Cisco IOS Server Load Balancing Command Reference

lookup

To configure an IP address of a real server that a Domain Name System (DNS) server should supply in response to a domain name resolve request, use the lookupcommand in DNS probe configuration mode. To remove an IP address from the expected list, use the no form of this command.

lookup ip-address

no lookup ip-address

Syntax Description

ip-address

IP address of a real server that a DNS server should supply in response to a domain name resolve request.

Command Default

No lookup IP address is configured.

Command Modes

DNS probe configuration (config-slb-probe)

Command History

Release	Modification
12.1(11b)E	This command was introduced.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example configures a DNS probe named PROBE4, enters DNS probe configuration mode, and specifies 10.1.10.1 as the IP address to resolve:

Router(config)# ip slb probe PROBE4 dns
Router(config-slb-probe)# lookup 10.1.10.1

Related Commands

Command	Description
ip slb probe dns	Configures a DNS probe name and enters DNS probe configuration mode.
show ip slb probe	Displays information about an IOS SLB probe.

manager (DFP agent)

This command has been removed. Its function is now performed by the ip dfp agentglobal configuration command, and by the following DFP agent configuration commands:

inservice (DFP agent)
interval (DFP agent)
password (DFP agent)
port (DFP agent)

See the description of these commands for more information.

maxclients

To specify the maximum number of IOS Server Load Balancing (IOS SLB) RADIUS and GTP sticky subscribers that can be assigned to an individual virtual server, use the maxclientscommand in real server configuration mode. To remove the limit, use the no form of this command.

maxclients maximum-number

no maxclients

Syntax Description

maximum-number

Maximum number of IOS SLB RADIUS and GTP sticky subscribers that can be assigned to an individual virtual server:

If the radius calling-station-idkeyword is specified in the sticky command for the virtual server (that is, if the virtual server is configured to create the IOS SLB RADIUS calling-station-ID sticky database), a sticky subscriber is an entry in the IOS SLB RADIUS calling-station-ID sticky database.
If the radius framed-ipkeyword is specified in the sticky command for the virtual server (that is, if the virtual server is configured to create the IOS SLB RADIUS framed-IP sticky database), a sticky subscriber is an entry in the IOS SLB RADIUS framed-IP sticky database.
If the radius usernamekeyword is specified in the sticky command for the virtual server (that is, if the virtual server is configured to create the IOS SLB RADIUS username sticky database), a sticky subscriber is an entry in the IOS SLB RADIUS username sticky database.
If both the radius framed-ip and radius calling-station-idkeywords are specified in the sticky command for the virtual server, a sticky subscriber is an entry in the IOS SLB RADIUS calling-station-ID sticky database.
If both the radius framed-ip and radius username keywords are specified in the sticky command for the virtual server, a sticky subscriber is an entry in the IOS SLB RADIUS username sticky database.

By default, there is no limit on the number of IOS SLB RADIUS and GTP sticky subscribers that can be assigned to an individual virtual server.

Command Default

There is no limit on the number of IOS SLB RADIUS and GTP sticky subscribers that can be assigned to an individual virtual server.

Command Modes

Real server configuration (config-slb-real)

Command History

Release	Modification
12.1(11b)E	This command was introduced.
12.1(12c)E	This command was modified to support RADIUS load balancing for CDMA2000, a third-generation (3-G) version of Code Division Multiple Access (CDMA).
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example specifies that up to 10 IOS SLB RADIUS sticky subscribers can be assigned to an individual real server:

Router(config-slb-real)# maxclients 10

Related Commands

Command	Description
ip slb route	Enables IOS SLB to inspect packets for RADIUS framed-IP sticky routing.
show ip slb sticky	Displays the IOS SLB sticky database.

maxconns (firewall farm datagram protocol)

To limit the number of active datagram connections to the firewall farm, use the maxconns command in firewall farm datagram protocol configuration mode. To restore the default of 4294967295, use the no form of this command.

maxconns maximum-number

no maxconns

Syntax Description

maximum-number

Maximum number of simultaneous active datagram connections using the firewall farm. Valid values range from 1 to 4294967295. The default is 4294967295.

Command Default

The default maximum number of simultaneous active datagram connections using the firewall farm is 4294967295.

Command Modes

Firewall farm datagram protocol configuration (config-slb-fw-udp)

Command History

Release	Modification
12.1(3a)E	This command was introduced.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example limits the real server to a maximum of 1000 simultaneous active connections:

Router(config)# ip slb firewallfarm FIRE1
Router(config-slb-fw)# protocol datagram
Router(config-slb-fw-udp)# maxconns 1000

Related Commands

Command	Description
protocol datagram	Enters firewall farm datagram protocol configuration mode.
show ip slb firewallfarm	Displays information about the firewall farm configuration.
show ip slb reals	Displays information about the real servers.

maxconns (firewall farm TCP protocol)

To limit the number of active TCP connections to the firewall farm, use the maxconns command in firewall farm TCP protocol configuration mode. To restore the default of 4294967295, use the no form of this command.

maxconns maximum-number

no maxconns

Syntax Description

maximum-number

Maximum number of simultaneous active TCP connections using the firewall farm. Valid values range from 1 to 4294967295. The default is 4294967295.

Command Default

The default maximum number of simultaneous active TCP connections using the firewall farm is 4294967295.

Command Modes

Firewall farm TCP protocol configuration (config-slb-fw-tcp)

Command History

Release	Modification
12.1(3a)E	This command was introduced.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example limits the real server to a maximum of 1000 simultaneous active connections:

Router(config)# ip slb firewallfarm FIRE1
Router(config-slb-fw)# protocol tcp
Router(config-slb-fw-tcp)# maxconns 1000

Related Commands

Command	Description
protocol tcp	Enters firewall farm TCP protocol configuration mode.
show ip slb firewallfarm	Displays information about the firewall farm configuration.
show ip slb reals	Displays information about the real servers.

maxconns (server farm)

To limit the number of active connections to the real server, use the maxconns command in SLB server farm configuration mode. To restore the default of 4294967295, use the no form of this command.

maxconns maximum-number [sticky-override]

no maxconns

Syntax Description

maximum-number	Maximum number of simultaneous active connections on the real server. Valid values range from 1 to 4294967295. The default is 4294967295.
sticky-override	(Optional) Allow sticky load balancing to exceed maximum-numberfor this real server.

Command Default

The default maximum number of simultaneous active connections on the real server is 4294967295.

Command Modes

SLB server farm configuration (config-slb-real)

Command History

Release	Modification
12.0(7)XE	This command was introduced.
12.1(5)T	This command was integrated into Cisco IOS Release 12.1(5)T.
12.2	This command was integrated into Cisco IOS Release 12.2.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.1(18)E	The sticky-override keyword was added.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example limits the real server to a maximum of 1000 simultaneous active connections:

Router(config)# ip slb serverfarm PUBLIC
Router(config-slb-sfarm)# real 10.10.1.1
Router(config-slb-real)# maxconns 1000

Related Commands

Command	Description
real (server farm)	Identifies a real server by IP address and optional port number as a member of a server farm and enters real server configuration mode.
show ip slb reals	Displays information about the real servers.
show ip slb severfarms	Displays information about the server farm configuration.

mls aging slb normal

To configure the aging time for flows, use the mls aging slb normalcommand in global configuration mode. To restore the default setting, use the noform of this command.

mls aging slb normal time

no mls aging slb normal time

Syntax Description

time

Idle time, in milliseconds, before a flow is aged. The valid range is 1 milliseconds to 10000 milliseconds. The default setting is 2000 milliseconds.

Note

Heavier-than-normal loads can age flows more aggressively than this time.

Command Default

The default aging idle time is 2000 milliseconds.

Command Modes

Global configuration (config)

Command History

Release	Modification
12.1(8)E	This command was introduced.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

This command is supported for Catalyst 6000 family switches only.

Examples

The following example sets the idle time to 4000 milliseconds:

Router(config)# mls aging slb normal 4000

Related Commands

Command	Description
ip slb firewallfarm	Identifies a firewall farm and initiates firewall farm configuration mode.
ip slb serverfarm	Associates a real server farm with a virtual server.
ip slb vserver	Identifies a virtual server.
mls aging slb process	Controls how often the aging process runs.

mls aging slb process

To control how often the aging process runs, use the mls aging slb process command in global configuration mode. To restore the default setting, use the noform of this command.

mls aging slb process time

no mls aging slb process time

Syntax Description

time	Aging process interval, in milliseconds. The valid range is 1 millisecond to 10000 milliseconds. The default setting is 2000 seconds.

Command Default

The default aging process interval is 2000 milliseconds.

Command Modes

Global configuration (config)

Command History

Release	Modification
12.1(8)E	This command was introduced.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

This command is supported for Catalyst 6000 family switches only.

Examples

The following example sets the aging process interval to 4000 milliseconds:

Router(config)# mls aging slb process 4000

Related Commands

Command	Description
ip slb firewallfarm	Identifies a firewall farm and initiates firewall farm configuration mode.
ip slb serverfarm	Associates a real server farm with a virtual server.
ip slb vserver	Identifies a virtual server.
mls aging slb normal	Configures the aging time for flows.

mls ip slb purge global

To specify protocol-level purging of MLS entries from active TCP and UDP flow packets, use the mls ip slb purge globalcommand in global configuration mode. To disable purge throttling, use the no form of this command.

mls ip slb purge global

no mls ip slb purge global

Syntax Description

This command has no arguments or keywords.

Command Default

The default setting is for protocol-level purging.

Command Modes

Global configuration (config)

Command History

Release	Modification
12.2(1)SX	This command was introduced.
12.2(33)SRD2	The command was modified so that the default command no longer appears in the generated configuration.
12.2(33)SXI2	The command was modified so that the default command no longer appears in the generated configuration.
12.2(18)SXF17	The command was modified so that the default command no longer appears in the generated configuration.

Examples

The following example disables purge throttling on TCP and UDP flow packets:

Router(config)# no mls ip slb purge global

The following example returns purge throttling on TCP and UDP flow packets to its default setting:

Router(config)# mls ip slb purge global

mls ip slb search wildcard

To specify the behavior of IOS Server Load Balancing (IOS SLB) wildcard searches, use the mls ip slb search wildcard command in global configuration mode. To restore the default setting, use the no form of this command.

mls ip slb search { wildcard [ pfc | rp ] | icmp }

no mls ip slb search { wildcard [ pfc | rp ] | icmp }

Syntax Description

wildcard

IOS SLB wildcard searches are to be performed by the Policy Feature Card (PFC). This value is the default setting.

pfc

(Optional) IOS SLB wildcard searches are to be performed by the Policy Feature Card (PFC). This value is the default setting.

rp

(Optional) IOS SLB wildcard searches are to be performed by the route processor.

icmp

Disables ICMP handling by IOS SLB. (Pings to IOS SLB virtual IP addresses are still answered.) Use this command to reduce CPU usage when IOS SLB is configured in locations with a high volume of ICMP flows, such as in the network core.

Note

Use of the icmp keyword can result in minor ICMP errors, such as flows returned to the client with no Network Address Translation (NAT).

Command Default

The default setting is for the PFC to perform IOS SLB wildcard searches.

Command Modes

Global configuration (config)

Command History

Release	Modification
12.1(7)E	This command was introduced.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

This command is supported for Catalyst 6500 family switches only.

If you configure IOS SLB and either input ACLs or firewall load balancing on the same Catalyst 6500 Family Switch, you can exceed the capacity of the TCAM on the PFC. To correct the problem, use the mls ip slb search wildcard rp command to reduce the amount of TCAM space used by IOS SLB. However, be aware that this command can result in a slight increase in route processor utilization.

Examples

The following example limits wildcard searches to the route processor:

Router(config)# mls ip slb search wildcard rp

Related Commands

Command	Description
ip slb firewallfarm	Identifies a firewall by IP address farm and enters firewall farm configuration mode.
ip slb serverfarm	Associates a real server farm with a virtual server.
ip slb vserver	Identifies a virtual server.

nat

To configure Cisco IOS Server Load Balancing (IOS SLB) Network Address Translation (NAT) and specify a NAT mode, use the nat command in SLB server farm configuration mode. To remove a NAT configuration, use the no form of this command.

nat { client pool | server }

no nat { client | server }

Syntax Description

client pool

Configures the client address in load-balanced packets using addresses from the client address pool. The pool name must match the pool argument from a previous ip slb natpoolcommand.

This mode is commonly referred to as directed client NAT , or simply client NAT.

server

Configures the destination address in load-balanced packets sent to the real server as the address of the real server chosen by the server farm load-balancing algorithm.

This mode is commonly referred to as directed server NAT , or simply server NAT.

Command Default

No IOS SLB NAT is configured.

Command Modes

SLB server farm configuration (config-slb-sfarm)

Command History

Release	Modification
12.1(1)E	This command was introduced.
12.1(5)T	This command was integrated into Cisco IOS Release 12.1(5)T.
12.2	This command was integrated into Cisco IOS Release 12.2.
12.1(2)E	The client keyword and pool argument were added.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

The no nat command is allowed only if the virtual server was removed from service with the no inservice command.

Examples

The following example enters server farm configuration mode and configures NAT mode as server address translation on server farm FARM2:

Router# ip slb serverfarm FARM2
Router(config-slb-sfarm)# nat server

The following example configures the NAT mode on server farm FARM2 to client translation mode and, using the realcommand in server farm configuration mode, configures the real server IP address as 10.3.1.1:

Router(config-slb-sfarm)# nat client web-clients
Router(config-slb-sfarm)# real 10.3.1.1

Related Commands

Command	Description
ip slb serverfarm	Associates a real server farm with a virtual server.
real (server farm)	Identifies a real server by IP address and optional port number as a member of a server farm and enters real server configuration mode.
show ip slb serverfarms	Displays information about the server farm configuration.

password (DFP agent)

To configure a Dynamic Feedback Protocol (DFP) agent password for Message Digest Algorithm Version 5 (MD5) authentication, use the password command in DFP agent configuration mode. To remove the DFP agent password, use the no form of this command.

password [ 0 | 7 ] password [timeout]

no password

Syntax Description

0

(Optional) Indicates that the password is unencrypted. This is the default setting.

7

(Optional) Indicates that the password is encrypted.

password

Password value for MD5 authentication.

Note

This password must match the password configured on the host agent.

timeout

(Optional) Delay period, in seconds, during which both the old password and the new password are accepted. The valid range is from 0 to 65535. The default is 180.

Command Default

The password encryption default is 0 (unencrypted). The password timeout default is 180 seconds.

Command Modes

DFP agent configuration (config-dfp)

Command History

Release	Modification
12.1(8a)E	This command was introduced.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.3(4)T	This command was integrated into Cisco IOS Release 12.3(4)T.
12.2(18)SXD	This command was integrated into Cisco IOS Release 12.2(18)SXD.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

The password specified on this command must match the password specified on the DFP manager.

The timeout option allows you to change the password without stopping messages between the DFP agent and its manager. The default value is 180 seconds.

During the timeout, the agent sends packets with the old password (or null, if there is no old password), and receives packets with either the old or new password. After the timeout expires, the agent sends and receives packets only with the new password; received packets that use the old password are discarded.

If you are changing the password for an entire load-balanced environment, set a longer timeout. Setting a longer timeout allows enough time for you to update the password on all agents and servers before the timeout expires. It also prevents mismatches between agents and servers that have begun running the new password and agents, and servers on which you have not yet changed the old password.

If you are running IOS SLB as a DFP manager, and you specify a password on the ip slb dfp command in global configuration mode, the password must match the one specified on the password command in DFP agent configuration mode in the DFP agent.

Examples

The following example sets the DFP agent password (unencrypted by default) to Password1 and the timeout to 360 seconds:

Router(config)# ip dfp agent slb
Router(config-dfp)# password Password1 360

Related Commands

Command	Description
agent	Identifies a DFP agent to which IOS SLB can connect.
ip dfp agent	Identifies a DFP agent subsystem and initiates DFP agent configuration mode.
ip slb dfp	Configures DFP, supplies an optional password, and initiates DFP configuration mode.
replicate casa (firewall farm)	Configures a stateful backup of IOS SLB decision tables to a backup switch.
replicate casa (virtual server)	Configures a stateful backup of IOS SLB decision tables to a backup switch.

peer port

To specify the port to which the IOS SLB KeepAlive Application Protocol (KAL-AP) agent is to connect, use the peer portcommand in SLB Content Application Peering Protocol (CAPP) configuration mode. To restore the default settings, use the no form of this command.

peer [ip-address] port port

no peer [ip-address] port port

Syntax Description

ip-address	(Optional) IP address of the peer KAL-AP manager.
port	Content Application Peering Protocol (CAPP) User Datagram Protocol (UDP) port number to which the KAL-AP agent is to connect. Valid port numbers are 1 to 65535.

Command Default

If you do not specify a port, the KAL-AP agent connects to port 5002.

Command Modes

SLB CAPP configuration (config-slb-capp)

Command History

Release	Modification
12.2(33)SRC	This command was introduced.

Usage Guidelines

Use this command to specify a port number, other than port 5002, to be used by the KAL-AP agent.

You can configure any number of peer portcommands with the ip-addressargument, but only one without the ip-addressargument.

Examples

The following example configures the KAL-AP agent to connect to port number 6000:

Router(config-slb-capp)# peer port 6000

Related Commands

Command	Description
ip capp udp	Enables the IOS SLB KeepAlive Application Protocol (KAL-AP) agent and enters SLB Content Application Peering Protocol (CAPP) configuration mode.

peer secret

To enable Message Digest Algorithm Version 5 (MD5) authentication for the IOS SLB KeepAlive Application Protocol (KAL-AP) agent, use the peer secretcommand in SLB Content Application Peering Protocol (CAPP) configuration mode. To disable MD5 authentication, use the no form of this command.

peer [ip-address] secret [encrypt] secret-string

no peer [ip-address] secret secret-string

Syntax Description

ip-address

(Optional) IP address of the peer KAL-AP.

encrypt

(Optional) Indicates how the secret-string is represented when the configuration is displayed (for example, show run), or how it is written to nonvolatile memory (for example, write memory).

The possible values are 0 and 7:

0 --The secret-string is stored in plain text. This is the default setting.
7 --The secret-string is encrypted before it is displayed or written to nonvolatile memory.

Note

If your router is configured to encrypt all passwords, then the password is represented as 7 followed by the encrypted text. See the Cisco IOS service command for more details.

secret-string

1- to 64-character clear password value for MD5 authentication. All characters are valid; case is significant. This password must match the password configured on the host agent.

The secret-stringis always sent in plain text when the configuration is downloaded.

The secret-stringmust match the secret that is specified on the KAL-AP client.

Command Default

The KAL-AP agent does not use MD5 authentication with IOS SLB.

Command Modes

SLB CAPP configuration (config-slb-capp)

Command History

Release	Modification
12.2(33)SRC	This command was introduced.

Usage Guidelines

You can configure any number of peer secretcommands with the ip-addressargument, but only one without the ip-addressargument.

Examples

The following example configures secret string SECRET_STRING for the KAL-AP agent:

Router(config-slb-capp)# peer secret SECRET_STRING

Related Commands

Command	Description
ip capp udp	Enables the IOS SLB KeepAlive Application Protocol (KAL-AP) agent and enters SLB Content Application Peering Protocol (CAPP) configuration mode.

port (custom UDP probe)

To specify the port to which a custom User Datagram Protocol (UDP) probe is to connect, use the portcommand in custom UDP probe configuration mode. To restore the default settings, use the no form of this command.

port port

no port port

Syntax Description

port	UDP port number to which the custom UDP probe is to connect.

Command Default

In dispatched mode, the port number is inherited from the virtual server. If port translation is configured for the real server, that port number is used. See the real (server farm) command for more details.

Command Modes

Custom UDP probe configuration (config-slb-probe)

Command History

Release	Modification
12.1(13)E3	This command was introduced.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example configures a custom UDP probe named PROBE6, enters custom UDP probe configuration mode, and configures the probe to connect to port number 8:

Router(config)# ip slb probe PROBE6 custom UDP
Router(config-slb-probe)# port 8

Related Commands

Command	Description
ip slb probe custom udp	Configures a custom User Datagram Protocol (UDP) probe name and enters custom UDP probe configuration mode.
real (server farm)	Identifies a real server by IP address and optional port number as a member of a server farm and enters real server configuration mode.
show ip slb probe	Displays information about an IOS Server Load Balancing (IOS SLB) probe.

port (DFP agent)

To define the port number to be used by the Dynamic Feedback Protocol (DFP) manager to connect to the DFP agent, use the portcommand in DFP agent configuration mode. To disable the port number definition and remove existing connections, use the no form of this command.

port port-number

no port port-number

Syntax Description

port-number

Port number used by a DFP manager to connect to a DFP agent. The valid range is from 1 to 65535.

Command Default

No port number is defined.

Command Modes

DFP agent configuration (config-dfp)

Command History

Release	Modification
12.1(8a)E	This command was introduced.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.3(4)T	This command was integrated into Cisco IOS Release 12.3(4)T.
12.2(18)SXD	This command was integrated into Cisco IOS Release 12.2(18)SXD.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

In the following example, the DFP manager is enabled to connect to the DFP agent using port number 2221:

Router(config)# ip dfp agent slb
Router(config-dfp)# port 2221

Related Commands

Command	Description
agent	Identifies a DFP agent to which IOS SLB can connect.
ip dfp agent	Identifies a DFP agent subsystem and initiates DFP agent configuration mode.
ip slb dfp	Configures DFP, supplies an optional password, and initiates DFP configuration mode.

port (HTTP probe)

To specify the port to which an HTTP probe is to connect, use the portcommand in HTTP probe configuration mode. To restore the default settings, use the no form of this command.

port port

no port port

Syntax Description

port	TCP or User Datagram Protocol (UDP) port number to which the HTTP probe is to connect.

Command Default

In dispatched mode, the port number is inherited from the virtual server. If port translation is configured for the real server, that port number is used. See the real(server farm) command for more details.

Command Modes

HTTP probe configuration (config-slb-probe)

Command History

Release	Modification
12.1(3a)E	This command was introduced.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example configures an HTTP probe named PROBE2, enters HTTP probe configuration mode, and configures the probe to connect to port number 8:

Router(config)# ip slb probe PROBE2 http
Router(config-slb-probe)# port 8

Related Commands

Command	Description
ip slb probe http	Configures an HTTP probe name and enters HTTP probe configuration mode.
real (server farm)	Identifies a real server by IP address and optional port number as a member of a server farm and enters real server configuration mode.
show ip slb probe	Displays information about an IOS SLB probe.

port (TCP probe)

To specify the port to which a TCP probe is to connect, use the portcommand in TCP probe configuration mode. To restore the default settings, use the no form of this command.

port port

no port port

Syntax Description

port	TCP port number to which the TCP probe is to connect.

Command Default

In dispatched mode, the port number is inherited from the virtual server. If port translation is configured for the real server, that port number is used. See the real(server farm) command for more details.

Command Modes

TCP probe configuration (config-slb-probe)

Command History

Release	Modification
12.1(11b)E	This command was introduced.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example configures a TCP probe named PROBE5, enters TCP probe configuration mode, and configures the probe to connect to port number 8:

Router(config)# ip slb probe PROBE5 tcp
Router(config-slb-probe)# port 8

Related Commands

Command	Description
ip slb probe tcp	Configures a TCP probe name and enters TCP probe configuration mode.
real (server farm)	Identifies a real server by IP address and optional port number as a member of a server farm and enters real server configuration mode.
show ip slb probe	Displays information about an IOS SLB probe.

predictor

To specify the load-balancing algorithm for selecting a real server in the server farm, use the predictorcommand in SLB server farm configuration mode. To restore the default load-balancing algorithm of weighted round robin, use the no form of this command.

predictor [ roundrobin | leastconns | route-map mapname ]

no predictor

Syntax Description

roundrobin

(Optional) Uses the weighted round robin algorithm for selecting the real server to handle the next new connection for the server farm. See the Weighted Round Robin section for a detailed description of this algorithm. This algorithm is the default value.

RADIUS load balancing requires the weighted round robin algorithm.

General packet radio service (GPRS) load balancing without GPRS Tunneling Protocol (GTP) cause code inspection enabled requires the weighted round robin algorithm.

The Home Agent Director requires the weighted round robin algorithm.

leastconns

(Optional) Uses the weighted least connections algorithm for selecting the real server to handle the next new connection for this server farm. See the Weighted Least Connections section for a detailed description of this algorithm.

route-map mapname

(Optional) Uses IOS policy-based routing (PBR) for selecting the real server to handle the next new connection for this server farm. The mapname argument identifies the IOS PBR route map to be used. See the Route Map section for a detailed description of this algorithm.

The route map algorithm is supported only for RADIUS load balancing accelerated data plane forwarding.

Command Default

If you do not enter a predictor command, or if you enter the predictor command without specifying a load-balancing algorithm, the weighted round robin algorithm is used.

Command Modes

SLB server farm configuration (config-slb-sfarm)

Command History

Release	Modification
12.0(7)XE	This command was introduced.
12.1(5)T	This command was integrated into Cisco IOS Release 12.1(5)T.
12.2	This command was integrated into Cisco IOS Release 12.2.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SRC	The route-map keyword and mapname argument were added.

Usage Guidelines

RADIUS load balancing requires the weighted round robin algorithm.

The route map algorithm is supported only for RADIUS load balancing accelerated data plane forwarding. When you specify the predictor route-map command, no further commands in SLB server farm configuration mode or real server configuration mode are allowed.

GPRS load balancing without GTP cause code inspection enabled requires the weighted round robin algorithm. A server farm that uses weighted least connections can be bound to a virtual server providing GPRS load balancing without GTP cause code inspection enabled, but you cannot place the virtual server INSERVICE. If you try to do so, Cisco IOS SLB) issues an error message.

The Home Agent Director requires the weighted round robin algorithm. A server farm that uses weighted least connections can be bound to a Home Agent Director virtual server, but you cannot place the virtual server INSERVICE. If you try to do so, Cisco IOS SLB issues an error message.

Examples

The following example specifies the weighted least connections algorithm:

Router(config)# ip slb serverfarm PUBLIC
Router(config-slb-sfarm)# predictor leastconns

Related Commands

Command	Description
show ip slb serverfarms	Displays information about the server farm configuration.
weight (server farm)	Specifies the real server’s capacity, relative to other real servers in the server farm.

predictor hash address (firewall farm)

To specify the load-balancing algorithm for selecting a firewall in the firewall farm, use the predictor hash addresscommand in firewall farm configuration mode. To restore the default load-balancing algorithm, use the no form of this command.

predictor hash address [port]

no predictor

Syntax Description

port	(Optional) Uses the source and destination TCP or User Datagram Protocol (UDP) port numbers, in addition to the source and destination IP addresses, when selecting a firewall.

Command Default

IOS Server Load Balancing (IOS SLB) uses the source and destination IP addresses when selecting a firewall.

Command Modes

Firewall farm configuration (config-slb-fw)

Command History

Release	Modification
12.1(3a)E	This command was introduced.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example specifies that source and destination IP addresses are to be used when selecting a firewall:

Router(config)# ip slb firewall FIRE1
Router(config-slb-fw)# predictor hash address

Related Commands

Command	Description
show ip slb firewallfarm	Displays information about the firewall farm configuration.
weight (firewall farm real server)	Specifies the firewall’s capacity, relative to other firewalls in the firewall farm.

probe (firewall farm real server)

To associate a probe with a firewall farm, use the probecommand in firewall farm real server configuration mode. To remove the association, use the no form of this command.

probe probe

no probe probe

Syntax Description

probe

Name of the probe to associate with this firewall farm.

Command Default

No probe is associated with a firewall farm.

Command Modes

Firewall farm real server configuration (config-slb-fw-real)

Command History

Release	Modification
12.1(3a)E	This command was introduced.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

You can configure more than one probe for each firewall in a firewall farm.

If you configure probes in your network, you must also do one of the following:

Configure the exclude keyword on the client command on the virtual server, to exclude connections initiated by the client IP address from the load-balancing scheme.
Configure IP addresses on the IOS Server Load Balancing (IOS SLB) device that are Layer 3-adjacent to the real servers used by the virtual server.

Examples

The following example associates probe FireProbe with server farm FIRE1:

Router(config)# ip slb firewallfarm FIRE1
Router(config-slb-fw-real)# probe FireProbe

Related Commands

Command	Description
show ip slb firewallfarm	Displays information about the server farm configuration.

probe (server farm)

To associate a probe with a server farm, use the probecommand in server farm configuration mode. To remove the association, use the no form of this command.

probe probe

no probe probe

Syntax Description

probe

Name of the probe to associate with this server farm.

Command Default

No probe is associated with a server farm.

Command Modes

Server farm configuration (config-slb-sfarm)

Command History

Release	Modification
12.1(2)E	This command was introduced.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

You can configure more than one probe for each server farm.

If you configure probes in your network, you must also do one of the following:

Configure the exclude keyword on the client command on the virtual server, to exclude connections initiated by the client IP address from the load-balancing scheme.
Configure IP addresses on the IOS Server Load Balancing (IOS SLB) device that are Layer 3-adjacent to the real servers used by the virtual server.

Examples

The following example associates probe PROBE1 with server farm PUBLIC:

Router(config)# ip slb serverfarm PUBLIC
Router(config-slb-sfarm)# probe PROBE1

Related Commands

Command	Description
show ip slb serverfarms	Displays information about the server farm configuration.

protocol datagram

To enter firewall farm datagram protocol configuration mode, use the protocol datagramcommand in firewall farm configuration mode.

protocol datagram

Syntax Description

This command has no arguments or keywords.

Command Default

No default behavior or values

Command Modes

Firewall farm configuration (config-slb-fw)

Command History

Release	Modification
12.1(11b)E	This command was introduced, replacing the udp command.
12.1(12c)E	This command was integrated into Cisco IOS Release 12.1(12c)E, replacing the protocol udpcommand.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

Firewall farm datagram protocol configuration applies to the Encapsulation Security Payload (ESP), Generic Routing Encapsulation (GRE), IP in IP encapsulation, and User Datagram Protocol (UDP) protocols.

Examples

The following example enters firewall farm datagram protocol configuration mode:

Router(config)# ip slb firewallfarm FIRE1
Router(config-slb-fw)# protocol datagram

Related Commands

Command	Description
show ip slb firewallfarm	Displays information about the firewall farm configuration.

protocol tcp

To enter firewall farm TCP protocol configuration mode, use the protocol tcpcommand in firewall farm configuration mode.

protocol tcp

Syntax Description

This command has no arguments or keywords.

Command Default

Firewall farm TCP protocol configuration mode is not entered.

Command Modes

Firewall farm configuration (config-slb-fw)

Command History

Release	Modification
12.1(11b)E	This command was introduced, replacing the tcp command.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example enters firewall farm TCP protocol configuration mode:

Router(config)# ip slb firewallfarm FIRE1
Router(config-slb-fw)# protocol tcp

Related Commands

Command	Description
show ip slb firewallfarm	Displays information about the firewall farm configuration.

purge connection

To enable IOS SLB firewall load balancing to send purge requests for connections, use the purge connectioncommand in firewall farm configuration mode. To prevent the sending of purge requests, use the no form of this command.

purge connection

no purge connection

Syntax Description

This command has no arguments or keywords.

Command Default

IOS SLB firewall load balancing sends purge requests for connections.

Command Modes

Firewall farm configuration (config-slb-fw)

Command History

Release	Modification
12.2(33)SRE	This command was introduced.

Usage Guidelines

By default, IOS SLB firewall load balancing sends purge requests for connections. However, if a large number of purge requests are sent, the CPU might be impacted. To prevent this problem, use the no form of this command to prevent the sending of purge requests.

Examples

The following example prevents the sending of purge requests for connections:

Router(config-slb-fw)# no purge connection

Related Commands

mls ip slb purge global	Specifies protocol-level purging of MLS entries from active TCP and UDP flow packets.
purge sticky	TBD

purge radius framed-ip acct on-off (virtual server)

To enable IOS SLB to purge entries in the IOS SLB RADIUS framed-ip sticky database upon receipt of an Accounting ON or OFF message, use the purge radius framed-ip acct on-off command in virtual serverconfiguration mode. To disable this behavior, use the no form of this command.

purge radius framed-ip acct on-off

no purge radius framed-ip acct on-off

Syntax Description

This command has no arguments or keywords.

Command Default

IOS SLB purges entries in the IOS SLB RADIUS framed-ip sticky database upon receipt of an Accounting ON or OFF message.

Command Modes

Virtual server configuration (config-slb-vserver)

Command History

Release	Modification
12.1(11b)E	This command was introduced.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example prevents IOS SLB from purging entries in the IOS SLB RADIUS framed-ip sticky database upon receipt of an Accounting ON or OFF message:

Router(config)# ip slb vserver VS1
Router(config-slb-vserver)# no purge radius framed-ip acct on-off

Related Commands

Command	Description
sticky (virtual server)	Assigns all connections from a client to the same real server.

purge radius framed-ip acct stop (virtual server)

To enable IOS Server Load Balancing to purge entries in the IOS SLB RADIUS framed-ip sticky database upon receipt of an Accounting-Stop message, use the purge radius framed-ip acct stop in virtual serverconfiguration mode. To disable this behavior, use the no form of this command.

purge radius framed-ip acct stop { attribute-number | 26 | vsa { vendor-ID | 3gpp | 3gpp2 } sub-attribute-number }

no purge radius framed-ip acct stop { attribute-number | 26 | vsa { vendor-ID | 3gpp | 3gpp2 } sub-attribute-number }

Syntax Description

attribute-number	RADIUS attribute number.
26	RADIUS attribute number 26.
vsa	Vendor-specific attribute number.
vendor-ID	Vendor ID.
3gpp	Third Generation Partnership Project (3GPP) vendor ID.
3gpp2	Third Generation Partnership Project 2 (3GPP2) vendor ID.
sub-attribute-number	Sub-attribute number.

Command Default

IOS SLB purges entries in the IOS SLB RADIUS framed-ip sticky database upon receipt of an Accounting-Stop message.

Command Modes

Virtual server configuration (config-slb-vserver)

Command History

Release	Modification
12.2(14)ZA5	This command was introduced.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example prevents IOS SLB from purging entries in the IOS SLB RADIUS framed-ip sticky database upon receipt of an Accounting-Stop message:

Router(config)# ip slb vserver VS1
Router(config-slb-vserver)# no purge radius framed-ip acct stop 44

Related Commands

Command	Description
sticky (virtual server)	Assigns all connections from a client to the same real server.

purge sticky

To enable IOS SLB firewall load balancing to send purge requests for sticky connections when the sticky timer expires, use the purge stickycommand in firewall farm configuration mode. To prevent the sending of purge requests when the timer expires, use the no form of this command.

purge sticky

no purge sticky

Syntax Description

This command has no arguments or keywords.

Command Default

IOS SLB firewall load balancing sends purge requests when the sticky timer expires.

Command Modes

Firewall farm configuration (config-slb-fw)

Command History

Release	Modification
12.2(33)SRE	This command was introduced.

Usage Guidelines

By default, IOS SLB firewall load balancing sends purge requests for sticky connections when the sticky timer expires. However, large volumes of purge requests can impact the CPU. To prevent this problem, use the no form of this command to prevent the sending of purge requests when the sticky timer expires.

To configure a sticky timer for IOS SLB firewall load balancing, use the sticky command in either firewall farm datagram protocol or firewall farm TCP protocol configuration mode.

Examples

The following example prevents the sending of purge requests for sticky connections:

Router(config-slb-fw)# no purge sticky

Related Commands

mls ip slb purge global	Specifies protocol-level purging of MLS entries from active TCP and UDP flow packets.
purge connection	Enables IOS SLB firewall load balancing to send purge requests for connections.
sticky (firewall farm datagram protocol)	Assigns all connections from a client to the same firewall.
sticky (firewall farm TCP protocol)	Assigns all connections from a client to the same firewall.

radius acct local-ack key

To enable a RADIUS virtual server to acknowledge RADIUS accounting messages, use the radius acct local-ack keycommand in SLB virtual server configuration mode. To restore the default behavior, use the no form of this command.

radius acct local-ack key [encrypt] secret-string

no radius acct local-ack key [encrypt] secret-string

Syntax Description

encrypt

(Optional) Indicates how the secret-string is represented when the configuration is displayed (for example, show run), or how it is written to nonvolatile memory (for example, write memory).

The possible values are 0 and 7:

0 --The secret-string is stored in plain text. This is the default setting.
7 --The secret-string is encrypted before it is displayed or written to nonvolatile memory.

Note

If your router is configured to encrypt all passwords, then the password is represented as 7 followed by the encrypted text. See the Cisco IOS service command for more details.

secret-string

1- to 64-character clear password value for MD5 authentication. All characters are valid; case is significant. This password must match the password configured on the host agent.

The secret-stringis always sent in plain text when the configuration is downloaded.

The secret-stringmust match the secret that is specified on the RADIUS client (for example, the gateway general packet radio service [GPRS] support node [GGSN]).

Command Default

By default, this command is not enabled. When this command is enabled, the RADIUS load balancing device, not the real server, acknowledges RADIUS accounting messages. If you configure this command but you do not specify the 7 keyword, the secret-string is stored in the plain text.

Command Modes

SLB virtual server configuration (config-slb-vserver)

Command History

Release	Modification
12.2(33)SRB	This command was introduced.

Usage Guidelines

Configure this command only on a RADIUS virtual server.

Examples

The following example shows how to enable RADIUS virtual server PUBLIC_RADIUS to acknowledge RADIUS accounting messages with key SECRET_PASSWORD.

Router(config)# ip slb vserver PUBLIC_RADIUS
Router(config-slb-vserver)# radius acct local-ack key SECRET_PASSWORD

Related Commands

Command	Description
ip slb serverfarm	Identifies a server farm and enters server farm configuration mode.
show ip slb vservers	Displays information about the virtual servers defined to IOS Server Load Balancing (IOS SLB).
virtual	Configures the virtual server attributes.

radius inject acct key

To configure a vendor-specific attribute (VSA) correlation group for an IOS SLB RADIUS load balancing accelerated data plane forwarding accounting virtual server, and to enable Message Digest Algorithm Version 5 (MD5) authentication for VSA correlation, use the radius inject acct keycommand in SLB virtual server configuration mode. To disable VSA correlation on this virtual server, use the no form of this command.

radius inject acct group-number key [encrypt] secret-string

no radius inject acct group-number key secret-string

Syntax Description

group-number

VSA correlation group number to be used for VSA correlation in the RADIUS Accounting-Start packets.

encrypt

(Optional) Indicates how the secret-string is represented when the configuration is displayed (for example, show run), or how it is written to nonvolatile memory (for example, write memory).

The possible values are 0 and 7:

0 --The secret-string is stored in plain text. This is the default setting.
7 --The secret-string is encrypted before it is displayed or written to nonvolatile memory.

Note

If your router is configured to encrypt all passwords, then the password is represented as 7 followed by the encrypted text. See the Cisco IOS service command for more details.

secret-string

1- to 64-character clear password value for MD5 authentication. All characters are valid; case is significant. This password must match the password configured on the host agent.

The secret-stringis always sent in plain text when the configuration is downloaded.

Command Default

VSA correlation is disabled on this virtual server.

Command Modes

SLB virtual server configuration (config-slb-vserver)

Command History

Release	Modification
12.2(33)SRC	This command was introduced.

Usage Guidelines

This command is valid only for VSA correlation accounting virtual servers.

Examples

The following example configures VSA correlation group 1 and configures plain text secret string SECRET_STRING for VSA correlation:

Router(config-slb-vserver)# radius inject acct 1 key 0 SECRET_STRING

Related Commands

Command	Description
radius inject auth	Configures a vendor-specific attribute (VSA) correlation group for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server, and specifies whether IOS SLB is to create VSA correlation entries based on RADIUS calling station IDs or RADIUS usernames.
radius inject auth timer	Configures a timer for vendor-specific attribute (VSA) correlation for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server.
radius inject auth vsa	Buffers vendor-specific attributes (VSAs) for VSA correlation for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server.

radius inject auth

To configure a vendor-specific attribute (VSA) correlation group for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server, and to specify whether IOS SLB is to create VSA correlation entries based on RADIUS calling station IDs or RADIUS usernames, use the radius inject auth command in SLB virtual server configuration mode. To disable VSA correlation on this virtual server, use the no form of this command.

radius inject auth group-number { calling-station-id | username }

no radius inject auth group-number { calling-station-id | username }

Syntax Description

group-number	VSA correlation group number.
calling-station-id	Specifies that IOS SLB is to create VSA correlation entries based on the RADIUS calling station ID attribute in the RADIUS payload when RADIUS Access-Request messages are exchanged.
username	Specifies that IOS SLB is to create VSA correlation entries based on the RADIUS username attribute in the RADIUS payload when RADIUS Access-Request messages are exchanged.

Command Default

VSA correlation is disabled on this virtual server.

Command Modes

SLB virtual server configuration (config-slb-vserver)

Command History

Release	Modification
12.2(33)SRC	This command was introduced.

Usage Guidelines

For a given authentication virtual server, you can configure a single radius inject auth group-number calling-station-id command or a single radius inject auth group-number usernamecommand, but not both.

This command is valid only for VSA correlation authentication virtual servers.

Examples

The following example configures VSA correlation group 1 and specifies that IOS SLB is to create VSA correlation entries based on the RADIUS calling station ID attribute:

Router(config-slb-vserver)# radius inject auth 1 calling-station-id

Related Commands

Command	Description
calling-station-id	Configures an ASCII regular expression string to be matched against the calling station ID attribute in the RADIUS payload.
radius inject acct key	Configures a vendor-specific attribute (VSA) correlation group for an IOS SLB RADIUS load balancing accelerated data plane forwarding accounting virtual server, and enables Message Digest Algorithm Version 5 (MD5) authentication for VSA correlation.
radius inject auth timer	Configures a timer for vendor-specific attribute (VSA) correlation for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server.
radius inject auth vsa	Buffers vendor-specific attributes (VSAs) for VSA correlation for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server.
username	Configures an ASCII regular expression string to be matched against the username attribute in the RADIUS payload.

radius inject auth timer

To configure a timer for vendor-specific attribute (VSA) correlation for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server, use the radius inject auth timercommand in SLB virtual server configuration mode. To delete the VSA correlation timer from the configuration, use the no form of this command.

radius inject auth timer seconds

no radius inject auth timer

Syntax Description

seconds

Time, in seconds, that IOS SLB maintains an entry in the VSA correlation database. Valid range is 1 to 255.

Command Default

No VSA correlation timer is configured for the authentication virtual server.

Command Modes

SLB virtual server configuration (config-slb-vserver)

Command History

Release	Modification
12.2(33)SRC	This command was introduced.

Usage Guidelines

This command is valid only for VSA correlation authentication virtual servers.

Examples

The following example configures a VSA correlation timer of 45 seconds:

Router(config-slb-vserver)# radius inject auth timer 45

Related Commands

Command	Description
radius inject acct key	Configures a vendor-specific attribute (VSA) correlation group for an IOS SLB RADIUS load balancing accelerated data plane forwarding accounting virtual server, and enables Message Digest Algorithm Version 5 (MD5) authentication for VSA correlation.
radius inject auth	Configures a vendor-specific attribute (VSA) correlation group for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server, and specifies whether IOS SLB is to create VSA correlation entries based on RADIUS calling station IDs or RADIUS usernames.
radius inject auth vsa	Buffers vendor-specific attributes (VSAs) for VSA correlation for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server.

radius inject auth vsa

To buffer vendor-specific attributes (VSAs) for VSA correlation for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server, use the radius inject auth vsacommand in SLB virtual server configuration mode.

radius inject auth vsa vendor-id

Syntax Description

vendor-id

VSA to be buffered:

cisco --Only the Cisco VSA can be buffered at this time.

Command Default

VSAs are not buffered.

Command Modes

SLB virtual server configuration (config-slb-vserver)

Command History

Release	Modification
12.2(33)SRC	This command was introduced.

Usage Guidelines

This command is valid only for VSA correlation authentication virtual servers.

Examples

The following example buffers the Cisco VSA:

Router(config-slb-vserver)# radius inject auth vsa cisco

Related Commands

Command	Description
radius inject acct key	Configures a vendor-specific attribute (VSA) correlation group for an IOS SLB RADIUS load balancing accelerated data plane forwarding accounting virtual server, and enables Message Digest Algorithm Version 5 (MD5) authentication for VSA correlation.
radius inject auth	Configures a vendor-specific attribute (VSA) correlation group for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server, and specifies whether IOS SLB is to create VSA correlation entries based on RADIUS calling station IDs or RADIUS usernames.
radius inject auth timer	Configures a timer for vendor-specific attribute (VSA) correlation for an IOS SLB RADIUS load balancing accelerated data plane forwarding authentication virtual server.

rate

To specify the maximum number of connections allowed for a real server in a server farm, use the ratecommand in real server configuration mode. To remove the rate limit, use the no form of this command.

rate maximum-rate [ burst burst-rate ]

no rate

Syntax Description

maximum-rate

Maximum number of connections allowed for the real server. Valid values range from 1 to 4294967295.

burst burst-rate

(Optional) Maximum connection burst rate allowed for the real server. Configure a burst rate if you expect the real server to receive connection requests at random intervals.

Valid values range from (maximum-rate/10) + 1 to maximum-rate. The default burst rate is (maximum-rate/10) connections per second. We recommend that you specify a burst rate of at least (maximum-rate/4).

For example, if maximum-rate is set to 3212, the valid range is 322 to 3212; the default burst rate is (3212/10), or 321 connections per second; and we recommend a burst rate of at least (3212/4), or 803 connections per second.

Command Default

There is no limit on the number of connection allowed for the real server. If you do not configure a burst rate, the default burst rate is (maximum-rate/10) connections per second.

Command Modes

Real server configuration (config-slb-real)

Command History

Release	Modification
12.2(33)SRC	This command was introduced.

Usage Guidelines

The rate command is valid only for real servers in server farms. It is not valid for real servers in firewall farms.

If the rate limit for a real server is exceeded, and a new connection request is received, IOS SLB assigns the new connection request to the next rate-configured real server in the server farm’s queue. If no other rate-configured real server is available in the server farm, IOS SLB drops the connection request.

The rate limit also applies to sticky connections. That is, if the rate limit for a real server is exceeded, and a new sticky connection request is received, IOS SLB drops the sticky connection request.

IOS SLB uses slow start even if a real server has a rate limit configured.

Examples

The following example specifies that up to 100 connections per second are allowed for the real server in a server farm, with a burst rate of 25 burst connections per second:

Router(config-slb-real)# rate 100 burst 25

real (firewall farm)

To identify a firewall as a member of a firewall farm and enter real server configuration mode, use the real command in firewall farm configuration mode. To remove the firewall from the IOS Server Load Balancing (IOS SLB) configuration, use the no form of this command.

real ip-address

no real ip-address

Syntax Description

ip-address

Real server IP address.

Command Default

No firewall is identified as a member of a firewall farm.

Command Modes

Firewall farm configuration (config-slb-fw)

Command History

Release	Modification
12.1(3a)E	This command was introduced.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

A firewall farm comprises a number of firewalls. The firewalls are the physical devices that provide the firewall load-balanced services.

Examples

The following example identifies a firewall as a member of firewall farm FIRE1:

Router(config)# ip slb firewallfarm FIRE1
Router(config-slb-fw)# real 10.1.1.1

Related Commands

Command	Description
inservice (firewall farm real server)	Enables the firewall for use by IOS SLB.
show ip slb firewallfarm	Displays information about the firewall farm configuration.
show ip slb reals	Displays information about the real servers.

real (server farm)

To identify a real server as a member of a server farm and enter real server configuration mode, use the real command in SLB server farm configuration mode. To remove the real server from the IOS Server Load Balancing (IOS SLB) configuration, use the no form of this command.

real ipv4-address [ ipv6 ipv6-address ] [port]

no real ipv4-address [ ipv6 ipv6-address ] [port]

Syntax Description

ipv4-address	Real server IPv4 address.
ipv6 ipv6-address	(Optional) For dual-stack, real server IPv6 address.
port	(Optional) Port translation for the server. Valid values range from 1 to 65535.

Command Default

No real server is identified as a member of a server farm.

Command Modes

SLB server farm configuration (config-slb-sfarm)

Command History

Release	Modification
12.0(7)XE	This command was introduced.
12.1(5)T	This command was integrated into Cisco IOS Release 12.1(5)T.
12.2	This command was integrated into Cisco IOS Release 12.2.
12.1(2)E	The port argument was added.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
15.0(1)S	The ipv6 keyword and ipv6-address argument were added.

Usage Guidelines

A server farm comprises a number of real servers. The real servers are the physical devices that provide the load-balanced services.

In general packet radio service (GPRS) load balancing, this command identifies a gateway GPRS support node (GGSN) that is a member of the server farm. Also, remember that the Cisco GGSN IP addresses are virtual template IP addresses, not real interface IP addresses.

IOS SLB supports GPRS Tunneling Protocol (GTP) v0, v1, and v2 real servers. A GTP v2 real server can be either a Packet Data Network Gateway (PGW) or a serving gateway (SGW).

A GTP v2 PGW can also manage GTP v0 and v1 requests.
A GTP v2 SGW cannot manage GTP v0 or v1 requests.
A GTP v0 or v1 real server cannot manage GTP v2 requests. Therefore, you must configure separate virtual servers for GTPv2 real servers and GTP v0 or v1 real servers.

IOS SLB supports dual-stack addresses for GTP load balancing only. To support dual-stack addresses, you must configure the real server as a dual-stack real server, with the IPv4 and IPv6 addresses, using this command.

In Virtual Private Network (VPN) server load balancing, this command identifies a real server acting as a VPN terminator.

Examples

The following example identifies a real server as a member of the server farm:

Router(config)# ip slb serverfarm PUBLIC
Router(config-slb-sfarm)# real 10.1.1.1

The following example identifies a dual-stack real server as a member of the server farm:

Router(config)# ip slb serverfarm DUAL-PUBLIC
Router(config-slb-sfarm)# real 10.1.1.1 ipv6 12AB:0000:0000:CD31:0000:0000:0000:0000/64

Related Commands

Command	Description
inservice (server farm real server)	Enables the real server for use by IOS SLB.
show ip slb reals	Displays information about the real servers.
show ip slb serverfarms	Displays information about the server farm configuration.

real (static NAT)

To configure one or more real servers to use static Network Address Translation (NAT), use the real command in static NAT configuration mode. To restore the default behavior, use the no form of this command.

real ip-address [port]

no real ip-address [port]

Syntax Description

ip-address	IP address of the real server that is to use static NAT.
port	(Optional) Layer 4 source port number, used by IOS Server Load Balancing (IOS SLB) to differentiate between User Datagram Protocol (UDP) responses from the real server and connections initiated by the real server.

Command Default

No real server is configured to use static NAT.

Command Modes

Static NAT configuration (config-slb-static)

Command History

Release	Modification
12.1(11b)E	This command was introduced.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

If no port number is specified, IOS SLB uses static NAT for all packets outbound from the real server.

Examples

The following example configures real server 10.1.1.3 to use static NAT:

Router(config)# ip slb static nat
Router(config-slb-static)# real 10.1.1.3

Related Commands

Command	Description
ip slb static	Configures a real server’s NAT behavior and enters static NAT configuration mode.
show ip slb reals	Displays information about the real servers.
show ip slb static	Displays information about the static NAT configuration.

reassign

To specify the threshold of consecutive unacknowledged SYNchronize sequence numbers (SYNs) or Create Packet Data Protocol (PDP) requests that, if exceeded, result in an attempted connection to a different real server, use the reassign command in SLB real server configuration mode. To restore the default reassignment threshold, use the no form of this command.

reassign threshold

no reassign

Syntax Description

threshold

Number of unacknowledged TCP SYNs (or Create PDP requests, in general packet radio service [GPRS] load balancing) that are directed to a real server before the connection is reassigned to a different real server. An unacknowledged SYN is one for which no SYN or ACKnowledgment (ACK) is detected before the next SYN arrives from the client. IOS Server Load Balancing (IOS SLB) allows 30 seconds for the connection to be established or for a new SYN to be received. If neither of these occurs within that time, the connection is removed from the IOS SLB database.

The 30-second timer is restarted for each SYN as long as the number of connection reassignments specified in the faildetect numconns (real server)command is not exceeded. See the faildetect numconns (real server) command for more information.

Valid threshold values range from one 1 to 4. The default value is 3.

Command Default

The default threshold value is 3.

Command Modes

SLB real server configuration (config-slb-real)

Command History

Release	Modification
12.0(7)XE	This command was introduced.
12.1(5)T	This command was integrated into Cisco IOS Release 12.1(5)T.
12.2	This command was integrated into Cisco IOS Release 12.2.
12.1(9)E	This command was modified to support general packet radio service (GPRS) load balancing.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(14)SX	Support for this command was introduced on the Cisco 7600 series routers that are configured with a Supervisor Engine 720.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

This command is not supported on Cisco 7600 series routers that are configured with a Supervisor Engine 2.

IOS SLB does not reassign sticky connections if either of the following conditions is true:

The real server is not OPERATIONAL or MAXCONNS_THROTTLED.
The connection is the first for this sticky connection.

In GPRS load balancing, this command specifies the number of consecutive unacknowledged Create PDP requests (not TCP SYNs) that are directed to a gateway GPRS support node (GGSN) before the connection is reassigned to a different GGSN. You must specify a reassign threshold less than the N3-REQUESTS counter value of the serving GRPS support node (SGSN).

Examples

The following example shows how to set the threshold of unacknowledged SYNs to 2:

Router(config)# ip slb serverfarm PUBLIC
Router(config-slb-sfarm)# real 10.10.1.1
Router(config-slb-real)# reassign 2

Related Commands

Command	Description
faildetect numconns	Specifies the conditions that indicate a server failure.
inservice (real server)	Enables the real server for use by the IOS SLB feature.
real (server farm)	Identifies a real server by IP address and optional port number as a member of a server farm and enters real server configuration mode.
show ip slb reals	Displays information about the real servers.
show ip slb serverfarms	Displays information about the server farm configuration.

replicate casa (firewall farm)

To configure a stateful backup of IOS Server Load Balancing (IOS SLB) decision tables to a backup switch, use the replicate casacommand in firewall farm configuration mode. To remove a this configuration, use the no form of this command.

replicate casa listen-ip remote-ip port [interval] [ password [encrypt] secret-string [timeout] ]

no replicate casa listen-ip remote-ip port

Syntax Description

listen-ip

Listening IP address for state exchange messages that are advertised.

remote-ip

Destination IP address for all state exchange signals.

port

TCP or User Datagram Protocol (UDP) port number or port name for all state exchange signals.

interval

(Optional) Maximum replication delivery interval from 1 to 300 seconds. The default value is 10 seconds.

Note

While IOS SLB does accept the interval argument, the replicate interval command is the preferred means for setting the replication delivery interval. In fact, if you set the replication delivery interval using the interval argument, IOS SLB writes it into the configuration as a replicate intervalcommand.

password

(Optional) Specifies the password for Message Digest Algorithm Version 5 (MD5) authentication.

encrypt

(Optional) Indicates how the secret-string is represented when the configuration is displayed (for example, show run), or how it is written to nonvolatile memory (for example, write memory).

The possible values are 0 and 7:

0 --The secret-string is stored in plain text. This is the default setting.
7 --The secret-string is encrypted before it is displayed or written to nonvolatile memory.

Note

If your router is configured to encrypt all passwords, then the password is represented as 7 followed by the encrypted text. See the Cisco IOS service command for more details.

secret-string

(Optional) 1- to 64-character clear password value for MD5 authentication. All characters are valid; case is significant. This password must match the password configured on the host agent.

The secret-stringis always sent in plain text when the configuration is downloaded.

The secret-stringmust match the secret that is specified on the RADIUS client (for example, the gateway general packet radio service [GPRS] support node [GGSN]).

timeout

(Optional) Delay period, in seconds, during which both the old password and the new password are accepted. The default value is 180 seconds.

Command Default

The default interval is 10 seconds. The default password encryption is 0 (unencrypted). The default password timeout is 180 seconds.

Command Modes

Firewall farm configuration (config-slb-fw)

Command History

Release	Modification
12.1(3a)E	This command was introduced.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

The timeout option allows you to change the password without stopping messages between the backup and primary Layer 3 switches. The default value is 180 seconds.

During the timeout, the backup sends packets with the old password (or null, if there is no old password), and receives packets with either the old or new password. After the timeout expires, the backup sends and receives packets only with the new password.

When setting a new password timeout, remember the following considerations:

If you are configuring a new backup, set the timeout to 0 (send packets with the new password immediately). This configuration prevents password mismatches between the new backup and its primary.
If you are changing the password for an existing backup, set a longer timeout to allow enough time for you to update the password on the primary before the timeout expires. Setting a longer timeout also prevents mismatches between the backup and primary.

If you configure this command but you do not specify the 7 keyword, the secret-string is stored in the plain text.

Examples

The following example configures a stateful backup Layer-3 switch with a listening IP address of 10.10.10.11 and a remote IP address of 10.10.11.12 over HTTP port 4231:

Router(config)# ip slb firewallfarm FIRE1
Router(config-slb-fw)# replicate casa 10.10.10.11 10.10.11.12 4231

Related Commands

Command	Description
show ip slb firewallfarm	Displays information about the firewall farm configuration.
show ip slb replicate	Displays the configuration of IO SLB IP replication.

replicate casa (virtual server)

To configure a stateful backup of IOS Server Load Balancing (IOS SLB) decision tables to a backup switch, use the replicate casa command in virtual server configuration mode. To remove this configuration, use the no form of this command.

replicate casa listen-ip remote-ip port [interval] [ password [encrypt] secret-string [timeout] ]

no replicate casa listen-ip remote-ip port

Syntax Description

listen-ip

Listening IP address for state exchange messages that are advertised.

remote-ip

Destination IP address for all state exchange signals.

port

TCP or User Datagram Protocol (UDP) port number or port name for all state exchange signals.

interval

(Optional) Maximum replication delivery interval from 1 to 300 seconds. The default value is 10 seconds.

Note

While IOS SLB does accept the interval argument, the replicate interval command is the preferred means for setting the replication delivery interval. In fact, if you set the replication delivery interval using the interval argument, IOS SLB writes it into the configuration as a replicate intervalcommand.

password

(Optional) Specifies the password for Message Digest Algorithm Version 5 (MD5) authentication.

encrypt

(Optional) Indicates how the secret-string is represented when the configuration is displayed (for example, show run), or how it is written to nonvolatile memory (for example, write memory).

The possible values are 0 and 7:

0 --The secret-string is stored in plain text. This is the default setting.
7 --The secret-string is encrypted before it is displayed or written to nonvolatile memory.

Note

If your router is configured to encrypt all passwords, then the password is represented as 7 followed by the encrypted text. See the Cisco IOS service command for more details.

secret-string

(Optional) 1- to 64-character clear password value for MD5 authentication. All characters are valid; case is significant. This password must match the password configured on the host agent.

The secret-stringis always sent in plain text when the configuration is downloaded.

The secret-stringmust match the secret that is specified on the RADIUS client (for example, the gateway general packet radio service [GPRS] support node [GGSN]).

timeout

(Optional) Delay period, in seconds, during which both the old password and the new password are accepted. The default value is 180 seconds.

Command Default

The default interval is 10 seconds. The default password encryption is 0 (unencrypted). The default password timeout is 180 seconds.

Command Modes

Virtual server configuration (config-slb-vserver)

Command History

Release	Modification
12.1(2)E	This command was introduced.
12.1(3a)E	The 0and 7keywords were added.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

The timeout option allows you to change the password without stopping messages between the backup and primary Layer 3 switches. The default value is 180 seconds.

During the timeout, the backup sends packets with the old password (or null, if there is no old password), and receives packets with either the old or new password. After the timeout expires, the backup sends and receives packets only with the new password.

When setting a new password timeout, remember the following considerations:

If you are configuring a new backup, set the timeout to 0 (send packets with the new password immediately). This configuration prevents password mismatches between the new backup and its primary.
If you are changing the password for an existing backup, set a longer timeout to allow enough time for you to update the password on the primary before the timeout expires. Setting a longer timeout also prevents mismatches between the backup and primary.

General packet radio service (GPRS) load balancing without GPRS Tunneling Protocol (GTP) cause code inspection enabled does not support the replicate casacommand in virtual server configuration mode.

The Home Agent Director does not support the replicate casacommand in virtual server configuration mode.

If you configure this command but you do not specify the 7 keyword, the secret-string is stored in the plain text.

Examples

The following example configures a stateful backup Layer-3 switch with a listening IP address of 10.10.10.11 and a remote IP address of 10.10.11.12 over HTTP port 4231:

Router(config)# ip slb vserver VS1
Router(config-slb-vserver)# replicate casa 10.10.10.11 10.10.11.12 4231

Related Commands

Command	Description
show ip slb replicate	Displays the configuration of IOS SLB IP replication.
show ip slb vserver	Displays information about the virtual servers defined to IOS SLB.

replicate interval (firewall farm)

To set the replication delivery interval for an IOS Server Load Balancing (IOS SLB) firewall farm, use the replicate interval command in firewall farm configuration mode. To restore the default interval, use the no form of this command.

replicate interval interval

no replicate interval

Syntax Description

interval

Maximum replication delivery interval, in seconds. Replication updates are sent to the peer device (CASA or slave) when the interval expires, or when the send buffer (1500 bytes) is full.

The valid range is 1 to 300 seconds. The default value is 10 seconds.

Command Default

The default interval is 10 seconds.

Command Modes

Firewall farm configuration (config-slb-fw)

Command History

Release	Modification
12.2(14)ZA5	This command was introduced.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

General packet radio service (GPRS) load balancing without GPRS Tunneling Protocol (GTP) cause code inspection enabled does not support the replicate intervalcommand in firewall farm configuration mode.

The Home Agent Director does not support the replicate intervalcommand in firewall farm configuration mode.

Examples

The following example configures a replication interval of 20 seconds:

Router(config)# ip slb firewallfarm FIRE1
Router(config-slb-fw)# replicate interval 20

Related Commands

Command	Description
ip slb replicate slave rate	Sets the replication message rate for IOS Server Load Balancing (IOS SLB) slave replication.
replicate casa (firewall farm)	Configures a stateful backup of IOS Server Load Balancing (IOS SLB) decision tables to a backup switch
replicate slave (firewall farm)	Enables stateful backup of redundant route processors for an IOS Server Load Balancing (IOS SLB) firewall farm.
show ip slb replicate	Displays the configuration of IOS Server Load Balancing (IOS SLB) IP replication.
show ip slb vservers	Displays information about the virtual servers defined to IOS Server Load Balancing (IOS SLB).

replicate interval (virtual server)

To set the replication delivery interval for an IOS Server Load Balancing (IOS SLB) virtual server, use the replicate interval command in virtual server configuration mode. To restore the default interval, use the no form of this command.

replicate interval interval

no replicate interval

Syntax Description

interval

Maximum replication delivery interval, in seconds. Replication updates are sent to the peer device (CASA or slave) when the interval expires, or when the send buffer (1500 bytes) is full.

The valid range is 1 to 300 seconds. The default value is 10 seconds.

Command Default

The default interval is 10 seconds.

Command Modes

Virtual server configuration (config-slb-vserver)

Command History

Release	Modification
12.2(14)ZA5	This command was introduced.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

General packet radio service (GPRS) load balancing without GPRS Tunneling Protocol (GTP) cause code inspection enabled does not support the replicate intervalcommand in virtual server configuration mode.

The Home Agent Director does not support the replicate intervalcommand in virtual server configuration mode.

Examples

The following example configures a replication interval of 20 seconds:

Router(config)# ip slb vserver VS1
Router(config-slb-vserver)# replicate interval 20

Related Commands

Command	Description
ip slb replicate slave rate	Sets the replication message rate for IOS Server Load Balancing (IOS SLB) slave replication.
replicate casa (virtual server)	Configures a stateful backup of IOS Server Load Balancing (IOS SLB) decision tables to a backup switch
replicate slave (virtual server)	Enables stateful backup of redundant route processors for an IOS Server Load Balancing (IOS SLB) virtual server.
show ip slb replicate	Displays the configuration of IOS Server Load Balancing (IOS SLB) IP replication.
show ip slb vserver	Displays information about the virtual servers defined to IOS Server Load Balancing (IOS SLB).

replicate slave (firewall farm)

To enable stateful backup of redundant route processors for an IOS Server Load Balancing (IOS SLB) firewall farm, if the slave device is present, use the replicate slavecommand in firewall farm configuration mode. To disable stateful backup of redundant route processors, use the no form of this command.

replicate slave

no replicate slave

Syntax Description

This command has no arguments or keywords.

Command Default

Stateful backup of redundant route processors is disabled.

Command Modes

Firewall farm configuration (config-slb-fw)

Command History

Release	Modification
12.2(14)ZA5	This command was introduced.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

General packet radio service (GPRS) load balancing without GPRS Tunneling Protocol (GTP) cause code inspection enabled does not support the replicate slavecommand in firewall farm configuration mode.

The Home Agent Director does not support the replicate slavecommand in firewall farm configuration mode.

Examples

The following example enables stateful backup of redundant route processors:

Router(config)# ip slb firewallfarm FIRE1
Router(config-slb-fw)# replicate slave

Related Commands

Command	Description
ip slb replicate slave rate	Sets the replication message rate for IOS SLB slave replication.
replicate casa (firewall farm)	Configures a stateful backup of IOS SLB decision tables to a backup switch
replicate interval (firewall farm)	Sets the replication delivery interval for an IOS SLB firewall farm.
show ip slb replicate	Displays the configuration of IOS SLB IP replication.
show ip slb vservers	Displays information about the virtual servers defined to IOS SLB.

replicate slave (virtual server)

To enable stateful backup of redundant route processors for an IOS Server Load Balancing (IOS SLB) virtual server, if the slave device is present, use the replicate slave command in virtual server configuration mode. To disable stateful backup of redundant route processors, use the no form of this command.

replicate slave

no replicate slave

Syntax Description

This command has no arguments or keywords.

Command Default

Stateful backup of redundant route processors is disabled.

Command Modes

Virtual server configuration (config-slb-vserver)

Command History

Release	Modification
12.2(14)ZA5	This command was introduced.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

General packet radio service (GPRS) load balancing without GPRS Tunneling Protocol (GTP) cause code inspection enabled does not support the replicate slavecommand in virtual server configuration mode.

The Home Agent Director does not support the replicate slavecommand in virtual server configuration mode.

If you are using a single Supervisor with replicate slave configured, you might receive out-of-sync messages on the Supervisor.

Examples

The following example enables stateful backup of redundant route processors:

Router(config)# ip slb vserver VS1
Router(config-slb-vserver)# replicate slave

Related Commands

Command	Description
ip slb replicate slave rate	Sets the replication message rate for IOS SLB slave replication.
replicate casa (virtual server)	Configures a stateful backup of IOS SLB decision tables to a backup switch
replicate interval (virtual server)	Sets the replication delivery interval for an IOS SLB virtual server.
show ip slb replicate	Displays the configuration of IOS SLB IP replication.
show ip slb vservers	Displays information about the virtual servers defined to IOS SLB.

request (custom UDP probe)

To define the payload of the User Datagram Protocol (UDP) request packet to be sent by a custom UDP probe, use the requestcommand in custom UDP probe configuration mode.

request data { start-byte | continue } hex-data-string

Syntax Description

data start-byte	Identifies the payload offset at which the hex-data-stringis to be placed into the packet.
data continue	String of characters represented by the hex-data-stringargument is to be placed after the last defined byte in the request packet.
hex-data-string	Payload of the UDP request packet, up to 100 bytes of data in hexadecimal format.

Command Default

The payload of the UDP request packet is not defined.

Command Modes

Custom UDP probe configuration (config-slb-probe)

Command History

Release	Modification
12.1(13)E3	This command was introduced.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

You can enter more than one request command, to specify the entire UDP payload.

Examples

The following example generates custom UDP probe PROBE6, with the specified 119-byte UDP payload.

Router(config)# ip slb probe PROBE6 custom UDP
Router(config-slb-probe)# request data 0 05 04 00 77 18 2A D6 CD 0A AD 53 4D F1 29 29 CF C1 96 59 CB
Router(config-slb-probe)# request data 20 01 07 63 68 72 69 73 28 06 00 00 00 01 2C 0A 30 30 30 30 30
Router(config-slb-probe)# request data 40 30 30 42 07 06 00 00 00 07 1E 10 63 75 66 66 2E 63 69 73 63
Router(config-slb-probe)# request data 60 6F 2E 63 6F 6D 1F 0C 39 31 39 33 39 32 39 31 36 39 08 06 0A
Router(config-slb-probe)# request data 80 0A 01 01 2D 06 00 00 00 01 3D 06 00 00 00 05 05 06 00 00 00
Router(config-slb-probe)# request data 100 00 06 06 00 00 00 02 04 06 0A 0A 18 0A 29 06 00 00 00 00

Related Commands

Command	Description
ip slb probe custom udp	Configures the IOS SLB IP probe name.
response	Defines the data string to match against custom UDP probe response packets.
show ip slb probe	Displays information about an IOS SLB probe.

request (HTTP probe)

To configure an HTTP probe to check the status of the real servers, use the requestcommand in HTTP probe configuration mode. To remove a requestconfiguration, use the no form of this command.

request [ method { get | post | head | name name } ] [ url path ]

no request [ method { get | post | head | name name } ] [ url path ]

Syntax Description

method	(Optional) Configures the way the data is requested from the server.
get	Configures the Get method to request data from the server.
post	Configures the Post method to request data from the server.
head	Configures the header data type to request data from the server.
name name	Configures the name string of the data to send to the servers to request data. The character string is limited to 15 characters.
url path	(Optional) Configures the path from the server.

Command Default

No HTTP probe is configured to check the status of the real servers.

Command Modes

HTTP probe configuration (config-slb-probe)

Command History

Release	Modification
12.1(2)E	This command was introduced.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

The request command configures the Cisco IOS Server Load Balancing (Cisco IOS SLB) HTTP probe method used to receive data from the server. Only one Cisco IOS SLB HTTP probe can be configured for each server farm.

If no values are configured following the method keyword, the default is Get.

If no URL path is set to the server, the default is /.

Examples

The following example configures an IOS SLB HTTP probe named PROBE2, enters HTTP probe configuration mode, and configures HTTP requests to use the post method and the URL /probe.cgi?all:

Router(config)# ip slb probe PROBE2 http
Router(config-slb-probe)# request method post url /probe.cgi?all

Related Commands

Command	Description
ip slb probe http	Configures the Cisco IOS SLB IP probe name.
show ip slb probe	Displays information about an Cisco IOS SLB probe.

response

To define the data string to match against custom User Datagram Protocol (UDP) probe response packets, use the responsecommand in custom UDP probe configuration mode.

response clause-number data start-byte hex-data-string

Syntax Description

clause-number	Identifies the response clause that is being modified. Up to 8 response clauses can be specified, on individual response commands.
data start-byte	Byte in the UDP response packet at which the hex-data-stringis to be matched.
hex-data-string	Up to 100 bytes of data, in hexadecimal format, that is to be matched against the UDP response packet payload. If the data does not match, the probe fails.

Command Default

The data string to match against custom UDP probe response packets is not defined.

Command Modes

Custom UDP probe configuration (config-slb-probe)

Command History

Release	Modification
12.1(13)E3	This command was introduced.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

You can enter up to 8 individual response commands, to parse up to 8 non-contiguous bytes of data.

Examples

In the following example, if the 26th and 27th bytes of the response from PROBE6 are not FF FF , and the 44th and 45th bytes are not DD DD , the probe fails.

Router(config)# ip slb probe PROBE6 custom UDP
Router(config-slb-probe)# response 1 data 26 FF FF
Router(config-slb-probe)# response 2 data 44 DD DD

Related Commands

Command	Description
ip slb probe custom udp	Configures the IOS SLB IP probe name.
request (custom UDP probe)	Defines the payload of the UDP request packet to be sent by a custom UDP probe.
show ip slb probe	Displays information about an IOS SLB probe.

retry (real server)

To specify how long to wait before a new connection is attempted to a failed server, use the retry command in SLB real server configuration mode. To restore the default retry value, use the no form of this command.

retry retry-value

no retry

Syntax Description

retry-value

Time, in seconds, to wait after the detection of a server failure before a new connection to the server is attempted.

If the new connection attempt succeeds, the real server is placed in OPERATIONAL state. If the connection attempt fails, the timer is reset, the connection is reassigned, and the process repeats until it is successful or until the server is placed in the OUTOFSERVICE state by the network administrator.

Valid values range from 1 to 3600. The default value is 60 seconds.

A value of 0 means do not attempt a new connection to the server when it fails.

Command Default

The default retry-value is 60 seconds.

Command Modes

SLB real server configuration (config-slb-real)

Command History

Release	Modification
12.0(7)XE	This command was introduced.
12.1(5)T	This command was integrated into Cisco IOS Release 12.1(5)T.
12.2	This command was integrated into Cisco IOS Release 12.2.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example specifies that 120 seconds must elapse after the detection of a server failure before a new connection is attempted:

Router(config)# ip slb serverfarm PUBLIC
Router(config-slb-sfarm)# real 10.10.1.1
Router(config-slb-real)# retry 120

Related Commands

Command	Description
real (server farm)	Identifies a real server by IP address and optional port number as a member of a server farm and enters real server configuration mode.
show ip slb reals	Displays information about the real servers.
show ip slb serverfarms	Displays information about the server farm configuration.

serverfarm

To associate an IPv4 server farm with a virtual server, and optionally configure an IPv4 backup server farm, an IPv6 server farm and backup server farm, and specify that sticky connections are to be used in the IPv4 backup server farm, use the serverfarm command in SLB virtual server configuration mode. To remove the server farm association from the virtual server configuration, use the no form of this command.

serverfarm primary-farm [ backup backup-farm [sticky] ] [ ipv6-primary ipv6-primary-farm [ ipv6-backup ipv6-backup-farm ] ] [ map map-id priority priority ]

no serverfarm primary-farm [ backup backup-farm [sticky] ] [ ipv6-primary ipv6-primary-farm [ ipv6-backup ipv6-backup-farm ] ] [ map map-id priority priority ]

Syntax Description

primary-farm	Name of a primary server farm that has already been defined using the ip slb serverfarmcommand. For IPv4 or dual-stack, name of the IPv4 server farm. For IPv6, name of the IPv6 server farm.
backup backup-farm	(Optional) Name of a backup server farm that has already been defined using the ip slb serverfarmcommand. For IPv4 or dual-stack backup, name of the IPv4 server farm. For IPv6 backup, name of the IPv6 server farm.
sticky	(Optional) Specifies that sticky connections are to be used in the backup server farm.
ipv6-primary ipv6-primary-farm	(Optional) For dual-stack, name of the primary IPv6 server farm that has already been defined using the ip slb serverfarmcommand.
ipv6-backup ipv6-backup-farm	(Optional) For dual-stack, name of the backup IPv6 server farm that has already been defined using the ip slb serverfarmcommand.
map map-id priority priority	(Optional) Associates an IOS SLB GPRS Tunneling Protocol (GTP) or RADIUS map with the server farm for general packet radio service (GPRS) or RADIUS load balancing. The map ID identifies a specific map that has already been defined using the ip slb map command. The priority specifies the order of preference of the specified map. A lower number indicates a higher priority. The range of priorities is 1 to 255. Priorities for different maps do not have to be contiguous. That is, you can have three maps with priorities 1, 5, and 10, respectively. When IOS SLB searches for a match, it does so on the basis of both the map ID and the map priority. Each map ID and each map priority must be unique across all server farms associated with the virtual server. That is, you cannot configure more than one map with the same ID or priority.

Command Default

No real server farm is associated with a virtual server. If backup backup-farm is not specified, no IPv4 backup server farm is configured. If backup backup-farm is specified but the sticky keyword is not specified, sticky connections are not used in the IPv4 backup server farm. If ipv6-primary ipv6-primary-farm is not specified, no dual-stack backup server farm is configured. If ipv6-backup ipv6-backup-farm is not specified, no dual-stack backup server farm is configured.

Command Modes

SLB virtual server configuration (config-slb-vserver)

Command History

Release	Modification
12.0(7)XE	This command was introduced.
12.1(5)T	This command was integrated into Cisco IOS Release 12.1(5)T.
12.2	This command was integrated into Cisco IOS Release 12.2.
12.1(8a)E	The backup and sticky keywords and the backup-farm argument were added.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRB	The map and priority keywords and the map-id and priorityarguments were added.
15.0(1)S	The ipv6-primaryand ipv6-backupkeywords and the ipv6-primary-farmand ipv6-backup-farm arguments were added.

Usage Guidelines

RADIUS load balancing and the Home Agent Director do not support the sticky keyword.

You can associate more than one server farm with a given virtual server by configuring more than one serverfarm command, each with a unique map ID and a unique priority. (That is, each map ID and each map priority must be unique across all server farms associated with the virtual server.)

For GPRS load balancing, if a real server is defined in two or more server farms, each server farm must be associated with a different virtual server.

IOS SLB supports dual-stack addresses for GTP load balancing only.

All IPv4 or IPv6 server farms that are associated with the same virtual server must have the same NAT configuration.

If you associate a primary server farm with a backup server farm, then all of the server farm maps that use that primary server farm must also be configured to use that same backup serverfarm. You cannot configure a server farm map that uses that primary server farm and no backup server farm.

For example, if you configure primary server farm SF1 with backup server farm SF2, then all of the server farm maps that are configured with SF1 as the primary serverfarm must also be configured with SF2 as the backup serverfarm, as follows:

ip slb vserver RADIUS
 virtual 2.2.2.2 udp 0 service radius
 serverfarm SF1 backup SF2 map 1 priority 1
 serverfarm SF1 backup SF2
 inservice

Furthermore, if you configure primary server farm SF1 with backup server farm SF2, you cannot then configure a server farm map to use SF1 as the primary server farm with no backup server farm. That is, the following is not allowed:

ip slb vserver RADIUS
 virtual 2.2.2.2 udp 0 service radius
 serverfarm SF1 map 1 priority 1
 serverfarm SF1 backup SF2
 inservice

The backup server farm associated with an IOS SLB protocol map cannot be associated as a backup server farm with any other map in a given virtual server.

Examples

The following example shows how the ip slb vserver, virtual, and serverfarm commands are used to associate the real server farm named PUBLIC with the virtual server named PUBLIC_HTTP.

Router(config)# ip slb vserver PUBLIC_HTTP
Router(config-slb-vserver)# virtual 10.0.0.1 tcp www
Router(config-slb-vserver)# serverfarm PUBLIC

Related Commands

Command	Description
ip slb serverfarm	Identifies a server farm and enters server farm configuration mode.
show ip slb vservers	Displays information about the virtual servers defined to IOS Server Load Balancing (IOS SLB).
virtual	Configures the virtual server attributes.

show fm slb counters

To display information about the Feature Manager (FM) IOS Server Load Balancing (IOS SLB) counters, use the show fm slb counterscommand in privileged EXEC mode.

show fm slb counters

Syntax Description

This command has no arguments or keywords.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.2(18)SXF5	This command was introduced.

Examples

The following sample output from the show fm slb counterscommand shows counter information for virtual server 10.11.11.11:

Router# show fm slb counters
FM SLB Purge Counters:
Global Purges:    0
TCP Purges:       0
UDP Purges:       0
Virtual Purges:   0
Flow Purges:      0
FM SLB Netflow Install Counters
[Slot 6 ] Install Request Sent           3

The table below describes the fields shown in the display.

Table 1 show fm slb counters Field Descriptions
Field	Description
Global Purges	Number of global purges sent by FM IOS SLB.
TCP Purges	Number of TCP purges sent by FM IOS SLB.
UDP Purges	Number of UDP purges sent by FM IOS SLB.
Virtual Purges	Number of virtual purges sent by FM IOS SLB.
Flow Purges	Number of flow purges sent by FM IOS SLB.
Install Request Sent	Number of install requests sent by IOS SLB.

Related Commands

Command	Description
clear fm slb counters	Clears Feature Manager (FM) IOS Server Load Balancing (IOS SLB) counters.

show ip dfp

To display information about Dynamic Feedback Protocol (DFP) agents and their subsystems, use the show ip dfp command inprivilegedEXEC mode.

show ip dfp [ agent subsystem-name ] [detail]

Syntax Description

agent subsystem-name	(Optional) Displays information about the specified DFP agent, such as slbfor IOS SLB.
detail	(Optional) Displays detailed DFP agent information.

Command Default

If no options are specified, the command displays output for all DFP agents identified by ip dfp agentcommands, regardless of whether those agents are currently in service (Inservice: yes) or active (AppActive: yes).

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.1(8a)E	This command was introduced.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.3(4)T	This command was integrated into Cisco IOS Release 12.3(4)T.
12.2(18)SXD	This command was integrated into Cisco IOS Release 12.2(18)SXD.

Usage Guidelines

Detailed output for the show ip dfp command includes information about all DFP agents configured with ip slb agent commands, regardless of whether those agents are currently in service.

Examples

The following example shows basic information for DFP agent slb:

Router# show ip dfp agent slb
Unexpected errors: 0
DFP Agent for service: SLB
      Port: 666 Interval: 10
      Current passwd: <none> Pending passwd: <none>
      Passwd timeout: 0
      Inservice: yes  AppActive: yes
      Manager IP Address   Timeout
      ------------------   -------
      172.16.45.27         0

The following example shows detailed information for DFP agent slb:

Router# show ip dfp agent slb detail
Unexpected errors: 0
DFP Agent for service: SLB
      Port: 666 Interval: 10
      Current passwd: <none> Pending passwd: <none>
      Passwd timeout: 0
      Inservice: yes  AppActive: yes
      Manager IP Address   Timeout
      ------------------   -------
      172.16.45.27         0
Weight Table Report for Agent SLB
      Weights for Port: 80  Protocol: TCP
          IP Address        Bind ID  Weight
          ---------------   -------  -------
          10.1.1.1           0        65535
      Weights for Port: 0 (wildcard)  Protocol: 0 (wildcard)
          IP Address        Bind ID  Weight
          ---------------   -------  -------
          10.0.0.0           65534    0
Bind ID Table Report for Agent SLB
      Bind IDs for Port: 80  Protocol: TCP
          Bind ID   Client IP        Client Mask
          -------   ---------------  ---------------
          0           10.0.0.0          0.0.0.0

The table below describes the fields shown in the display.

Table 2 show ip dfp Field Descriptions
Field	Description
Port	TCP port number of the agent.
Interval	Number of seconds to wait before recalculating weights.
Current passwd	Current DFP password for Message Digest Algorithm Version 5 (MD5) authentication.
Pending passwd	Pending new DFP password for MD5 authentication.
Passwd timeout	Delay period, in seconds, during which both the current password and the new password are accepted.
Inservice	Indicates whether the DFP agent is enabled for communication with a DFP manager.
AppActive	Indicates whether the DFP agent is active.
Manager IP Address	IP address of the manager to which weights are being sent.
Timeout	Time period, in seconds, during which the DFP manager must receive an update from the DFP agent. A value of 0 means there is no timeout.
Weights for Port	Port for which the following weights are reported. 0 indicates a wildcard value.
Protocol	Protocol used for the port. 0 indicates a wildcard value.
IP Address	IP address for which weight is reported.
Bind ID	Bind ID associated with the IP address.
Weight	Weight calculated for the IP address.
Bind IDs for Port	Port for which the following bind IDs are reported.
Protocol	Protocol used for the port.
Bind ID	Bind ID of this instance of the real server.
Client IP	IP address of client using the virtual server.
Client Mask	IP network mask of client using the virtual server.

Related Commands

Command	Description
agent	Identifies a DFP agent to which IOS SLB can connect.
ip dfp agent	Identifies a DFP agent subsystem and initiates DFP agent configuration mode.
ip slb dfp	Configures DFP, supplies an optional password, and initiates DFP configuration mode.

show ip slb conns

To display the active IOS Server Load Balancing (IOS SLB) connections (or sessions, in GPRS load balancing and the Home Agent Director), use the show ip slb connscommand in privileged EXEC mode.

show ip slb conns [ vserver virtual-server | client ip-address | firewall firewall-farm ] [detail]

Syntax Description

vserver virtual-server	(Optional) Displays only those connections (or sessions, in GPRS load balancing and the Home Agent Director) associated with the specified virtual server.
client ip-address	(Optional) Displays only those connections (or sessions, in GPRS load balancing and the Home Agent Director) associated with the specified client IP address.
firewall firewall-farm	(Optional) Displays only those connections (or sessions, in GPRS load balancing and the Home Agent Director) associated with the specified firewall farm.
detail	(Optional) Displays detailed information about the connection (or session, in GPRS load balancing and the Home Agent Director).

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.0(7)XE	This command was introduced.
12.1(5)T	This command was integrated into Cisco IOS Release 12.1(5)T.
12.2	This command was integrated into Cisco IOS Release 12.2.
12.1(7)E	The firewall keyword and firewall-farm argument were added.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

If no options are specified, the command displays output for all active IOS SLB connections (or sessions, in GPRS load balancing and the Home Agent Director).

Examples

The following is sample output from the show ip slb conns command:

Router# show ip slb conns
vserver          prot   client                real                  state
----------------------------------------------------------------------------
TEST             TCP    10.150.72.183:328     10.80.90.25:80        INIT 
TEST             TCP    10.250.167.226:423    10.80.90.26:80        INIT 
TEST             TCP    10.234.60.239:317     10.80.90.26:80        ESTAB 
TEST             TCP    10.110.233.96:747      10.80.90.26:80        ESTAB 
TEST             TCP    10.162.0.201:770       10.80.90.30:80        CLOSING 
TEST             TCP    10.22.225.219:995      10.80.90.26:80        CLOSING 
TEST             TCP    10.2.170.148:169       10.80.90.30:80        ZOMBIE

The table below describes the fields shown in the display.

Table 3 show ip slb conns Field Descriptions
Field	Description
vserver	Name of the virtual server associated with the connection (or session, in GPRS load balancing and the Home Agent Director).
prot	Protocol being used by the connection (or session, in GPRS load balancing and the Home Agent Director).
client	Client IP address associated with the connection (or session, in GPRS load balancing and the Home Agent Director).
real	Real server IP address associated with the connection (or session, in GPRS load balancing and the Home Agent Director).
state	Current state of the connection (or session, in GPRS load balancing and the Home Agent Director). CLOSING--The connection is closing. ESTAB--The connection has been established and is operational. INIT--The connection is being initialized. ZOMBIE--The connection is currently pending destruction (awaiting a timeout or some other condition to be met).

show ip slb dfp

To display Dynamic Feedback Protocol (DFP) manager and agent information, such as passwords, timeouts, retry counts, and weights, use the show ip slb dfpcommand in privileged EXEC mode.

show ip slb dfp [ agent agent-ipport | manager manager-ip | detail | weights ]

Syntax Description

agent	(Optional) Displays information about an agent.
agent-ip	(Optional) Agent IP address.
port	(Optional) Agent TCP or User Datagram Protocol (UDP) port number.
manager	(Optional) Displays information about the specified manager.
manager-ip	(Optional) Manager IP address.
detail	(Optional) Displays all data available.
weights	(Optional) Displays information about weights assigned to real servers for load balancing.

Command Default

If no options are specified, the command displays summary information.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.0(7)XE	This command was introduced.
12.1(5)T	This command was integrated into Cisco IOS Release 12.1(5)T.
12.2	This command was integrated into Cisco IOS Release 12.2.
12.1(5a)E	The manager keyword and manager-ip argument were added.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

If no options are specified, the command displays summary information.

Examples

The following sample output from the show ip slb dfp command displays high-level information about all DFP agents and managers:

Router# show ip slb dfp
DFP Manager:
      Current passwd:NONE Pending passwd:NONE
      Passwd timeout:0 sec 
Agent IP          Port    Timeout   Retry Count   Interval
---------------------------------------------------------------
172.16.2.34       61936   0         0             180 (Default)

The table below describes the fields shown in the display.

Table 4 show ip slb dfp Field Descriptions
Field	Description
DFP Manager	Indicates that the following information applies to the DFP manager.
Current passwd	Current password for the DFP manager, if any.
Pending passwd	Pending password for the DFP manager, if any.
Passwd timeout	For the DFP manager, delay period, in seconds, during which both the current password and the pending password are accepted.
Agent IP	IP address of the agent about which information is being displayed.
Port	TCP or UDP port number of the agent. The valid range is 1 to 65535.
Timeout	Time period, in seconds, during which the DFP manager must receive an update from the DFP agent. A value of 0 means there is no timeout.
Retry Count	Number of times the DFP manager attempts to establish the TCP connection to the DFP agent. A value of 0 means there are infinite retries.
Interval	Interval, in seconds, between retries.

The following example displays detailed information about DFP agents and managers:

Router# show ip slb dfp detail
DFP Manager
      Current passwd <none> Pending passwd <none>
      Passwd timeout 0 sec
      Unexpected errors 0
% No DFP Agents configured

The table below describes the fields shown in the display.

Table 5 show ip slb dfp detail Field Descriptions
Field	Description
DFP Manager	Indicates that the following information applies to the DFP manager.
Current passwd	Current DFP password for MD5 authentication.
Pending passwd	Pending new DFP password for MD5 authentication.
Passwd timeout	Delay period, in seconds, during which both the current password and the pending password are accepted.
Unexpected errors	Number of unexpected errors encountered by the DFP manager.
No DFP Agents configured	Indicates that there are no DFP agents associated with the DFP manager.

The following example displays detailed information about DFP manager 10.0.0.0:

Router# show ip slb dfp manager 10.0.0.0
DFP Manager 10.0.0.0 Connection state Connected
   Timeout = 20
   Last message sent 033537 UTC 01/02/00

The table below describes the fields shown in the display.

Table 6 show ip slb dfp manager Field Descriptions
Field	Description
DFP Manager	Indicates that the following information applies to the DFP manager.
Connection state	Current connection state of the DFP manager.
Timeout	Time period, in seconds, during which the DFP manager must receive an update from the DFP agent. A value of 0 means there is no timeout.
Last message sent	Date and time of the last message sent by the DFP manager.

The following example displays detailed information about weights assigned to real servers for load balancing:

Router# show ip slb dfp weights
Real IP Address 10.0.10.10 Protocol TCP Port 22 Bind_ID 111 Weight 111
      Set by Agent 172.16.2.3458490 at 132241 UTC 12/03/99
Real IP Address 10.17.17.17 Protocol TCP Port www Bind_ID 1 Weight 1
      Set by Agent 172.16.2.3458490 at 132241 UTC 12/03/99
Real IP Address 10.68.68.68 Protocol TCP Port www Bind_ID 4 Weight 4
      Set by Agent 172.16.2.3458490 at 132241 UTC 12/03/99
Real IP Address 10.85.85.85 Protocol TCP Port www Bind_ID 5 Weight 5
      Set by Agent 172.16.2.3458490 at 132241 UTC 12/03/99

The table below describes the fields shown in the display.

Table 7 show ip slb dfp weights Field Descriptions
Field	Description
Real IP Address	IP address of the real server for which weight is reported.
Protocol	Protocol used for the port.
Port	Port for which the following bind ID is being reported.
Bind_ID	Bind ID of this instance of the real server.
Weight	Weight calculated for the real IP address.
Set by Agent	Agent that set the weight, and the date and time the weight was set.

show ip slb firewallfarm

To display firewall farm information, use the show ip slb firewallfarmcommand in privileged EXEC mode.

show ip slb firewallfarm [detail]

Syntax Description

detail

(Optional) Displays detailed information.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.1(3a)E	This command was introduced.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following is sample output from the show ip slb firewallfarmcommand:

Router# show ip slb firewallfarm
firewall farm    hash        state         reals
------------------------------------------------
FIRE1            IPADDR      OPERATIONAL     2

The table below describes the fields shown in the display.

Table 8 show ip slb firewallfarm Field Descriptions
Field	Description
firewall farm	Name of the firewall farm.
hash	Load-balancing algorithm used to select a firewall for the firewall farm: IPADDR--Uses the source and destination IP addresses in the algorithm. IPADDRPORT--Uses the source and destination TCP or User Datagram Protocol (UDP) port numbers, in addition to the source and destination IP addresses, in the algorithm. See the predictor hash address (firewall farm)command for more details.
state	Current state of the firewall farm: OPERATIONAL--Functioning properly. OUTOFSERVICE--Removed from the load-balancing predictor lists. STANDBY--Backup firewall farm, ready to become operational if the active firewall farm fails.
reals	Number of firewalls that are members of the firewall farm.

show ip slb fragments

To display information from the Cisco IOS Server Load Balancing (IOS SLB) fragment database, use the show ip slb fragmentscommand in privileged EXEC mode.

show ip slb fragments

Syntax Description

This command has no arguments or keywords.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.1(11b)E	This command was introduced.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following sample output from the show ip slb fragmentscommand shows fragment information for virtual server 10.11.11.11:

Router# show ip slb fragments
ip src          id    forward         src nat         dst nat
---------------------------------------------------------------------
10.11.2.128     12    10.11.2.128     10.11.11.11     10.11.2.128
10.11.2.128     13    10.11.2.128     10.11.11.11     10.11.2.128
10.11.2.128     14    10.11.2.128     10.11.11.11     10.11.2.128
10.11.2.128     15    10.11.2.128     10.11.11.11     10.11.2.128
10.11.2.128     16    10.11.2.128     10.11.11.11     10.11.2.128

The table below describes the fields shown in the display.

Table 9 show ip slb fragments Field Descriptions
Field	Description
ip src	Source IP address of the fragment.
id	IP ID of the fragment, set by the packet originator.
forward	IP address to which the fragment is being forwarded.
src nat	If using Network Address Translation (NAT), new source IP address after NAT.
dst nat	If using NAT, new destination IP address after NAT.

show ip slb gtp

To display IOS Server Load Balancing (IOS SLB) general packet radio service (GPRS) Tunneling Protocol (GTP) information, use the show ip slb gtpcommand in privileged EXEC mode.

show ip slb gtp { gsn [gsn-ip-address] | nsapi [nsapi-key] [detail] }

Syntax Description

gsn	(Optional) Displays IOS SLB database information for the specified gateway GPRS support node (GGSN) or serving GPRS support node (SGSN).
gsn-ip-address	(Optional) IP address of the GGSN or SGSN for which information is to be displayed. If you do not specify a gsn-ip-address, IOS SLB displays information for all GGSNs and SGSNs.
nsapi	(Optional) Displays IOS SLB database information for the specified Network Service Access Point Identifier (NSAPI).
nsapi-key	(Optional) Key of the NSAPI for which information is to be displayed. If you do not specify an nsapi-key, IOS SLB displays information for all NSAPIs.
detail	(Optional) Displays additional, more detailed information.

Command Default

If you specify gsn and you do not specify a gsn-ip-address, IOS SLB displays information for all GGSNs and SGSNs. If you specify nsapi and you do not specify an nsapi-key, IOS SLB displays information for all NSAPIs.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.1(13)E3	This command was introduced.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following is sample output from the show ip slb gtp gsncommand for a specific GGSN or SGSN:

Router# show ip slb gtp gsn 10.0.0.0
type ip              recovery-ie  purging
------------------------------------------
SGSN 10.0.0.0 UNKNOWN      N

The table below describes the fields shown in the display.

Table 10 show ip slb gtp gsn Field Descriptions
Field	Description
type	Type of GSN (either GGSN or SGSN).
ip	IP address of the GGSN or SGSN.
recovery-ie	Last seen recovery IE for this GGSN or SGSN.
purging	Indicates whether Packet Data Protocol (PDP) contexts belonging to this GGSN or SGSN are being purged as a result of path failure: Y (Yes) --PDP contexts are being purged. N (No) --PDP contexts are not being purged.

The following is sample output from the show ip slb gtp nsapicommand:

Router# show ip slb gtp nsapi
nsapi key        real                   nsapi count session count
-----------------------------------------------------------------
11111111111111F1 172.16.0.0 1           1

The following is sample output from the show ip slb gtp nsapicommand for a specific NSAPI key:

Router# show ip slb gtp nsapi 11111111111111F1
nsapi key        real                   nsapi count session count
-----------------------------------------------------------------
11111111111111F1 172.16.0.0 1           1

The table below describes the fields shown in the display.

Table 11 show ip slb gtp nsapi Field Descriptions
Field	Description
nsapi key	Key for the session. This is the IMSI.
real	Real server to which the session is assigned.
nsapi count	Number of NSAPIs bound to the session. This is the number of PDP contexts (mobile sessions) on the GGSN associated with the IMSI.
session count	Number of sessions to which the NSAPI is currently bound. Normally, the NSAPI is bound to one session, but it is bound to two sessions in transition during an update.

The following is sample output from the show ip slb gtp nsapi detailcommand:

Router# show ip slb gtp nsapi detail
IMSI key = 11111111111111F1, real = 172.16.0.1, nsapi count = 1, session count = 1
no vserver          key              client                 state      seq
---------------------------------------------------------------------------
5  SERVER1          0009E8810009E881 10.0.0.0:2123        GTP_INIT   0

The table below describes the fields shown in the display.

Table 12 show ip slb gtp nsapi detail Field Descriptions
Field	Description
IMSI key	IMSI key for the session.
real	Real server to which the session is assigned.
nsapi count	Number of NSAPIs bound to the session. This is the number of PDP contexts (mobile sessions) on the GGSN associated with this IMSI.
session count	Number of sessions to which the NSAPI is currently bound. Normally, the NSAPI is bound to one session, but it is bound to two sessions in transition during an update.
no	NSAPI number.
vserver	Name of the virtual server.
key	Session key.
client	SGSN IP address and port number.
state	State of the session. Possible states are: GTP_ESTAB --The session has been established successfully. GTP_INIT --The PDP contexts have been deleted as a result of a delete request or a deletion in GGSN, and IOS SLB is waiting to destroy the session after the GTP_TIMEOUT. GTPIO_REQ_CLIENT --Waiting for a response from the real server.
seq	Sequence number in the last delete request.

show ip slb map

To display information about IOS SLB protocol maps, use the show ip slb mapcommand in privilegedEXEC mode.

show ip slb map [id]

Syntax Description

id	(Optional) Displays information about the specified map.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.2(33)SRB	This command was introduced.

Usage Guidelines

If no ID is specified, the command displays information about all maps.

Examples

The following is sample output from the show ip slb mapcommand:

Router# show ip slb map
ID: 1, Service: GTP
 APN: Cisco.com, yahoo.com
 PLMN ID(s): 11122, 444353
 SGSN access list: 100
ID: 2, Service: GTP
 PLMN ID(s): 67523, 345222
 PDP Type: IPv4, PPP
ID: 3, Service: GTP
 PDP Type: IPv6
ID: 4, Service: RADIUS
 Calling-station-id: “?919*”
ID: 5, Service: RADIUS
 Username: “..778cisco.*”

The table below describes the fields shown in the display.

Table 13 show ip slb map Field Descriptions
Field	Description
ID	Identifier of the map about which information is being displayed. Information about each map is displayed on a separate line.
Service	Protocol associated with the map. Valid protocols are: GTP--For general packet radio service (GPRS) Tunneling Protocol (GTP) maps RADIUS--For RADIUS load balancing maps
APN	One or more access point names (APNs) associated with the GTP map
PLMN ID(s)	One or more public land mobile networks (PLMNs) associated with the GTP map.
SGSN access list	Serving GPRS Support Node (SGSN) access list associated with the GTP map.
PDP Type	One or more packet data protocol (PDP) types associated with the GTP map.
Calling-station-id	String to be matched against the calling station ID attribute in the RADIUS payload.
Username	String to be matched against the username attribute in the RADIUS payload.

show ip slb natpool

To display the IP Cisco IOS Server Load Balancing (IOS SLB) Network Address Translation (NAT) configuration, use the show ip slb natpoolcommand in privileged EXEC mode.

show ip slb natpool [ name pool ] [detail]

Syntax Description

name pool	(Optional) Displays the specified NAT pool.
detail	(Optional) Lists all the interval ranges currently allocated in the client NAT pool.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.1(2)E	This command was introduced.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following is sample output from the default show ip slb natpoolcommand:

Router# show ip slb natpool
nat client B  209.165.200.225 1.1.1.6  1.1.1.8  Netmask 255.255.255.0
nat client A  10.1.1.1  1.1.1.5  Netmask 255.255.255.0

The following is sample output from the show ip slb natpoolcommand with the detail keyword:

Router# show ip slb natpool detail
nat client A  1.1.1.1  1.1.1.5  Netmask 255.255.255.0
     Start NAT        Last NAT         Count     ALLOC/FREE 
     -------------------------------------------------------
     10.1.1.1:11001    10.1.1.1:16333    0005333   ALLOC
     10.1.1.1:16334    10.1.1.1:19000    0002667   ALLOC
     10.1.1.1:19001    10.1.1.5:65535    0264675   FREE
nat client B  1.1.1.6  1.1.1.8  Netmask 255.255.255.0
     Start NAT        Last NAT         Count     ALLOC/FREE 
     -------------------------------------------------------
     10.1.1.6:11001    10.1.1.6:16333    0005333   ALLOC
     10.1.1.6:16334    10.1.1.6:19000    0002667   ALLOC
     10.1.1.6:19001    10.1.1.8:65535    0155605   FREE

The table below describes the fields shown in the display.

Table 14 show ip slb natpool detail Field Descriptions
Field	Description
Start NAT	Starting NAT address in a range of addresses in the client NAT pool.
Last NAT	Last NAT address in a range of addresses in the client NAT pool.
Count	Number of NAT addresses in the range.
ALLOC/FREE	Indicates whether the range of NAT addresses has been allocated or is free.

Related Commands

Command	Description
ip slb natpool	Configures the IOS SLB NAT.

show ip slb probe

To display information about a Cisco IOS Server Load Balancing (IOS SLB) probe, use the show ip slb probecommand in privileged EXEC mode.

show ip slb probe [ name probe ] [detail]

Syntax Description

name probe	(Optional) Displays information about the specified probe.
detail	(Optional) Displays detailed information, including the SA Agent operation ID, which you can correlate with the output of the show rtr operational-state command.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.1(2)E	This command was introduced.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following is sample output from the show ip slb probecommand:

Router# show ip slb probe
Server:Port            State        Outages  Current  Cumulative
----------------------------------------------------------------
10.10.4.1:0            OPERATIONAL        0  never    00:00:00
10.10.5.1:0            FAILED             1  00:00:06 00:00:06

The table below describes the fields shown in the display.

Table 15 show ip slb probe Field Descriptions
Field	Description
Server:Port	IP address and port of the real server.
State	Operational state of the probe: FAILED--The probe has succeeded in the past but has currently failed. OPERATIONAL--The probe is functioning normally. TESTING--The probe has never succeeded, due to no response. IOS SLB keeps no counters or timers for this state. For a detailed listing of real server states, see the show ip slb realscommand.
Outages	Number of intervals between successful probes.
Current	Time since the last probe success. That is, the duration (so far) of the current outage.
Cumulative	Total time the real server has been under test by the probe and has failed the probe test. This value is the sum of the Current time plus the total time of all previous outages.

show ip slb reals

To display information about the real servers, use the show ip slb realscommand in privileged EXEC mode.

show ip slb reals [ sfarm server-farm ] [detail]

Syntax Description

sfarm server-farm	(Optional) Displays information about those real servers associated with the specified server farm or firewall farm.
detail	(Optional) Displays detailed information.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.0(7)XE	This command was introduced.
12.1(5)T	This command was integrated into Cisco IOS Release 12.1(5)T.
12.2	This command was integrated into Cisco IOS Release 12.2.
12.1(13)E	The vserver keyword and virtual-serverargument were replaced with the sfarm keyword and server-farm argument.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SRC	The output for the detail keyword for a real server in a server farm was updated to display the configured maximum number of connections allowed (rate).
15.0(1)S	The output for the detail keyword for a real server in a server farm was updated to display the real server's IPv4, IPv6, or dual-stack address.

Usage Guidelines

If no options are specified, the command displays information about all real servers.

In a configuration with stateful backup, if a probe changes state at the same time that the primary IOS SLB device fails over to the backup IOS SLB device, the output from the show ip slb reals command for the backup device displays the state of the probe before the failover, not the actual current state.

Examples

The following is sample output from the show ip slb realscommand:

Router# show ip slb reals
real             farm name        weight   state           conns
--------------------------------------------------------------------
10.80.2.112      FRAG             8        OUTOFSERVICE    0        
10.80.5.232      FRAG             8        OPERATIONAL     0        
10.80.15.124     FRAG             8        OUTOFSERVICE    0        
10.254.2.2       FRAG             8        OUTOFSERVICE    0        
10.80.15.124     LINUX            8        OPERATIONAL     0        
10.80.15.125     LINUX            8        OPERATIONAL     0        
10.80.15.126     LINUX            8        OPERATIONAL     0        
10.80.90.25      SRE              8        OPERATIONAL     220      
10.80.90.26      SRE              8        OPERATIONAL     216      
10.80.90.27      SRE              8        OPERATIONAL     216      
10.80.90.28      SRE              8        TESTING         1        
10.80.90.29      SRE              8        OPERATIONAL     221      
10.80.90.30      SRE              8        OPERATIONAL     224      
10.80.30.3       TEST             100      READY_TO_TEST   0        
10.80.30.4       TEST             100      READY_TO_TEST   0        
10.80.30.5       TEST             100      READY_TO_TEST   0        
10.80.30.6       TEST             100      READY_TO_TEST   0

The table below describes the fields shown in the display.

Table 16 show ip slb reals Field Descriptions
Field	Description
real	IP address of the real server about which information is being displayed. Used to identify each real server. Information about each real server is displayed on a separate line.
farm name	Name of the server farm or firewall farm with which the real server is associated.
weight	Weight assigned to the real server. The weight identifies the real server’s capacity, relative to other real servers in the server farm.
state	Current state of the real server. DFP_THROTTLED--The Dynamic Feedback Protocol (DFP) agent sent a weight of 0 for this real server (send no further connections to this real server). FAILED--The real server has failed as a result of either no response or reset (RST) responses to client traffic. (See the faildetect numconns(real server) command for more information about controlling tolerance for no responses and RSTs.) The real server has been removed from use by the predictor algorithms. The retry timer has started. MAXCONNS_THROTTLE--The number of connections on the real server exceeds the configured maximum number of simultaneous active connections (maxconns). OPERATIONAL--The real server is functioning properly and is being used for load-balancing. OPER_WAIT--The real server is waiting to become operational (waiting for a timeout or some other condition to be met). OUTOFSERVICE--The real server was configured with no inservice and has been removed from the load-balancing predictor lists. PROBE_FAILED--The probe has succeeded in the past but has currently failed. This failure might occur at the same time user connections fail, or it might not. PROBE_TESTING--The probe has never succeeded, due to no response. The initial probe timed out waiting for a success.
	READY_TO_TEST--The real server is queued for testing after being in FAILED state until the retry timer expired. TESTING--The real server is queued for assignment. When a single user connection is assigned to a real server that is in READY_TO_TEST state, the real server is placed in TESTING state. If the test succeeds, the real server is placed back in OPERATIONAL state. TEST_WAIT--The real server is waiting to begin testing (waiting for a timeout or some other condition to be met).
conns	Number of connections associated with the real server. In general packet radio service (GPRS) load balancing, number of sessions associated with the real server. In per-packet server load balancing, number of request packets that have been load balanced to each real server, using the connection count.

The following is sample output from the show ip slb reals detailcommand for a dual-stack real server in a server farm:

Router# show ip slb reals detail
172.16.88.5, SF1, state = OPERATIONAL, type = server
  ipv6 = 2342:2342:2343:FF04:2388:BB03:3223:8912
  conns = 0, dummy_conns = 0, maxconns = 4294967295
  weight = 8, weight(admin) = 8, metric = 0, remainder = 0
  reassign = 3, retry = 60
  failconn threshold = 8, failconn count = 0
  failclient threshold = 2, failclient count = 0
  total conns established = 0, total conn failures = 0
  server failures = 0

The following is sample output from the show ip slb reals detailcommand for a real server in a firewall farm:

Router# show ip slb reals detail
10.10.3.2, F, state = OPERATIONAL, type = firewall
  conns = 0, dummy_conns = 0, maxconns = 4294967295
  weight = 8, weight(admin) = 8, metric = 0, remainder = 0
  total conns established = 8377, hash count = 0
  server failures = 0
  interface FastEthernet1/0, MAC 0000.0c41.1063

The table below describes the fields shown in the above detail displays.

Table 17 show ip slb reals detail Field Descriptions
Field	Description
IPv4 or IPv6 address	IPv4 or IPv6 address of the real server about which information is being displayed. Used to identify each real server. Information about each real server is displayed on a separate line.
farm name	Name of the server farm or firewall farm with which the real server is associated.
state	Current state of the real server. DFP_THROTTLED--The Dynamic Feedback Protocol (DFP) agent sent a weight of 0 for this real server (send no further connections to this real server). FAILED--The real server has failed as a result of either no response or reset (RST) responses to client traffic. (See the faildetect numconns (real server) command for more information about controlling tolerance for no responses and RSTs.) The real server has been removed from use by the predictor algorithms. The retry timer has started. MAXCONNS_THROTTLE--The number of connections on the real server exceeds the configured maximum number of simultaneous active connections (maxconns). OPERATIONAL--The real server is functioning properly and is being used for load-balancing. OPER_WAIT--The real server is waiting to become operational (waiting for a timeout or some other condition to be met). OUTOFSERVICE--The real server was configured with no inservice and has been removed from the load-balancing predictor lists. PROBE_FAILED--The probe has succeeded in the past but has currently failed. This failure might occur at the same time user connections fail, or it might not. PROBE_TESTING--The probe has never succeeded, due to no response. The initial probe timed out waiting for a success. READY_TO_TEST--The real server is queued for testing after being in FAILED state until the retry timer expired. TESTING--The real server is queued for assignment. When a single user connection is assigned to a real server that is in READY_TO_TEST state, the real server is placed in TESTING state. If the test succeeds, the real server is placed back in OPERATIONAL state. TEST_WAIT--The real server is waiting to begin testing (waiting for a timeout or some other condition to be met).
type	Indicates whether the real server is associated with a server farm (server) or firewall farm (firewall).
ipv6	IPv6 address of the real server about which information is being displayed, if dual-stack.
conns	Number of connections associated with the real server. In general packet radio service (GPRS) load balancing, number of sessions associated with the real server. In per-packet server load balancing, number of request packets that have been load balanced to each real server, using the connection count.
dummy_conns	Internal counter used in debugging.
maxconns	Maximum number of active connections allowed on the real server at one time.
weight	Weight assigned to the real server. The weight identifies the real server’s capacity, relative to other real servers in the server farm. This value could be changed by DFP.
weight(admin)	Configured (or default) weight assigned to the real server.
metric	Internal counter used in debugging.
remainder	Internal counter used in debugging.
reassign	Total number of consecutive unacknowledged SYNchronize sequence numbers (SYNs) or Create Packet Data Protocol (PDP) requests since the last time the clear ip slb counterscommand was issued.
retry	Interval, in seconds, to wait between the detection of a failure on the real server and the next attempt to connect to the server.
rate	Maximum number of connections per second allowed on the real server.
failconn threshold	Maximum number of consecutive connection failures allowed before the real server is considered to have failed.
failconn count	Total number of consecutive connection failures since the last time the clear ip slb counterscommand was issued.
failclient threshold	Maximum number of unique client connection failures allowed before the real server is considered to have failed.
failclient count	Total number of unique client connection failures since the last time the clear ip slb counterscommand was issued.
total conns established	Total number of successful connection assignments since the last time the clear ip slb counterscommand was issued.
total conn failures	Total number of unsuccessful connection assignments since the last time the clear ip slb counterscommand was issued.
server failures	Total number of times this real server has been marked failed.
hash count	Total number of times the hash algorithm has been called.
interface	Type of interface.
MAC	MAC address of the firewall.

show ip slb replicate

To display the Cisco IOS Server Load Balancing (IOS SLB) replication configuration, use the show ip slb replicatecommand in privileged EXEC mode.

show ip slb replicate

Syntax Description

This command has no arguments or keywords.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.1(2)E	This command was introduced.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(14)ZA5	This command was modified to support slave replication.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following is sample output from the show ip slb replicatecommand:

Router# show ip slb replicate
VS1, state = NORMAL, interval = 10
 Slave Replication: Enabled
 Slave Replication statistics:
  unsent conn updates:         0
  conn updates received:       0
  conn updates transmitted:    0
  update messages received:    0
  update messages transmitted: 0
 Casa Replication:
  local = 10.1.1.1 remote = 10.2.2.2 port = 1024
  current password = <none> pending password = <none>
  password timeout = 180 sec (Default)
 Casa Replication statistics:
  unsent conn updates:        0
  conn updates received:      0
  conn updates transmitted:   0
  update packets received:    0
  update packets transmitted: 0
  failovers:                  0

The table below describes the fields shown in the display.

Table 18 show ip slb replicate Field Descriptions
Field	Description
state	Current replication state of the virtual server: DUMPING--Dumping the connection table to the Hot Standby Router Protocol (HSRP) peer device. NORMAL--Functioning properly. PREEMPTING--Preparing to preempt the HSRP peer device and assume an active role.
interval	Replication buffering interval, in seconds.
Slave Replication	Indicates whether Slave Replication is enabled or disabled.
unsent conn updates	Number of Slave Replication or CASA Replication connection updates waiting to be sent.
conn updates received	Number of Slave Replication or CASA Replication connection updates received.
conn updates transmitted	Number of Slave Replication or CASA Replication connection updates sent.
update packets received	Number of Slave Replication or CASA Replication connection update packets received.
update packets transmitted	Number of Slave Replication or CASA Replication connection update packets sent.
local	Listening IP address for CASA Replication state exchange messages that are advertised.
remote	Destination IP address for all CASA Replication state exchange signals.
port	TCP or User Datagram Protocol (UDP) port number or port name for all CASA Replication state exchange signals.
current password	Current CASA Replication password for Message Digest Algorithm Version 5 (MD5) authentication, if any.
pending password	Pending CASA Replication password for MD5 authentication, if any.
failovers	Number of CASA Replication failovers detected.

Related Commands

Command	Description
request (HTTP probe)	Configures an HTTP probe to check the status of the real servers.

show ip slb serverfarms

To display information about the server farms, use the show ip slb serverfarmscommand in privilegedEXEC mode.

show ip slb serverfarms [ name serverfarm-name ] [detail]

Syntax Description

name	(Optional) Displays information about only a particular server farm.
serverfarm-name	(Optional) Name of the server farm.
detail	(Optional) Displays detailed server farm information.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.0(7)XE	This command was introduced.
12.1(5)T	This command was integrated into Cisco IOS Release 12.1(5)T.
12.2	This command was integrated into Cisco IOS Release 12.2.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SRC	The output for the detail keyword was updated to display RADIUS load balancing enhancements and information about the IOS SLB KeepAlive Application Protocol (KAL-AP) agent.
15.0(1)S	The output for the detail keyword was updated to display the real server's IPv4, IPv6, or dual-stack address.

Examples

The following is sample output from the show ip slb serverfarmscommand:

Router# show ip slb serverfarms
server farm     predictor           nat   reals   bind id  interface(s)
GGSN            ROUNDROBIN          none  0       0        <any>
GGSN1           ROUNDROBIN          S     5       0        <any>
GGSN_IPV6       ROUNDROBIN          S     5       0        <any>

The table below describes the fields shown in the display.

Table 19 show ip slb serverfarms Field Descriptions
Field	Description
server farm	Name of the server farm about which information is being displayed. Information about each server farm is displayed on a separate line.
predictor	Type of load-balancing algorithm (ROUNDROBIN, LEASTCONNS, or ROUTEMAP) used by the server farm
nat	NAT setting for the server farm: c --Client NAT s --Server NAT none --NAT is not configured for the server farm
reals	Number of real servers configured in the server farm
bind id	Bind ID configured on the server farm.
interface(s)	Interface used by the server farm

The following is sample output from the show ip slb serverfarms detailcommand, if RADIUS load balancing is configured with the route map predictor:

Router# show ip slb serverfarms detail
SF1, predictor = ROUNDROBIN, nat =SERVER, interface(s) = Vl88
  virtuals inservice: 1, reals = 1, bind id = 0
  Real servers:
    172.16.88.5, weight = 8, OPERATIONAL, conns = 0
    ipv6 = 2342:2342:2343:FF04:2388:BB03:3223:8912
  Total connections = 0

For RADIUS load balancing with the route map predictor configured, specifying the detail keyword displays:

predictor = ROUTE-MAP --Indicates that the route-map keyword is configured on the predictor command in SLB server farm configuration mode.
routemap name --Name of the IOS policy-based routing (PBR) route map. If the route map is invalid or is not present, IOS SLB also displays Not Configured/Valid.

The following is sample output from the show ip slb serverfarms detailcommand, if a KAL-AP request was received for this server farm:

SF, predictor = ROUNDROBIN, nat = SERVER, interface(s) = <any>
  virtuals inservice: 1, reals = 2, bind id = 0
  KAL-AP tag: “chicago.com”, farm weight: 400

For the KAL-AP agent, specifying the detail keyword displays:

KAL-AP tag --Domain tag to be used by the KAL-AP agent when searching for a server farm, if configured.
farm weight --The weight to be used by the KAL-AP agent when calculating the load value for a server farm.

show ip slb sessions

To display information about sessions handled by Cisco IOS Server Load Balancing (IOS SLB), use the show ip slb sessionscommand in privileged EXEC mode.

show ip slb sessions [ asn | gtp [ipv6] | gtp-inspect | ipmobile | radius ] [ vserver virtual-server ] [ client ipv4-address ipv4-netmask ] [detail]

Syntax Description

asn	(Optional) Displays information about set of Access Service Network (ASN) gateways sessions being handled by IOS SLB.
gtp	(Optional) Displays IPv4 information about general packet radio service (GPRS) Tunneling Protocol (GTP) sessions being handled by IOS SLB.
ipv6	(Optional) Displays detailed information about the IPv6 sessions being handled by GTP load balancing.
gtp-inspect	(Optional) Displays information about GTP sessions being handled by IOS SLB that have GTP cause code inspection enabled.
ipmobile	(Optional) Displays information about Mobile IP sessions being handled by IOS SLB.
radius	(Optional) Displays information about RADIUS sessions being handled by IOS SLB.
vserver virtual-server	(Optional) Displays information about sessions being handled by the specified virtual server.
client ipv4-address ipv4-netmask	(Optional) Displays information about sessions associated with the specified client IPv4 address or subnet
detail	(Optional) Displays detailed information.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.1(11b)E	This command was introduced.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.1(13)E3	The gtp and gtp-inspect keywords were added.
12.2(14)ZA2	The ipmobile keyword was added.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SRC1	The asnkeyword was added.
15.0(1)S	The ipv6keyword was added.

Examples

The following is sample output from the show ip slb sessionscommand for RADIUS sessions:

Router# show ip slb sessions radius
Source               Dest                   Retry
Addr/Port            Addr/Port           Id Count  Real            Vserver
------------------------------------------------------------------------------
10.10.11.1/1645      10.10.11.2/1812     15     1  10.10.10.1  RADIUS_ACCT

The table below describes the fields shown in the display.

Table 20 show ip slb sessions radius Field Descriptions
Field	Description
Source Addr/Port	Source IPv4 address and port number for the session.
Dest Addr/Port	Destination IPv4 address and port number for the session.
Id	RADIUS identifier for the session.
Retry Count	Number of times a RADIUS request was sent by a RADIUS client without receiving a response from the RADIUS server (proxy or otherwise).
Real	IPv4 address of the SSG RADIUS server (proxy or otherwise).
Vserver	Name of the virtual server whose sessions are being monitored and displayed.

The following example shows GTP IPv4 session data:

Router# show ip slb sessions gtp
vserver         key              client           real                  state
----------------------------------------------------------------------------------
10.10.10.10     1234567890123456 10.5.5.5          10.10.1.1             GTP_ESTAB

The table below describes the fields shown in the display.

Table 21 show ip slb sessions gtp Field Descriptions
Field	Description
vserver	Name of the virtual server whose GTP sessions are being monitored and displayed. Information about each session is displayed on a separate line.
key	Network Service Access Point Identifier (NSAPI) key being used by the GTP session.
client	Client IPv4 address being used by the GTP session.
real	Real IPv4 address of the GTP session.
state	Current state of the GTP session: GTP_ESTAB --The session has been established successfully. GTP_INIT --The Packet Data Protocol (PDP) contexts have been deleted as a result of a delete request or a deletion in gateway GPRS support node (GGSN), and IOS SLB is waiting to destroy the session after the GTP_TIMEOUT. GTPIO_REQ_CLIENT --Waiting for a response from the real server.

The following example shows GTP IPv6 session data:

Router# show ip slb sessions gtp ipv6
vserver = VS, key = 1112131415180030
  client = 3:3:3:3:3:3:3:9
  real = 4:4:4:4:4:4:4:4
  state = SLB_IPV6_GTP_ESTAB

The following example shows IOS SLB Mobile IP session data:

Router# show ip slb sessions ipmobile
vserver        NAI hash          client          real               retries
---------------------------------------------------------------------------
VIRTUAL_HA     0xFFFF            10.1.1.1/434     10.10.1.1          1

The table below describes the fields shown in the display.

Table 22 show ip slb sessions ipmobile Field Descriptions
Field	Description
vserver	Name of the virtual server whose Mobile IP sessions are being monitored and displayed. Information about each session is displayed on a separate line.
NAI hash	Network access identifier (NAI) in the Registration Request (RRQ), used by Cisco IOS SLB as a unique identifier.
client	Client IPv4 address being used by the Mobile IP session.
real	Real IPv4 address of the Mobile IP session.
retries	Number of foreign agent retries for the Mobile IP session.

The following is sample output from the show ip slb sessions asncommand for ASN sessions:

Router# show ip slb sessions asn
vserver         MSID              Base Station      real              state
------------------------------------------------------------------------------
10.10.10.10     001646013fc0      5.5.5.5           10.10.1.1         ASN_REQ

The table below describes the fields shown in the display.

Table 23 show ip slb sessions asn Field Descriptions
Field	Description
vserver	Name of the virtual server whose ASN sessions are being monitored and displayed. Information about each session is displayed on a separate line.
MSID	Mobile Station Identifier (MSID), used by Cisco IOS SLB as a unique identifier.
Base Station	IPv4 address of the base station associated with the ASN session.
real	Real IPv4 address of the ASN session.
state	Current state of the ASN session: ASN_ESTAB --The session has been established successfully. ASN_INIT --IOS SLB is waiting to destroy the session after timeouts in ASN_REQ or ASN_ESTAB state. If the base station is configured to send the ACK directly to the ASN gateway, and if no faildetect inband is configured, the session remains in ASN_REQ state until it is destroyed. ASN_REQ --Waiting for a response from the real server.

show ip slb static

To display the Cisco IOS Server Load Balancing (IOS SLB) server Network Address Translation (NAT) configuration, use the show ip slb staticcommand in privileged EXEC mode.

show ip slb static

Syntax Description

This command has no arguments or keywords.

Command Default

The default behavior is to display the entire IOS SLB server NAT configuration.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.1(11b)E	This command was introduced.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following is sample output from the show ip slb staticcommand:

Router# show ip slb static
real                     action         address         counter
---------------------------------------------------------------
10.11.3.4                drop           0.0.0.0         0
10.11.3.1                NAT            10.11.11.11     3
10.11.3.2                NAT sticky     10.11.11.12     0
10.11.3.3                NAT per-packet 10.11.11.13     0

The table below describes the fields shown in the display.

Table 24 show ip slb static Field Descriptions
Field	Description
real	IP address of the real server.
action	Action to be taken by the real server: drop--The real server is configured to have its packets dropped by IOS SLB, if the packets do not correspond to existing connections. NAT--The real server is configured to use server NAT, and to use its own virtual IP address when translating addresses. NAT per-packet--The real server is configured to use server NAT and per-packet server load balancing. NAT sticky--The real server is configured to use server NAT for sticky connections. pass-thru--The real server is not configured to use server NAT.
address	Virtual IP address used by the real server when translating addresses using server NAT. Address 0.0.0.0 means the real server is not configured for server NAT.
counter	For actions drop and NAT per-packet, indicates the number of packets processed by the real server. For actions NAT and NAT sticky, indicates the number of packets received by, but not necessarily processed by, the real server.

show ip slb stats

To display IOS Server Load Balancing (IOS SLB) statistics, use the show ip slb statscommand in privileged EXEC mode.

show ip slb stats [kal-ap]

Syntax Description

kal-ap

(Optional) Displays information about the IOS SLB KeepAlive Application Protocol (KAL-AP) agent.

Command Default

No default behavior or values.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.0(7)XE	This command was introduced.
12.1(5)T	This command was integrated into Cisco IOS Release 12.1(5)T.
12.2	This command was integrated into Cisco IOS Release 12.2.
12.1(9)E	This command was modified to support general packet radio service (GPRS) load balancing.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SRC	The kal-ap keyword was added, and the output for the command was updated to display correlation inject failures for RADIUS load balancing accelerated data plane forwarding.
12.2(33)SRC1	The output for the command was updated to display packet fragment drops for Access Service Network (ASN) R6 load balancing.

Examples

The following is sample output from the show ip slb statscommand:

Router# show ip slb stats
Pkts via normal switching:     108247
Pkts via special switching:    4307026
Pkts via slb routing:          1376241
Pkts Dropped:                  0
Connections Created:           933131
Connections Established:       350042
Connections Destroyed:         639323
Connections Reassigned:        0
Zombie Count:                  0
Connections Reused:            0
Connection Flowcache Purges:   2665
Failed Connection Allocs:      0
Failed Real Assignments:       0
RADIUS framed-ip Sticky Count: 524288
RADIUS username Sticky Count:  0
RADIUS cstn-id Sticky Count:   0
GTP imsi Sticky Count:         0
Route Flows Created:           1691177
Failed Route Flow Allocs:      0
Failed Correlation Injects:    0
Pkt fragments drops in ssv:    0
ASN MSID sticky count:         1

The table below describes the fields shown in the display.

Table 25 show ip slb stats Field Descriptions
Field	Description
Pkts via normal switching	Number of packets handled by IOS SLB via normal switching since the last time counters were cleared. Normal switching is when IOS SLB packets are handled on normal IOS switching paths (CEF, fast switching, and process level switching).
Pkts via special switching	Number of packets handled by IOS SLB via special switching since the last time counters were cleared. Special switching is when IOS SLB packets are handled on hardware-assisted switching paths.
Pkts via slb routing	Number of packets handled by IOS SLB via SLB routing since the last time counters were cleared.
Pkts dropped	Number of packets dropped or consumed by IOS SLB since the last time counters were cleared. The Pkts dropped field can increase for one or more of the following reasons: Pings and other Internet Control Message Protocol (ICMP) packets addressed to a virtual IP address are dropped. TCP data packets in which the conn entry is not available as a result of an idle timeout, failure of a probe, or failure of a real server, are dropped. UDP traceroute packets addressed to a virtual IP address are dropped. UDP packets addressed to a virtual IP address with a port number other than the one configured in the virtual server are dropped. If the virtual server uses the any 0 port number, IOS SLB forwards the UDP packets to the real server. Fragmented packets that cannot be reassembled are dropped.
Connections Created	Number of connections (or sessions, in general packet radio service [GPRS] load balancing and the Home Agent Director) created since the last time counters were cleared.
Connections Established	Number of connections (or sessions, in GPRS load balancing and the Home Agent Director) created and that have become established since the last time counters were cleared.
Connections Destroyed	Number of connections (or sessions, in GPRS load balancing and the Home Agent Director) destroyed since the last time counters were cleared.
Connections Reassigned	Number of connections (or sessions, in GPRS load balancing and the Home Agent Director) reassigned to a different real server since the last time counters were cleared.
Zombie Count	Number of connections (or sessions, in GPRS load balancing and the Home Agent Director) that are currently pending destruction (awaiting a timeout or some other condition to be met).
Connections Reused	Number of zombie connections (or sessions, in GPRS load balancing and the Home Agent Director) reused since the last time counters were cleared. A zombie connection is reused if it receives a TCP SYNchronize sequence number (SYN) or User Datagram Protocol (UDP) packet and succeeds in connecting to a real server. The zombie connection becomes a real connection and the zombie count is decremented.
Connection Flowcache Purges	Number of times the connection flow cache was purged since the last time counters were cleared.
Failed Connection Allocs	Number of times the allocation of a connection (or session, in GPRS load balancing) failed since the last time counters were cleared.
Failed Real Assignments	Number of times the assignment of a real server failed since the last time counters were cleared.
RADIUS framed-ip Sticky Count	Number of entries in the RADIUS framed-IP sticky database.
RADIUS username Sticky Count	Number of entries in the RADIUS username sticky database.
RADIUS cstn-id Sticky Count	Number of entries in the RADIUS calling-station-ID sticky database.
GTP imsi Sticky Count	Number of entries in the GTP IMSI sticky database.
Route Flows Created	Number of route flows created.
Failed Route Flows Allocs	Number of failed route flow allocations.
Failed Correlation Injects	Number of failed correlation injects.
Pkt fragments drops in ssv	Number of packet fragments drops in the SSV.
ASN MSID sticky count	Number of sticky objects in the ASN MSID sticky database.

The following is sample output from the show ip slb kal-ap stats kal-apcommand:

Router# show ip slb kal-ap stats kal-ap
KAL-AP Mgr: (default), Socket state: OPEN, Socket retry: 0
KAL-AP Mgr: 2.2.2.2, Socket state: FAILED, Socket retry: 10
  UDP Port: 5002, vrf: vrf1
KAL-AP Mgr: 10.77.161.34, Socket state: FAILED, Socket retry: 10
  UDP Port: 5002, Secret: test
KAL-AP Packet Statistics:
Packet Received:     84
Bytes Received:      3966
Packet Sent:         30
Bytes Sent:          1080
Encrypt Errors:      0
Recv Failures:       0
Sent Failures:       0
KAL-AP Manager:      2.2.2.2    Secret:        Yes
KAL-AP Manager:      3.3.3.3    Secret:        Yes
CAPP UDP Port:       5001
Pkt Recd:            100        Bytes Recd:    12345
Pkt Sent:            100        Bytes Sent:    12121
MD5 checksum failed: 0          Error packets: 0

show ip slb sticky

To display the IOS Server Load Balancing (IOS SLB) sticky database, use the show ip slb stickycommand in privileged EXEC mode.

show ip slb sticky [ asn { msid msid | nai nai } | client ipv4-address ipv4-netmask | gtp imsi [ipv6] [ id imsi ] | radius calling-station-id [ id string ] | radius framed-ip [ client ipv4-address ipv4-netmask ] | radius username [ name string ] ]

Syntax Description

asn msid msid	(Optional) Displays only those sticky database entries associated with the specified Access Service Network (ASN) Mobile Station ID (MSID).
asn nai nai	(Optional) Displays only those sticky database entries associated with the specified ASN network address identifier (NAI).
client ipv4-address ipv4-netmask	(Optional) Displays only those sticky database entries associated with the specified client IPv4 address or subnet.
gtp imsi	(Optional) Displays only entries associated with the IOS SLB general packet radio service (GPRS) Tunneling Protocol (GTP) International Mobile Subscriber ID (IMSI) sticky database, and shows all of the Network Service Access Point Identifiers (NSAPIs) that the user has used as primary Packet Data Protocols (PDPs).
ipv6	(Optional) Displays only IPv6 entries associated with the IOS SLB GTP IMSI sticky database, and shows all of the NSAPIs that the user has used as primary PDPs.
id imsi	(Optional) Displays only those sticky database entries associated with the specified IMSI.
radius calling-station-id	(Optional) Displays only entries associated with the IOS SLB RADIUS calling-station-ID sticky database.
id string	(Optional) Displays only those sticky database entries associated with the specified calling station ID.
radius framed-ip	(Optional) Displays only entries associated with the IOS SLB RADIUS framed-IP sticky database.
radius username	(Optional) Displays only entries associated with the IOS SLB RADIUS username sticky database.
name string	(Optional) Displays only those sticky database entries associated with the specified username.

Command Default

If no options are specified, the command displays information about all virtual servers.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.0(7)XE	This command was introduced.
12.1(5)T	This command was integrated into Cisco IOS Release 12.1(5)T.
12.2	This command was integrated into Cisco IOS Release 12.2.
12.1(11b)E	The radius keyword was added.
12.1(12c)E	The framed-ip, username, name, netmask, and string keywords and arguments were added.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(14)ZA5	The calling-station-idand id keywords and the stringargument were added.
12.2(18)SXE	The gtp imsiand id keywords and the imsiargument were added.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SRE	The asn, msid, and naikeywords and the msidand naiarguments were added.
15.0(1)S	The ipv6keyword was added. The output was updated to display the real server's GTP version and IPv4, IPv6, or dual-stack address.

Examples

The following is sample output from the show ip slb stickycommand:

Router# show ip slb sticky
client           netmask          group  real                  conns
-----------------------------------------------------------------------
10.10.2.12       255.255.0.0      4097   10.10.3.2             1

The table below describes the fields shown in the display.

Table 26 show ip slb sticky Field Descriptions
Field	Description
client	Client IPv4 address or subnet which is bound to this sticky assignment.
netmask	IPv4 subnet mask for this sticky assignment.
group	Group ID for this sticky assignment.
real	Real server used by all clients connecting with the client IPv4 address or subnet detailed on this line.
conns	Number of connections currently sharing this sticky assignment.

The following is sample output from the show ip slb sticky gtp imsicommand:

Router# show ip slb sticky gtp imsi
IMSI                  Real         Ver  Group ID   vs_index  refcount  nsapi
----------------------------------------------------------------------
11111111111111FF      10.10.10.1   1    5          10        1         6
11123411111111FF      10.10.10.2   1    5          10        1         9

The table below describes the fields shown in the display.

Table 27 show ip slb sticky gtp imsi Field Descriptions

Field

Description

IMSI

IMSI bound to this sticky assignment in the IOS SLB GTP IMSI sticky database.

Real

IPv4 address of the GTP IMSI real server.

Ver

GTP version: v0, v1, or v2

Group ID

Group ID for this sticky assignment.

vs_index

Virtual index, out of a maximum of 500.

refcount

Number of NSAPIs used as primary PDPs.

nsapi

NSAPI used as a primary PDP.

Note

IOS SLB does not display the nsapi column for GTP v2 sessions.

The following is sample output from the show ip slb sticky gtp imsi ipv6command:

Router# show ip slb sticky gtp imsi ipv6
IMSI             Real            Ver  Group Id  vs_index  refcount  NSAPIs
--------------------------------------------------------------------------
11121314151800F0 21.21.21.1      2    4099      7         1         3
                 2342:2342:2343:FF04:2342:AA03:2323:8912

The following is sample output from the show ip slb sticky radius calling-station-idcommand:

Router# show ip slb sticky radius calling-station-id
calling-station-id  group id     server real  framed-ips
-----------------------------------------------------
6228212             15           10.10.10.1   1

The table below describes the fields shown in the display.

Table 28 show ip slb sticky radius calling-station-id Field Descriptions
Field	Description
calling-station-id	Calling station ID bound to an SSG RADIUS proxy in the IOS SLB RADIUS calling-station-ID sticky database.
group id	Group ID for this sticky assignment.
server real	IPv4 address of the SSG RADIUS proxy server.
framed-ips	Number of IPv4 addresses bound to the SSG RADIUS proxy in the IOS SLB RADIUS framed-IP sticky database.

The following is sample output from the show ip slb sticky radius framed-ipcommand:

Router# show ip slb sticky radius framed-ip
framed-ip       group id     server real  route i/f
-----------------------------------------------------
1.1.1.1         15           10.10.10.1   <any>

The table below describes the fields shown in the display.

Table 29 show ip slb sticky radius framed-ip Field Descriptions
Field	Description
framed-ip	IPv4 address bound to a Cisco Service Selection Gateway (SSG) RADIUS proxy in the IOS SLB RADIUS framed-IP sticky database.
group id	Group ID for this sticky assignment.
server real	IPv4 address of the SSG RADIUS proxy server.
route i/f	Route interface.

The following is sample output from the show ip slb sticky radius usernamecommand:

Router# show ip slb sticky radius username
username        group id     server real  framed-ips
-----------------------------------------------------
9198783355      15           10.10.10.1   1

The table below describes the fields shown in the display.

Table 30 show ip slb sticky radius username Field Descriptions
Field	Description
username	Username bound to an SSG RADIUS proxy in the IOS SLB RADIUS username sticky database.
group id	Group ID for this sticky assignment.
server real	IPv4 address of the SSG RADIUS proxy server.
framed-ips	Number of IPv4 addresses bound to the SSG RADIUS proxy in the IOS SLB RADIUS framed-IP sticky database.

The following is sample output from the show ip slb sticky asncommand:

Router# show ip slb sticky asn
MSID                Real      Group Id vs_index   NAI
-------------------------------------------------------
ABCD.12FE.3467   10.10.10.1   5         10        abc@cisco.com
2247.1130.8642   10.10.10.2   5         10        bcd@abc.com

The table below describes the fields shown in the display.

Table 31 show ip slb sticky asn Field Descriptions
Field	Description
MSID	MSID bound to this sticky assignment in the IOS SLB ASN sticky database.
Real	IPv4 address of the ASN real server.
Group ID	Group ID for this sticky assignment.
vs_index	Virtual index, out of a maximum of 500.
NAI	NAI bound to this sticky assignment in the IOS SLB ASN sticky database.

The following is sample output from the show ip slb sticky asn nai abc@cisco.comcommand:

Router# show ip slb sticky asn nai abc@cisco.com
MSID                Real      Group Id vs_index   NAI
-------------------------------------------------------
ABCD.12FE.3467   10.10.10.1   5         10        abc@cisco.com

The table below describes the fields shown in the display.

Table 32 show ip slb sticky asn nai abc@cisco.com Field Descriptions
Field	Description
MSID	MSID bound to this sticky assignment in the IOS SLB ASN sticky database.
Real	IPv4 address of the ASN real server.
Group ID	Group ID for this sticky assignment.
vs_index	Virtual index, out of a maximum of 500.
NAI	NAI bound to this sticky assignment in the IOS SLB ASN sticky database.

show ip slb vservers

To display information about the virtual servers, use the show ip slb vserverscommand in privilegedEXEC mode.

show ip slb vservers [ name virtual-server ] [redirect] [detail]

Syntax Description

name virtual-server	(Optional) Displays information about the specified virtual server.
redirect	(Optional) Displays information about redirect virtual servers.
detail	(Optional) Displays detailed information.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.0(7)XE	This command was introduced.
12.1(5)T	This command was integrated into Cisco IOS Release 12.1(5)T.
12.2	This command was integrated into Cisco IOS Release 12.2.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(18)SXF	The output for this command was modified to reflect the GTP sticky query option on the idle (virtual server) command.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SRC	The output for the detail keyword was updated to display information about the IOS SLB KeepAlive Application Protocol (KAL-AP) agent.
12.2(33)SRC1	The output for the detail keyword was updated to display information about Access Service Network (ASN) virtual servers.
15.0(1)S	The output was updated to display the virtual server's IPv4 or dual-stack address.

Usage Guidelines

If no options are specified, the command displays information about all virtual servers.

Examples

The following is sample output from the show ip slb vserverscommand:

Router# show ip slb vservers
slb vserver      prot  virtual              state         conns    interface(s)
--------------------------------------------------------------------------------------
GGSN_SERVER1     UDP   4.3.2.1/32:0         OPERATIONAL   0        <any>
                       2342:2342:2343:FF04:2342:AA03:2323:8912/128
VS1              UDP   4.3.2.2/32:0         OPERATIONAL   0        <any>
                       2342:2342:2343:FF04:2343:AA03:2323:8912/128
VS2              UDP   4.3.2.3/32:0         OPERATIONAL   0        <any>
                       2342:2342:2343:FF04:2341:AA03:2323:8912/128

The table below describes the fields shown in the display.

Table 33 show ip slb vservers Field Descriptions
Field	Description
slb vserver	Name of the virtual server about which information is being displayed. Information about each virtual server is displayed on a separate line.
prot	Protocol being used by the virtual server.
virtual	Virtual IPv4 or dual-stack address of the virtual server, including the network mask, if configured.
state	Current state of the virtual server: FAILED--Real server represented by this virtual server has been removed from use by the predictor algorithms; retry timer started. OPERATIONAL--Functioning properly. OUTOFSERVICE--Removed from the load-balancing predictor lists. STANDBY--Backup virtual server, ready to become operational if active virtual server fails.
conns	Number of connections (or sessions, in general packet radio service [GPRS] load balancing and the Home Agent Director) associated with the virtual server.
interface	Type of interface.

The following sample output from the show ip slb vservers detailcommand shows detailed data for a virtual server with route health injection (advertise=TRUE):

Router# show ip slb vservers detail
VS, state = OPERATIONAL, v_index = 7, interface(s) = <any>
   virtual = 3.3.3.3/32:2123, UDP, service = GTP, advertise = TRUE
   ipv6 = 3:3:3:3:3:3:3:3/128
   serverfarm maps:
    map 1: priority = 1, serverfarm = SF, backup serverfarm= SF3
           ipv6 serverfarm = SF1 ipv6 backup serverfarm = SF2
    map 2: priority = 2, serverfarm = SF3, backup serverfarm= SF
          ipv6 serverfarm = SF2 ipv6 backup serverfarm = SF1
   serverfarm = <not assigned>, backup serverfarm = <not assigned>
   backup_serverfarm_hits = 0
   delay = 10, idle = 3600
   gtp: request idle = 30
        slb notification retry = 2
        gtp sticky query: <disabled>
        max retries: 0
   sticky: <none>
           group id = 0
   synguard counter = 0, synguard period = 0
   conns = 0, total conns = 0, syns = 0, syn drops = 0
   standby group = None

The following sample output from the show ip slb vservers name detailcommand shows detailed data for virtual server GGSN_SERVER with GTP sticky query enabled:

Router# show ip slb vservers name GGSN_SERVER detail
GGSN_SERVER, state = OPERATIONAL, v_index = 7, interface(s) = <any>
  virtual = 10.10.195.1/32:0, UDP, service = GTP, advertise = TRUE
  server farm = GGSN, delay = 10, idle = 3600
  gtp: request idle = 30, slb notification retry = 2
  gtp sticky query: <enabled>, max retries: 3
  sticky: <none>
  sticky: group id = 4097 <assigned>
  synguard counter = 0, synguard period = 0
  conns = 0, total conns = 17192, syns = 0, syn drops = 0
  standby group = None

The table below describes the fields shown in the display.

Table 34 show ip slb vservers name detail Field Descriptions
Field	Description
GGSN_SERVER	Name of the virtual server about which information is being displayed (in this case, GGSN_SERVER).
state	Current state of the virtual server: FAILED--Real server represented by this virtual server has been removed from use by the predictor algorithms; retry timer started. OPERATIONAL--Functioning properly. OUTOFSERVICE--Removed from the load-balancing predictor lists. STANDBY--Backup virtual server, ready to become operational if active virtual server fails.
v_index	Virtual index, out of a maximum of 500.
interface(s)	Type of interface.
virtual	Virtual IPv4 or dual-stack address of the virtual server, including the network mask, if configured.
UDP	Protocol being used by the virtual server (in this case, UDP).
service	Service, such as GTP, HTTP, or Telnet, associated with the virtual server (in this case, GTP).
advertise	Current state of host route advertisement for this virtual server: TRUE--Host route is being advertised. FALSE--Host route is not being advertised.
ipv6	For dual-stack, IPv6 address of the virtual server
server farm	Name of the server farm associated with the virtual server.
delay	Delay timer duration, in seconds, for this virtual server.
idle	Idle connection timer duration, in seconds, for this virtual server.
gtp request idle	GTP idle connection timer duration in seconds.
slb notification	Number of times IOS SLB can reassign a rejected Create PDP Context to a new real Cisco gateway GPRS support node (GGSN).
gtp sticky query	For GTP IMSI sticky, indicates whether IOS SLB is to query the GGSN before deleting any GTP IMSI sticky objects.
max retries	Maximum number of queries IOS SLB is to send to the GGSN when there is no response from the GGSN.
sticky	Indicates whether sticky connections are enabled for this virtual server.
sticky group id	Sticky group in which this virtual server is placed, for coupling of services.
synguard counter	Number of unacknowledged SYNchronize sequence numbers (SYNs) that are allowed to be outstanding to this virtual server.
synguard period	Interval, in milliseconds, for SYN threshold monitoring for this virtual server.
conns	Number of active connections currently associated with the virtual server.
total conns	Total number of connections that have been associated with the virtual server since coming INSERVICE.
syns	Number of SYNs handled by the virtual server in this period.
syn drops	Number of SYNs dropped by the virtual server in this period.
standby group	Hot Standby Router Protocol (HSRP) group name with which the virtual server is associated.

The following sample output from the show ip slb vservers name detailcommand shows detailed data for GTP virtual server GGSN_SERVER with maps enabled:

Router# show ip slb vservers name GGSN_SERVER detail
GGSN_SERVER, state = OPERATIONAL, v_index = 9, interface(s) = <any>
  virtual = 10.10.10.10/32:0, UDP, service = GTP, advertise = TRUE
  serverfarm maps:
  map 4: priority = 1, serverfarm = FARM4, backup = <none>
  map 1: priority = 3, serverfarm = FARM1, backup = FARM2
  map 5: priority = 4, serverfarm = FARM5, backup = <none>
  server farm = <not assigned>, delay = 10, idle = 3600
  gtp: request idle = 30, slb notification retry = 2
  gtp sticky query: <disabled>, max retries: 0
  sticky: <none>
  sticky: group id = 0 
  synguard counter = 0, synguard period = 0
  conns = 0, total conns = 0, syns = 0, syn drops = 0
  standby group = None

The table below describes the fields shown in the display.

Table 35 show ip slb vservers name detail Field Descriptions
Field	Description
GGSN_SERVER	Name of the RADIUS virtual server about which information is being displayed (in this case, GGSN_SERVER).
state	Current state of the virtual server: FAILED--Real server represented by this virtual server has been removed from use by the predictor algorithms; retry timer started. OPERATIONAL--Functioning properly. OUTOFSERVICE--Removed from the load-balancing predictor lists. STANDBY--Backup virtual server, ready to become operational if active virtual server fails.
v_index	Virtual index, out of a maximum of 500.
interface(s)	Type of interface.
virtual	Virtual IPv4 or dual-stack address of the virtual server, including the network mask, if configured.
UDP	Protocol being used by the virtual server (in this case, UDP).
service	Service, such as GTP, HTTP, or Telnet, associated with the virtual server (in this case, GTP).
advertise	Current state of host route advertisement for this virtual server: TRUE--Host route is being advertised. FALSE--Host route is not being advertised.
serverfarm maps	List of IOS SLB server farm maps associated with this virtual server. Information about each map is displayed on a separate line.
priority	Priority of the map.
serverfarm	Server farm with which the map is associated.
backup	Backup server farm, if any.
server farm	Name of the server farm associated with the virtual server. Information about each server farm is displayed on a separate line.
map ID	Map associated with the server farm.
priority	Priority of the map.
delay	Delay timer duration, in seconds, for this virtual server.
idle	Idle connection timer duration, in seconds, for this virtual server.
gtp request idle	GTP idle connection timer duration in seconds.
slb notification	Number of times IOS SLB can reassign a rejected Create PDP Context to a new real Cisco gateway GPRS support node (GGSN).
gtp sticky query	For GTP IMSI sticky, indicates whether IOS SLB is to query the GGSN before deleting any GTP IMSI sticky objects.
max retries	Maximum number of queries IOS SLB is to send to the GGSN when there is no response from the GGSN.
sticky	Indicates whether sticky connections are enabled for this virtual server.
sticky group id	Sticky group in which this virtual server is placed, for coupling of services.
synguard counter	Number of unacknowledged SYNchronize sequence numbers (SYNs) that are allowed to be outstanding to this virtual server.
synguard period	Interval, in milliseconds, for SYN threshold monitoring for this virtual server.
conns	Number of active connections currently associated with the virtual server.
total conns	Total number of connections that have been associated with the virtual server since coming INSERVICE.
syns	Number of SYNs handled by the virtual server in this period.
syn drops	Number of SYNs dropped by the virtual server in this period.
standby group	Hot Standby Router Protocol (HSRP) group name with which the virtual server is associated.

The following sample output from the show ip slb vservers name detailcommand shows detailed data for an ASN virtual server:

Router# show ip slb vservers name ASN_VSERVER detail
ASN_VSERVER, state = OPERATIONAL, v_index = 10, interface(s) = <any>
  virtual = 2.2.2.2/32:0, UDP, service = ASNR6, advertise = TRUE
  server farm = SF, delay = 10, idle = 3600
  asn: request idle = 90
  asn: delete notif recvd = 2, nai-update notif recvd = 2
  asn: Notification Errors: Deletes = 1, nai-updates = 0
  sticky: <none>
  sticky: group id = 4097 <assigned>
  synguard counter = 0, synguard period = 0
  conns = 0, total conns = 156, syns = 0, syn drops = 0
  standby group = None
--------------------------------------------------------
               |      delete     |    nai-updates
   Real commn: |--------+--------+--------+-------------
  port = 63082 |  Recv  | Errors |  Recv  |  Errors
---------------+--------+--------+--------+-------------
    15.15.15.4       1         1        1         0
    15.15.15.5       1         0        1         0

The table below describes the fields shown in the display.

Table 36 show ip slb vservers name detail Field Descriptions
Field	Description
ASN_VSERVER	Name of the ASN virtual server about which information is being displayed (in this case, ASN_VSERVER).
state	Current state of the virtual server: FAILED--Real server represented by this virtual server has been removed from use by the predictor algorithms; retry timer started. OPERATIONAL--Functioning properly. OUTOFSERVICE--Removed from the load-balancing predictor lists. STANDBY--Backup virtual server, ready to become operational if active virtual server fails.
v_index	Virtual index, out of a maximum of 500.
interface(s)	Type of interface.
virtual	Virtual IPv4 or dual-stack address of the virtual server, including the network mask, if configured.
UDP	Protocol being used by the virtual server (in this case, UDP).
service	Service, such as GTP, HTTP, or Telnet, associated with the virtual server (in this case, ASNR6).
advertise	Current state of host route advertisement for this virtual server: TRUE--Host route is being advertised. FALSE--Host route is not being advertised.
server farm	Name of the server farm associated with the virtual server. Information about each server farm is displayed on a separate line.
delay	Delay timer duration, in seconds, for this virtual server.
idle	Idle connection timer duration, in seconds, for this virtual server.
asn: request idle	ASN idle connection timer duration in seconds.
asn: delete notif recvd	Number of delete notifications received.
asn: nai-update notif recvd	Number of NAI-update notifications received.
asn: Notification Errors: Deletes	Number of delete notification errors.
asn: Notification Errors: nai-updates	Number of NAI-update notification errors.
sticky	Indicates whether sticky connections are enabled for this virtual server.
sticky group id	Sticky group in which this virtual server is placed, for coupling of services.
synguard counter	Number of unacknowledged SYNchronize sequence numbers (SYNs) that are allowed to be outstanding to this virtual server.
synguard period	Interval, in milliseconds, for SYN threshold monitoring for this virtual server.
conns	Number of active connections currently associated with the virtual server.
total conns	Total number of connections that have been associated with the virtual server since coming INSERVICE.
syns	Number of SYNs handled by the virtual server in this period.
syn drops	Number of SYNs dropped by the virtual server in this period.
standby group	Hot Standby Router Protocol (HSRP) group name with which the virtual server is associated.
Real commn: port	Port used by the real server.

show ip slb wildcard

To display information about the wildcard representation for irtual servers, use the show ip slb wildcardcommand in privilegedEXEC mode.

show ip slb wildcard

Syntax Description

This command has no arguments or keywords.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.2(33)SRE	This command was introduced.
15.0(1)S	The output was updated to display the virtual server's IPv4, IPv6, or dual-stack address.

Examples

The following is sample output from the show ip slb wildcardcommand:

Router# show ip slb wildcard
Interface Source Address         Port  Destination Address    Port  Prot
ANY       0.0.0.0/0              0     3.3.3.3/32             2123  UDP
ANY       0.0.0.0/0              0     3.3.3.3/32             0     UDP
ANY       0.0.0.0/0              0     0.0.0.0/0              0     ICMP
Interface: ANY
Source Address [Port]: : :/0[0]
Destination Address [Port]: 2342:2342:2343:FF04:2341:AA03:2323:8912/128[0]
Protocol: ICMPV6
Interface: ANY
Source Address [Port]: : :/0[0]
Destination Address [Port]: 2342:2342:2343:FF04:2341:AA03:2323:8912/128[2123]
Protocol: UDP

snmp-server enable traps slb

To enable IOS SLB traps for real- and virtual-server state changes, use the snmp-server enable traps slb command in global configuration mode. To disable the traps use the no form of this command.

snmp-server enable traps slb { real | virtual }

no snmp-server enable traps slb { real | virtual }

Syntax Description

real	Enables traps for real server state changes.
virtual	Enables traps for virtual server state changes.

Command Default

IOS SLB traps for real- and virtual-server state changes are not enabled.

Command Modes

Global configuration (config)

Command History

Release	Modification
12.1(11b)E	This command was introduced.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example enables IOS SLB traps for real server state changes:

Router(config)# snmp-server enable traps slb real

sticky (firewall farm datagram protocol)

To assign all connections from a client to the same firewall, use the sticky command in firewall farm datagram protocol configuration mode. To remove the client/server coupling, use the no form of this command.

sticky seconds [ netmask netmask ] [ source | destination ]

no sticky

Syntax Description

seconds	Sticky timer duration in seconds. Valid values range from 0 to 65535.
netmask netmask	(Optional) Places the virtual server as part of a sticky subnet, for coupling of services.
source	(Optional) Bases sticky on source IP address.
destination	(Optional) Bases sticky on destination IP address.

Command Default

Virtual servers are not associated with any groups.

Command Modes

Firewall farm datagram protocol configuration (config-slb-fw-udp)

Command History

Release	Modification
12.1(3a)E	This command was introduced.
12.2(12c)E	The source and destination keywords were added.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example specifies that if a client’s subsequent request for a firewall farm is made within 60 seconds of the previous request, then the same firewall is used for the connection:

Router(config)# ip slb firewallfarm FIRE1
Router(config-slb-fw)# protocol datagram
Router(config-slb-fw-udp)# sticky 60

Related Commands

Command	Description
protocol datagram	Enters firewall farm datagram protocol configuration mode.
show ip slb firewallfarm	Displays information about the firewall farm configuration.
show ip slb sticky	Displays information about the IOS SLB database.

sticky (firewall farm TCP protocol)

To assign all connections from a client to the same firewall, use the sticky command in firewall farm TCP protocol configuration mode. To remove the client/server coupling, use the no form of this command.

sticky seconds [ netmask netmask ] [ source | destination ]

no sticky

Syntax Description

seconds	Sticky timer duration in seconds. Valid values range from 0 to 65535.
netmask netmask	(Optional) Places the virtual server as part of a sticky subnet, for coupling of services.
source	(Optional) Bases sticky on source IP address.
destination	(Optional) Bases sticky on destination IP address.

Command Default

Virtual servers are not associated with any groups.

Command Modes

Firewall farm TCP protocol configuration (config-slb-fw-tcp)

Command History

Release	Modification
12.1(3a)E	This command was introduced.
12.2(12c)E	The source and destination keywords were added.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example specifies that if a client’s subsequent request for a firewall farm is made within 60 seconds of the previous request, then the same firewall is used for the connection:

Router(config)# ip slb firewallfarm FIRE1
Router(config-slb-fw)# protocol tcp
Router(config-slb-fw-tcp)# sticky 60

Related Commands

Command	Description
protocol tcp	Enters firewall farm TCP protocol configuration mode.
show ip slb firewallfarm	Displays information about the firewall farm configuration.
show ip slb sticky	Displays information about the IOS SLB database.

sticky (virtual server)

To assign all connections from a client to the same real server, use the sticky command in SLB virtual server configuration mode. To remove the client/server coupling, use the no form of this command.

sticky { duration [ group group-id ] [ netmask netmask ] | asn msid [ group group-id ] | | | gtp | | imsi | | [ group group-id ] | | | radius | | calling-station-id | | | radius | | framed-ip | | [ group group-id ] | | | radius | | username | | [ msid-cisco ] | [ group group-id ] }

no sticky { duration [ group group-id ] [ netmask netmask ] | asn msid [ group group-id ] | | | gtp | | imsi | | [ group group-id ] | | | radius | | calling-station-id | | | radius | | framed-ip | | [ group group-id ] | | | radius | | username | | [ msid-cisco ] | [ group group-id ] }

Syntax Description

duration	Sticky timer duration in seconds. Valid values range from 0 to 65535.
group group-id	(Optional) Places the virtual server in the specified sticky group, for coupling of services. All virtual servers that have the same sticky group ID share the sticky entry for a user. In essence, the group keyword and group-id argument tie multiple virtual servers together. Valid values range from 0 to 255.
netmask netmask	(Optional) Places the virtual server as part of the specified sticky subnet, for coupling of services. Client sessions whose source IP addresses fall within the netmask are directed to the same real server.
asn msid	Enables IOS SLB to load-balance Access Service Network (ASN) sessions to the same real server that processed all previous sessions for a given Mobile Station ID (MSID).
gtp imsi	Enables IOS SLB to load-balance general packet radio service (GPRS) Tunneling Protocol (GTP) Packet Data Protocol (PDP) context create requests to the same real server that processed all previous create requests for a given International Mobile Subscriber ID (IMSI).
radius calling-station-id	Enables IOS SLB to create the IOS SLB RADIUS calling-station-ID sticky database and direct RADIUS requests from a given calling station ID to the same service gateway.
radius framed-ip	Enables IOS Server Load Balancing (IOS SLB) to create the IOS SLB RADIUS framed-IP sticky database and direct RADIUS requests and non-RADIUS flows from a given end user to the same service gateway.
radius username	Enables IOS SLB to create the IOS SLB RADIUS username sticky database and direct RADIUS requests from a given end user to the same service gateway.
msid-cisco	(Optional) Enables IOS SLB to support Cisco PDSNs that provide MSID-based access (also known as MSID-based access, Cisco variant).

Command Default

Sticky connections are not tracked. Virtual servers are not associated with any groups.

Command Modes

SLB virtual server configuration (config-slb-vserver)

Command History

Release	Modification
12.0(7)XE	This command was introduced.
12.1(5)T	This command was integrated into Cisco IOS Release 12.1(5)T.
12.2	This command was integrated into Cisco IOS Release 12.2.
12.1(2)E	The netmask keyword and netmask argument were added.
12.1(11b)E	The radius framed-ip keywords were added.
12.1(12c)E	The radius username and msid-cisco keywords were added.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(14)ZA5	The radius calling-station-id keywords were added.
12.2(18)SXE	The gtp imsikeywords were added.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SRE	The asn msidkeywords were added.

Usage Guidelines

The last real server that was used for a connection from a client is stored for the set duration seconds. If a new connection from the client to the virtual server is initiated during that time, the same real server that was used for the previous connection is chosen for the new connection. If two virtual servers are placed in the same group, coincident connection requests for those services from the same IP address are handled by the same real server.

In Virtual Private Network (VPN) server load balancing, remember the following requirements:

For IPsec flows, you must specify a sticky connection between the User Datagram Protocol (UDP) virtual server and the Encapsulation Security Payload (ESP) virtual server.
For PPTP flows, you must specify a sticky connection between the TCP virtual server and the Generic Routing Encapsulation (GRE) virtual server.
You must specify a duration of at least 15 seconds.

In general packet radio service (GPRS) load balancing and the Home Agent Director, the stickycommand is not supported.

In RADIUS load balancing, remember the following requirements:

If you configure the sticky radius framed-ipcommand, you must also configure the virtual command with the service radiuskeywords specified.
If you configure the sticky radius calling-station-idcommand or the sticky radius usernamecommand, you must also configure the virtual command with the service radiuskeywords specified, and you must configure the sticky radius framed-ipcommand.
You cannot configure both the sticky radius calling-station-id command and the sticky radius username command on the same virtual server.
If you configure the sticky radius calling-station-idcommand, you must configure all RADIUS maps to match against the RADIUS calling station ID attribute.
If you configure the sticky radius usernamecommand, you must configure all RADIUS maps to match against the RADIUS username attribute.

For GTP load balancing:

IOS SLB creates a sticky database object when it processes the first GTP PDP create request for a given IMSI. IOS SLB removes the sticky object when it receives a notification to do so from the real server, or as a result of inactivity. When the last PDP belonging to an IMSI is deleted on the GGSN, it sends a notification to IOS SLB to remove the sticky object.
If you configure the sticky gtp imsi command, you must also configure the virtual command with the service gtpkeywords specified.

For ASN load balancing, if you configure the sticky asn msid command, you must also configure the virtual command with the service asnkeywords specified.

Examples

The following example specifies that if a client’s subsequent request for a virtual server is made within 60 seconds of the previous request, then the same real server is used for the connection. This example also places the virtual server in group 10.

Router(config)# ip slb vserver VS1
Router(config-slb-vserver)# sticky 60 group 10

Related Commands

Command	Description
show ip slb sticky	Displays information about the IOS SLB database.
show ip slb vservers	Displays information about the virtual servers defined to IOS SLB.
virtual	Configures the virtual server attributes.

synguard (virtual server)

To limit the rate of TCP SYNchronize sequence numbers (SYNs) handled by a virtual server to prevent a SYN flood denial-of-service attack, use the synguard command in SLB virtual server configuration mode. To remove the threshold, use the no form of this command.

synguard syn-count [interval]

no synguard

Syntax Description

syn-count	Number of unacknowledged SYNs that are allowed to be outstanding to a virtual server. Valid values range from 0 (off) to 4294967295. The default is 0.
interval	(Optional) Interval, in milliseconds, for SYN threshold monitoring. Valid values range from 50 to 5000. The default is 100 milliseconds (ms).

Command Default

The default number of unacknowledged SYNs that are allowed to be outstanding to a virtual server is 0 (off). The default interval is 100 ms.

Command Modes

SLB virtual server configuration (config-slb-vserver)

Command History

Release	Modification
12.0(7)XE	This command was introduced.
12.1(5)T	This command was integrated into Cisco IOS Release 12.1(5)T.
12.2	This command was integrated into Cisco IOS Release 12.2.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

In general packet radio service (GPRS) load balancing and the Home Agent Director, the synguard command has no meaning and is not supported.

Examples

The following example sets the threshold of unacknowledged SYNs to 50:

Router(config)# ip slb vserver PUBLIC_HTTP
Router(config-slb-vserver)# synguard 50

Related Commands

Command	Description
show ip slb vservers	Displays information about the virtual servers defined to IOS SLB.
virtual	Configures the virtual server attributes.

timeout (custom UDP probe)

To set a timeout for custom User Datagram Protocol (UDP) probes, use the timeoutcommand in custom UDP probe configuration mode. To restore the default timeout, use the no form of this command.

timeout seconds

no timeout

Syntax Description

seconds

Time, in seconds, that IOS SLB waits for a response packet from the server after sending a custom UDP probe request packet. Valid range is 1 to 255. The default value is 30 seconds.

Command Default

The default custom UDP probe timeout is 30 seconds.

Command Modes

Custom UDP probe configuration

Command History

Release	Modification
12.2(33)SRB	This command was introduced.

Examples

In the following example the custom UDP probe timeout is set to 20 seconds:

Router(config)# ip slb probe PROBE6 custom udp
Router(config-slb-probe)# timeout 20

Related Commands

Command	Description
ip slb probe custom udp	Configures a custom User Datagram Protocol (UDP) probe name and enters custom UDP probe configuration mode.
show ip slb probe	Displays information about an IOS Server Load Balancing (IOS SLB) probe.

url (WSP probe)

To specify the URL path that a Wireless Session Protocol (WSP) probe is to request from the server, use the urlcommand in WSP probe configuration mode. To restore the default settings, use the no form of this command.

url [path]

no url [path]

Syntax Description

path	(Optional) Path from the server. This argument is case-sensitive.

Command Default

If no URL path is specified, the default is /.

Command Modes

WSP probe configuration (config-slb-probe)

Command History

Release	Modification
12.1(5a)E	This command was introduced.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example configures a ping probe named PROBE3, enters WSP probe configuration mode, and configures the probe to request URL path http://localhost/test.txt:

Router(config)# ip slb probe PROBE3 wsp
Router(config-slb-probe)# url http://localhost/test.txt

Related Commands

Command	Description
ip slb probe wsp	Configures a Wireless Session Protocol (WSP) probe name and enters WSP probe configuration mode.
show ip slb probe	Displays information about an IOS Server Load Balancing (IOS SLB) probe.

username (IOS SLB)

To configure an ASCII regular expression string to be matched against the username attribute for RADIUS load balancing, use the username (IOS SLB)command in SLB RADIUS map configuration mode. To delete the username match string, use the no form of this command.

username string

no username string

Syntax Description

string

ASCII regular expression string to be matched against the username attribute in the RADIUS payload.

For information about regular expressions and how to use them in Cisco IOS software configurations, refer to the Understanding Regular Expressions section of the Using the Cisco IOS Command-Line Interface chapter of the Cisco IOS Configuration Fundamentals Configuration Guide .

Command Default

None

Command Modes

SLB RADIUS map configuration (config-slb-radius-map)

Command History

Release	Modification
12.2(33)SRB	This command was introduced.

Usage Guidelines

For a given IOS SLB RADIUS map, you can configure a single calling-station-id command or a single username (IOS SLB)command, but not both.

Examples

The following example specifies that, for IOS SLB RADIUS map 1, string ...?525* is to be matched against the username attribute in the RADIUS payload:

Router(config)# ip slb map 1 radius
Router(config-slb-radius-map)# username ...?525*

Related Commands

Command	Description
calling-station-id	Configures an ASCII regular expression string to be matched against the calling station ID attribute in the RADIUS payload.
ip slb map	Configures an IOS SLB protocol map and enters SLB map configuration mode.
show ip slb map	Displays information about IOS SLB protocol maps.

virtual

To configure virtual server attributes, use the virtual command in SLB virtual server configuration mode. To remove the attributes, use the no form of this command.

Encapsulation Security Payload (ESP) and Generic Routing Encapsulation (GRE) Protocols

virtual ipv4-address [ ipv4-netmask [group] ] { esp | gre | protocol }

no virtual ipv4-address [ ipv4-netmask [group] ] { esp | gre | protocol }

TCP and User Datagram Protocol (UDP)

virtual ipv4-address [ ipv4-netmask [group] ] [ ipv6 ipv6-address [ prefix ipv6-prefix ] ] { tcp | udp } [ port | any ] [ service service ]

no virtual ipv4-address [ ipv4-netmask [group] ] [ ipv6 ipv6-address [ prefix ipv6-prefix ] ] { tcp | udp } [ port | any ] [ service service ]

Syntax Description

ipv4-address	IPv4 address for this virtual server instance, used by clients to connect to the IPv4 real servers through the IPv4 server farm.
ipv4-netmask	(Optional) IPv4 network mask for transparent web cache load balancing. The default is 0.0.0.0 (all subnets).
group	(Optional) Allows the virtual subnet to be advertised. If you do not specify the group keyword, the virtual subnet cannot be advertised.
esp	Performs load balancing for only Encapsulation Security Payload (ESP) connections.
gre	Performs load balancing for only Generic Routing Encapsulation (GRE) connections.
protocol	Protocol for which load balancing is performed. The valid range is 2 to 127.
ipv6 ipv6-address	(Optional) For dual-stack, IPv6 address for this virtual server instance, used by IPv6 clients to connect to IPv6 real servers through the IPv6 server farm.
prefix ipv6-prefix	(Optional) For dual-stack, IPv6 prefix.
tcp	Performs load balancing for only TCP connections.
udp	Performs load balancing for only User Datagram Protocol (UDP) connections.
port	(Optional) IOS Server Load Balancing (IOS SLB) virtual port (the TCP or UDP port number or port name). If specified, only the connections for the specified port on the server are load-balanced. The ports and the valid name or number for the port argument are as follows: All ports: any 0 Access Service Network (ASN): asn 2231 Connectionless secure Wireless Session Protocol (WSP): wsp-wtls 9202
port (continued)	Connectionless WSP: wsp 9200 Connection-oriented secure WSP: wsp-wtp-wtls 9203 Connection-oriented WSP: wsp-wtp 9201 Domain Name System: dns 53 File Transfer Protocol: ftp 21 General packet radio service (GPRS) tunneling protocol (GTP) v0: gtp 3386 GTP v1 or v2: gtp 2123 HTTP over Secure Socket Layer: https 443 Internet Key Exchange (IKE): isakmp 500 Mapping of airline traffic over IP, Type A: matip-a 350 Network News Transport Protocol: nntp 119 Post Office Protocol v2: pop2 109 Post Office Protocol v3: pop3 110 Simple Mail Transport Protocol: smtp 25 Telnet: telnet 23 X.25 over TCP (XOT): xot 1998 World Wide Web (HTTP): www 80 Specify a port number of 0 to configure an all-port virtual server (that is, a virtual server that accepts flows destined for all ports except GTP ports)
any	(Optional) Performs load balancing on all ports.
service service	(Optional) Couples connections associated with a given service, such as HTTP or Telnet, so all related connections from the same client use the same real server. The following are the valid types of connection coupling: asn --Enables ASN load balancing. ftp --Couples FTP data connections with the control session that created them. gtp --Enables GPRS load balancing without general packet radio service (GPRS) tunneling protocol (GTP) cause code inspection enabled, which allows load-balancing decisions to be made using Layer 5 information. You can balance UDP flows without awareness of GTP by omitting the service gtpkeywords. gtp-inspect --Enables GPRS load balancing with GTP cause code inspection enabled. ipmobile --Enables the Home Agent Director. per-packet --Does not maintain connection objects for packets destined for this virtual server. radius --Enables IOS SLB to build RADIUS session objects for RADIUS load balancing.

Command Default

No default behavior or values.

Command Modes

SLB virtual server configuration (config-slb-vserver)

Command History

Release	Modification
12.0(7)XE	This command was introduced.
12.1(5)T	This command was integrated into Cisco IOS Release 12.1(5)T.
12.2	This command was integrated into Cisco IOS Release 12.2.
12.1(5a)E	The wsp, wsp-wtp, wsp-wtls, and wsp-wtp-wtls keywords were added.
12.1(9)E	The gtp option was added as a new value on the service argument.
12.1(11b)E	The following keywords, arguments, and options were added: The esp, gre, and all keywords The protocol argument The isakmp option on the portargument The per-packet and radius options on the serviceargument The wsp, wsp-wtp, wsp-wtls, and wsp-wtp-wtls keywords were changed to options for the portargument.
12.1(12c)E	The group keyword was added.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.1(13)E3	The gtp-inspect option was added as a new value on the service argument.
12.2(14)ZA2	The ipmobile option was added as a new value on the service argument.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SRC	The asnoption was added on the serviceargument.
15.0(1)S	The ipv6 ipv6-address and prefix ipv6-prefix options were added.

Usage Guidelines

The no virtual command is allowed only if the virtual server was removed from service by the no inservice command.

For some applications, it is not feasible to configure all the virtual server TCP or UDP port numbers for IOS SLB. To support such applications, you can configure IOS SLB virtual servers to accept flows destined for all ports. To configure an all-port virtual server, specify a port number of 0 or any.

Note

In general, you should use port-bound virtual servers instead of all-port virtual servers. When you use all-port virtual servers, flows can be passed to servers for which no application port exists. When servers reject these flows, IOS SLB might fail the server and remove it from load balancing.

Specifying port 9201 for connection-oriented WSP mode also activates the Wireless Application Protocol (WAP) finite state machine (FSM), which monitors WSP and drives the session FSM accordingly.

In RADIUS load balancing, IOS SLB maintains session objects in a database to ensure that re-sent RADIUS requests are load-balanced to the same real server.

IOS SLB supports general packet radio service (GPRS) Tunneling Protocol (GTP) v0, v1, and v2 real servers. A GTP v0 or v1 real server cannot manage GTP v2 requests. Therefore, you must configure separate virtual servers for GTPv2 real servers and for GTP v0 or v1 real servers.

IOS SLB supports dual-stack addresses for GTP load balancing only. To support dual-stack addresses:

You must configure the virtual server as a dual-stack virtual server, with the virtual IPv4 and IPv6 addresses and the optional IPv6 prefix, using this command.
You must associate an IPv6 server farm with the dual-stack virtual server.

Examples

The following example specifies that the virtual server with the IPv4 address 10.0.0.1 performs load balancing for TCP connections for the port named www. The virtual server processes HTTP requests.

Router(config)# ip slb vserver PUBLIC_HTTP
Router(config-slb-vserver)# virtual 10.0.0.1 tcp www

The following example specifies that the virtual server with the IPv4 address 10.0.0.13 performs load balancing for UDP connections for all ports. The virtual server processes HTTP requests.

Router(config)# ip slb vserver PUBLIC_HTTP
Router(config-slb-vserver)# virtual 10.0.0.13 udp 0

Related Commands

Command	Description
ip slb vserver	Identifies a virtual server.
show ip slb vservers	Displays information about the virtual servers defined to IOS Server Load Balancing (IOS SLB).

weight (firewall farm real server)

To specify a real server’s capacity, relative to other real servers in the firewall farm, use the weight command in firewall farm real server configuration mode. To restore the default weight value, use the no form of this command.

weight setting

no weight

Syntax Description

setting

Weight setting to use for the real server predictor algorithm. Valid settings range from 1 to 255. The default weight setting is 8.

Command Default

The default setting to use for the real server predictor algorithm is 8.

Command Modes

Firewall farm real server configuration (config-slb-fw-real)

Command History

Release	Modification
12.1(3a)E	This command was introduced.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following example specifies the relative weights of three real servers as 16, 8 (by default), and 24, respectively:

Router(config)# ip slb firewallfarm FIRE1
Router(config-slb-fw)# real 10.10.1.1
Router(config-slb-fw-real)# weight 16
Router(config-slb-fw-real)# inservice
Router(config-slb-fw-real)# exit
Router(config-slb-fw)# real 10.10.1.2
Router(config-slb-fw-real)# inservice
Router(config-slb-fw-real)# exit
Router(config-slb-fw)# real 10.10.1.3
Router(config-slb-fw-real)# weight 24

Related Commands

Command	Description
real (server farm)	Identifies a real server by IP address and optional port number as a member of a server farm and enters real server configuration mode.
show ip slb firewallfarm	Displays information about the firewall farm configuration.
show ip slb reals	Displays information about the real servers.

weight (real server)

To specify a real server’s capacity, relative to other real servers in the server farm, use the weight command in SLB real server configuration mode. To restore the default weight value, use the no form of this command.

weight setting

no weight

Syntax Description

setting

Weight setting to use for the real server predictor algorithm. Valid settings range from 1 to 255. The default weight setting is 8.

Command Default

The default setting to use for the real server predictor algorithm is 8.

Command Modes

SLB real server configuration (config-slb-sfarm)

Command History

Release	Modification
12.0(7)XE	This command was introduced.
12.1(5)T	This command was integrated into Cisco IOS Release 12.1(5)T.
12.2	This command was integrated into Cisco IOS Release 12.2.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(18)SXE	This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

The static weights you define using this command are overridden by the weights calculated by Dynamic Feedback Protocol (DFP). If DFP is removed from the network, IOS Server Load Balancing (IOS SLB) reverts to these static weights.

Examples

The following example specifies the relative weights of three real servers as 16, 8 (by default), and 24, respectively:

Router(config)# ip slb serverfarm PUBLIC
!-----First real server
Router(config-slb-sfarm)# real 10.10.1.1
!-----Assigned weight of 16
Router(config-slb-real)# weight 16
!-----Enabled
Router(config-slb-real)# inservice
Router(config-slb-real)# exit
!-----Second real server
Router(config-slb-sfarm)# real 10.10.1.2
!-----Enabled with default weight
Router(config-slb-real)# inservice
Router(config-slb-real)# exit
!-----Third real server
Router(config-slb-sfarm)# real 10.10.1.3
!-----Assigned weight of 24, not enabled
Router(config-slb-real)# weight 24

Related Commands

Command	Description
real (server farm)	Identifies a real server by IP address and optional port number as a member of a server farm and enters real server configuration mode.
show ip slb reals	Displays information about the real servers.
show ip slb serverfarms	Displays information about the server farm configuration.

Bias-Free Language

Results

Chapter: L through W

L through W

lookup

Syntax Description

Command Default

Command Modes

Command History

Examples

Related Commands

manager (DFP agent)

maxclients

Syntax Description

Command Default

Command Modes

Command History

Examples

Related Commands

maxconns (firewall farm datagram protocol)

Syntax Description

Command Default

Command Modes

Command History

Examples

Related Commands

maxconns (firewall farm TCP protocol)

Syntax Description

Command Default

Command Modes

Command History

Examples

Related Commands

maxconns (server farm)

Syntax Description

Command Default

Command Modes

Command History

Examples

Related Commands

mls aging slb normal

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

Examples

Related Commands

mls aging slb process

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

Examples

Related Commands

mls ip slb purge global

Syntax Description

Command Default

Command Modes

Command History

Examples

mls ip slb search wildcard

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

Examples

Related Commands

nat

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

Examples

Related Commands

password (DFP agent)