06-01-2009 12:44 PM
Hi,
1. We would like to achieve having port 80 traffic load balanced to a single server in a server farm to multiple ports on the reservers.
2. To have the traffic sent to the variuos ports on the servers ports based on the url/site they are accessing.
3. have stickiness
This is inline/routed mode, so servers default gateway is the alais on VLAN 12 (Server facing VLAN) on ACE and ACE default gateway is HSRP address on MSFC on VLAN 20 (User facing VLAN).
Vlan 12 has .1 as HSRP on MSFC and .2 and .3 on the SVI's. Vlan 20 has the same.
The ACE config is below:
access-list any line 1 extended permit icmp any any
access-list any line 2 extended permit ip any any
probe http MYWEBA_WEB_SERVER
interval 10
passdetect interval 15
passdetect count 2
request method get url /CACSAFsit/GL_FrameSet.jsp
expect status 200 200
probe http MYWEBB_SERVER
interval 10
passdetect interval 15
passdetect count 2
request method get url /CACSweb/GL_FrameSet.jsp
expect status 200 200
probe http WEB_SERVER
interval 10
passdetect interval 15
passdetect count 2
request method get url /index.html
expect status 200 200
rserver host nsitcred
ip address 10.10.10.233
inservice
serverfarm host MYWEBB_WEBFARM
failaction purge
probe MYWEBB_WEB_SERVER
rserver nsitcred 85
inservice
rserver nsitcred 86
inservice
serverfarm host MYWEBA_WEBFARM
failaction purge
probe MYWEBA_WEB_SERVER
rserver nsitcred 82
inservice
rserver nsitcred 83
inservice
rserver nsitcred 84
inservice
serverfarm host WEBFARM
failaction purge
probe WEB_SERVER
rserver nsitcred
inservice
sticky ip-netmask 255.255.255.255 address source WEBFARM-STICKY
timeout 30
replicate sticky
serverfarm WEBFARM
sticky ip-netmask 255.255.255.255 address source MYWEBA_WEBFARM-STICKY
timeout 30
replicate sticky
serverfarm MYWEBA_WEBFARM
sticky ip-netmask 255.255.255.255 address source MYWEBB_WEBFARM-STICKY
timeout 30
replicate sticky
serverfarm MYWEBB_WEBFARM
class-map match-all L4VIPCLASS
2 match virtual-address 10.10.20.7 tcp eq www
class-map type http loadbalance match-any L7CLASS_MYWEBA_WEB
3 match http header Host header-value "myweba.mysite.com"
class-map type http loadbalance match-any L7CLASS_MYWEBB_WEB
2 match http header Host header-value "mywebb.mysite.com"
class-map type management match-any REMOTE_ACCESS
2 match protocol ssh any
3 match protocol telnet any
4 match protocol icmp any
5 match protocol snmp any
6 match protocol http any
policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
class REMOTE_ACCESS
permit
policy-map type loadbalance first-match WEB_L7_POLICY
class L7CLASS_MYWEBA_WEB
sticky-serverfarm MYWEBA_WEBFARM-STICKY
class L7CLASS_WYWEBB_WEB
sticky-serverfarm MYWEBB_WEBFARM-STICKY
class class-default
sticky-serverfarm WEBFARM-STICKY
policy-map multi-match CLIENT-VIPs
class L4VIPCLASS
loadbalance vip inservice
loadbalance policy WEB_L7_POLICY
loadbalance vip icmp-reply active
loadbalance vip advertise active
interface vlan 12
ip address 10.10.10.100 255.255.255.0
alias 10.10.10.102 255.255.255.0
peer ip address 10.10.10.101 255.255.255.0
no normalization
no icmp-guard
access-group input any
access-group output any
service-policy input REMOTE_MGMT_ALLOW_POLICY
arp 10.10.10.233 00.14.4f.eb.54.44
no shutdown
interface vlan 20
ip address 10.10.20.4 255.255.255.224
alias 10.10.20.6 255.255.255.224
peer ip address 10.10.20.5 255.255.255.224
no normalization
no icmp-guard
access-group input any
access-group output any
service-policy input REMOTE_MGMT_ALLOW_POLICY
service-policy input CLIENT-VIPs
no shutdown
ip route 0.0.0.0 0.0.0.0 10.10.20.1
Any confirmation of guidance would be appreciated.
Thanks.
06-02-2009 07:57 AM
looks good to me.
Nothing much to add.
G.
06-02-2009 12:10 PM
Hi Gilles,
Many thanks for the response, once again.
One question..
A strange situation..
Solaris OS, multiple Zones where the server is running.
So, the real address is an address on a zone...
The default router has to be chaged on the Gloabal Zone on Solaris (versi0n 10).
All other zones appear to be fine using the ACE as the default gateway (default router in solaris terms).
Connectivity to the Zone we are Load Balncing too is intermitant (when we drop packets we see the MAC change from - 0014.4feb.5444 to 00.00.0c.07.ac.00 which shows up on the MSFC's as the HSRP MAC for VLAN 12 and 20 and on the ACE as gateway for VLAN 20.
Once the static ARP entry on ACE was added stability was restored.
Again, only this address on this Zone appears to be affected (six other addresses on this single server).
Any idea's? Running version 3.0.0_A1_6_3b on ACE's and can't find anything obvious in release notes. Upgrade?
Thanks again.
P
06-02-2009 02:02 PM
Is it possible to use several "class L4VIPCLASS" inside the "policy-map multi-match VIPs" in order to have several VIPs to load-balance services for several serverfarms?
Something like this:
class-map match-all L4VIPCLASS-1
2 match virtual-address 172.16.1.1 tcp eq www
class-map match-all L4VIPCLASS-2
2 match virtual-address 172.16.1.2 tcp eq www
class-map match-all L4VIPCLASS-3
2 match virtual-address 172.16.1.3 tcp eq 8081
policy-map type loadbalance http first-match WEB_POLICY-1
class class-default
serverfarm-1
policy-map type loadbalance http first-match WEB_POLICY-2
class class-default
serverfarm-2
policy-map type loadbalance http first-match WEB_POLICY-3
class class-default
serverfarm-3
policy-map multi-match VIPs
class L4VIPCLASS-1
loadbalance vip inservice
loadbalance policy WEB_POLICY-1
loadbalance vip icmp-reply active
loadbalance vip advertise active
nat dynamic 1 vlan 11
class L4VIPCLASS-2
loadbalance vip inservice
loadbalance policy WEB_POLICY-2
loadbalance vip icmp-reply active
loadbalance vip advertise active
nat dynamic 2 vlan 22
class L4VIPCLASS-3
loadbalance vip inservice
loadbalance policy WEB_POLICY-3
loadbalance vip icmp-reply active
loadbalance vip advertise active
nat dynamic 3 vlan 33
interface vlan XX
service-policy input VIPs
Many thanks for your support.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide