ACE Redirect. Configuration Problem?

Unanswered Question
Jun 3rd, 2010


I´m configuring Redirect in ACE 4710 and it doesn´t work fine. The client has two real servers and he wants redirect the traffic when both real servers are down.

They have other server with static content (http) for redirect the trafic.

The configuration is  (complete configuration is attached):

rserver host Backup_Rserver
  ip address

rserver host achs-tamw01
  ip address
rserver host achs-tamw02
  ip address
rserver host achs-tamw03
  ip address

serverfarm host SF_Backup
  rserver Backup_Rserver 80

serverfarm host TAMW_80
  predictor leastconns
  probe PROBE_TAMW:80
  rserver achs-tamw01 80
  rserver achs-tamw02 80
  rserver achs-tamw03 80

sticky ip-netmask address source TAMW_80_STICKY
  replicate sticky
  serverfarm TAMW_80 backup SF_Backup

policy-map type loadbalance first-match VIP-POLICY-TAMW_80
  class class-default
   sticky-serverfarm TAMW_80_STICKY

policy-map multi-match LB-VIP
  class VIP_TAMW_80
    loadbalance vip inservice
    loadbalance policy VIP-POLICY-TAMW_80
    loadbalance vip icmp-reply active
    nat dynamic 1 vlan 10

interface vlan 10
  nat-pool 1 netmask pat
  service-policy input LB-VIP

When both real servers are down, the VIP remains operational and the backup real servers is operational and I can see statistics increase in this server:

ACE-CC/Contexto_B# sh rserver

rserver              : Backup_Rserver, type: HOST
state                : OPERATIONAL (by default, unverified)
       real                  weight state        current    total              
   serverfarm: SF_Backup       8      OPERATIONAL  4          66                 

In these moment both real servers were down and I could see connections, but when user from Internet o LAN try to connect it can´t see static content.

ACE-CC/Contexto_B# sh service summ

service-policy: LB-VIP
Class                            VIP             Prot  Port        VLAN          State    Curr Conns   Hit Count  Conns Drop
VIP_TAMW_80               tcp   eq 80       1,10           IN-SRVC          21         903          0

VIP remains operational.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Sean Merrow Thu, 06/03/2010 - 07:15

Hello Jaime,

This sounds like the following bug:

CSCsx32861 -  backup sfarm under sticky group isn't used even when the primary is down

That bug was fixed in ACE 4710 software release A3(2.2).  If you are running an earlier software release than that, then I would recommend upgrading to A3(2.5).

Hope this helps,


Jaime Soto Vale... Thu, 06/03/2010 - 07:36

Hello Sean,

The ACE is running A3(2.3) version.

Does this Bug present in this version?



Sean Merrow Thu, 06/03/2010 - 08:15

Hi Jaime,

That bug should not be present in the A3(2.3) software, so it is possible you are having a diffferent problem.  I would recommend the following plan:

  1. Get a showtech from the Contexto_B context
  2. start a capture by SPANing the switch port or VLAN 10 that connects to the ACE 4710 so you can see the front and back end connections in a single capture
  3. Fail the primary server farm
  4. Run a test and let the connection fail.
  5. Stop the capture
  6. Get a second showtech

At that point, you can upload that data and I'll take a look, or you may want to open a case with Cisco TAC for further assistance.


Jaime Soto Vale... Thu, 06/03/2010 - 08:34


I assume that configuration of redirect is Ok....or not?

I will try to do this test as soon as possible.



Jaime Soto Vale... Thu, 06/03/2010 - 09:17


In this moment, my client have this services in production, therefore will be impossible put the real servers in Down state for test.

I´m going to try to do Lab tests in the next days with equals configurations and validate the results.


Peter Koltl Sat, 06/05/2010 - 14:07

Do you test with HTTP or HTTPS? The backup server farm accepts only HTTP on port 80. Why didn't you create an SF_Backup_443 farm as well?

Jaime Soto Vale... Sat, 06/05/2010 - 18:01

Hi Peter,

I did test only in HTTP mode. In the configurations you can see that I applied a backup server only the port 80:

serverfarm host SF_Backup
   rserver Backup_Rserver 80

I didn´t create a SF_Backup_443 because we were testing only with services in HTTP.

I still can´t do labs test, although it seems that configuration is well. 




This Discussion