Slow connection in one server if accessing through Cisco ACE

earnsdale · ‎05-10-2012

Hi,

Good day, Can someone help me on my problem? I have 3 servers, server1, server2 and server3. When one pc accessing the server 3 application via Cisco ACE, it experienced a slow connection but when direct access without Cisco Ace, it's fast. The connection of this PC through cisco ace and direct access have no issue.

What need to do in my configuration? Below is my configuration

logging enable

logging timestamp

logging trap 7

logging buffered 7

logging monitor 7

logging host 167.81.126.5 udp/514

logging host 137.55.152.147 udp/514

resource-class SG_01

limit-resource all minimum 0.00 maximum unlimited

limit-resource sticky minimum 10.00 maximum equal-to-min

boot system image:c4710ace-mz.A3_2_0.bin

login timeout 30

peer hostname singapore-ace2

hostname singapore-ace1

interface gigabitEthernet 1/1

channel-group 14

no shutdown

interface gigabitEthernet 1/2

channel-group 14

no shutdown

interface gigabitEthernet 1/3

channel-group 14

no shutdown

interface gigabitEthernet 1/4

channel-group 14

no shutdown

interface port-channel 14

description ISOLAN-ACE-TRUNK

ft-port vlan 99

switchport trunk native vlan 1

switchport trunk allowed vlan 12,14,112

no shutdown

clock timezone SGT 8 0

ntp server 137.55.152.1

context Admin

member SG_01

access-list ALL line 8 extended permit ip any any

access-list ALL line 9 extended permit icmp any any

ip domain-name ysn.psg.philips.com

probe http singapore_01

description This probe used to monitor application url-app-script

interval 5

passdetect interval 5

request method get url /insiteserverstatus/insiteserverstatus.aspx

expect status 200 200

open 1

probe http singapore_02

description This probe used to monitor IIS-login-page

interval 5

passdetect interval 5

request method get url /InSiteLumiledsApplication/

expect status 200 200

open 1

probe icmp uplink

description This probe used in conjunction with ft track host

interval 2

faildetect 2

passdetect interval 3

parameter-map type connection PARAM_L4STICKY-IP

exceed-mss allow

rserver host sggysnysn1ms013

ip address 137.55.152.135

inservice

rserver host sggysnysn1ms014

ip address 137.55.152.136

inservice

rserver host sggysnysn1ms018

ip address 137.55.152.145

inservice

serverfarm host PLI9058

probe singapore_01

probe singapore_02

rserver sggysnysn1ms013

inservice

rserver sggysnysn1ms014

inservice

rserver sggysnysn1ms018

inservice

sticky ip-netmask 255.255.255.255 address both SG_GROUP_01

timeout 720

replicate sticky

serverfarm PLI9058

class-map type management match-any HTTPS-ALLOW_CLASS

class-map match-all L4STICKY-IP_141:ANY_CLASS

2 match virtual-address 137.55.152.141 any

class-map type http loadbalance match-any NO_MS018

50 match source-address 137.55.155.31 255.255.254.0

class-map type management match-any SSH-ALLOW_CLASS

2 match protocol ssh source-address 167.81.124.0 255.255.255.192

3 match protocol ssh source-address 167.81.126.0 255.255.255.192

class-map type management match-any remote_access

2 match protocol xml-https any

3 match protocol icmp any

5 match protocol ssh any

6 match protocol http any

7 match protocol https any

8 match protocol snmp any

policy-map type management first-match remote_mgmt_allow_policy

class remote_access

permit

policy-map type loadbalance first-match L7PLBSF_STICKY-NETMASK_POLICY

class class-default

sticky-serverfarm SG_GROUP_01

insert-http X-Forwarded-For header-value "%is"

policy-map multi-match PLI9058-VIPs_POLICY

class L4STICKY-IP_141:ANY_CLASS

loadbalance vip inservice

loadbalance policy L7PLBSF_STICKY-NETMASK_POLICY

loadbalance vip icmp-reply

connection advanced-options PARAM_L4STICKY-IP

interface vlan 12

description Client-side vlan

bridge-group 1

no normalization

mac-sticky enable

access-group input ALL

access-group output ALL

service-policy input PLI9058-VIPs_POLICY

no shutdown

interface vlan 14

ip address 137.55.152.236 255.255.255.248

peer ip address 137.55.152.237 255.255.255.248

service-policy input remote_mgmt_allow_policy

no shutdown

interface vlan 112

description Server-side vlan

bridge-group 1

no normalization

access-group input ALL

access-group output ALL

nat-pool 1 137.55.152.141 137.55.152.141 netmask 255.255.255.192 pat

no shutdown

interface bvi 1

ip address 137.55.152.189 255.255.255.192

alias 137.55.152.188 255.255.255.192

peer ip address 137.55.152.190 255.255.255.192

description Bridge-Group 1 Virtual Interface

no shutdown

ft interface vlan 99

ip address 192.168.1.1 255.255.255.252

peer ip address 192.168.1.2 255.255.255.252

no shutdown

ft peer 1

heartbeat interval 100

heartbeat count 10

ft-interface vlan 99

ft group 1

peer 1

priority 150

peer priority 50

associate-context Admin

inservice

ft track host test1

track-host 137.55.152.234

peer track-host 137.55.152.235

peer probe uplink priority 50

probe uplink priority 50

ip route 0.0.0.0 0.0.0.0 137.55.152.233

Daniel Arrondo Ostiz · ‎05-11-2012

Hi Earsdale,

All the three servers are using the same configuration, so, I'm afraid it's not possible to give you a simple answer. You will need more troubleshooting.

I would recommend you to start by checking the differences between the servers because one of those differences is certainly causing the failure.

Also, it would be helpful to get traffic captures on the TenGig interface of the ACE to compare the behavior of the connection when going to the different servers, as well as the differences when being load-balanced vs accessing the server directly.

If you need help with this troubleshooting, you can always open a TAC service request

Regards

Daniel

earnsdale · ‎05-12-2012

Hi Daniel,

First of all thanks for your reply. I will try to differentiate the 3 servers. Maybe, somehow, it is related to IIS configuration. Not sure on this. And also, i will take your recommendation to capture the packets and compare the behavior of each server. I'll get back to you if I found something

Regards,

Dale