06-13-2007 11:47 PM
All,
I am trying to configure simple load balancing to 4 servers on a ACE (ver 3.0.0A13B), but I can't get it to work.
See config below. I have L3 vlan interfaces on my Cat6513 for vlan 22, 29 and 121.
Can anyone spot the issue?
Thanks, Pieter-Jon
probe tcp TCP
description TCP PROBE
interval 2
faildetect 2
passdetect interval 2
connection term forced
open 2
parameter-map type connection IDLE
set timeout inactivity 600
rserver host INFO-Realserver-1
ip address 38.22.175.1
probe TCP
inservice
rserver host INFO-Realserver-2
ip address 38.22.175.2
probe TCP
inservice
rserver host INFO-Realserver-3
ip address 38.22.175.3
probe TCP
inservice
rserver host INFO-Realserver-4
ip address 38.22.175.4
probe TCP
inservice
serverfarm host INFO2008
predictor leastconns slowstart 15
probe TCP
rserver INFO-Realserver-1
inservice
rserver INFO-Realserver-2
inservice
rserver INFO-Realserver-3
inservice
rserver INFO-Realserver-4
inservice
class-map match-all L4_VIP_ADDRESS_CLASS
2 match virtual-address 38.29.250.250 tcp any
class-map type management match-any MGMT-Class
2 match protocol icmp any
3 match protocol ssh any
4 match protocol telnet any
class-map type management match-all SNMP_ALLOW_CLASS
2 match protocol snmp any
class-map type management match-all TELNET_ALLOW_ALL
2 match protocol telnet any
policy-map type management first-match MGMT-Policy
class MGMT-Class
permit
policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
class TELNET_ALLOW_ALL
permit
policy-map type management first-match SNMP_ALLOW_POLICY
class SNMP_ALLOW_CLASS
permit
policy-map type loadbalance first-match L7_VIP_LB_ORDER_POLICY
class class-default
serverfarm INFO2008
policy-map multi-match L4_LB_VIP_POLICY
class L4_VIP_ADDRESS_CLASS
loadbalance vip inservice
loadbalance policy L7_VIP_LB_ORDER_POLICY
loadbalance vip icmp-reply
loadbalance vip advertise
interface vlan 22
description Info Servers vlan
ip address 38.22.1.250 255.255.0.0
no shutdown
interface vlan 29
description Info Front End vlan
ip address 38.29.1.250 255.255.0.0
service-policy input L4_LB_VIP_POLICY
service-policy input REMOTE_MGMT_ALLOW_POLICY
no shutdown
interface vlan 121
ip address 38.121.6.1 255.255.0.0
service-policy input REMOTE_MGMT_ALLOW_POLICY
service-policy input SNMP_ALLOW_POLICY
no shutdown
ip route 0.0.0.0 0.0.0.0 38.121.1.1
06-14-2007 12:46 AM
> I have L3 vlan interfaces on my Cat6513 for vlan 22, 29 and 121.
That is your problem first of all.
If i get it right from your config.
VLAN 121 is your transfer network / or client side vlan
VLAN 22 and VLAN 29 are Server VLANS?
What you should keep in mind is that you define the server side vlans only on the ACE contexts with L3. You don't define them on the supervisor.
If you use the ACE in routed mode you have to assign networks exclusive to the ace like routing networks to a layer 3 device in your network. If you use those vlans (22,29) on other parts of your net you should subnet them or take another network.
Your setup should look like this.
6513
L3 ~ VLAN 121
L2 ~ VLAN 22,29,121
ACE Module
L3 ~ VLAN 22,29,121
You assign the 3 vlans or any other to a vlan group and assign this group to the ace module.
Create a new context -> assign the vlan 22,29 and 121 to this context.
6513(L3) <-- vlan 121 --> ACE (L3) /Admin Context
6513(L3) <-- vlan 121 --> ACE(L3) / Server Context --> VLAN 22,29
----------
ACE Admin Context (VLAN121)
----------
ACE Server Context (VLAN 121,22,29)
---
After you have a working L2/L3 setup start troubleshooting the ace config itself. :)
Hope it helps
Roble
06-14-2007 12:54 AM
create an access-list for all traffic
access-list anyone line 10 extended permit ip any any
and apply it to client and server vlans using
access-group input anyone
Ace by default blocks all traffic.You need to assign acl to vlans to gurantee traffic passing through ACE.
Syed
06-14-2007 01:00 AM
Syed is right if your L2/L3 Setup is okay, then ACL needs to be there.
But i am not sure if that is the only problem. If yes ignore my first post. :)
Roble
06-14-2007 01:46 AM
Got it working now.
Thanks for your very useful replies!
06-14-2007 03:18 AM
check the probe status.
check the arp table.
Do you have connectivity with the servers ?
If not, make sure your svlc-vlan group are correctly setup on the switch.
Then, verify your topology.
Your default route point to vlan 121.
So, I assume your client will be coming on that vlan.
But you did not configure the policy L4_LB_VIP_POLICY on that vlan.
I think you should get rid of vlan 29 or vlan 121. Use only one of them and set the default route correctly.
Let the default gateway do the routing between the vlans.
Gilles.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide