ACE class-map match operation

Unanswered Question
Nov 17th, 2008
User Badges:


Below the base configuration which worked properly. The stressed tcp port connections were forwarded to server B while

any other connections were forwarded to server A by ACE.

rserver A

rserver B

Serverfarm A

rserver A

Serverfarm B

rserver B

class-map A

2 match virtual-address any

class-map B

2 match virtual-address tcp eq 80

3 match virtual-address tcp eq 81

4 match virtual-address tcp eq 82

5 match virtual-address tcp eq 83

6 match virtual-address tcp eq 84



16 match virtual-address tcp eq 94

policy-map load-balance A

serverfarm A

policy-map load-balance B

serverfarm B

policy-map multi-match

class B

load-balance policy B

class A

load-balance policy A


After below modification the tcp port 101 connections were forwarded to server A although

it must be forwarded to Server B.

class-map B

17 match virtual-address tcp eq 100

18 match virtual-address tcp eq 101

I had to clear the multi-match policy and rebuild again for correct operation.

Because we will have to do same configurations ( expanding the class-map B with TCP ports ) in the config on the future i would like to know what would be happened in the ACE.

Thank in advance!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
KAROLY KOHEGYI Mon, 11/17/2008 - 08:06
User Badges:



loader: Version 12.2[120]

system: Version A2(1.1) [build 3.0(0)A2(1.1) adbuild_00:25:02-2008/06/05_/auto/adbu-rel3/rel_a2_1_1_throttle/REL_3_0_0_A2_1_1]

system image file: [LCP] disk0:c6ace-t1k9-mz.A2_1_1.bin

installed license: no feature license is installed

KAROLY KOHEGYI Mon, 11/24/2008 - 06:15
User Badges:


the above mentioned situation apeared again.

now the rebuild does not help.

the class map

class-map match-any SZERBSMS

2 match virtual-address tcp eq 5700

3 match virtual-address tcp eq 5660

policy-map type loadbalance first-match SZERB-SMS

class class-default

serverfarm SZERBSMS

rserver host SZERBSMS

ip address


show conn output

Lajos-ACE/Admin# show conn | i 5660

2695 1 in TCP 73 ESTAB

5460 1 out TCP 91 ESTAB

Lajos-ACE/Admin# show conn | i 5700

3003 2 in TCP 73 ESTAB

1901 2 out TCP 94 ESTAB

there is not any other rule which uses the tcp 5700 port and no other VIP setting for and any.

in spite of above every incoming connections to tcp 5700 are forwarded by ACE to wrong rserver.

very urgent!



This Discussion