i've got a pretty strange problem with load balancing with some l4payload criteria. i'll show you configuration (DNS stuff):
class-map type generic match-any dns_regex
5 match layer4-payload offset 20 regex ".*corp100.100.*"
class-map type generic match-any dns_regex2
5 match layer4-payload offset 20 regex ".*corp099.100.*"
class-map match-all DNS_VIP
5 match virtual-address 192.168.1.100 udp eq domain
parameter-map type dns DAS_TEST
timeout query 2
policy-map type loadbalance generic first-match dns_regex
loadbalance vip inservice
loadbalance policy dns_regex
loadbalance vip icmp-reply active
appl-parameter dns advanced-options DAS_TEST
inspect dns maximum-length 2048
quite easy...configuration, quite hard behaviour .
if i do first query with stuff like corp099.100 all works and i can see some hit on service policy. Strange thing is that if i do query with corp100.100 i cannot see any new hit on other server farm, most strange is that if i do a query for corp091.100 all works (is not allowed from class-map)....so if i perform a clear conn all and i try again to query to corp091.100 does'n't work. Odd again, if i do another query to allowed regex expression like corp100.100 all works (of course) and if i try again to unallowed query i can perform it. So if a conn is open other connection use same socket or it seems so...
if i put fast-age class-map works properly, but if a generate lots of query (dnsperf) almost all queries fail....without fast-age class-maps don't work properly but if i generate lots of queries i can see all response.
From the udp-fast-age Guide: "By default, the ACE could load balance UDP packets using the same tuple to the same real server on an existing connection. " My effort to interpret it: in other sections, 'tuple' contains (dst VIP, dst port, protocol). A connection contains also the client src IP. Requests from another client might be directed to another farm (provided you don't use the same farm in both classes). Have you tested it from another client IP too? It may well be a documented feature.
Introduction This article will help you understand the steps on how to
download the UCS licenses from the Cisco Systems website and then
installing it on the UCS. The redacted (blue lines) just covers up
certain numbers for privacy please do not take them...
Introduction This article will help you understand and educate the
customer on how to clear their "expired licenses"
(license-graceperiod-expired) from their UCS-M. If a customer just
purchased a license and needs a step by step guide on how to download
==================== VIC FNIC driver does not support Virtual Volumes (
second level LUN ID ) An enhancement request has been created to track
this feature - CSCux64473 UPDATE - 12-14-2016 We made some traction on
the enhancement request - The Fix is in t...