ACE 4710 load balancing configuration problem

Unanswered Question
Apr 7th, 2008
User Badges:

I configured ACE4710 as follow.


ACE4710-LAB/Admin#

interface gigabitEthernet 1/1

description Management Interface

switchport trunk allowed vlan 77

no shutdown

interface gigabitEthernet 1/2

description Server (Production) VLAN

switchport access vlan 5

no shutdown

interface gigabitEthernet 1/3

description Client VLAN

switchport access vlan 22

no shutdown

interface gigabitEthernet 1/4

shutdown


resource-class Nautilus

limit-resource all minimum 0.00 maximum unlimited

limit-resource sticky minimum 50.00 maximum equal-to-min


boot system image:c4710ace-mz.A1_7b.bin

hostname ACE4710-LAB

clock timezone standard EST



access-list ALL line 8 extended permit ip any any



probe tcp RDP

description Remote Desktop Health Check

port 3389

interval 5

faildetect 2

passdetect count 2

probe http Web-Services

description HTTP Health Check

interval 5

faildetect 2

passdetect count 2

request method get url /index.html

expect status 200 200



rserver host TSLAB1

description Terminal Server Lab 1

ip address 192.168.5.2

inservice

rserver host TSLAB2

description Terminal Server Lab 2

ip address 192.168.5.3

inservice

rserver host WSLAB1

description Web Server Lab 1

ip address 192.168.5.4

inservice

rserver host WSLAB2

description Web Server Lab 2

ip address 192.168.5.5

inservice


serverfarm host TSFARM1

description Terminal Servers

rserver TSLAB1 3389

inservice

rserver TSLAB2 3389

inservice

serverfarm host WSFARM1

description Web Servers

probe Web-Services

rserver WSLAB1 80

inservice

rserver WSLAB2 80

inservice


class-map match-all L4_TS_VIP_ADDRESS_CLASS

2 match virtual-address 192.168.22.26 tcp eq 3389

class-map match-all L4_VIP_ADDRESS_CLASS

2 match virtual-address 192.168.22.25 tcp eq www

class-map type management match-any remote_access

description Remote access traffic match

2 match protocol xml-https any

4 match protocol icmp any

5 match protocol telnet any

6 match protocol ssh any

7 match protocol http any

8 match protocol https any

9 match protocol snmp any


policy-map type management first-match remote_mgmt_allow_policy

class remote_access

permit

policy-map type loadbalance first-match L7_VIP_LB_ORDER_POLICY

class class-default

serverfarm WSFARM1

policy-map type loadbalance first-match L7_VIP_TSLB_ORDER_POLICY

class class-default

serverfarm TSFARM1

policy-map multi-match L4_LB_VIP_POLICY

class L4_VIP_ADDRESS_CLASS

loadbalance vip inservice

loadbalance policy L7_VIP_LB_ORDER_POLICY

policy-map multi-match L4_TSLB_VIP_POLICY

class L4_TS_VIP_ADDRESS_CLASS

loadbalance vip inservice

loadbalance policy L7_VIP_TSLB_ORDER_POLICY

policy-map multi-match RDP-policies

class L4_TS_VIP_ADDRESS_CLASS

loadbalance vip inservice

loadbalance policy L7_VIP_TSLB_ORDER_POLICY

loadbalance vip icmp-reply

policy-map multi-match SLB-policies

class L4_VIP_ADDRESS_CLASS

loadbalance vip inservice

loadbalance policy L7_VIP_LB_ORDER_POLICY

loadbalance vip icmp-reply


interface vlan 5

description Server-side Interface

ip address 192.168.5.88 255.255.255.0

no shutdown

interface vlan 22

description Client-side Interface

ip address 192.168.22.15 255.255.255.0

access-group input ALL

service-policy input L4_LB_VIP_POLICY

service-policy input L4_TSLB_VIP_POLICY

no shutdown

interface vlan 77

description Management Interface

ip address 192.168.77.2 255.255.255.0

access-group input ALL

service-policy input remote_mgmt_allow_policy

no shutdown


ip route 0.0.0.0 0.0.0.0 192.168.22.1


context Nautilus

allocate-interface vlan 5

allocate-interface vlan 22

member Nautilus



From client VLAN (other than VLAN 22), I am unable to get to VIP address 192.168.22.25 and 192.168.22.26. These two VIP addresses are used to load balance two services. Can someone advise if I need to modify configuration on ACE 4710 to make this work. Thank you.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion