Hi Cesar Roque

thanks for your reply.

LDAP CLient 1 ---> Loadbalancer VIP (389) ----> LDAP Proxy (3389)

LDAP Client 2 ---> Loadbalancer VIP(636) ----> LDAP Proxy (6639)

If I understand you correctly, th config should look like this?

class-map match-all LDAP

  2 match virtual-address 10.70.136.161 tcp eq 389

class-map match-all LDAPS

  2 match virtual-address 10.70.136.161 tcp eq 636

policy-map multi-match LDAP-Service

  description traffic LDAP VIP

  class LDAP

    loadbalance vip inservice

    loadbalance policy LDAP

    loadbalance vip icmp-reply

    loadbalance vip advertise

  class LDAPS

    loadbalance vip inservice

    loadbalance policy LDAPS

    loadbalance vip icmp-reply

    loadbalance vip advertise

rserver host LDAPPROXYBAM#1

  ip address 192.168.2.129

  inservice

rserver host LDAPPROXYBAM#2

  ip address 192.168.2.130

  inservice

rserver host LDAPPROXYFFM#1

  ip address 192.170.2.193

  inservice

rserver host LDAPPROXYFFM#2

  ip address 192.170.2.194

  inservice

serverfarm host LDAPPROXY

  probe LDAP-3389

  rserver LDAPPROXYBAM#1 3389

    inservice

  rserver LDAPPROXYBAM#2 3389

    inservice

  rserver LDAPPROXYFFM#1 3389

    inservice

  rserver LDAPPROXYFFM#2 3389

    inservice

serverfarm host LDAPPROXYS

  probe LDAPS-6636

  rserver LDAPPROXYBAM#1 6636

    inservice

  rserver LDAPPROXYBAM#2 6636

    inservice

  rserver LDAPPROXYFFM#1 6636

    inservice

  rserver LDAPPROXYFFM#2 6636

    inservice

policy-map type loadbalance first-match LDAP

  class class-default

    serverfarm LDAPPROXY

policy-map type loadbalance first-match LDAPS

  class class-default

    serverfarm LDAPPROXYS

But now I think the load is not distributed correctly any longer.

Example:

Not correct

LDAP Client 1 ---> Loadbalancer VIP (389) ----> LDAP Proxy 1 (3389)

LDAP Client 2 ---> Loadbalancer VIP(389) ----> LDAP Proxy2  (3389)

LDAP Client 3 ---> Loadbalancer VIP (636) ----> LDAP Proxy1 (6636)

LDAP Client 4---> Loadbalancer VIP(636) ----> LDAP Proxy2 (6639)

Correct

LDAP Client 1 ---> Loadbalancer VIP (389) ----> LDAP Proxy 1 (3389)

LDAP Client 2 ---> Loadbalancer VIP(389) ----> LDAP Proxy2  (3389)

LDAP Client 3 ---> Loadbalancer VIP (636) ----> LDAP Proxy3 (6636)

LDAP Client 4---> Loadbalancer VIP(636) ----> LDAP Proxy4 (6639)

My thoughts are so right? How can i solve this?

Hi Sebastian

Please clear the serverfarm counters and then gather a couple of outputs of show serverfarm {name} detail while you send traffic to the VIPs.

---------------------
Cesar R
ANS Team