Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1155
Views
0
Helpful
4
Replies

ACE - VIP ping issue

deephazz02
Level 1
Level 1

‎02-15-2008 04:03 AM

Hello,

for some reason I cannot ping the VIP I configured on one ACE context.

Here is a sample of the config:

class-map match-any L4_kitrik

2 match virtual-address 10.0.0.1 any

class-map type http loadbalance match-any L7_kitrik_URL

2 match http url .*

class-map type management match-any REMOTE_ACCESS

2 match protocol ssh any

3 match protocol icmp any

policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY

class REMOTE_ACCESS

permit

policy-map type loadbalance first-match L7_kitrik_LBPolicy

class L7_kitrik_URL

policy-map multi-match L4_kitrik_LBPolicy

class L4_kitrik

loadbalance vip inservice

loadbalance policy L7_kitrik_LBPolicy

loadbalance vip icmp-reply active

loadbalance vip advertise active

interface vlan 100

ip address 10.0.0.1 255.255.255.0

no normalization

no icmp-guard

access-group input ALL

access-group output ALL

service-policy input REMOTE_MGMT_ALLOW_POLICY

service-policy input L4_kitrik_LBPolicy

no shutdown

I am coming from VLAN 100.

I can ping 10.0.0.1 from different devices but not 172.16.255.1. I know connectivity is ok since I am able to telnet 172.16.255.1 into port 80... ping still does not work.

Any idea?

Regards.

Labels:
0 Helpful
4 Replies 4

Gilles Dufour
Cisco Employee
Cisco Employee

‎02-18-2008 01:06 AM

change your class-map into :

class-map match-any L4_kitrik

2 match virtual-address 10.0.0.1 tcp any

or

class-map match-any L4_kitrik

2 match virtual-address 10.0.0.1 tcp eq 80

Right now I believe your icmp traffic is interpreted as http due to your policy and therefore it fails.

Gilles.

0 Helpful

deephazz02
Level 1
Level 1
In response to Gilles Dufour

‎02-18-2008 02:19 AM

Hello,

I just tried it but no luck.

I check this configuration against some other contexts configured for http loadbalancing and the other configurations were just the same.

I need to check the servers now to see wether they reply icmp packets or not.

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to deephazz02

‎02-18-2008 02:47 AM

if you have the class-map I configured, the icmp traffic will not be forwarded to the servers.

The ace module will respond.

Share your complete config if you want me to have a look.

Also check if the ping gets to the ace module with a sniffer trace in front of the module.

You can 'monitor' the tengig interface of the module to capture a trace.

you can send me the config to gdufour@cisco.com if you want to keep it private.

Gilles.

0 Helpful

rmathiyalagan
Level 1
Level 1
In response to Gilles Dufour

‎02-20-2008 02:37 PM

ICMP replies comes from the servers configured for the vip address. Check the icmp connection status to the servers and if probes configured, check them too..

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents