Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

ACE: if one server is loaded and it want to use the server not loaded? how?


I have 2 real Servers ( and in loadbalance (HTTP and HTTPS) with VIP, and the type of loadbalance is round robin, but when the server ( has high proccessing for example memory or hard disk and users try to access to server ( this is more slow. if this server is too loaded? how can the ACE switch to another real server? in 10 seconds for example?

Best Regards

My configuration is:

ACE-MOD6/integracion1# sh runn

Generating configuration....

access-list anyone line 8 extended permit ip any any

probe http get-index

interval 4

open 2

recieve 2

faildetect 2

passdetect interval 10

expect status 200 200

rserver host Srv1

ip address

probe get-index


rserver host Srv2

ip address

probe get-index


serverfarm host servers

rserver Srv1


rserver Srv2


class-map type management match-any ADM-CONTEX-SERV1

2 match protocol telnet any

3 match protocol ssh any

4 match protocol icmp any

class-map type http loadbalance match-all Check-Headers

2 match http url .*

3 match http header Host header-value "10.24.16.*"

4 match http header User-Agent header-value ".*MSIE.*"

class-map match-all VIP-10-HTTP

2 match virtual-address tcp eq www

class-map type http loadbalance match-all other-HTTP

2 match http url .*

policy-map type management first-match ADM-CTX-SERV1



policy-map type loadbalance first-match L7-logic

class Check-Headers

serverfarm servers

class other-HTTP

serverfarm servers

policy-map type loadbalance first-match lb-logic

class class-default

serverfarm servers

policy-map multi-match client-vips

class VIP-10-HTTP

loadbalance vip inservice

loadbalance policy L7-logic

loadbalance vip icmp-reply active

interface vlan 60

description inside

ip address

access-group input anyone

access-group output anyone

service-policy input ADM-CTX-SERV1

no shutdown

interface vlan 233

description outside

ip address

access-group input anyone

access-group output anyone

service-policy input ADM-CTX-SERV1

service-policy input client-vips

no shutdown

ip route

New Member

Re: ACE: if one server is loaded and it want to use the server n

If your server is running an SNMP agent, the ACE can use SNMP to pull stats from the server. You'll just need the correct OID. For instance, if you were using Linux, you might use something like the following as a probe:

probe snmp linux-stats

interval 10

community public

oid .

threshold 75

. is the OID for CPU load average (for Linux, Windows would have a different OID). If it goes above 75, the server is marked as out. When used with the least-loaded predictor, it will also divert more traffic to the least loaded server, as defined by that OID. You can use multiple OIDs in conjunctions and give them different weights.

However, judging from your timeout value of your get-http health check, I would check to see if the issue isn't that your servers are flapping because of a too-low receive threshold. Each server has 2 seconds to respond to the ACE, which may not enough time given that the servers may be getting a lot of traffic and you're doing these checks every 4 seconds.

If one fails, the other gets all the traffic, until it is overloaded, and it fails. By this time, your other servers has calmed down, and gets all the traffic, and the cycle repeats itself. Check SNMP traps or SYSLOG to see if this is the case.

Either way, you might want to change the timeout to 5 or 10, to give them more breathing room.