Problem for take control HTTP in ACE

Unanswered Question
Feb 22nd, 2009

Hello,

I have a problem, when I disconnect the Server with IP 10.24.8.200 or the server with IP 10.24.8.201 the other server that is alive take 50 seconds in take the control of HTTP service, but the icmp of 10.24.16.10 always is active.

what are I do wrong?

how can i have 10 seconds for take the control of HTTP?

Configuration

ACE-MOD6/integracion1# sh runn

Generating configuration....

access-list anyone line 8 extended permit ip any any

probe http get-index

interval 5

faildetect 5

passdetect interval 10

expect status 200 200

rserver host Srv1

ip address 10.24.8.200

probe get-index

inservice

rserver host Srv2

ip address 10.24.8.201

probe get-index

inservice

serverfarm host servers

rserver Srv1

inservice

rserver Srv2

inservice

class-map type management match-any ADM-CONTEX-SERV1

2 match protocol telnet any

3 match protocol ssh any

4 match protocol icmp any

class-map type http loadbalance match-all Check-Headers

2 match http url .*

3 match http header Host header-value "10.24.16.*"

4 match http header User-Agent header-value ".*MSIE.*"

class-map match-all VIP-10-HTTP

2 match virtual-address 10.24.16.10 tcp eq www

class-map type http loadbalance match-all other-HTTP

2 match http url .*

policy-map type management first-match ADM-CTX-SERV1

class ADM-CONTEX-SERV1

permit

policy-map type loadbalance first-match L7-logic

class Check-Headers

serverfarm servers

class other-HTTP

serverfarm servers

policy-map type loadbalance first-match lb-logic

class class-default

serverfarm servers

policy-map multi-match client-vips

class VIP-10-HTTP

loadbalance vip inservice

loadbalance policy L7-logic

loadbalance vip icmp-reply active

interface vlan 60

description inside

ip address 10.24.8.5 255.255.255.0

access-group input anyone

access-group output anyone

service-policy input ADM-CTX-SERV1

no shutdown

interface vlan 233

description outside

ip address 10.24.16.5 255.255.255.0

access-group input anyone

access-group output anyone

service-policy input ADM-CTX-SERV1

service-policy input client-vips

no shutdown

ip route 0.0.0.0 0.0.0.0 10.24.16.1

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Syed Iftekhar Ahmed Sun, 02/22/2009 - 23:10

10.24.16.10 is the Virtual IP that represents the Application to the world.

It will only go down when both real servers (10.24.8.200 & 10.24.8.201) are down.

When one of the two real servers goes down, ACE forwards all traffic to the remaining

Real server.

As per the your probe config, ACE sends probes to the server (marked as passed) every 10 sec (interval).

Your current probe config dictates that ACE should wait for 5 consecutive number of failed probes b4 marking the server as failed.

Which makes it 50 (10+10+10+10+10) Secs.

If you want ACE to detec failure earlier then you can tune "interval" & "faildetect" values

under probe configuration

for e.g

replacing

probe http get-index

interval 5

faildetect 5

passdetect interval 10

expect status 200 200

with

probe http get-index

interval 4

open 2

recieve 2

faildetect 2

passdetect interval 10

expect status 200 200

will enable ACE to detect server failure in 8 secs.

HTH

Syed Iftekhar Ahmed

Actions

This Discussion