VIPs not responding to pings or HTTP

Answered Question
Feb 5th, 2009

Hello Lads,

I've viewed all the previous conversations and tried all the suggestions but this has me fooled.

I can ping, telnet, HTTP, RDP to the web-server directly but not via the VIP.

I can ping the vlan interface and alias. The ACE 4710 says the VIP state is INSERVICE.

I can find no ARP entries referring to the VIP in either the ACE or switch.

I've rebooted a number of times in case of a previously mentioned bug, but to no avail.

Any help?

access-list PERMIT-TRAFFIC line 8 extended permit ip any any

probe tcp HTTP

interval 15

passdetect interval 60

open 1

rserver host RIP1

ip address 10.50.71.151

inservice

serverfarm host SF

probe HTTP

rserver RIP1

inservice

class-map match-any CM

2 match virtual-address 10.50.71.28 255.255.255.128 tcp eq www

3 match virtual-address 10.50.71.28 255.255.255.128 tcp eq https

policy-map type loadbalance first-match LB-PM

class class-default

serverfarm SF

policy-map multi-match PM

class CM

loadbalance vip inservice

loadbalance policy LB-PM

loadbalance vip icmp-reply

interface vlan 71

ip address 10.50.71.124 255.255.255.128

alias 10.50.71.126 255.255.255.128

peer ip address 10.50.71.125 255.255.255.128

access-group input PERMIT-TRAFFIC

service-policy input PM

service-policy input L4_REMOTE-ACCESS_MATCH

no shutdown

interface vlan 75

ip address 10.50.71.252 255.255.255.128

alias 10.50.71.254 255.255.255.128

peer ip address 10.50.71.253 255.255.255.128

access-group input PERMIT-TRAFFIC

no shutdown

ip route 0.0.0.0 0.0.0.0 10.50.71.1

Cheers

David

I have this problem too.
0 votes
Correct Answer by Gilles Dufour about 7 years 11 months ago

the vlan could have been associated with the context in the Admin context.

So, it will show even if not configured in this context.

Get us a 'show tech' from both Admin context and your context "Context".

Did you allocate enough mgmt connection ?

Try to set the minimum for all resources to 10%.

Gilles.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Gilles Dufour Fri, 02/06/2009 - 02:59

Upgrade to A3(2.1) and see if that makes a difference.

You should see an arp entry for the vip in the ace itself.

G.

dlongworth Sun, 02/08/2009 - 15:54

I've also reverted back to Version A1(8.0a) but still no arp entries.

dlongworth Sun, 02/08/2009 - 17:07

Also,

the show service-policy command shows Vlan 1 as well as vlan 71 but vlan 1 is not configured. What is that?

ACE/Context# sh service-policy

Policy-map : TEST-PM

Status : ACTIVE

-----------------------------------------

Interface: vlan 1 71

service-policy: TEST-PM

class: CM

loadbalance:

L7 loadbalance policy: LB-PM

VIP ICMP Reply : ENABLED

VIP State: INSERVICE

curr conns : 0 , hit count : 0

dropped conns : 0

client pkt count : 0 , client byte count: 0

server pkt count : 0 , server byte count: 0

conn-rate-limit : 0 , drop-count : 0

bandwidth-rate-limit : 0 , drop-count : 0

compression:

bytes_in : 0

bytes_out : 0

Parameter-map(s):

HTTP-PERSISTENCE

Correct Answer
Gilles Dufour Sun, 02/08/2009 - 23:10

the vlan could have been associated with the context in the Admin context.

So, it will show even if not configured in this context.

Get us a 'show tech' from both Admin context and your context "Context".

Did you allocate enough mgmt connection ?

Try to set the minimum for all resources to 10%.

Gilles.

dlongworth Mon, 02/09/2009 - 15:03

I forward the show-tech Gilles, can I have your email address pls?

I've allocated resources but this is still on a test-bench. It's not processing anything much.

dlongworth Mon, 02/09/2009 - 17:42

Issue resolved.

The class-map config:

match virtual-address 10.50.71.28 255.255.255.128 tcp eq www

I thought the mask was required as a subnet mask for the VIP. Didn't realise I accidentally setup a match-class for a subnet not a host.

Removed mask and everything good.

Actions

This Discussion