02-23-2009 03:08 PM
Hello,
I have 2 real Servers (10.24.8.200 and 10.24.8.201) in loadbalance (HTTP and HTTPS) with VIP 10.24.16.10, and the type of loadbalance is round robin, but when the server (10.24.8.200) has high proccessing for example memory or hard disk and users try to access to server (10.24.8.200) this is more slow. if this server is too loaded? how can the ACE switch to another real server? in 10 seconds for example?
Best Regards
My configuration is:
ACE-MOD6/integracion1# sh runn
Generating configuration....
access-list anyone line 8 extended permit ip any any
probe http get-index
interval 4
open 2
recieve 2
faildetect 2
passdetect interval 10
expect status 200 200
rserver host Srv1
ip address 10.24.8.200
probe get-index
inservice
rserver host Srv2
ip address 10.24.8.201
probe get-index
inservice
serverfarm host servers
rserver Srv1
inservice
rserver Srv2
inservice
class-map type management match-any ADM-CONTEX-SERV1
2 match protocol telnet any
3 match protocol ssh any
4 match protocol icmp any
class-map type http loadbalance match-all Check-Headers
2 match http url .*
3 match http header Host header-value "10.24.16.*"
4 match http header User-Agent header-value ".*MSIE.*"
class-map match-all VIP-10-HTTP
2 match virtual-address 10.24.16.10 tcp eq www
class-map type http loadbalance match-all other-HTTP
2 match http url .*
policy-map type management first-match ADM-CTX-SERV1
class ADM-CONTEX-SERV1
permit
policy-map type loadbalance first-match L7-logic
class Check-Headers
serverfarm servers
class other-HTTP
serverfarm servers
policy-map type loadbalance first-match lb-logic
class class-default
serverfarm servers
policy-map multi-match client-vips
class VIP-10-HTTP
loadbalance vip inservice
loadbalance policy L7-logic
loadbalance vip icmp-reply active
interface vlan 60
description inside
ip address 10.24.8.5 255.255.255.0
access-group input anyone
access-group output anyone
service-policy input ADM-CTX-SERV1
no shutdown
interface vlan 233
description outside
ip address 10.24.16.5 255.255.255.0
access-group input anyone
access-group output anyone
service-policy input ADM-CTX-SERV1
service-policy input client-vips
no shutdown
ip route 0.0.0.0 0.0.0.0 10.24.16.1
02-24-2009 02:23 AM
If your server is running an SNMP agent, the ACE can use SNMP to pull stats from the server. You'll just need the correct OID. For instance, if you were using Linux, you might use something like the following as a probe:
probe snmp linux-stats
interval 10
community public
oid .1.3.6.1.4.1.2021.10.1.5.1
threshold 75
.1.3.6.1.4.1.2021.10.1.5.1 is the OID for CPU load average (for Linux, Windows would have a different OID). If it goes above 75, the server is marked as out. When used with the least-loaded predictor, it will also divert more traffic to the least loaded server, as defined by that OID. You can use multiple OIDs in conjunctions and give them different weights.
However, judging from your timeout value of your get-http health check, I would check to see if the issue isn't that your servers are flapping because of a too-low receive threshold. Each server has 2 seconds to respond to the ACE, which may not enough time given that the servers may be getting a lot of traffic and you're doing these checks every 4 seconds.
If one fails, the other gets all the traffic, until it is overloaded, and it fails. By this time, your other servers has calmed down, and gets all the traffic, and the cycle repeats itself. Check SNMP traps or SYSLOG to see if this is the case.
Either way, you might want to change the timeout to 5 or 10, to give them more breathing room.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: