual server vs1. Similarly, you bind port http of real server rs1 and port http of real server rs2 to port http of virtual server vs1. If you need to base the health of the VIP vs1 only on the health of the VIP port http, then you can configure the following for the port ftp:
ServerIron(config)# server virtual-name-or-ip vs1
ServerIron(config-vs-dns-p1)# port ftp rhi-dont-use-port
ServerIron(config)# server global-vip-route-mask-length 28
Syntax: [no] server global-vip-route-mask-length <length>
ServerIron(config)# server virt virt-2
ServerIron(config-vs-virt-2)#vip-route-subnet-mask-length 28
Syntax: [no] vip-route-subnet-mask-length <length>
|
•
|
Hot Standby topology - VIP RHI is only supported on the ServerIron Router (R) platform. A Hot Standby topology is not supported for the R code base. Therefore, VIP RHI is not applicable to Hot Standby topologies.
|
|
•
|
Symmetric and sym-active topologies - In both symmetric and sym-active topologies, only the owner of the VIP (the VIP in the ACTIVE state) will inject the route. In this topology, the ServerIron will withdraw the VIP route when a VIP transitions from Active to Standby state. Similarly, the ServerIron will inject the VIP route when a VIP transitions from Standby to Active, if the VIP is healthy at the time of the transition.
|
Optionally, one can enable ServerIron to inject VIP route inside routing process regardless of its VIP ownership status. Enter the following command if you want to enable both SrverIrons to inject VIP route regardless of its ownership.
When VIP RHI is enabled for a virtual server, the VIP host route type is shown as "S:Static". The reason for doing this is the ServerIron ADX can use
redistribute static of routing protocols (OSPF and RIP) to advertise the VIP host route.
The following snap shot of show ip route was taken from a ServerIron ADX with VIP RHI enabled:
Tip: Some administrators may view this approach as a contradiction to the basic definition of a route type. The route type of a network that is owned by an ServerIron ADX (router) is usually shown as "D:connected" and a manually added static route type is to be shown as "S:Static".
ServerIronA(config-vlan-9)# untagged ethernet 4/1 to 4/5
ServerIronA(config-ospf-router)# redistribution static
ServerIronA(config-ve-9)# ip address 186.211.21.11 255.255.255.0
ServerIronA(config-if-4/15)# ip address 10.1.1.99 255.255.255.0
ServerIronA(config-if-4/15)# ip dont-advertise 10.1.1.99 255.255.255.0
ServerIronA(config)#server virtual-name-or-ip vip-si-A 10.1.1.10
ServerIronA(config-vs-vip-si-A)#bind http rs1 http rs2 http
ServerIronA(config-vs-vip-si-A)#advertise-vip-route
The configuration is similar for ServerIron ADX B and C (with relevant interface IP addresses).
Both ServerIron ADX Sites Working in Primary Mode
ver 09.3.00b265TD4!
module 1 bi-0-port-wsm2-management-module
module 2 bi-jc-8-port-gig-module
module 3 bi-jc-16-port-gig-copper-module
module 4 bi-jc-16-port-gig-copper-module
!
global-protocol-vlan!
!
server predictor round-robin
server global-advertise-vip-route
server global-vip-route-mask-length 30
server rhi-active-bindings-threshold 80
server port 21
tcp
server port 80
tcp
server port 53
udp
server port 161
udp
server port 25
tcp
server port 443
tcp
server port 8601
tcp
!
!
server real rs1 20.20.1.40
port http
port http url "HEAD /"
port ftp
port smtp
port dns
port dns zone "satish.com"
port snmp
port mms
port rtsp
!
server real rs2 20.20.1.41
port http
port http url "HEAD /"
port ftp
port smtp
port dns
port dns zone "satish.com"
port snmp
port mms
port rtsp
!
server remote-name test 30.30.1.40
vip-route-subnet-mask-length 28
disable-advertise-vip-route
ip dont-advertise 70.70.1.120 255.255.255.0
ip dont-advertise 90.90.1.120 255.255.255.0
ip dont-advertise 60.60.1.120 255.255.255.0
ip dont-advertise 60.60.1.121 255.255.255.0
ip dont-advertise 50.50.1.120 255.255.255.0
ip dont-advertise 50.50.1.121 255.255.255.0
vip-route-subnet-mask-length 28
disable-advertise-vip-route
ip dont-advertise 70.70.1.120 255.255.255.0
ip dont-advertise 90.90.1.120 255.255.255.0
ip dont-advertise 60.60.1.120 255.255.255.0
ip dont-advertise 60.60.1.121 255.255.255.0
ip dont-advertise 50.50.1.120 255.255.255.0
Site-1 ServerIron ADX in Primary Mode and Site-2 in Backup Mode
NOTE: The ServerIron ADX system may not be able to perform Layer 7 or Layer 4 health checks for these many ports though. It will stop processing health checks once its exceeds its system capacity. If this occurs, you must explicitly disable health checks for several ports.
|
•
|
ServerIron ADX supports a maximum of 20KB GET requests while performing Layer 7 switching.
|
Copyright © 2009 Brocade Communications Systems, Inc.
