Basic configuration question on Server port configuration

Unanswered Question
Nov 9th, 2009

Hi,

I'm a newbie in Cisco configuration. Using the Cisco 7604 load balancer, wanted to acheive two things firstly single ip for the applications and the failover of my servers.

Configuration description

I have an Application client connected to the vserver configuration (LAVSERV) on Cisco 7604 Load Balancer and two servers (JBoss) S1 and S2 configured to the real ip as configured in the serverFarm. All the three systems (Load Balancer,S1 and S2) are in the same LAN.

IOS configuration details

!

ip slb serverfarm LA

nat server

predictor leastconns

!

real 10.2.11.11

weight 255

inservice

!

real 10.2.11.211

weight 255

inservice

!

ip slb vserver LAVSERV

virtual 10.2.11.141 255.255.255.0 tcp 1813

serverfarm LA

no advertise

idle 65535

inservice

!

When I try connect to my servers through the client application I get connection exception. Basically I'm telling my client application to connect to webservice url http://10.2.11.141:1813. Due to the configuration on Load Balancer for servers, Load balancer should route my request to either of the Servers S1 or S2.

I have a doubt here, have not mentioned the port anywhere on which my JBoss (S1 or S2) is running.Is beacuse of this I'm getting connection exception, if yes, kindly let me know how to configure the port along with the real server IP.

Thanks in advance

Sanjeev.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Tue, 11/10/2009 - 01:02

Sanjeev,

first, the 7600 is not a loadbalancer.

But it can loadbalance at software level - so performance are not as good as with a real loadbalancer like ACE.

Then, your maybe the config displayed is not the exact one. Because your reals need to appear under the serverfarm as below.

ip slb serverfarm TEST

real 1.1.1.1

inservice

!

Assuming your config is correct, what could be happening is that if the client and server are on the same vlan, the response from the server will bypass the 7600 and go directly to the client.

So the client connected with the vip but received a response from some other device it does not know about, so it rejects it.

You need to force the server response to go to the 7600...You can do it by changing routing table of the server or by configuring client nat on the 7600.

Gilles.

khurana.sanjeev Tue, 11/10/2009 - 03:11

Thanks for your reply.

I have configured the Server Farm as below

Router(config)#ip slb serverfarm LA

Router(config-slb-sfarm)#nat server

Router(config-slb-sfarm)#predictor leastconns

Router(config-slb-sfarm)#real 10.232.11.11

Router(config-slb-real)#

Router(config-slb-real)# weight 255

Router(config-slb-real)#inservice

Router(config-slb-real)#real 10.232.11.211

Router(config-slb-real)#weight 255

Router(config-slb-real)#inservice

Router(config-slb-real)#^Z

I'm copying the part of output of Router#show configuration

as below

ip slb serverfarm LA

nat server

predictor leastconns

!

real 10.232.11.11

weight 255

inservice

!

real 10.232.11.211

weight 255

inservice

!

Kindly let me know if my above configuration is wrong.

My client requests are not landing on my real servers, so the server application (JBoss) is not reverting back.

Kindly suggest me why my client request is not landing on the server application.

Am I missing some configuration in serverFarm where I need to mention the port of my server application (JBoss).

If I see client request getting processed by the server application I would do as suggested by you to direct the server response to 7600.

Sanjeev

Gilles Dufour Tue, 11/10/2009 - 03:32

ok.

The config looks good.

Coul you get the following :

show ip slb mode

show ip slb vserver

show ip slb serverfarm

Do you have an arp entry on your client for the virtual ip ?

Thanks,

Gilles.

khurana.sanjeev Tue, 11/10/2009 - 23:25

Thanks for your reply,

Following are the required configurations.

Router#show ip slb mode

SLB configured mode = rp (default)

Router#show ip slb vserver

slb vserver prot virtual state conns interface

(s)

--------------------------------------------------------------------------------

------

LAVSERV TCP 10.232.11.239/24:1813 OPERATIONAL 0

Router#

Router#show ip slb serverfarm

server farm predictor nat reals bind id interface(s)

--------------------------------------------------------------------------

LA LEASTCONNS S 2 0

Router#

I do not have any arp static entry made in the client for the virtual ip.

Sanjeev

Gilles Dufour Fri, 11/13/2009 - 00:45

Sanjeev,

the problem is the mask of the virtual server.

It should be a /32

So replace this line

virtual 10.2.11.141 255.255.255.0 tcp 1813

with

irtual 10.2.11.141 255.255.255.255 tcp 1813

Sorry for not spotting this earlier.

Gilles.

khurana.sanjeev Fri, 11/13/2009 - 22:24

Thanks for your reply,

Router#show ip slb vserver

slb vserver prot virtual state conns interface(s)

LAVSERV TCP 10.232.11.141/32:1813 OPERATIONAL 0

Changed as suggested by you, still I see my client application is not reaching the Server (JBoss app server), it is timing out.

I still have a very basic doubt, I have no where mentioned the port where my JBoss app server is running in the real server ip configuration. How will the 7604 router know where to forward my request landing on the virtual server.

regards,

Sanjeev.

Gilles Dufour Mon, 11/16/2009 - 06:52

the 7604 will reuse the port used to reach the vip. So 1813.

But currently, you have no hit on your vserver. This is the primary thing to fix.

You should have an arp entry for this vip on your client.

Also do a 'show ip slb vserver name LAVSERV de'.

See if there is any SYN count.

Do you see traffic on your real server now ?

G.

khurana.sanjeev Tue, 11/17/2009 - 03:24

I changed my vserver port to 8080 because that is the port at which my server's application (JBoss) is running

Still my real server is not getting the request from my client application

ARP configuration on my client server

[[email protected] ~]# arp

Address HWtype HWaddress Flags Mask Iface

LoadBalancer ether 00:16:9A:6A:65:04 CM eth0

Router#show ip slb vserver name LAVSERV de

LAVSERV, state = OPERATIONAL, v_index = 12, interface(s) =

virtual = 10.232.11.141/32:8080, TCP, service = NONE, advertise = FALSE

server farm = LA, delay = 10, idle = 65535

sticky:

sticky: group id = 0

synguard counter = 0, synguard period = 0

conns = 1, total conns = 7, syns = 22, syn drops = 0

standby group = None

Gilles Dufour Tue, 11/17/2009 - 04:33

You got 7 connections. Once still active at the time you captured the command.

So, it seems like the virtual server is working.

it's just the server response that is not seen.

What about 'show ip slb serverfarm detail' ?

Do you see any hit on the server ?

What do you see in the trace ?

What is your client ip address ? In which vlan is it located ?

G.

khurana.sanjeev Tue, 11/17/2009 - 06:47

What about 'show ip slb serverfarm detail' ?

Router#show ip slb serverfarm name LA detail

LA, predictor = LEASTCONNS, nat =SERVER, interface(s) =

virtuals inservice: 1, reals = 2, bind id = 0

Real servers:

10.232.11.11, weight = 255, OPERATIONAL, conns = 1

10.232.11.211, weight = 255, OPERATIONAL, conns = 0

Total connections = 1

Do you see any hit on the server ?

No I don't see any hit on the real server.

Used the following command to check if 11.141 connecting to my real server.

netstat -plan | grep ":80"

What do you see in the trace ?

There is no change in my application (JBoss) logs.

What is your client ip address ? In which vlan is it located ?

client ip : 10.232.11.192

Client and the servers are all in the same LAN.

Gilles Dufour Tue, 11/17/2009 - 07:52

you really need to take a sniffer trace.

WE do see connections being sent to the server.

However, since I told you the server might be responding directly to the client bypassing the router, the connection will never establish and therefore you won't see it in netstate or server log.

sniff the appropriate vlan.

Gilles.

khurana.sanjeev Thu, 11/19/2009 - 23:58

Hi,
     I have moved my client to the system in other LAN, current client ip is 10.232.66.67.

and my current configs in 7604 are follows

Router#show ip slb serverfarm

server farm      predictor           nat   reals   bind id  interface(s)
--------------------------------------------------------------------------
LA             LEASTCONNS          S     2       0       

Router#show ip slb vserver

slb vserver      prot  virtual                  state         conns    interface
(s)
--------------------------------------------------------------------------------
------
LAVSERV        TCP   10.232.11.239/32:8080    OPERATIONAL   0       


Router#show ip slb real

real                  farm name        weight  state          conns
-------------------------------------------------------------------
10.232.11.11          LA               255     OPERATIONAL    0
10.232.11.211         LA               255     OPERATIONAL    0

Now on both the real servers I see the request is coming but still the request doesn't reach my application (JBoss).


$ netstat -plan | grep :80

tcp        0      0 10.232.11.11:8080           10.232.66.67:6307           SYN_RECV    -                 


$ netstat -plan | grep :80

tcp        0      0 10.232.11.211:8080           10.232.66.67:6307          SYN_RECV    -                 


During the client application invocation I see the following changes in the detail ouput of 7604. From the wireshark logs (attached pic) I could see the request (SYN) goes to the servers but servers are not responding. My server application doesn't respond because it has not got the request. 7604 invokes 11.11 it doesn't respond to SYN request so it invokes 11.211.

LAVSERV, state = OPERATIONAL, v_index = 7, interface(s) =
  virtual = 10.232.11.239/32:8080, TCP, service = NONE, advertise = TRUE
  server farm = LAMP, delay = 10, idle = 65535
  sticky:
  sticky: group id = 0
  synguard counter = 0, synguard period = 0
  conns = 1, total conns = 30, syns = 94,  syn drops = 0
  standby group = None
Router#show ip slb serverfarm name LAMP de

LA, predictor = LEASTCONNS, nat =SERVER, interface(s) =
  virtuals inservice: 1, reals = 2, bind id = 0
  Real servers:
    10.232.11.11, weight = 255, OPERATIONAL, conns = 1
    10.232.11.211, weight = 255, OPERATIONAL, conns = 0
  Total connections = 1


Router#show ip slb serverfarm name LAMP de

LA, predictor = LEASTCONNS, nat =SERVER, interface(s) =
  virtuals inservice: 1, reals = 2, bind id = 0
  Real servers:
    10.232.11.11, weight = 255, OPERATIONAL, conns = 0
    10.232.11.211, weight = 255, OPERATIONAL, conns = 1

  Total connections = 1


If my client application talk to the real servers directly my server application gets invoked and client get the reply.
But same is not happening through the 7604.

Only change I do on my client config file is just uncomment the 7604 vip or the real ip for my client to connect:

#for real server
#webservice.url: http://10.232.11.11:8080
#for 7604
webservice.url: http://10.232.11.239:8080


I feel the packets which are reaching my real server through 7604 are not proper so my server application doesn't get invoked.

Sanjeev

khurana.sanjeev Tue, 11/24/2009 - 22:17

Can anybody from Cisco pls reply to my this problem on 7604 router

Is anything more required to narrow down this issue.

Actions

This Discussion