ā12-10-2009 07:47 AM
Hi Experts,
I have CSS and it was working fine before. For testing purpose I added another CSS for redundancy after which CSS stopped doing load balancing.
Hence I have removed the backup CSS and have only one CSS which is active but still CSS is not working as expected(i.e no load balancing).
Setup:
CSS--switch-Servers
1) Checked the connectivity CSS are able to ping the servers were as servers not able to ping the VIP of CSS.
2) CSS and Servers are on the same segment. Content rule is active and services are up and fine but still the issue persists.
I appriciate if someone please help me in resolving this issue?
Thanks in advance,.
REgards,
FAriha
ā12-10-2009 03:11 PM
Is the VIP not local to the server subnet?
Do the servers route through the CSS?
Is it possible the servers GW bypasses the CSS
Can u ping the VIP from off subnet upstream?
Maybe a quick explaination on the IP's
Peter
ā12-10-2009 07:46 PM
- The CSS will ping servers from the IP configured within the circuit VLAN. Are you able to ping that IP from the servers?
- As for pinging a VIP from a server (when the server and VIP are within the same network) -- Do you have a source group rule enabled?
Were there any other changes made *besides* adding a 2nd CSS for redundancy? Did you physically remove the standby CSS without removing the app session from the primary CSS?
James
ā12-11-2009 03:41 AM
Hi,
Please find my answers below:-
The CSS will ping servers from the IP configured within the circuit VLAN. Are you able to ping that IP from the servers?
Answer: NO CSS is not pinging the cirtuit vlan ip address.
- As for pinging a VIP from a server (when the server and VIP are within the same network) -- Do you have a source group rule enabled?
Answer: NO the VIP IP and servers are in the different subnets.
Example:
Servers are in 10.1.1.x
and Content VIP address 10.1.2.X
Were there any other changes made *besides* adding a 2nd CSS for redundancy? Did you physically remove the standby CSS without removing the app session from the primary CSS?
Answer: No changes been made after removing the secondary CSS.
Thanks in advance,.
Regards,
Fariha
ā12-14-2009 10:14 AM
What type of redundancy are the CSS running, Box-to-Box or Vip & Interface?
You should check the primary css logs to see if duplicate IPs are shown during that time
& confirm the CSS were configured properly for redundancy.
ā12-16-2009 03:50 AM
Hi Peter,
Yes you are correct I saw some duplicate ip address in the logs:-
IPV4-4: Duplicate IP address detected for vip: 10.1.2.1 01-23-65-78-a9-b3.
Okay now I have removed the redundancy box but still I am not able to poing the VIP address fronm the server.
The servers are able to ping the physical address of the CSS box. Can you let me know whats happening and what do i need to change???
Thanks in advance.
ā12-16-2009 04:15 AM
How do the servers reach this VIP? Is the CSS the default GW or is another device? If another device maybe that is the issue and you should create a route to VIP using the CSS local subnet.
If default GW is NOT the CSS check that other router to see what it has for an ARP address for the CSS to ensure it is correct. Maybe the Active/Active corrupted the routers ARP table.
Can you get content from these VIPs?
Does a TCP request from the server to the VIP get diff behavior?
Peter
ā12-17-2009 07:53 AM
Hello,
When you brought the redundant CSS online, it may have briefly taken active role. This would account for the duplicate IP address message. If this happened, then the new standby would've sent out a GARP to let everyone know that he now owns the VIP. If the original active never went to standby role, then he won't update that GARP. Bottom line is that you may just have to update your ARP tables manually on the upstream device. Here's how:
First make sure VIP is active:
CSS# llama
CSS(debug)# find ip address 10.86.178.12
CSS(debug)# exit
CSS#
Then you can send the GARP for the VIP:
CSS# llama
CSS(debug)# arp vip 10.86.178.12
Sending ARP for VIP: 10.86.178.12
CSS(debug)# exit
CSS#
After you have done this on the active CSS, test to see if it works. Be sure that your pair of CSS are not both in the master state.
Sean
ā12-21-2009 05:34 AM
Hi Sean,
Thanks for that information. I tried this and found the rule and its active in the arp.
Secondly I have changed the VIP address but still its not working as expected.
CSS pings the server without any issue. but SErver are not able to reach the VIP nor the CSS box.
Server---df CSS.
Wht next??
My config looks like this:
ip route 0.0.0.0 0.0.0.0 10.20.1.1 1
!************************** CIRCUIT **************************
circuit VLAN60
ip address 172.16.1.1 255.255.255.0
redundancy-protocol
circuit VLAN70
redundancy
ip address 10.20.1.18 255.255.0.0
!************************** SERVICE **************************
service server1
protocol tcp
port 80
ip address 10.20.2.11
keepalive method get
keepalive type http
active
service server2
protocol tcp
port 80
ip address 10.20.2.11
keepalive method get
keepalive type http
active
!*************************** OWNER ***************************
owner vinci
content webin
port 80
protocol tcp
url "/*"
add service server1
add service server2
advanced-balance arrowpoint-cookie
vip address 10.20.1.56
active
owner redirects
!*************************** GROUP ***************************
group sharepoint.es.ie
add destination service server1
add destination service server2
vip address 10.20.1.60
Server config:
IP address: 10.20.1.x Default gateway: 10.20.1.1
Regards,
Fariha
ā12-21-2009 08:20 AM
I can't tell if your output is truncated, but is the group rule active on your CSS? It would need to be made active to be effective (and it is necessary in your scenario).
James
ā12-21-2009 08:47 AM
Hi James,
Yes its active.
Any other steps which need to be checked???? Its very critical please help.
Thanks
Far
ā12-22-2009 01:58 AM
Hi,
Can anyone look into this please???
ā12-22-2009 06:04 AM
Someone else may chime in, but I can't really tell anything is wrong from the config. You may want to verify that both of services are passing their keepalives. You can also monitor the flows on the CSS to see your incoming connection to the VIP and how it gets balanced:
CSS# monitor
CSS#
DEFAULT:ip route
Enter show sub-command to monitor [HELP: show ?]: flows 64.39.0.40
Enter refresh interval [default:5]: 2
--------------- ----- --------------- ----- --------------- --- ------- ------
Src Address SPort Dst Address DPort NAT Dst Address Prt InPort OutPort
--------------- ----- --------------- ----- --------------- --- ------- ------
64.39.0.40 5794 192.168.192.220 80 192.168.192.120 TCP e1 e5
64.39.0.40 9454 192.168.192.3 22 0.0.0.0 TCP e1 Ipv4
*** Iteration: 7 ***
64.39.0.40 is the IP I initiated traffic from. 192.168.192.220 is the VIP, and 192.168.192.120 is the server that it sent traffic to.
You would also be able to tell from the IN/OUT ports whether or not the destination server was in the proper VLAN (ie. frontside or backside).
Good luck,
James
ā12-30-2009 11:44 AM
Please clear the mac-address table and also try bouncing your physical interfaces.
Cheers,
DS
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide