VIPs not responding to pings or HTTP

Answered Question
Feb 5th, 2009
User Badges:

Hello Lads,

I've viewed all the previous conversations and tried all the suggestions but this has me fooled.

I can ping, telnet, HTTP, RDP to the web-server directly but not via the VIP.

I can ping the vlan interface and alias. The ACE 4710 says the VIP state is INSERVICE.

I can find no ARP entries referring to the VIP in either the ACE or switch.

I've rebooted a number of times in case of a previously mentioned bug, but to no avail.

Any help?


access-list PERMIT-TRAFFIC line 8 extended permit ip any any


probe tcp HTTP

interval 15

passdetect interval 60

open 1


rserver host RIP1

ip address 10.50.71.151

inservice


serverfarm host SF

probe HTTP

rserver RIP1

inservice


class-map match-any CM

2 match virtual-address 10.50.71.28 255.255.255.128 tcp eq www

3 match virtual-address 10.50.71.28 255.255.255.128 tcp eq https


policy-map type loadbalance first-match LB-PM

class class-default

serverfarm SF


policy-map multi-match PM

class CM

loadbalance vip inservice

loadbalance policy LB-PM

loadbalance vip icmp-reply


interface vlan 71

ip address 10.50.71.124 255.255.255.128

alias 10.50.71.126 255.255.255.128

peer ip address 10.50.71.125 255.255.255.128

access-group input PERMIT-TRAFFIC

service-policy input PM

service-policy input L4_REMOTE-ACCESS_MATCH

no shutdown

interface vlan 75

ip address 10.50.71.252 255.255.255.128

alias 10.50.71.254 255.255.255.128

peer ip address 10.50.71.253 255.255.255.128

access-group input PERMIT-TRAFFIC

no shutdown


ip route 0.0.0.0 0.0.0.0 10.50.71.1


Cheers

David

Correct Answer by Gilles Dufour about 8 years 4 months ago

the vlan could have been associated with the context in the Admin context.

So, it will show even if not configured in this context.


Get us a 'show tech' from both Admin context and your context "Context".


Did you allocate enough mgmt connection ?

Try to set the minimum for all resources to 10%.


Gilles.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Gilles Dufour Fri, 02/06/2009 - 02:59
User Badges:
  • Cisco Employee,

Upgrade to A3(2.1) and see if that makes a difference.


You should see an arp entry for the vip in the ace itself.


G.

dlongworth Sun, 02/08/2009 - 15:20
User Badges:

Sorry. Neglected to mention; that is the code it's running.

dlongworth Sun, 02/08/2009 - 15:54
User Badges:

I've also reverted back to Version A1(8.0a) but still no arp entries.

dlongworth Sun, 02/08/2009 - 17:07
User Badges:

Also,

the show service-policy command shows Vlan 1 as well as vlan 71 but vlan 1 is not configured. What is that?


ACE/Context# sh service-policy


Policy-map : TEST-PM

Status : ACTIVE

-----------------------------------------

Interface: vlan 1 71

service-policy: TEST-PM

class: CM

loadbalance:

L7 loadbalance policy: LB-PM

VIP ICMP Reply : ENABLED

VIP State: INSERVICE

curr conns : 0 , hit count : 0

dropped conns : 0

client pkt count : 0 , client byte count: 0

server pkt count : 0 , server byte count: 0

conn-rate-limit : 0 , drop-count : 0

bandwidth-rate-limit : 0 , drop-count : 0

compression:

bytes_in : 0

bytes_out : 0

Parameter-map(s):

HTTP-PERSISTENCE

Correct Answer
Gilles Dufour Sun, 02/08/2009 - 23:10
User Badges:
  • Cisco Employee,

the vlan could have been associated with the context in the Admin context.

So, it will show even if not configured in this context.


Get us a 'show tech' from both Admin context and your context "Context".


Did you allocate enough mgmt connection ?

Try to set the minimum for all resources to 10%.


Gilles.

dlongworth Mon, 02/09/2009 - 15:03
User Badges:

I forward the show-tech Gilles, can I have your email address pls?

I've allocated resources but this is still on a test-bench. It's not processing anything much.

dlongworth Mon, 02/09/2009 - 17:42
User Badges:

Issue resolved.

The class-map config:

match virtual-address 10.50.71.28 255.255.255.128 tcp eq www


I thought the mask was required as a subnet mask for the VIP. Didn't realise I accidentally setup a match-class for a subnet not a host.

Removed mask and everything good.

Actions

This Discussion