I have a minor problem where I have a set of internal proxy servers and a set of DMZ proxy servers. All users hit the internal proxy servers via an ACE Load-balancer. These they forward the clients request to the DMZ proxy servers via the DMZ ACE Load-balancers.
The problem arises where 2 or 3 DMZ servers use the VIP of the DMZ proxy servers for internet access. We are using sticky connections based on source IP. So if the DMZ Load balancer is reset, it can happen that both Internal Proxy servers end up load balanced to the same DMZ proxy server. One of the other DMZ servers would be the only connection on the second DMZ Proxy server. This eventually times out and that proxy is not being used at all, while both internal proxies end up sending all traffic via the one DMZ proxy.
I tried putting static stickyness so that an internal Proxy would pair with a DMZ Proxy and I figured if one of the DMZ proxies fails then the internal proxies would get directed to the single remaining DMZ proxy. This was not the case however.
Has anybody run into this kind of situation before and is there a way around this?
Both ACE Load-balancers are 4710's running A3(2.0).
Thanks for the quick reply. You will have to excuse my ignorance as I am new enough to these ACE appliances, I didn't see anywhere to set a priority on the static sticky, is it just a case of going something like the following:
An update on this, I finally got a window to apply these changes however I am not allow apply the suggested config. I can make server 2 a backup to server 1, but when i try make server 1 a backup to server 2 I get the error message "Error: Cannot assign backup rservers in cylic order". Anybody figured out how to work around this?
Topology & Design:
Two ACI fabrics
Stretching VLANs using OTV
Both fabrics are advertising BD subnets into same routing domain
Some BDs(or say VLANs) are stretched, but some are not.
Endpoints can move betwee...
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
Topology &Design:Traffic flow within same fabric:Endpoint moves to Fabric-2Bounce Entry Times OutTraffic Black-holedSummarySolutionAppendix:
In the Previous articles of ACI Automation, we are using Postman/Newman a...