Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1470
Views
0
Helpful
8
Replies

ACE Redirect. Configuration Problem?

Jaime Soto Valenzuela
Level 1
Level 1

‎06-03-2010 06:32 AM

Hi,

I´m configuring Redirect in ACE 4710 and it doesn´t work fine. The client has two real servers and he wants redirect the traffic when both real servers are down.

They have other server with static content (http) for redirect the trafic.

The configuration is  (complete configuration is attached):

rserver host Backup_Rserver
  ip address 192.168.0.212
  inservice
rserver host achs-tamw01
  ip address 192.168.0.217
  inservice
rserver host achs-tamw02
  ip address 192.168.0.205
  inservice
rserver host achs-tamw03
  ip address 192.168.0.203
  inservice


serverfarm host SF_Backup
  rserver Backup_Rserver 80
    inservice

serverfarm host TAMW_80
  predictor leastconns
  probe PROBE_TAMW:80
  rserver achs-tamw01 80
    inservice
  rserver achs-tamw02 80
    inservice
  rserver achs-tamw03 80
    inservice

sticky ip-netmask 255.255.255.255 address source TAMW_80_STICKY
  replicate sticky
  serverfarm TAMW_80 backup SF_Backup

policy-map type loadbalance first-match VIP-POLICY-TAMW_80
  class class-default
   sticky-serverfarm TAMW_80_STICKY

policy-map multi-match LB-VIP
  class VIP_TAMW_80
    loadbalance vip inservice
    loadbalance policy VIP-POLICY-TAMW_80
    loadbalance vip icmp-reply active
    nat dynamic 1 vlan 10

interface vlan 10
  nat-pool 1 172.16.10.39 172.16.10.39 netmask 255.255.255.255 pat
  service-policy input LB-VIP

When both real servers are down, the VIP remains operational and the backup real servers is operational and I can see statistics increase in this server:

ACE-CC/Contexto_B# sh rserver

rserver              : Backup_Rserver, type: HOST
state                : OPERATIONAL (by default, unverified)
---------------------------------
                                                ----------connections-----------
       real                  weight state        current    total              
   ---+---------------------+------+------------+----------+--------------------
   serverfarm: SF_Backup
      192.168.0.212:0       8      OPERATIONAL  4          66                 

In these moment both real servers were down and I could see connections, but when user from Internet o LAN try to connect it can´t see static content.

ACE-CC/Contexto_B# sh service summ

service-policy: LB-VIP
Class                            VIP             Prot  Port        VLAN          State    Curr Conns   Hit Count  Conns Drop
VIP_TAMW_80                      172.16.10.150   tcp   eq 80       1,10           IN-SRVC          21         903          0

VIP remains operational.

Regards,

Jaime


Labels:
67333-ACE final.txt.zip
0 Helpful
8 Replies 8

Sean Merrow
Level 4
Level 4

‎06-03-2010 07:15 AM

Hello Jaime,

This sounds like the following bug:

CSCsx32861 -  backup sfarm under sticky group isn't used even when the primary is down

That bug was fixed in ACE 4710 software release A3(2.2).  If you are running an earlier software release than that, then I would recommend upgrading to A3(2.5).

Hope this helps,

Sean

0 Helpful

Jaime Soto Valenzuela
Level 1
Level 1
In response to Sean Merrow

‎06-03-2010 07:36 AM

Hello Sean,

The ACE is running A3(2.3) version.

Does this Bug present in this version?

Regards,

Jaime

0 Helpful

Sean Merrow
Level 4
Level 4
In response to Jaime Soto Valenzuela

‎06-03-2010 08:15 AM

Hi Jaime,

That bug should not be present in the A3(2.3) software, so it is possible you are having a diffferent problem.  I would recommend the following plan:

  1. Get a showtech from the Contexto_B context
  2. start a capture by SPANing the switch port or VLAN 10 that connects to the ACE 4710 so you can see the front and back end connections in a single capture
  3. Fail the primary server farm
  4. Run a test and let the connection fail.
  5. Stop the capture
  6. Get a second showtech

At that point, you can upload that data and I'll take a look, or you may want to open a case with Cisco TAC for further assistance.

Sean

0 Helpful

Jaime Soto Valenzuela
Level 1
Level 1
In response to Sean Merrow

‎06-03-2010 08:34 AM

Sean,

I assume that configuration of redirect is Ok....or not?

I will try to do this test as soon as possible.

Regards.

Jaime.

0 Helpful

Sean Merrow
Level 4
Level 4
In response to Jaime Soto Valenzuela

‎06-03-2010 08:52 AM

Yep, config looks good to me.

Sean

0 Helpful

Jaime Soto Valenzuela
Level 1
Level 1
In response to Sean Merrow

‎06-03-2010 09:17 AM

Ok.

In this moment, my client have this services in production, therefore will be impossible put the real servers in Down state for test.

I´m going to try to do Lab tests in the next days with equals configurations and validate the results.

Jaime.

0 Helpful

Peter Koltl
Level 7
Level 7

‎06-05-2010 02:07 PM

Do you test with HTTP or HTTPS? The backup server farm accepts only HTTP on port 80. Why didn't you create an SF_Backup_443 farm as well?

0 Helpful

Jaime Soto Valenzuela
Level 1
Level 1
In response to Peter Koltl

‎06-05-2010 06:01 PM

Hi Peter,

I did test only in HTTP mode. In the configurations you can see that I applied a backup server only the port 80:

serverfarm host SF_Backup
   rserver Backup_Rserver 80
    inservice

I didn´t create a SF_Backup_443 because we were testing only with services in HTTP.

I still can´t do labs test, although it seems that configuration is well. 

Regards.

Jaime.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents