Src/ Dst being LB'd by same ACE...reachability issue

Unanswered Question
Apr 29th, 2009
User Badges:

Hi,


Source: 2 Proxy servers

Destination: 2 Application Servers


Cannot ping each others VIP.

Can ping the real servers.


Is there some issue about the same ACE, LB'ing Src & Dest VIPs.


Response will be appreciated.


ACE mod A2(1.2)


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dario.didio Wed, 04/29/2009 - 23:20
User Badges:
  • Silver, 250 points or more

Hi,


some more explenation would be appreciated.


What are you trying to accomplish?

What do you mean by source and destination VIPs?


cisco_adt Thu, 04/30/2009 - 07:22
User Badges:

Source is Proxy Server

Destination is an Application Server

2 different Vlans.

Default Gateway is the Router.

Router sends it to a FW.

(FW's are LB'd by the ACE as well)

PBR is used.


SYN follows the traffic path described above. (rserver-->VIP(Proxy)-->Router-->FW-->down towards the App VIP)


SYN-ACK (rserver-->VIP (App)-->Router-->VIP (Proxy)


SYN-ACK does not go thru the FW....but directly to the other VIP.


Thanks.



Actions

This Discussion