ACE loadbalance Problem

Unanswered Question
Jul 30th, 2010
User Badges:

I have ACE 4710 and I have configured five Servers for HTTP load balancing. Four servers are connected on the LAN side of the ACE are working fine without any problem excecpt one Server (192.168.10.39) that is located in DR Side across the WAN is not working. though the routing and If i will do the telnet from other side I can telnet on port 80 without any problem. But when opening the URL in browser is showing in inital stage. Policy is same on all the interface, routing is also same. Only difference is the NAT which i m using on the LAN side to force the traffic to pass through the ACE. But for the WAN side traffic automatically hitting to the ACE so I didnt use the NAT.


Please let me know why remote location server is not being load balancing by ACE why only inside servers are load balanced.


Below is the configuration of the ACE







serverfarm host SF_ENOC_TP_Server
  probe PROBE_TCP
  rserver TP_1
    inservice
  rserver TP_2
    inservice
  rserver TP_3
    inservice
  rserver TP_4
    inservice
  rserver TP_5
    inservice

sticky http-cookie ENOC_COOKIE TP_COOKIE_INSERT
  cookie insert
  replicate sticky
  serverfarm SF_ENOC_TP_Server

class-map match-any ENOC_TP_Server
  2 match virtual-address 172.23.15.30 tcp eq www


interface vlan 300
  description ACE-INSIDE CONTEXT RACK1
  ip address 192.168.0.65 255.255.255.224
  alias 192.168.0.73 255.255.255.224
  peer ip address 192.168.0.66 255.255.255.224
  no normalization
  mac-address autogenerate
  no icmp-guard
  access-group input acl-in
  nat-pool 1 172.23.16.2 172.23.16.2 netmask 255.255.255.255 pat
  service-policy input PM_ENOC_Servers


interface vlan 200
  description WAN-VLAN CONTEXT RACK1
  ip address 192.168.0.33 255.255.255.224
  alias 192.168.0.43 255.255.255.224
  peer ip address 192.168.0.34 255.255.255.224
  mac-address autogenerate
  access-group input acl-wan
  service-policy input PM_ENOC_Servers



policy-map type loadbalance first-match PM_LB_ENOC_TP_Server
  class class-default
    sticky-serverfarm TP_COOKIE_INSERT



policy-map multi-match PM_ENOC_Servers
  class CITRIX_GW
    loadbalance vip inservice
    loadbalance policy PM_LB_CITRIX_GW
    loadbalance vip icmp-reply active
    nat dynamic 5 vlan 300

  class ENOC_TP_Server
    loadbalance vip inservice
    loadbalance policy PM_LB_ENOC_TP_Server
    loadbalance vip icmp-reply active
    nat dynamic 5 vlan 300



ENOCDC-ACE01/Rack1# show serverfarm SF_ENOC_TP_Server
serverfarm     : SF_ENOC_TP_Server, type: HOST
total rservers : 5
---------------------------------
                                                ----------connections-----------
       real                  weight state        current    total      failures
   ---+---------------------+------+------------+----------+----------+---------
   rserver: TP_1
       192.168.200.29:0      8      OUTOFSERVICE 0          0          0
   rserver: TP_2
       192.168.200.34:0      8      OUTOFSERVICE 0          0          0
   rserver: TP_3
       192.168.200.81:0      8      OUTOFSERVICE 0          0          0
   rserver: TP_4
       192.168.200.82:0      8      OUTOFSERVICE 0          0          0
   rserver: TP_5
       192.168.10.39:0       8      OPERATIONAL  1          0          1


      
ENOCDC-ACE01/Rack1# show conn serverfarm SF_ENOC_TP_Server

conn-id    np dir proto vlan source                destination           state
----------+--+---+-----+----+---------------------+---------------------+------+
30252      1  in  TCP   200  172.20.106.25:4478    172.23.15.30:80       ESTAB
82322      1  out TCP   200  192.168.10.39:80      172.20.106.25:4478    INIT



ENOCDC-ACE01/Rack1# show conn serverfarm SF_ENOC_TP_Server

conn-id    np dir proto vlan source                destination           state
----------+--+---+-----+----+---------------------+---------------------+------+
33949      1  in  TCP   200  192.168.10.71:3091    172.23.15.30:80       ESTAB
8390       1  out TCP   200  192.168.10.39:80      192.168.10.71:3091    INIT

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
EPHRAIM MANI Fri, 07/30/2010 - 12:40
User Badges:
  • Bronze, 100 points or more

I show couple of  discrepancy in the configuration which needs to be corrected.

interface vlan 300
nat-pool 1 172.23.16.2 172.23.16.2 netmask 255.255.255.255 pat---->nat-pool 1 192.168.0.253 192.168.0.253 netmask 255.255.255.255 pat
class ENOC_TP_Server
nat dynamic 5 vlan 300-------------------------------------------->nat dynamic 1 vlan 300

wasiimcisco Fri, 07/30/2010 - 13:45
User Badges:

actually this is right configuration i am using seperate nat for each load balancing server. See the below mention detail interface configuration.



interface vlan 300
  description ACE-INSIDE CONTEXT RACK1
  ip address 192.168.0.65 255.255.255.224
  alias 192.168.0.73 255.255.255.224
  peer ip address 192.168.0.66 255.255.255.224
  no normalization
  mac-address autogenerate
  no icmp-guard
  access-group input acl-in
  nat-pool 1 172.23.16.2 172.23.16.2 netmask 255.255.255.255 pat
  nat-pool 3 172.23.16.3 172.23.16.3 netmask 255.255.255.255 pat
  nat-pool 4 172.23.16.4 172.23.16.4 netmask 255.255.255.255 pat
  nat-pool 5 172.23.16.5 172.23.16.5 netmask 255.255.255.255 pat
  service-policy input PM_ENOC_Servers
  service-policy input PM_RT_FAX
  service-policy input PM_ITSM_Web_Server
  service-policy input PM_ITSM_MAPP_Server
  service-policy input PM_BYPASS_FOR_LAN_HTTP
  service-policy input PM_BYPASS_HTTP
  service-policy input PM_MAIN_BCPROXY



Please let me know what i am missing. Only LAN side servers are load balance properly but the WAN side are not able to load balance.

acharyr123 Wed, 08/04/2010 - 22:33
User Badges:

Hi,


Check your NAT properly, most of the times it is NAT related issue. I was also facing similar issue earlier but when it was diagnosed properly it found to be NAT issue...

Actions

This Discussion