cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1197
Views
0
Helpful
6
Replies

ACE Loadbalancing with proxy servers

Brian O'Flynn
Level 1
Level 1

Hi,

   I have a minor problem where I have a set of internal proxy servers and a set of DMZ proxy servers.  All users hit the internal proxy servers via an ACE Load-balancer.  These they forward the clients request to the DMZ proxy servers via the DMZ ACE Load-balancers.

The problem arises where 2 or 3 DMZ servers use the VIP of the DMZ proxy servers for internet access.  We are using sticky connections based on source IP.  So if the DMZ Load balancer is reset, it can happen that both Internal Proxy servers end up load balanced to the same DMZ proxy server.  One of the other DMZ servers would be the only connection on the second DMZ Proxy server.  This eventually times out and that proxy is not being used at all, while both internal proxies end up sending all traffic via the one DMZ proxy.

I tried putting static stickyness so that an internal Proxy would pair with a DMZ Proxy and I figured if one of the DMZ proxies fails then the internal proxies would get directed to the single remaining DMZ proxy.  This was not the case however.

Has anybody run into this kind of situation before and is there a way around this?

Both ACE Load-balancers are 4710's running A3(2.0).

Cheers

Brian

6 Replies 6

Gilles Dufour
Cisco Employee
Cisco Employee

Your idea is correct.

So, try to configure real_A as backup for real_B and vice-versa.

Gilles.

Hi Giles,

     Thanks for the quick reply.  You will have to excuse my ignorance as I am new enough to these ACE appliances, I didn't see anywhere to set a priority on the static sticky, is it just a case of going something like the following:

static client source x.x.x.1 rserver Proxy-a

static client source x.x.x.2 rserver Proxy-b

static client source x.x.x.1 rserver Proxy-b

static client source x.x.x.2 rserver Proxy-a

Does it just deal with the statics in order then?

Cheers

Brian

Brian,

sorry, I always write comments assuming everybody knows all about ACE :-)

So, the backup needs to be configured inside the serverfarm.

serverfarm XXXX

   rserver XXXXX

     backup-rserver YYYYY

     inservice

   rserver YYYY

     backup-rserver XXXXX

     inservice

I didn't try it, but I believe this should work.

Gilles.

Thanks Giles, that sounds like it should work alright.  I will test at our next maintenance window and rate/update here.

Cheers

Brian

Hi,

An update on this, I finally got a window to apply these changes however I am not allow apply the suggested config.  I can make server 2 a backup to server 1, but when i try make server 1 a backup to server 2 I get the error message "Error: Cannot assign backup rservers in cylic order".  Anybody figured out how to work around this?

Cheers

Brian

Brian,

upgrade to the latest A3(2.x) image.

This restriction has been removed a long time ago

CSCsr56251: cyclic backup real config restriction should be modified

Gilles.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: