Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1654
Views
4
Helpful
3
Replies

SLB VRF problem with probe sending

ivajrg_bdc
Level 1
Level 1

‎08-04-2010 11:40 PM - edited ‎03-06-2019 12:19 PM

Greetings to everybody,

I think I have encountered a problem while configuring SLB probes in VRF environment. C6500 is displaying that probes are unsuccessful.

I want to configure probes for a serverfarm which contains two servers. Servers are in a separate VLAN and there are two SVIs that are in separate VRF (Virtual IP and real server IPs).

Just to mention, load balancing works fine, but the only issue is with probes.

Here is some debug output:

telnet command was issued to Virtual IP TCP7777 port – request is redirected to one of the real servers - connection works fine:

Aug 4 16:39:41.130: SLB_CONN_DEBUG: TCP event= SYN_CLIENT, state= INIT ->SYNCLIENT

Aug 4 16:39:41.130:  v_ip= 10.70.23.167:7777 (  7), real= 10.80.123.4,NAT= S

Aug 4 16:39:41.130:  client= 10.70.28.10:60162, vrf= PRD

Aug 4 16:39:41.130: SLB_CONN_DEBUG: TCP event= SYNACK_SERVER, state= SYNCLIENT-> ESTAB

Aug 4 16:39:41.130:  v_ip= 10.70.23.167:7777 (  7), real= 10.80.123.4,NAT= S

Aug 4 16:39:41.130:  client= 10.70.28.10:60162, vrf= PRD

Aug 4 16:39:41.130: SLB_CONN_DEBUG: TCP event= DATA_CLIENT, state= ESTAB ->ESTAB

Aug 4 16:39:41.130:  v_ip= 10.70.23.167:7777 (  7), real= 10.80.123.4,NAT= S

Aug 4 16:39:41.130:  client= 10.70.28.10:60162, vrf= PRD

Simple slb probe configuration and the debug output straight after the last line is entered:

ip slb probe APP_SFARM ping

interval 5

!

ip slb serverfarm APP_SFARM

nat server

predictorleastconns

probe APP_SFARM

!

real 10.80.123.4

inservice

!

real 10.80.123.5

inservice

!

Aug 4 16:46:41.048: SLB_PROBE: RTR Entry 71

Aug 4 16:46:41.048: SLB_PROBE: RTR Entry 72

Aug 4 16:46:41.048: SLB_CONN_DEBUG: ICMP event= DATA_CLIENT, state= INIT ->ESTAB

Aug 4 16:46:41.048:  v_ip= 10.70.23.167:0 (  7), real= 10.80.123.4, NAT=S

Aug 4 16:46:41.048:  client= 10.80.123.2:102, vrf=

Aug 4 16:46:41.048: SLB_CONN_DEBUG: ICMP event= DATA_CLIENT, state= INIT ->ESTAB

Aug 4 16:46:41.048:  v_ip= 10.70.23.167:0 (  7), real= 10.80.123.5, NAT=S

Aug 4 16:46:41.048:  client= 10.80.123.2:103, vrf=

Aug 4 16:46:42.048: SLB_CONN_DEBUG: ICMP event= DESTROY, state= ESTAB -> ZOMBIE

Aug 4 16:46:42.048:  v_ip= 10.70.23.167:0 (  7), real= 10.80.123.4, NAT=S

Aug 4 16:46:42.048:  client= 10.80.123.2:102, vrf=

Aug 4 16:46:42.048: SLB_PROBE: ping server:10.80.123.4:7777 target:10.70.23.167:0tests:1

Aug 4 16:46:42.048: SLB_CONN_DEBUG: ICMP event= DESTROY, state= ESTAB -> ZOMBIE

Aug 4 16:46:42.048:  v_ip= 10.70.23.167:0 (  7), real= 10.80.123.5, NAT=S

Aug 4 16:46:42.048:  client= 10.80.123.2:103, vrf=

Aug 4 16:46:42.048: SLB_PROBE: ping server:10.80.123.5:7777 target:10.70.23.167:0tests:1

Aug 4 16:46:43.048: SLB_CONN_DEBUG: ICMP event= DATA_CLIENT, state= INIT ->ESTAB

Aug 4 16:46:43.048:  v_ip= 10.70.23.167:0 (  7), real= 10.80.123.4, NAT=S

Aug 4 16:46:43.048:  client= 10.80.123.2:102, vrf=

Aug 4 16:46:43.048: SLB_CONN_DEBUG: ICMP event= DATA_CLIENT, state= INIT ->ESTAB

Aug 4 16:46:43.048:  v_ip= 10.70.23.167:0 (  7), real= 10.80.123.5, NAT=S

Aug 4 16:46:43.048:  client= 10.80.123.2:103, vrf=

Aug 4 16:46:44.049: SLB_CONN_DEBUG: ICMP event= DESTROY, state= ESTAB -> ZOMBIE

Aug 4 16:46:44.049:  v_ip= 10.70.23.167:0 (  7), real= 10.80.123.4, NAT=S

Aug 4 16:46:44.049:  client= 10.80.123.2:102, vrf=

Aug 4 16:47:02.049 EEST: %SLB-6-REAL: Real 10.80.123.4 (APP_SFARM) has changedstate to PROBE_TESTING

Aug 4 16:47:02.049 EEST: %SLB-6-REAL: Real 10.80.123.5 (APP_SFARM) has changedstate to PROBE_TESTING

Simple testing with icmp from C6500:

sw1#pingvrf PRD 10.80.123.4

Type escape sequence to abort.

Sending5, 100-byte ICMP Echos to 10.80.123.4, timeout is 2 seconds:

!!!!!

Successrate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

sw1#pingvrf PRD 10.80.123.5

Type escape sequence to abort.

Sending5, 100-byte ICMP Echos to 10.80.123.5, timeout is 2 seconds:

!!!!!

Successrate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

As you probably noticed from debug output of the successful telnet TCP7777 connection and debug of the probe testing in the latter there is no VRF information. Could this be a problem? How could I bypass it?

Thanks in Advance.

Kind Regards,

Ivan

Labels:
0 Helpful
3 Replies 3

ivajrg_bdc
Level 1
Level 1

‎08-19-2010 11:12 PM

In case someone will encounter similar problem.

Solution: Configure "access" option for serverfarm and vserver.

jsteffensen
Level 1
Level 1
In response to ivajrg_bdc

‎11-25-2011 02:00 PM

Hi Ivan

We are having the same problem - searching for a way of making the probe "VRF"-aware.

Could you please paste the "access" also?

Best Regards

Jarle Steffensen

0 Helpful

ivajrg_bdc
Level 1
Level 1
In response to jsteffensen

‎11-26-2011 12:35 AM

Hi Jarle,

you just need to specify outgoing interface with "access outbound " command.

For Example:

ip slb firewallfarm SERVER
access outbound Vlan107
inservice

In this way probes will use proper interface and VRF.

Regards,

Ivan

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card