ACE behavior with static sticky and rserver down situation

Document

Aug 2, 2011 6:54 PM
Aug 2nd, 2011

Introduction

You can configure  static sticky table entries based on the source IP address, destination  IP address, or real server name and port. Static sticky-IP values remain  constant over time and you can configure multiple static entries.

Note: When  you configure a static entry, the ACE enters it into the sticky table  immediately. You can create a maximum of 4096 static entries.

Topology overview

ACE One-arm deployment (VLAN 903), I had three servers for testing r1,r2,r3 all of them are L2 connected to VLAN903, the ACE VLAN903 IP address is the default gateway for all these servers.

r2 is mapped to r3 and r3 is mapped to r2 using static source sticky group. r1 is the backup server for r3.

Version

The configuration shown in this document is created on ACE-20 module running A2(3.4) version software.


ACE Configuration

\\define the rserver hosts

rserver host r1

  ip address 172.16.4.4

  inservice

rserver host r2

  ip address 172.16.4.5

  inservice

rserver host r3

  ip address 172.16.4.6

\\map the rserver's to the serverfarm

serverfarm host webfarm
  rserver r1
    inservice standby
  rserver r2
    inservice
  rserver r3
    backup-rserver r1
    inservice

\\define static sticky server, here we are mapping r2 to r3 and r3 to r2

sticky ip-netmask 255.255.255.255 address source sticky_webfarm
  serverfarm webfarm
  8 static client source 172.16.4.5 rserver r3
  16 static client source 172.16.4.6 rserver r2

\\class map to match the VIP traffic

class-map match-all internalweb1
  2 match virtual-address 172.16.4.7 tcp eq www

 

\\policy map to define action for sticky_webfarm

policy-map type loadbalance first-match internalweb1-lb
  class class-default
    sticky-serverfarm sticky_webfarm

\\policy map to define action on traffic matched by class internalweb1

policy-map multi-match internalweb-policy
  class internalweb1
    loadbalance vip inservice
    loadbalance policy internalweb1-lb
    loadbalance vip icmp-reply
    nat dynamic 1 vlan 903
               

interface vlan 903
  ip address 172.16.4.2 255.255.255.240
  alias 172.16.4.1 255.255.255.240
  peer ip address 172.16.4.3 255.255.255.240
  access-group input everyones
  access-group output everyones
  nat-pool 1 172.16.4.8 172.16.4.8 netmask 255.255.255.255 pat
  service-policy input remote-mgmt
  service-policy input internalweb-policy
  no shutdown

 

Scenario

1st: All servers are up:

ACE20-Rack3-Primary/Routed-c1-STATIC# show serverfarm webfarm
serverfarm     : webfarm, type: HOST
total rservers : 3
---------------------------------
                                                ----------connections-----------
       real                  weight state        current    total      failures
   ---+---------------------+------+------------+----------+----------+---------
   rserver: r1
       172.16.4.4:0          8      STANDBY      0          0          0
   rserver: r2
       172.16.4.5:0          8      OPERATIONAL  0          0          0
   rserver: r3
       172.16.4.6:0          8      OPERATIONAL  0          0          0

   
ACE20-Rack3-Primary/Routed-c1-STATIC# show conn

total current connections : 4

conn-id    np dir proto vlan source                destination           state
----------+--+---+-----+----+---------------------+---------------------+------+
81263      2  in  TCP   903  172.16.4.5:41886      172.16.4.7:80         ESTAB
81264      2  out TCP   903  172.16.4.6:80         172.16.4.8:1031       ESTAB
81265      2  in  TCP   903  172.16.4.6:51251      172.16.4.7:80         ESTAB
81266      2  out TCP   903  172.16.4.5:80         172.16.4.8:1032       ESTAB
ACE20-Rack3-Primary/Routed-c1-STATIC#

ACE20-Rack3-Primary/Routed-c1-STATIC# show sticky database static
sticky group : sticky_webfarm
type         : IP
timeout      : 1440          timeout-activeconns : FALSE
  sticky-entry          rserver-instance                 time-to-expire flags
  ---------------------+--------------------------------+--------------+-------+
  172.16.4.6            r2:0                                never         -
sticky group : sticky_webfarm
type         : IP
timeout      : 1440          timeout-activeconns : FALSE
  sticky-entry          rserver-instance                 time-to-expire flags
  ---------------------+--------------------------------+--------------+-------+
  172.16.4.5            r3:0                                never         -
ACE20-Rack3-Primary/Routed-c1-STATIC#


2nd: r2 and r1 is up, r3 is down:

ACE20-Rack3-Primary/Routed-c1-STATIC# show serverfarm webfarm
serverfarm     : webfarm, type: HOST
total rservers : 3
---------------------------------
                                                ----------connections-----------
       real                  weight state        current    total      failures
   ---+---------------------+------+------------+----------+----------+---------
   rserver: r1
       172.16.4.4:0          8      OPERATIONAL  0          1          0
   rserver: r2
       172.16.4.5:0          8      OPERATIONAL  0          6          0
   rserver: r3
       172.16.4.6:0          8      OUTOFSERVICE 0          6          0

ACE20-Rack3-Primary/Routed-c1-STATIC#

ACE20-Rack3-Primary/Routed-c1-STATIC# show conn

total current connections : 4

conn-id    np dir proto vlan source                destination           state
----------+--+---+-----+----+---------------------+---------------------+------+
63244      1  in  TCP   903  172.16.4.5:41887      172.16.4.7:80         ESTAB
63245      1  out TCP   903  172.16.4.4:80         172.16.4.8:1035       ESTAB
63248      1  in  TCP   903  172.16.4.6:51252      172.16.4.7:80         ESTAB
63249      1  out TCP   903  172.16.4.5:80         172.16.4.8:1037       ESTAB


ACE20-Rack3-Primary/Routed-c1-STATIC# show sticky database static
sticky group : sticky_webfarm
type         : IP
timeout      : 1440          timeout-activeconns : FALSE
  sticky-entry          rserver-instance                 time-to-expire flags
  ---------------------+--------------------------------+--------------+-------+
  172.16.4.6            r2:0                                never         -
sticky group : sticky_webfarm
type         : IP
timeout      : 1440          timeout-activeconns : FALSE
  sticky-entry          rserver-instance                 time-to-expire flags
  ---------------------+--------------------------------+--------------+-------+
  172.16.4.5            r3:0                                never         -
ACE20-Rack3-Primary/Routed-c1-STATIC#


3rd: r3 backup (all servers are up):

ACE20-Rack3-Primary/Routed-c1-STATIC# show serverfarm webfarm
serverfarm     : webfarm, type: HOST
total rservers : 3
---------------------------------
                                                ----------connections-----------
       real                  weight state        current    total      failures
   ---+---------------------+------+------------+----------+----------+---------
   rserver: r1
       172.16.4.4:0          8      STANDBY      0          1          0
   rserver: r2
       172.16.4.5:0          8      OPERATIONAL  1          5          0
   rserver: r3
       172.16.4.6:0          8      OPERATIONAL  1          2          0

ACE20-Rack3-Primary/Routed-c1-STATIC# show conn | in EST
246        1  in  TCP   903  172.16.4.5:50948      172.16.4.7:80         ESTAB
247        1  out TCP   903  172.16.4.6:80         172.16.4.8:1033       ESTAB
181        2  in  TCP   903  172.16.4.6:55509      172.16.4.7:80         ESTAB
182        2  out TCP   903  172.16.4.5:80         172.16.4.8:1029       ESTAB


ACE20-Rack3-Primary/Routed-c1-STATIC# show sticky database static
sticky group : sticky_webfarm
type         : IP
timeout      : 1440          timeout-activeconns : FALSE
  sticky-entry          rserver-instance                 time-to-expire flags
  ---------------------+--------------------------------+--------------+-------+
  172.16.4.6            r2:0                                never         -
sticky group : sticky_webfarm
type         : IP
timeout      : 1440          timeout-activeconns : FALSE
  sticky-entry          rserver-instance                 time-to-expire flags
  ---------------------+--------------------------------+--------------+-------+
  172.16.4.5            r3:0                                never         -
ACE20-Rack3-Primary/Routed-c1-STATIC#


4th: r3 and r1 is down, r2 is up:

ACE20-Rack3-Primary/Routed-c1-STATIC# show serverfarm webfarm
serverfarm     : webfarm, type: HOST
total rservers : 3
---------------------------------
                                                ----------connections-----------
       real                  weight state        current    total      failures
   ---+---------------------+------+------------+----------+----------+---------
   rserver: r1
       172.16.4.4:0          8      OUTOFSERVICE 1          2          0
   rserver: r2
       172.16.4.5:0          8      OPERATIONAL  1          7          0
   rserver: r3
       172.16.4.6:0          8      OUTOFSERVICE 0          6          0

ACE20-Rack3-Primary/Routed-c1-STATIC#


ACE20-Rack3-Primary/Routed-c1-STATIC# show conn

total current connections : 4

conn-id    np dir proto vlan source                destination           state
----------+--+---+-----+----+---------------------+---------------------+------+
63278      1  in  TCP   903  172.16.4.5:56804      172.16.4.7:80         ESTAB
63279      1  out TCP   903  172.16.4.5:80         172.16.4.8:1039       ESTAB
81301      2  in  TCP   903  172.16.4.6:51253      172.16.4.7:80         ESTAB
81302      2  out TCP   903  172.16.4.5:80         172.16.4.8:1034       ESTAB

ACE20-Rack3-Primary/Routed-c1-STATIC# show sticky database static
sticky group : sticky_webfarm
type         : IP
timeout      : 1440          timeout-activeconns : FALSE
  sticky-entry          rserver-instance                 time-to-expire flags
  ---------------------+--------------------------------+--------------+-------+
  172.16.4.6            r2:0                                never         -
sticky group : sticky_webfarm
type         : IP
timeout      : 1440          timeout-activeconns : FALSE
  sticky-entry          rserver-instance                 time-to-expire flags
  ---------------------+--------------------------------+--------------+-------+
  172.16.4.5            r3:0                                never         -
ACE20-Rack3-Primary/Routed-c1-STATIC#


5th: r1 is back up but r3 still down, r2 is up:

ACE20-Rack3-Primary/Routed-c1-STATIC# show serverfarm webfarm
serverfarm     : webfarm, type: HOST
total rservers : 3
---------------------------------
                                                ----------connections-----------
       real                  weight state        current    total      failures
   ---+---------------------+------+------------+----------+----------+---------
   rserver: r1
       172.16.4.4:0          8      OPERATIONAL  0          1          0
   rserver: r2
       172.16.4.5:0          8      OPERATIONAL  2          6          0
   rserver: r3
       172.16.4.6:0          8      OUTOFSERVICE 0          2          0

ACE20-Rack3-Primary/Routed-c1-STATIC#

ACE20-Rack3-Primary/Routed-c1-STATIC# show conn | in EST
290        1  in  TCP   903  172.16.4.5:56767      172.16.4.7:80         ESTAB
291        1  out TCP   903  172.16.4.4:80         172.16.4.8:1035       ESTAB
181        2  in  TCP   903  172.16.4.6:55509      172.16.4.7:80         ESTAB
182        2  out TCP   903  172.16.4.5:80         172.16.4.8:1029       ESTAB

Conclusion

- If r3 is down the ACE will start send the traffic to its backup server r1 (2nd test).
- Once r3 is back up the ACE will start using the static sticky entry and start sending the new connections to r3 again, old connection will not be RST  (3rd test).
- If r3 and r1 are down the ACE will load balance the traffic to other servers on the serverfarm (r2) (4th test).
- As soon as r3 or r1 comes back up the ACE return to use the static entry and will start sending the new connections to one of them, old connections will not be RST (5th test).

Related Information

Deploying GSS and ACE in least loaded GSLB based on VIP conn number

SSL URL Rewrite with wildcard on ACE

TFTP load-balancing on ACE

Average Rating: 4 (1 ratings)

Actions

Login or Register to take actions

This Document

Posted August 2, 2011 at 6:54 PM
Stats:
Comments:0 Avg. Rating:4
Views:2466 Contributors:0
Shares:0

Related Content

Documents Leaderboard