cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1084
Views
9
Helpful
13
Replies

How the ACE handles rserver failures

cstockwe
Level 1
Level 1

Hello

I've got a question re: the ACE module.

Lets say I have 2 web rservers and I have a probe interval for checking them from the ACE of 10 seconds.

Lets say a probe just passed and it is 10 seconds before the next one. The ACE will think the rserver is ok. Then say the rserver httpd service is stopped at 3 seconds after the last successful probe, therefore leaving 7 seconds before the ACE is going to send another probe. The ACE will think it is still 'up' before the next probe is sent.

Given the above, what happens to a) existing connections to the newly failed rserver and b) new connections if the failure occurs between probes?

How does the ACE handle this situation?

Are there any differences between how the ACE handles this between A1 and A2 versions of software?

Thanks

Cameron

1 Accepted Solution

Accepted Solutions

Gilles Dufour
Cisco Employee
Cisco Employee

Existing connections will be unaffected by what happens to a rserver by default.

You can configure a 'failaction' under the serverfarm to force a disconnect or a reassign.

New connections will still be forwarded to a server that has not yet been detected as down.

Ace will just send the SYN.

Your client will retransmit and ACE will again forward the SYN.

This will go on until the client gives up or the server is detected as dead and the connection will then by forwarded to a different rserver.

Gilles.

View solution in original post

13 Replies 13

Gilles Dufour
Cisco Employee
Cisco Employee

Existing connections will be unaffected by what happens to a rserver by default.

You can configure a 'failaction' under the serverfarm to force a disconnect or a reassign.

New connections will still be forwarded to a server that has not yet been detected as down.

Ace will just send the SYN.

Your client will retransmit and ACE will again forward the SYN.

This will go on until the client gives up or the server is detected as dead and the connection will then by forwarded to a different rserver.

Gilles.

Hi there,

For me it doesnt seems to be working as you said...i have configured sticky with ip-netmask of /24 and probe of port 8080 for an online trading server...sticky feature is working fine but the problem is that when i shut one of the servers...probing is showing that one server failed..but the whole connection goes....down....no one after that will be able to connect to any of the servers in that server farm.....

That's a big problem.

What version do you run ?

Can we see the config and a 'show service detail' and a 'show rserver detail' when the server is detected as down.

Gilles.

First of all thank you for your quick reply....i really appreciate it...

show serverfarm detail`

serverfarm : SERVERFARM-1, type: HOST

total rservers : 5

active rservers: 2

description : -

state : ACTIVE

predictor : ROUNDROBIN

failaction : -

back-inservice : 0

partial-threshold : 0

num times failover : 2

num times back inservice : 5

total conn-dropcount : 0

Probe(s) :

INVESTOR_PROBE_1, type = TCP

INVESTOR_PROBE_2, type = TCP

here i have pasted the output as you had asked...i guess the problem is failaction : -

i had one more prob with ssl redirection

here i am attaching the config...

here what we want to acheive is that whenever we typer "investor.nice360.com" it should be redirected to "https://investor.nice360.com", but here i doing the ssl termination on ace...and server listens on the port 8080

can you suggest me what i should do with the config....

i am really confused with url rewrite feature...

if there are some flaws in my config please point out those things so that i can correct that....

Thanks and Best Regards

Joe

URL rewrite only comes into play when REAL Server (Rserver )sends a clear text redirect. Such as 302 for http://investor.nice360.com. If client recieves this 302 it will attempt the next request using HTTP.With Url rewrite feature we configure ACE to change these redirects from Http tp HTTPS.

What you are looking for is a simple redirection of client request from port 80 to port 443. This can be achieved using redirect server farm and redirect rserver.

You will need to create two sets of configs (class-maps, rserver, sfarm,policy map) for port 80 & port 443 traffic. Port 80 policy will simply redirect the port 80 request to port 443.

Following example will give you some idea

rserver redirect HTTP2HTTPS

webhost-redirection https://%h%p 301

inservice

serverfarm redirect HTTP2HTTP-SF

rserver HTTP2HTTPS

inservice

class-map match-all WEB-HTTP

2 match virtual-address 172.25.250.245 tcp eq http

class-map match-all WEB-HTTPS

2 match virtual-address 172.25.250.245 tcp eq 443

policy-map type loadbalance first-match HTTP2HTTPS-POLICY

class class-default

serverfarm HTTP2HTTPS-SF

policy-map type loadbalance first-match L7-POLICY

class class-default

sticky-serverfarm STICKY_IP

policy-map multi-match L4-POLICY

class WEB-HTTP

loadbalance vip inservice

loadbalance policy HTTP2HTTPS-POLICY

loadbalance vip icmp-reply

class WEB-HTTPS

loadbalance vip inservice

loadbalance policy L7-POLICY

loadbalance vip icmp-reply

ssl-proxy server INVESTOR-CLIENT

Syed

Thanks for your great help....it is working great.....i am really greatful for your help...

Thanks & Best Regards

Joe

Hi there,

i had posted a request for http redirection into https,i got the reply for that and it is working fine.....now i am into one more issue....my client bought a certificate for a portal called "www.nice360.com" and this was the link that i redirected to "https://www.nice360.com"....but when some one types just "nice360.com" it should get redirected to "https://www.nice360.com"

i did this by the following configuration...

Hi there,

i had posted a request for http redirection into https,i got the reply for that and it is working fine.....now i am into one more issue....my client bought a certificate for a portal called "www.nice360.com" and this was the link that i redirected to "https://www.nice360.com"....but when some one types just "nice360.com" it should get redirected to "https://www.nice360.com"

i did this by the following configuration...

but after the configuration "www.nice360.com" is being redirected to "www.www.nice360.com"

becuase i have matched the vip which listens on the port 80....please suggest me a solution so that when a user types "nice360.com" it should be redirected to "https://www.nice360.com" and also when a person types "www.nice360.com" it should also be redirected to "https://www.nice360.com"

Thanks & Best Regards

Joe

Simplest (relevant) config to achieve what you are looking for would be

rserver redirect HTTP2HTTPS

webhost-redirection https://www.nice360.com/%p 301

inservice

serverfarm redirect HTTP2HTTPS-SF

failaction reassign

rserver HTTP2HTTPS

inservice

class-map type http loadbalance match-any WEB-HTTP

2 match http header Host header-value "nice360.com"

4 match http header Host header-value "www.nice360.com"

policy-map type loadbalance first-match HTTP2HTTPS-POLICY

class class-default

serverfarm HTTP2HTTPS-SF

policy-map multi-match L4-POLICY

class WEB-HTTP

loadbalance vip inservice

loadbalance policy HTTP2HTTPS-POLICY

loadbalance vip icmp-reply

class WEB-HTTPS

loadbalance vip inservice

loadbalance policy L7-POLICY

loadbalance vip icmp-reply

ssl-proxy server PORTAL

Remember http://www.nice360.com or nice360.com is not url, its Hostname.

Syed Iftekhar Ahmed

Hi there,

Thanks for your reply, the config that you gave me which you can see above contains some issue....you have configured WEB-HTTP class as type http loadbalance.....this type of config i had tried before i posted this problem.....the WEB-HTTP class can be called under a policy-map of type load balance and not anywhere else....anyway i had solve this issue with the following config...

instead of telling

rserver redirect HTTP2HTTPS

webhost-redirection https://www.nice360.com/%p 301

inservice

i gave

rserver redirect HTTP2HTTPS

webhost-redirection https://www.nice360.com/%p 301

inservice

but i matched the vip for my address instead of that class loadbalance.

so what ever that hits on the virtual ip will be redirected to https://www.nice360.com/%p

Thanks,

Joe

I have the following scenario.

In addition to functionality configured on ACE, I would like to have URL forwarding based on Time (I.e. from 7:00 AM to 3:00:00 PM Arabic URL should be primary and from 3:00:01 PM till 6:59:59 English URL to be Primary) to see website.

I believe is should be possible using some other method using ACE .I could see we can configure URL Redirect but could not see any time based configuration or how it is done.

Please do not hesitate if you need any more information. Appreciate an early reply.

Thanks

Joe

There are no time based policies available in ACE.

Syed Iftekhar Ahmed

Thank you.....very much...you have helped me out before also....thank you....syed

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: