ACE Loadbalancing with proxy servers

Unanswered Question
May 25th, 2010
User Badges:

Hi,

   I have a minor problem where I have a set of internal proxy servers and a set of DMZ proxy servers.  All users hit the internal proxy servers via an ACE Load-balancer.  These they forward the clients request to the DMZ proxy servers via the DMZ ACE Load-balancers.

The problem arises where 2 or 3 DMZ servers use the VIP of the DMZ proxy servers for internet access.  We are using sticky connections based on source IP.  So if the DMZ Load balancer is reset, it can happen that both Internal Proxy servers end up load balanced to the same DMZ proxy server.  One of the other DMZ servers would be the only connection on the second DMZ Proxy server.  This eventually times out and that proxy is not being used at all, while both internal proxies end up sending all traffic via the one DMZ proxy.

I tried putting static stickyness so that an internal Proxy would pair with a DMZ Proxy and I figured if one of the DMZ proxies fails then the internal proxies would get directed to the single remaining DMZ proxy.  This was not the case however.

Has anybody run into this kind of situation before and is there a way around this?

Both ACE Load-balancers are 4710's running A3(2.0).

Cheers

Brian

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Tue, 05/25/2010 - 04:15
User Badges:
  • Cisco Employee,

Your idea is correct.

So, try to configure real_A as backup for real_B and vice-versa.


Gilles.

Brian O'Flynn Tue, 05/25/2010 - 04:52
User Badges:

Hi Giles,

     Thanks for the quick reply.  You will have to excuse my ignorance as I am new enough to these ACE appliances, I didn't see anywhere to set a priority on the static sticky, is it just a case of going something like the following:

static client source x.x.x.1 rserver Proxy-a

static client source x.x.x.2 rserver Proxy-b

static client source x.x.x.1 rserver Proxy-b

static client source x.x.x.2 rserver Proxy-a


Does it just deal with the statics in order then?


Cheers

Brian

Gilles Dufour Tue, 05/25/2010 - 23:49
User Badges:
  • Cisco Employee,

Brian,


sorry, I always write comments assuming everybody knows all about ACE :-)


So, the backup needs to be configured inside the serverfarm.



serverfarm XXXX

   rserver XXXXX

     backup-rserver YYYYY

     inservice

   rserver YYYY

     backup-rserver XXXXX

     inservice


I didn't try it, but I believe this should work.


Gilles.

Brian O'Flynn Wed, 05/26/2010 - 01:43
User Badges:

Thanks Giles, that sounds like it should work alright.  I will test at our next maintenance window and rate/update here.


Cheers

Brian

Brian O'Flynn Mon, 07/19/2010 - 07:49
User Badges:

Hi,

An update on this, I finally got a window to apply these changes however I am not allow apply the suggested config.  I can make server 2 a backup to server 1, but when i try make server 1 a backup to server 2 I get the error message "Error: Cannot assign backup rservers in cylic order".  Anybody figured out how to work around this?


Cheers

Brian

Gilles Dufour Tue, 07/20/2010 - 05:54
User Badges:
  • Cisco Employee,

Brian,


upgrade to the latest A3(2.x) image.

This restriction has been removed a long time ago

CSCsr56251: cyclic backup real config restriction should be modified


Gilles.

Actions

This Discussion