ACE - rserver can not access VIP

Unanswered Question
Aug 6th, 2009

ACE in bridge mode, VIP is on the same subnet as rservers and other servers. There is no issue for clients from internet to access the VIP. However, the servers on the same subnet of the real server cannot access VIP.

I guess that's because after VLB assign/redirect request the request to a rserver, the return traffic may bypass the VLB. Is it correct? Is there any way to allow the servers behind the VIP to access VIP also?

Thanks!

ST

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
lishengtao Thu, 08/06/2009 - 12:37

Hi Andrea, do you have any doc/link referring the NAT solution?

Thanks!

ST

lishengtao Thu, 08/06/2009 - 12:50

Hi Andrea, do you have any doc/link referring the NAT solution?

Thanks!

ST

Syed Iftekhar Ahmed Thu, 08/06/2009 - 14:11

You simply need to source Nat this traffic.For example if all servers & clients are on vlan 10 (1.1.1.0/24 subnet) then you need following config

rserver host YOURSERVER1

ip address 1.1.1.100

inservice

rserver host YOURSERVER2

ip address 1.1.1.101

inservice

serverfarm host

rserver YOURSERVER1

inservice

rserver YOURSERVER2

inservice

class-map match-all YOURVIP

2 match virtual-address 1.1.1.200 tcp eq www

policy-map type loadbalance first-match YOURPOLICY

class class-default

serverfarm YOURSERVERFARM

nat dynamic 1001 vlan 10 serverfarm primary

policy-map multi-match VLAN10-VIPS

class YOURVIP

loadbalance vip inservice

loadbalance policy YOURPOLICY

loadbalance vip icmp-reply active

interface vlan 10

ip address 1.1.1.1 255.255.255.0

access-group input ANYONE

nat-pool 1001 1.1.1.250 1.1.1.250 netmask 255.255.255.0 pat

service-policy input VLAN10-VIPS

no shutdown

HTH

Syed Iftekhar Ahmed

Actions

This Discussion