02-05-2009 09:04 PM
Hello Lads,
I've viewed all the previous conversations and tried all the suggestions but this has me fooled.
I can ping, telnet, HTTP, RDP to the web-server directly but not via the VIP.
I can ping the vlan interface and alias. The ACE 4710 says the VIP state is INSERVICE.
I can find no ARP entries referring to the VIP in either the ACE or switch.
I've rebooted a number of times in case of a previously mentioned bug, but to no avail.
Any help?
access-list PERMIT-TRAFFIC line 8 extended permit ip any any
probe tcp HTTP
interval 15
passdetect interval 60
open 1
rserver host RIP1
ip address 10.50.71.151
inservice
serverfarm host SF
probe HTTP
rserver RIP1
inservice
class-map match-any CM
2 match virtual-address 10.50.71.28 255.255.255.128 tcp eq www
3 match virtual-address 10.50.71.28 255.255.255.128 tcp eq https
policy-map type loadbalance first-match LB-PM
class class-default
serverfarm SF
policy-map multi-match PM
class CM
loadbalance vip inservice
loadbalance policy LB-PM
loadbalance vip icmp-reply
interface vlan 71
ip address 10.50.71.124 255.255.255.128
alias 10.50.71.126 255.255.255.128
peer ip address 10.50.71.125 255.255.255.128
access-group input PERMIT-TRAFFIC
service-policy input PM
service-policy input L4_REMOTE-ACCESS_MATCH
no shutdown
interface vlan 75
ip address 10.50.71.252 255.255.255.128
alias 10.50.71.254 255.255.255.128
peer ip address 10.50.71.253 255.255.255.128
access-group input PERMIT-TRAFFIC
no shutdown
ip route 0.0.0.0 0.0.0.0 10.50.71.1
Cheers
David
Solved! Go to Solution.
02-08-2009 11:10 PM
the vlan could have been associated with the context in the Admin context.
So, it will show even if not configured in this context.
Get us a 'show tech' from both Admin context and your context "Context".
Did you allocate enough mgmt connection ?
Try to set the minimum for all resources to 10%.
Gilles.
02-06-2009 02:59 AM
Upgrade to A3(2.1) and see if that makes a difference.
You should see an arp entry for the vip in the ace itself.
G.
02-08-2009 03:20 PM
Sorry. Neglected to mention; that is the code it's running.
02-08-2009 03:54 PM
I've also reverted back to Version A1(8.0a) but still no arp entries.
02-08-2009 05:07 PM
Also,
the show service-policy command shows Vlan 1 as well as vlan 71 but vlan 1 is not configured. What is that?
ACE/Context# sh service-policy
Policy-map : TEST-PM
Status : ACTIVE
-----------------------------------------
Interface: vlan 1 71
service-policy: TEST-PM
class: CM
loadbalance:
L7 loadbalance policy: LB-PM
VIP ICMP Reply : ENABLED
VIP State: INSERVICE
curr conns : 0 , hit count : 0
dropped conns : 0
client pkt count : 0 , client byte count: 0
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
compression:
bytes_in : 0
bytes_out : 0
Parameter-map(s):
HTTP-PERSISTENCE
02-08-2009 11:10 PM
the vlan could have been associated with the context in the Admin context.
So, it will show even if not configured in this context.
Get us a 'show tech' from both Admin context and your context "Context".
Did you allocate enough mgmt connection ?
Try to set the minimum for all resources to 10%.
Gilles.
02-09-2009 03:03 PM
I forward the show-tech Gilles, can I have your email address pls?
I've allocated resources but this is still on a test-bench. It's not processing anything much.
02-09-2009 05:42 PM
Issue resolved.
The class-map config:
match virtual-address 10.50.71.28 255.255.255.128 tcp eq www
I thought the mask was required as a subnet mask for the VIP. Didn't realise I accidentally setup a match-class for a subnet not a host.
Removed mask and everything good.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide