ACE: if one server is loaded and it want to use the server not loaded? how?

Alvaro Perez Unzueta · ‎02-23-2009

Hello,

I have 2 real Servers (10.24.8.200 and 10.24.8.201) in loadbalance (HTTP and HTTPS) with VIP 10.24.16.10, and the type of loadbalance is round robin, but when the server (10.24.8.200) has high proccessing for example memory or hard disk and users try to access to server (10.24.8.200) this is more slow. if this server is too loaded? how can the ACE switch to another real server? in 10 seconds for example?

Best Regards

My configuration is:

ACE-MOD6/integracion1# sh runn

Generating configuration....

access-list anyone line 8 extended permit ip any any

probe http get-index

interval 4

open 2

recieve 2

faildetect 2

passdetect interval 10

expect status 200 200

rserver host Srv1

ip address 10.24.8.200

probe get-index

inservice

rserver host Srv2

ip address 10.24.8.201

probe get-index

inservice

serverfarm host servers

rserver Srv1

inservice

rserver Srv2

inservice

class-map type management match-any ADM-CONTEX-SERV1

2 match protocol telnet any

3 match protocol ssh any

4 match protocol icmp any

class-map type http loadbalance match-all Check-Headers

2 match http url .*

3 match http header Host header-value "10.24.16.*"

4 match http header User-Agent header-value ".*MSIE.*"

class-map match-all VIP-10-HTTP

2 match virtual-address 10.24.16.10 tcp eq www

class-map type http loadbalance match-all other-HTTP

2 match http url .*

policy-map type management first-match ADM-CTX-SERV1

class ADM-CONTEX-SERV1

permit

policy-map type loadbalance first-match L7-logic

class Check-Headers

serverfarm servers

class other-HTTP

serverfarm servers

policy-map type loadbalance first-match lb-logic

class class-default

serverfarm servers

policy-map multi-match client-vips

class VIP-10-HTTP

loadbalance vip inservice

loadbalance policy L7-logic

loadbalance vip icmp-reply active

interface vlan 60

description inside

ip address 10.24.8.5 255.255.255.0

access-group input anyone

access-group output anyone

service-policy input ADM-CTX-SERV1

no shutdown

interface vlan 233

description outside

ip address 10.24.16.5 255.255.255.0

access-group input anyone

access-group output anyone

service-policy input ADM-CTX-SERV1

service-policy input client-vips

no shutdown

ip route 0.0.0.0 0.0.0.0 10.24.16.1

tonybourke · ‎02-24-2009

If your server is running an SNMP agent, the ACE can use SNMP to pull stats from the server. You'll just need the correct OID. For instance, if you were using Linux, you might use something like the following as a probe:

probe snmp linux-stats

interval 10

community public

oid .1.3.6.1.4.1.2021.10.1.5.1

threshold 75

.1.3.6.1.4.1.2021.10.1.5.1 is the OID for CPU load average (for Linux, Windows would have a different OID). If it goes above 75, the server is marked as out. When used with the least-loaded predictor, it will also divert more traffic to the least loaded server, as defined by that OID. You can use multiple OIDs in conjunctions and give them different weights.

However, judging from your timeout value of your get-http health check, I would check to see if the issue isn't that your servers are flapping because of a too-low receive threshold. Each server has 2 seconds to respond to the ACE, which may not enough time given that the servers may be getting a lot of traffic and you're doing these checks every 4 seconds.

If one fails, the other gets all the traffic, until it is overloaded, and it fails. By this time, your other servers has calmed down, and gets all the traffic, and the cycle repeats itself. Check SNMP traps or SYSLOG to see if this is the case.

Either way, you might want to change the timeout to 5 or 10, to give them more breathing room.