12-12-2011 06:23 AM
Hi,
I would like to know if we can use sticky with DNS load balance using source IP address-
sticky ip-netmask 255.255.255.255 address both XXXXX
timeout activeconns
replicate sticky
serverfarm XXXX
Also what would be the diffrent using -
probe dns and probe udp
Thanks
Ajay
Solved! Go to Solution.
12-13-2011 01:10 AM
Hi Ajay,
You can use the sticky with DNS using Source IP address.
The following example shows a running configuration that load balances DNS traffic across multiple real servers, and transmits and receives UDP data that spans multiple packets. The configuration uses a UDP health probe. The UDP probe configuration eements appears in bold in the example.
access-list ACL1 line 10 extended permit ip any any
probe udp UDP
interval 5
passdetect interval 10
description THIS PROBE IS INTENDED FOR LOAD BALANCING DNS TRAFFIC
port 53
send-data UDP_TEST
rserver host SERVER1
ip address 192.168.252.245
inservice
rserver host SERVER2
ip address 192.168.252.246
inservice
rserver host SERVER3
ip address 192.168.252.247
inservice
serverfarm host SFARM1
probe UDP
rserver SERVER1
inservice
rserver SERVER2
inservice
rserver SERVER3
inservice
class-map match-all L4UDP-VIP_114:UDP_CLASS
2 match virtual-address 192.168.120.114 udp eq 53
policy-map type loadbalance first-match L7PLBSF_UDP_POLICY
class class-default
serverfarm SFARM1
policy-map multi-match L4SH-Gold-VIPs_POLICY
class L4UDP-VIP_114:UDP_CLASS
loadbalance vip inservice
loadbalance policy L7PLBSF_UDP_POLICY
loadbalance vip icmp-reply
nat dynamic 1 vlan 120
connection advanced-options 1SECOND-IDLE
interface vlan 120
description Upstream VLAN_120 - Clients and VIPs
ip address 192.168.120.1 255.255.255.0
fragment chain 20
fragment min-mtu 68
access-group input ACL1
nat-pool 1 192.168.120.70 192.168.120.70 netmask 255.255.255.0 pat
service-policy input L4SH-Gold-VIPs_POLICY
no shutdown
ip route 10.1.0.0 255.255.255.0 192.168.120.254
-----------------------------------------------------------------------
Configuring a UDP Probe
Note When configuring a UDP probe, you must configure a management-based policy.
By default, the UDP probe sends a UDP packet to a server and marks the server as failed only if the server returns an ICMP Port Unreachable message. If the ACE does not receive any ICMP errors for the UDP request that was sent, the probe is marked as passed. Optionally, you can configure this probe to send specific data and expect a specific response to mark the server as passed.
If the real server is not directly connected to the ACE (for example, it is connected via a gateway) and the IP interface of the server is down or disconnected, the UDP probe by itself would not know that the UDP application is not reachable. If the real server is directly connected to the ACE and the IP interface of the server is down, then the UDP probe fails.
If the IP interface of the server is down or disconnected, the UDP probe by itself would not know that the UDP application is not reachable.
To create a UDP probe and access its configuration mode, use the probe udp name command.
For example, to define a UDP probe named PROBE2 and access its mode, enter:
host1/Admin(config)# probe udp PROBE2
host1/Admin(config-probe-udp)#
You can configure the following attributes for a UDP probe:
•To configure what the ACE expects as a response from the probe destination server, use the expect regex command.
•To configure the data sent on the connection for a UDP probe, use the send-data expression command.
Then, you can configure the attributes in the "Configuring General Probe Attributes" section.
-----------------------------------------
A DNS probe sends a request to a DNS server giving it a configured domain (by default, the domain is www.cisco.com). To determine if the server is up, the ACE must receive one of the configured IP addresses for that domain. To create a DNS probe and access its configuration mode, use the probe dns command. The syntax of this command is:
probe dns name
For the name argument, enter an identifier of the DNS probe as an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.
For example, to define a DNS probe named PROBE7 and access its mode, enter:
host1/Admin(config)# probe dns PROBE7
host1/Admin(config-probe-dns)#
You can configure attributes for a DNS probe, as described in the following sections:
•Configuring the Domain Name
•Configuring the Expected IP Address
Then, you can configure the attributes in the "Configuring General Probe Attributes" section.
Configuring the Domain Name
The DNS probe sends a domain name for the DNS server to resolve. By default, the probe uses the www.cisco.com domain. To configure the domain name that the probe sends to the server, use the domain command. The syntax of this command is:
domain name
The name argument is the domain that the probe sends to the DNS server. Enter an unquoted text string with a maximum of 255 characters.
For example, to configure the domain name of support.cisco.com, enter:
host1/Admin(config-probe-dns)# domain support.cisco.com
To reset the domain to www.cisco.com, use the no domain command. For example, enter:
host1/Admin(config-probe-dns)# no domain
Configuring the Expected IP Address
When a DNS probe sends a domain name resolve request to the server, it verifies the returned IP address by matching the received IP address with the configured addresses. To configure the IP address that the ACE expects as a server response to a DNS request, use the expect address command. The syntax of this command is:
expect address ip_address
The ip_address argument is the expected returned IP address. Enter a unique IPv4 address in dotted-decimal notation (for example, 192.8.12.15).
You can specify multiple IP addresses with this command by entering the command with a different address separately. For example, to configure an expected IP address of 192.8.12.15 and 192.8.12.23, enter:
host1/Admin(config-probe-dns)# expect address 192.8.12.15
host1/Admin(config-probe-dns)# expect address 192.8.12.23
To remove an IP address, use the no expect address command. For example, enter:
host1/Admin(config-probe-dns)# no expect address 192.8.12.15
Configuring General Probe Attributes kindly refer:
http://www.cisco.com/en/US/netsol/ns751/networking_solutions_design_guidances_list.html
HTH
Sachin
12-13-2011 01:10 AM
Hi Ajay,
You can use the sticky with DNS using Source IP address.
The following example shows a running configuration that load balances DNS traffic across multiple real servers, and transmits and receives UDP data that spans multiple packets. The configuration uses a UDP health probe. The UDP probe configuration eements appears in bold in the example.
access-list ACL1 line 10 extended permit ip any any
probe udp UDP
interval 5
passdetect interval 10
description THIS PROBE IS INTENDED FOR LOAD BALANCING DNS TRAFFIC
port 53
send-data UDP_TEST
rserver host SERVER1
ip address 192.168.252.245
inservice
rserver host SERVER2
ip address 192.168.252.246
inservice
rserver host SERVER3
ip address 192.168.252.247
inservice
serverfarm host SFARM1
probe UDP
rserver SERVER1
inservice
rserver SERVER2
inservice
rserver SERVER3
inservice
class-map match-all L4UDP-VIP_114:UDP_CLASS
2 match virtual-address 192.168.120.114 udp eq 53
policy-map type loadbalance first-match L7PLBSF_UDP_POLICY
class class-default
serverfarm SFARM1
policy-map multi-match L4SH-Gold-VIPs_POLICY
class L4UDP-VIP_114:UDP_CLASS
loadbalance vip inservice
loadbalance policy L7PLBSF_UDP_POLICY
loadbalance vip icmp-reply
nat dynamic 1 vlan 120
connection advanced-options 1SECOND-IDLE
interface vlan 120
description Upstream VLAN_120 - Clients and VIPs
ip address 192.168.120.1 255.255.255.0
fragment chain 20
fragment min-mtu 68
access-group input ACL1
nat-pool 1 192.168.120.70 192.168.120.70 netmask 255.255.255.0 pat
service-policy input L4SH-Gold-VIPs_POLICY
no shutdown
ip route 10.1.0.0 255.255.255.0 192.168.120.254
-----------------------------------------------------------------------
Configuring a UDP Probe
Note When configuring a UDP probe, you must configure a management-based policy.
By default, the UDP probe sends a UDP packet to a server and marks the server as failed only if the server returns an ICMP Port Unreachable message. If the ACE does not receive any ICMP errors for the UDP request that was sent, the probe is marked as passed. Optionally, you can configure this probe to send specific data and expect a specific response to mark the server as passed.
If the real server is not directly connected to the ACE (for example, it is connected via a gateway) and the IP interface of the server is down or disconnected, the UDP probe by itself would not know that the UDP application is not reachable. If the real server is directly connected to the ACE and the IP interface of the server is down, then the UDP probe fails.
If the IP interface of the server is down or disconnected, the UDP probe by itself would not know that the UDP application is not reachable.
To create a UDP probe and access its configuration mode, use the probe udp name command.
For example, to define a UDP probe named PROBE2 and access its mode, enter:
host1/Admin(config)# probe udp PROBE2
host1/Admin(config-probe-udp)#
You can configure the following attributes for a UDP probe:
•To configure what the ACE expects as a response from the probe destination server, use the expect regex command.
•To configure the data sent on the connection for a UDP probe, use the send-data expression command.
Then, you can configure the attributes in the "Configuring General Probe Attributes" section.
-----------------------------------------
A DNS probe sends a request to a DNS server giving it a configured domain (by default, the domain is www.cisco.com). To determine if the server is up, the ACE must receive one of the configured IP addresses for that domain. To create a DNS probe and access its configuration mode, use the probe dns command. The syntax of this command is:
probe dns name
For the name argument, enter an identifier of the DNS probe as an unquoted text string with no spaces and a maximum of 64 alphanumeric characters.
For example, to define a DNS probe named PROBE7 and access its mode, enter:
host1/Admin(config)# probe dns PROBE7
host1/Admin(config-probe-dns)#
You can configure attributes for a DNS probe, as described in the following sections:
•Configuring the Domain Name
•Configuring the Expected IP Address
Then, you can configure the attributes in the "Configuring General Probe Attributes" section.
Configuring the Domain Name
The DNS probe sends a domain name for the DNS server to resolve. By default, the probe uses the www.cisco.com domain. To configure the domain name that the probe sends to the server, use the domain command. The syntax of this command is:
domain name
The name argument is the domain that the probe sends to the DNS server. Enter an unquoted text string with a maximum of 255 characters.
For example, to configure the domain name of support.cisco.com, enter:
host1/Admin(config-probe-dns)# domain support.cisco.com
To reset the domain to www.cisco.com, use the no domain command. For example, enter:
host1/Admin(config-probe-dns)# no domain
Configuring the Expected IP Address
When a DNS probe sends a domain name resolve request to the server, it verifies the returned IP address by matching the received IP address with the configured addresses. To configure the IP address that the ACE expects as a server response to a DNS request, use the expect address command. The syntax of this command is:
expect address ip_address
The ip_address argument is the expected returned IP address. Enter a unique IPv4 address in dotted-decimal notation (for example, 192.8.12.15).
You can specify multiple IP addresses with this command by entering the command with a different address separately. For example, to configure an expected IP address of 192.8.12.15 and 192.8.12.23, enter:
host1/Admin(config-probe-dns)# expect address 192.8.12.15
host1/Admin(config-probe-dns)# expect address 192.8.12.23
To remove an IP address, use the no expect address command. For example, enter:
host1/Admin(config-probe-dns)# no expect address 192.8.12.15
Configuring General Probe Attributes kindly refer:
http://www.cisco.com/en/US/netsol/ns751/networking_solutions_design_guidances_list.html
HTH
Sachin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide