10-21-2008 06:26 AM
Hello
i have to migrate an service from an alteon to the ace.
The traffic from different known sources is going over an transparent proxy into the internet. Based on the source address the traffic should be loadbalanced to different severfarms.
My config:
Application Context:
class-map match-all CLASS_A
2 match virtual-address 0.0.0.0 0.0.0.0 any
class-map match-all CLASS_B
2 match virtual-address 0.0.0.0 0.0.0.0 any
class-map type generic match-any CLASS_A
10 match source-address 1.2.3.4 255.255.255.0
class-map type generic match-any CLASS_B
10 match source-address 5.6.7.8 255.255.255.0
policy-map type loadbalance generic first-match POL_A
class CLASS_PEPLB_APN_WEB-52
serverfarm LIVE
policy-map type loadbalance generic first-match POL_B
class CLASS_PEPLB_APN_WEB-99
serverfarm TEST
policy-map multi-match POL_SLB_IF
class CLASS_A
loadbalance vip inservice
loadbalance policy POL_A
class CLASS_B
loadbalance vip inservice
loadbalance policy POL_B
-------------------------------
Internet Context:
class-map match-any CLASS_A
2 match virtual-address 1.2.3.4 255.255.255.0 any
class-map match-any CLASS_B
2 match virtual-address 5.6.7.8 255.255.255.0 any
policy-map type loadbalance first-match POL_A
class class-default
serverfarm LIVE
policy-map type loadbalance first-match POL_B
class class-default
serverfarm TEST
policy-map multi-match POL_SLB_IF
class CLASS_A
loadbalance vip inservice
loadbalance policy POL_A
class CLASS_B
loadbalance vip inservice
loadbalance policy POL_B
The Problem is that in the application Context only the last statement in the multi policy is matching. So only the last entry is working at all.
Right now im using one context for the LIVE serverfarm traffic and one context for the TEST serverfarm traffic. This is working but i can't spend two context for each serverfarm i have. I have to do it with one context.
10-21-2008 02:11 PM
Where are the following classes defined
CLASS_PEPLB_APN_WEB-52
CLASS_PEPLB_APN_WEB-99
How does the two context interact, what is the traffic flow wrt these tow contexts?
Syed Iftekhar Ahmed
10-22-2008 05:20 AM
There were an copy/paste failure
class-map match-all L3_CLASS_A
2 match virtual-address 0.0.0.0 0.0.0.0 any
class-map match-all L3_CLASS_B
2 match virtual-address 0.0.0.0 0.0.0.0 any
class-map type generic match-any L7_CLASS_A
10 match source-address 1.2.3.4 255.255.255.0
class-map type generic match-any L7_CLASS_B
10 match source-address 5.6.7.8 255.255.255.0
policy-map type loadbalance generic first-match POL_A
class L7_CLASS_A
serverfarm LIVE
policy-map type loadbalance generic first-match POL_B
class L7_CLASS_B
serverfarm TEST
policy-map multi-match POL_SLB_IF
class CLASS_A
loadbalance vip inservice
loadbalance policy POL_A
class CLASS_B
loadbalance vip inservice
loadbalance policy POL_B
The two context do not interact.
Traffic flow is as follow:
<<<< >>>> Terminated connection
1.2.3.4 (Context IN)
<<<< >>>>
Transparent Proxy A
<<<< >>>>
Internet (Context OUT)
Internet (Context OUT)
<<<< >>>>
Transparent Proxy A
<<<< >>>>
1.2.3.4 (Context IN)
5.6.7.8 (Context IN)
<<<< >>>>
Transparent Proxy B
<<<< >>>>
Internet (Context OUT)
Internet (Context IN)
<<<< >>>>
Transparent Proxy B
<<<< >>>>
5.6.7.8 (Context OUT)
The way to and back has to be the same but this is not
the problem cause it already work.
This should be realized in just 2 Contexts right know i have
to use 4.
The Problem occured in the Context IN:
policy-map multi-match POL_SLB_IF
class CLASS_A
loadbalance vip inservice
loadbalance policy POL_A
class CLASS_B
loadbalance vip inservice
loadbalance policy POL_B
Here only the CLASS_B is taking the traffic, traffic to CLASS_A do not make
an connection entry but on the sniff you can see incomming/outgoing packets.
Only the last entry is getting all the traffic.
This is something i could not understand if only the first statent is getting all
the Traffic OK but why the last one ?
If you put in C only C is working.
Alteon Konfig is very easy:
Proxy A:
IN Side:
/c/slb/filt 321
name "A"
ena
action redir
sip 1.2.3.4
smask 255.255.255.0
proto tcp
dport http
group 240 //Serverfarm A
vlan 363
/c/slb/filt 321/adv
thash sip //source ip hash
Out Side:
/c/slb/filt 1321
name "A"
ena
action redir
dip 1.2.3.4
dmask 255.255.255.0
proto tcp
sport http
group 240 //Serverfarm A
vlan 362
/c/slb/filt 1321/adv
thash dip //destination ip hash
-----------------------------------------------
Proxy B:
IN side
/c/slb/filt 421
name "A"
ena
action redir
sip 5.6.7.8
smask 255.255.255.0
proto tcp
dport http
group 241 //Serverfarm B
vlan 363
/c/slb/filt 421/adv
thash sip //source ip hash
Out Side:
/c/slb/filt 1421
name "A"
ena
action redir
dip 5.6.7.8
dmask 255.255.255.0
proto tcp
sport http
group 241 //Serverfarm B
vlan 362
/c/slb/filt 1421/adv
thash dip //destination ip hash
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide