A end user opens a webpage to an internal web portal here. Then they click on a portion of the webpage that takes them to a timecard application
(content L3_Rule5 in the content switch). And here is where the problem begins, you can have three people properly bring up the webpage without a problem but users number four and five will receive a "page cannot be displayed error", and then next thing you know no one can access the webpage. When this happens I request the IP address of the user having the problem, execute the command sh sticky-table l3-sticky ipaddress 126.96.36.199 255.255.255.255 for example and then execute sh service | grep 10 to find out what service/server the user is being direct to, and the problem is usually with one server. I have checked the Content Switch and it's not being overloaded memory wise and the 'loads' on the services are low also and I confirmed all service are "alive". What happens then is we either reload the server or the CSS (usually the server) and then the problem is fixed for the time being and then it creeps up back again within a week give or take a few days. Below is a copy of the config of the device, any advice, ideas, or info would be appreciated.
It would seem that the config on the CSS is a bit confusing. It's confusing because some of the services that are in the content rule are using uri keepalives, icmp and even scripted keepalives. Now, even with that type of configuration, things should work fine from the CSS perspective. I want to also mention that some of the services have a "port" command configured. This is not a keepalive but actually a command to tell the CSS to PORT NAT. So if the client comes in on port 80 and happens to go to 69.149_HTTP via the content rule, the CSS will port nat the port 80 packet to port 8390.
Can you take a closer look at this ? Maybe simplifying config config especially the services may help issolate the issue ?
Topology & Design:
Two ACI fabrics
Stretching VLANs using OTV
Both fabrics are advertising BD subnets into same routing domain
Some BDs(or say VLANs) are stretched, but some are not.
Endpoints can move betwee...
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
Topology &Design:Traffic flow within same fabric:Endpoint moves to Fabric-2Bounce Entry Times OutTraffic Black-holedSummarySolutionAppendix:
In the Previous articles of ACI Automation, we are using Postman/Newman a...