Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACE - VIP ping issue

Hello,

for some reason I cannot ping the VIP I configured on one ACE context.

Here is a sample of the config:

class-map match-any L4_kitrik

2 match virtual-address 10.0.0.1 any

class-map type http loadbalance match-any L7_kitrik_URL

2 match http url .*

class-map type management match-any REMOTE_ACCESS

2 match protocol ssh any

3 match protocol icmp any

policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY

class REMOTE_ACCESS

permit

policy-map type loadbalance first-match L7_kitrik_LBPolicy

class L7_kitrik_URL

policy-map multi-match L4_kitrik_LBPolicy

class L4_kitrik

loadbalance vip inservice

loadbalance policy L7_kitrik_LBPolicy

loadbalance vip icmp-reply active

loadbalance vip advertise active

interface vlan 100

ip address 10.0.0.1 255.255.255.0

no normalization

no icmp-guard

access-group input ALL

access-group output ALL

service-policy input REMOTE_MGMT_ALLOW_POLICY

service-policy input L4_kitrik_LBPolicy

no shutdown

I am coming from VLAN 100.

I can ping 10.0.0.1 from different devices but not 172.16.255.1. I know connectivity is ok since I am able to telnet 172.16.255.1 into port 80... ping still does not work.

Any idea?

Regards.

4 REPLIES
Cisco Employee

Re: ACE - VIP ping issue

change your class-map into :

class-map match-any L4_kitrik

2 match virtual-address 10.0.0.1 tcp any

or

class-map match-any L4_kitrik

2 match virtual-address 10.0.0.1 tcp eq 80

Right now I believe your icmp traffic is interpreted as http due to your policy and therefore it fails.

Gilles.

New Member

Re: ACE - VIP ping issue

Hello,

I just tried it but no luck.

I check this configuration against some other contexts configured for http loadbalancing and the other configurations were just the same.

I need to check the servers now to see wether they reply icmp packets or not.

Cisco Employee

Re: ACE - VIP ping issue

if you have the class-map I configured, the icmp traffic will not be forwarded to the servers.

The ace module will respond.

Share your complete config if you want me to have a look.

Also check if the ping gets to the ace module with a sniffer trace in front of the module.

You can 'monitor' the tengig interface of the module to capture a trace.

you can send me the config to gdufour@cisco.com if you want to keep it private.

Gilles.

New Member

Re: ACE - VIP ping issue

ICMP replies comes from the servers configured for the vip address. Check the icmp connection status to the servers and if probes configured, check them too..

750
Views
0
Helpful
4
Replies