ACE VIPs not advertising or visible

Unanswered Question
May 22nd, 2008

Hi,

The VIPs on my ACE configuration are not advertising themselves. They don't show up in the ARP table in the upstream router/firewall.

The VIPs are configured to be "Inservice". I have probes that are successful. I can access the real servers behind the ACE successfully via pings, ssh, http, etc.

Here's part of my config:

policy-map multi-match int204-n2

class SMTP_Inbound_LB

loadbalance vip inservice

loadbalance policy SMTP_Inbound_LB-l7slb

loadbalance vip icmp-reply active

Is there anything else I need to add? The VIPs aren't responding to pings. The VIPs aren't showing up in the arp table of the upstream router/firewall.

I know there used to be a "loadbalance vip advertise" command, but that command is no longer valid or available.

I am running code version A1.8(0) on the ACE 4710 appliance.

I have this ACE also configured as a bridge. Is there something special I need to add to make the VIPs advertise themselves, respond to pings, etc.?

Any help would be appreciated.

Thank you.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Syed Iftekhar Ahmed Thu, 05/22/2008 - 06:58

"loadbalance vip advertise" is for Route health injection, which is not supported on ACE appliance.

Have you applied acls to the client vlan interfaces.

Syed

hermanaccd Thu, 05/22/2008 - 07:03

Hi Syed,

Thanks for your response.

There are no ACLs on the client VLAN interfaces.

There is a global ACL on the entire ACE, permitting all ICMP, TCP, UDP, and IP traffic.

I can access all real servers behind the ACE in bridged mode, so there is no restriction in traffic flow. I just can't ping the VIPs and the VIPs don't show up in the arp table of the upstream router/firewall/default-gateway.

Is there another way to advertise the VIPs or refresh them into "inservice"?

Thank you,

Herman

Gilles Dufour Thu, 05/22/2008 - 07:40

Is the policy assigned to an interface ?

Does it show inservice with the following command ?

show service policy int204-n2

Do you have other vip working ?

Is the vip part of your local subnet ?

Can you ping the local interface ?

Does the ace have an arp entry for the upstream ?

Gilles.

hermanaccd Thu, 05/22/2008 - 07:48

Hi Gilles,

Yes, the policy is assigned to both VLAN interfaces of the bridge-group.

Yes, all VIPs show INSERVICE when I run the command "show service-policy int204-n2"

None of the VIPs are responding to pings or showing up in arp table of the upstream router/firewall.

The VIPs are part of the local subnet. I can't ping the local interface (BVI interface) of the bridge-group from the upstream firewall/router.

Yes, the ACE has an arp entry for the upstream router/firewall. The upstream firewall is also the ACE's default-gateway for this context.

Thanks,

Herman

tonybourke Sun, 05/25/2008 - 09:27

Hi Herman,

Here's a checklist I use if I'm running into problems:

1: ACL, make sure an inbound ACL is on the client-side interface.

2: Service policy containing the multimatch policy is applied only on the client side interface.

3: Make sure the probes see the servers as up

4: Telnet from the ACE to the servers to make sure there's connectivity

Hope that helps

When I encountered this issue, it got fixed with two separate ways. One is that the interface I applied the policies on were originally shutdown. Once I activated it, the ARP entries started showing. The other time this happened to me, I did activated the interface but it still didn't show. What fixed it was a reload of the ACE module to manually have the ACE re-arp. Clearing the arp by CLI wasn't working so I scheduled an off-hours reload.

lloyd_andrew Tue, 12/09/2008 - 15:05

All,

As of this writing (12/9/2008), can anyone confirm whether or not RHI is supported on the ACE appliance today??

Thanks!

-Lloyd

andrew.burns Mon, 12/15/2008 - 01:49

Hi,

It's not supported on the current release of ACE Appliance software (A3(2.1) released 21-Nov-2008)

HTH

Andrew.

ciscoswf Fri, 04/10/2009 - 02:31

Looks like RHI is still not supported on ACE appliance..?? If you are trying to achive site to site redundancy without the use of GSSs.. what would be the preferred method??

Thanks

Actions

This Discussion