07-21-2010 10:26 AM
Hi Experts,
Can you please help me verify this configurarion which is not working as expected:
rserver host LAPTOP-FTP-1
ip address 172.16.20.69
inservice
rserver host LAPTOP-FTP-2
ip address 172.16.20.70
inservice
!
serverfarm host WEB
rserver LAPTOP-FTP-1
inservice
serverfarm host WEB-2
rserver LAPTOP-FTP-2
inservice
!
class-map match-any VIP-WEB
2 match virtual-address 10.20.0.65 tcp eq 8080
3 match virtual-address 10.20.0.65 1
!
class-map type http loadbalance match-all Check-Headers-IE
2 match http url .*
3 match http header Host header-value "10.20.0.*"
4 match http header User-Agent header-value ".*MSIE.*"
!
policy-map type loadbalance http first-match WEB-SERVERS
class Check-Headers-IE
serverfarm WEB
class class-default
serverfarm WEB-2
!
policy-map multi-match WEB-FTP
class VIP-WEB
loadbalance vip inservice
loadbalance policy WEB-SERVERS
!
interface vlan 20
ip address 10.20.0.67 255.255.255.0
service-policy input WEB-FTP
!
When I have this configuration, I cannot even ping the Webserver VIP (10.20.0.65).
Now, if I remove the class "Check-Headers-IE" from the policy-map "WEB-SERVERS" then
I can ping the VIP and can access the webpage http://10.20.0.75:8080 from the clients.
Is there something wrong with the class called "Check-Headers-IE" ?
I´m trying to balance traffic based on the Web browser (MSIE) the client uses to access the Web page.
Also, I´m not using port 80 but 8080 on my web Servers, so I´m not sure if this has something to do with my problem.
Thanks for any help!
Regards,
Juan
07-21-2010 06:28 PM
Hi Juan,
When I have this configuration, I cannot even ping the Webserver VIP (10.20.0.65).
This is because you are missing a statement that tells the ACE to respond to pings to the VIP. Your policy-map should look something like this:
policy-map multi-match WEB-FTP
class VIP-WEB
loadbalance vip inservice
loadbalance policy WEB-SERVERS
loadbalance vip icmp-reply active
The active keyword will make it so the ACE will only respond to pings destined to the VIP if the VIP is up.
Now, if I remove the class "Check-Headers-IE" from the policy-map "WEB-SERVERS" then I can ping the VIP and can access the webpage http://10.20.0.75:8080 from the clients. Is there something wrong with the class called "Check-Headers-IE" ?
When you remove this layer-7 class, then your Ping is actually being load balanced to one of the rservers, and what you are seeing as your echo reply is actually the rserver's response. Your class-map looks OK with me. You might want to add a \ in front of your . in your regex to remove the wildcard. Also, try to avoid having .* at the beginning and end of a regex as this consumes a lot of regex resources.
Also, I´m not using port 80 but 8080 on my web Servers, so I´m not sure if this has something to do with my problem.
That is fine. Since you have not specified any port next to the rservers within the serverfarm, then whatever port is used when connecting to the VIP will also be used when connecting to the rserver.
Hope this helps,
Sean
07-22-2010 07:08 AM
Hi Sean,
The information provided was very helpful! That solved the ICMP issue.
Also, I changed the policy-map WEB-SERVERS to a non-http type and after that the ACE started load-balancing correctly between Internet Explorer and other browsers
Thanks for your help!
Regards,
Juan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide