policy-map type loadbalance first-match SLB_CITRIX
policy-map multi-match VIP
loadbalance vip inservice
loadbalance policy SLB_CITRIX
loadbalance vip icmp-reply active primary-inservice
If i try to establish a telnet session(telnet 10.96.202.10 80) i see the SYN packet passing through the ACE and going to the real server, but, the server do not response the SYN packet.
I done a capture in the server using wireshark and could see that the IP address of the destination is the VIP and not the rserver ip address , this is a problem? Why can not I have the SYN + ACK from the server?
Why have you created a BVI? All you want is that NAT should not happen so you can simply not apply any NAT statement in the policy multi-match.
The configuration looks fine, just ensure that you have loopback interface configured on server with the VIP address of the ACE on which the client sends the traffic. Plus when you configure ASN, the destination IP of the packet forwarded by ACE will not translate to rserver ip address and that is perfectly fine.
Since server has to reply directly and client sent SYN to the VIP, it is very important that packet that is sent by the server has source IP address as VIP otherwise connection will fail.
BVI interface was already created before this inplementation, i only created interface vlan 82 for add a VIP address in a different subnet, i took the configuration.
The server receive the connection(SYN) with correct ip address from client(10.93.7.25) but, the destination ip adress is 10.96.202.10(VIP Address) and not rserver ip adress, server do not response the packet, to the client, and i see a timeout in the client browser, i do not see SYN ACK.
I am not sure why server is not using loopback address while replying to the SYN. There must be some setting on server which tells it to you use loopback address while replying to the SYN. Also, ACE will foward the traffic to Rserver without changing destination IP. Destination IP would still be ACE VIP since only Layer 2 forwarding happens in case of ASN and since destination IP never changes, server should reply using loop back interface IP which is VIP of ACE.
Which server are you using ? Let me google on this a bit and if i find something i will let you know.
Topology & Design:
Two ACI fabrics
Stretching VLANs using OTV
Both fabrics are advertising BD subnets into same routing domain
Some BDs(or say VLANs) are stretched, but some are not.
Endpoints can move betwee...
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
Topology &Design:Traffic flow within same fabric:Endpoint moves to Fabric-2Bounce Entry Times OutTraffic Black-holedSummarySolutionAppendix:
In the Previous articles of ACI Automation, we are using Postman/Newman a...