Solved: VIPs not responding to pings or HTTP

dlongworth · ‎02-05-2009

Hello Lads,

I've viewed all the previous conversations and tried all the suggestions but this has me fooled.

I can ping, telnet, HTTP, RDP to the web-server directly but not via the VIP.

I can ping the vlan interface and alias. The ACE 4710 says the VIP state is INSERVICE.

I can find no ARP entries referring to the VIP in either the ACE or switch.

I've rebooted a number of times in case of a previously mentioned bug, but to no avail.

Any help?

access-list PERMIT-TRAFFIC line 8 extended permit ip any any

probe tcp HTTP

interval 15

passdetect interval 60

open 1

rserver host RIP1

ip address 10.50.71.151

inservice

serverfarm host SF

probe HTTP

rserver RIP1

inservice

class-map match-any CM

2 match virtual-address 10.50.71.28 255.255.255.128 tcp eq www

3 match virtual-address 10.50.71.28 255.255.255.128 tcp eq https

policy-map type loadbalance first-match LB-PM

class class-default

serverfarm SF

policy-map multi-match PM

class CM

loadbalance vip inservice

loadbalance policy LB-PM

loadbalance vip icmp-reply

interface vlan 71

ip address 10.50.71.124 255.255.255.128

alias 10.50.71.126 255.255.255.128

peer ip address 10.50.71.125 255.255.255.128

access-group input PERMIT-TRAFFIC

service-policy input PM

service-policy input L4_REMOTE-ACCESS_MATCH

no shutdown

interface vlan 75

ip address 10.50.71.252 255.255.255.128

alias 10.50.71.254 255.255.255.128

peer ip address 10.50.71.253 255.255.255.128

access-group input PERMIT-TRAFFIC

no shutdown

ip route 0.0.0.0 0.0.0.0 10.50.71.1

Cheers

David

Gilles Dufour · ‎02-08-2009

the vlan could have been associated with the context in the Admin context.

So, it will show even if not configured in this context.

Get us a 'show tech' from both Admin context and your context "Context".

Did you allocate enough mgmt connection ?

Try to set the minimum for all resources to 10%.

Gilles.

View solution in original post

Gilles Dufour · ‎02-06-2009

Upgrade to A3(2.1) and see if that makes a difference.

You should see an arp entry for the vip in the ace itself.

G.

dlongworth · ‎02-08-2009

Sorry. Neglected to mention; that is the code it's running.

dlongworth · ‎02-08-2009

I've also reverted back to Version A1(8.0a) but still no arp entries.

dlongworth · ‎02-08-2009

Also,

the show service-policy command shows Vlan 1 as well as vlan 71 but vlan 1 is not configured. What is that?

ACE/Context# sh service-policy

Policy-map : TEST-PM

Status : ACTIVE

-----------------------------------------

Interface: vlan 1 71

service-policy: TEST-PM

class: CM

loadbalance:

L7 loadbalance policy: LB-PM

VIP ICMP Reply : ENABLED

VIP State: INSERVICE

curr conns : 0 , hit count : 0

dropped conns : 0

client pkt count : 0 , client byte count: 0

server pkt count : 0 , server byte count: 0

conn-rate-limit : 0 , drop-count : 0

bandwidth-rate-limit : 0 , drop-count : 0

compression:

bytes_in : 0

bytes_out : 0

Parameter-map(s):

HTTP-PERSISTENCE

Gilles Dufour · ‎02-08-2009

the vlan could have been associated with the context in the Admin context.

So, it will show even if not configured in this context.

Get us a 'show tech' from both Admin context and your context "Context".

Did you allocate enough mgmt connection ?

Try to set the minimum for all resources to 10%.

Gilles.

dlongworth · ‎02-09-2009

I forward the show-tech Gilles, can I have your email address pls?

I've allocated resources but this is still on a test-bench. It's not processing anything much.

dlongworth · ‎02-09-2009

Issue resolved.

The class-map config:

match virtual-address 10.50.71.28 255.255.255.128 tcp eq www

I thought the mask was required as a subnet mask for the VIP. Didn't realise I accidentally setup a match-class for a subnet not a host.

Removed mask and everything good.