05-25-2010 02:59 AM
Hi,
I have a minor problem where I have a set of internal proxy servers and a set of DMZ proxy servers. All users hit the internal proxy servers via an ACE Load-balancer. These they forward the clients request to the DMZ proxy servers via the DMZ ACE Load-balancers.
The problem arises where 2 or 3 DMZ servers use the VIP of the DMZ proxy servers for internet access. We are using sticky connections based on source IP. So if the DMZ Load balancer is reset, it can happen that both Internal Proxy servers end up load balanced to the same DMZ proxy server. One of the other DMZ servers would be the only connection on the second DMZ Proxy server. This eventually times out and that proxy is not being used at all, while both internal proxies end up sending all traffic via the one DMZ proxy.
I tried putting static stickyness so that an internal Proxy would pair with a DMZ Proxy and I figured if one of the DMZ proxies fails then the internal proxies would get directed to the single remaining DMZ proxy. This was not the case however.
Has anybody run into this kind of situation before and is there a way around this?
Both ACE Load-balancers are 4710's running A3(2.0).
Cheers
Brian
05-25-2010 04:15 AM
Your idea is correct.
So, try to configure real_A as backup for real_B and vice-versa.
Gilles.
05-25-2010 04:52 AM
Hi Giles,
Thanks for the quick reply. You will have to excuse my ignorance as I am new enough to these ACE appliances, I didn't see anywhere to set a priority on the static sticky, is it just a case of going something like the following:
static client source x.x.x.1 rserver Proxy-a
static client source x.x.x.2 rserver Proxy-b
static client source x.x.x.1 rserver Proxy-b
static client source x.x.x.2 rserver Proxy-a
Does it just deal with the statics in order then?
Cheers
Brian
05-25-2010 11:49 PM
Brian,
sorry, I always write comments assuming everybody knows all about ACE :-)
So, the backup needs to be configured inside the serverfarm.
serverfarm XXXX
rserver XXXXX
backup-rserver YYYYY
inservice
rserver YYYY
backup-rserver XXXXX
inservice
I didn't try it, but I believe this should work.
Gilles.
05-26-2010 01:43 AM
Thanks Giles, that sounds like it should work alright. I will test at our next maintenance window and rate/update here.
Cheers
Brian
07-19-2010 07:49 AM
Hi,
An update on this, I finally got a window to apply these changes however I am not allow apply the suggested config. I can make server 2 a backup to server 1, but when i try make server 1 a backup to server 2 I get the error message "Error: Cannot assign backup rservers in cylic order". Anybody figured out how to work around this?
Cheers
Brian
07-20-2010 05:54 AM
Brian,
upgrade to the latest A3(2.x) image.
This restriction has been removed a long time ago
CSCsr56251: cyclic backup real config restriction should be modified
Gilles.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: