Problem for take control HTTP in ACE

Unanswered Question
Feb 22nd, 2009

Hello,


I have a problem, when I disconnect the Server with IP 10.24.8.200 or the server with IP 10.24.8.201 the other server that is alive take 50 seconds in take the control of HTTP service, but the icmp of 10.24.16.10 always is active.


what are I do wrong?


how can i have 10 seconds for take the control of HTTP?


Configuration


ACE-MOD6/integracion1# sh runn

Generating configuration....




access-list anyone line 8 extended permit ip any any



probe http get-index

interval 5

faildetect 5

passdetect interval 10

expect status 200 200


rserver host Srv1

ip address 10.24.8.200

probe get-index

inservice

rserver host Srv2

ip address 10.24.8.201

probe get-index

inservice


serverfarm host servers

rserver Srv1

inservice

rserver Srv2

inservice


class-map type management match-any ADM-CONTEX-SERV1

2 match protocol telnet any

3 match protocol ssh any

4 match protocol icmp any

class-map type http loadbalance match-all Check-Headers

2 match http url .*

3 match http header Host header-value "10.24.16.*"

4 match http header User-Agent header-value ".*MSIE.*"

class-map match-all VIP-10-HTTP

2 match virtual-address 10.24.16.10 tcp eq www

class-map type http loadbalance match-all other-HTTP

2 match http url .*


policy-map type management first-match ADM-CTX-SERV1

class ADM-CONTEX-SERV1

permit

policy-map type loadbalance first-match L7-logic

class Check-Headers

serverfarm servers

class other-HTTP

serverfarm servers

policy-map type loadbalance first-match lb-logic

class class-default

serverfarm servers

policy-map multi-match client-vips

class VIP-10-HTTP

loadbalance vip inservice

loadbalance policy L7-logic

loadbalance vip icmp-reply active


interface vlan 60

description inside

ip address 10.24.8.5 255.255.255.0

access-group input anyone

access-group output anyone

service-policy input ADM-CTX-SERV1

no shutdown

interface vlan 233

description outside

ip address 10.24.16.5 255.255.255.0

access-group input anyone

access-group output anyone

service-policy input ADM-CTX-SERV1

service-policy input client-vips

no shutdown


ip route 0.0.0.0 0.0.0.0 10.24.16.1



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Syed Iftekhar Ahmed Sun, 02/22/2009 - 23:10

10.24.16.10 is the Virtual IP that represents the Application to the world.

It will only go down when both real servers (10.24.8.200 & 10.24.8.201) are down.


When one of the two real servers goes down, ACE forwards all traffic to the remaining

Real server.


As per the your probe config, ACE sends probes to the server (marked as passed) every 10 sec (interval).

Your current probe config dictates that ACE should wait for 5 consecutive number of failed probes b4 marking the server as failed.

Which makes it 50 (10+10+10+10+10) Secs.


If you want ACE to detec failure earlier then you can tune "interval" & "faildetect" values

under probe configuration


for e.g


replacing


probe http get-index

interval 5

faildetect 5

passdetect interval 10

expect status 200 200



with




probe http get-index

interval 4

open 2

recieve 2

faildetect 2

passdetect interval 10

expect status 200 200



will enable ACE to detect server failure in 8 secs.




HTH

Syed Iftekhar Ahmed

Actions

This Discussion