Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

CSM load balance traffic originated from same source

Hello,

I have a question on how to setup load balancing on my CSMs located in my Data Center Distribution Layer, which consists of 6509s running Hybrid with CSMs running 4.2(5).

I need to load balance an application that is always sourced from (2) Citrix servers. So all client requests originate from 1 of these servers. Does anyone know how to load balance traffic to a couple of reals but is sourced from the same server? Also the sessions must be sticky.

I know I can setup (2) policies on the vIP with each policy tied to an access-list permitting traffic from (1) of the Citrix servers only to goto one serverfarm with (1) real (app server-1). And another policy permitting traffic from the 2nd Citrix server to goto a 2nd serverfarm with a 2nd real (app server-2). My concern is what happens if either app server goes down. I end up black-holing traffic from that Citrix server.

Is there another way to do this? Or possibly a better way??

Load balance all traffic originating from (2) Citrix servers to (2) App Reals and be sticky.

Thanks in advance for your help,

Tony

5 REPLIES

Re: CSM load balance traffic originated from same source

I think you have not configured keepalives.

Keepalives are the methods used for checking the servers health before considered thenm eligile for load balancing.

Without keepalives CSM will not come to know if the servers whom to load balance are answering or not.

On CSM keepalives are called probes

Here is sample configuration:

probe FTP ftp

interval 5

failed 10

port 21

probe HTTPS tcp

interval 5

failed 5

port 443

probe DNS-UDP udp

interval 5

failed 10

port 53

probe SSH tcp

interval 5

failed 10

port 22

serverfarm A

real 192.168.1.100 23004

health probe FTP

no inservice

real 192.168.1.101 23004

health probe HTTPS

no inservice

real 192.168.1.102 10004

health probe DNS_UDP

inservice

real 192.168.1.103 10004

health probe SSh

inservice

Hope it will work for you. Plz inform if it works or not.

Kind regards.

Sachn Garg

Community Member

Re: CSM load balance traffic originated from same source

Sachn,

Thank you for your response.

Sorry, I neglected to show or say that I am using probes. Probes are setup for TCP 81.

So my corrected question is what happens when the reals are in a probe failed state and are down? Will the policies under the vserver still attempt to forward traffic? Or will they stop and allow all traffic to the default serverfarm??

Here's my config:

access-list 10 permit 10.10.10.50

access-list 10 remark Citrix-Server1

access-list 20 permit 10.10.10.60

access-list 20 remark Citrix-Server2

vserver VIP-V

virtual 10.10.10.1 tcp 0

serverfarm SF3

persistent rebalance

replicate csrp sticky

replicate csrp connection

slb-policy BOUNCE-1

slb-policy BOUNCE-2

inservice

serverfarm SF1

nat server

no nat client

predictor leastconns

real SERVER-1

inservice

health retries 45 failed 300

probe TCP-81

serverfarm SF2

nat server

no nat client

predictor leastconns

real SERVER-2

inservice

health retries 45 failed 300

probe TCP-81

serverfarm SF3

nat server

no nat client

predictor leastconns

real SERVER-1

inservice

real SERVER-2

inservice

health retries 45 failed 300

probe TCP-81

real SERVER-1

address 10.10.10.10

inservice

real SERVER-2

address 10.10.10.20

inservice

Probe TCP-81

interval 10

retries 2

failed 120

port 81

sticky 1 netmask 255.255.255.255 address both timeout 20

sticky 2 netmask 255.255.255.255 address both timeout 20

policy BOUNCE-1

client-group 10

sticky-group 1

serverfarm SF1

policy BOUNCE-2

client-group 20

sticky-group 2

serverfarm SF2

What I am trying to do by having (3) serverfarms which consist of only a total of (2) servers is to always allow traffic to a server as long as a server is up. If both servers are up, then I want traffic sourced from (1) Citrix-Server to specifically load balance to real-1 and traffic sourced from the other Citrix-Server to the other real-2. All of this needs to be sticky too.

So if (1) real goes probed failed will the policy stop processing and allow traffic to the default serverfarm?

Do you know of another way to load balance from a single source?

Thanks again for your help,

Tony

Re: CSM load balance traffic originated from same source

HI Tony,

As you have not added serverfarm SF1 and SF2 to any VSERVER means these are not in use,

as in the config shown above only serverfarm SF3 is added to the vserver VIP-V so only this one is in use , rest 2 serverfarms config are there but they are not in use my dear.

As per your configuration I tassume your Citrix servers are 10.10.10.50 and 10.10.10.60 , when they try to connect to 10.10.10.1 on port 0 their traffic will reach the VSERVER VIP-V. Then this will go the the serverfarm SF3 in this VSERVER. So it will get two real servrs as destiantion Server-1 10.10.10.10 and Server-2 10.10.10.20 .

For your case you need two Vserver , first vserver VIP for the 1st citrix to 1st real and 2nd vservers VIP for 2nd citrix to 2nd real .

This is not load balancing. This is then only sticky . If I am not wrong.

As in your config send above some serverfarm SF1 and SF2 there is only one rserver means no laod balancing, means if this rserver is down then no traffic will be forwarded .

In some serverfarm i.e SF3 you are having more then 1 rserver. so out of these if any rserver fails or down due to any reason then the CSM will load-balance/forward the traffic to the remaining rserver according to the predictor as in your case it is leastconn so the CSM will always prefer to forward the traffic to that rserver which having least connections at that point of time.

As you are having sticky option also configured so once an entry is made into the sticky table for the client machine to the particular rserver then the next coming connections will also be forwarded to the same rserver insted of using the predictor leastconns.

One thing I would like to bring it into your knowledge that you always have to worry about destinations, as destinations are load balanced as rserver not the source machines. For source machine if you want your traffic to be forwarded to a particular rserver then sticky option is used for that thing.

Kind Regards,

Plz revert with your inputs on this.

Sachin Garg

Re: CSM load balance traffic originated from same source

Kindly find some sample configuration example below:

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00801a649f.shtml

and

Cisco Content Switching Module

http://www.cisco.com/en/US/products/hw/modules/ps2706/prod_configuration_examples_list.html

Hope these will be good for your understanding.

If Possible Plz rate.

Kind Regards,

Sachin Garg

Community Member

Re: CSM load balance traffic originated from same source

Sachin,

Thank you for taking the time to look at my request.

PLease refrain from calling me your dear. It is not appropriate.

SF1 and SF2 are very much part of this VIP through the policies (bounce1 and Bounce2) applied to the VIP.

Citrix servers are on same subnet as the load balanced reals indicates that this environment is configured to operate in bridged mode. The info you provided is for routed mode.

The VIP is at IP address 10.10.10.1 TCP 0, port 0 means that the VIP will accept connections on all TCP ports.

My load balance configuration works quite well. I just wasn't sure how to prevent the black-holing of traffic from the applied policies. The policies have only a single real tied to them, should the real go probe-failed, traffic will drop. I now know to add a backup serverfarm to each policy (advice from Giles on another thread) to fix this. Everything is working and designed properly.

If you want me to rate this your post, then I will however; I must be honest in doing so.

Again thank you for your time.

Tony

333
Views
1
Helpful
5
Replies
CreatePlease to create content