Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Trying to load-balance Exchange 2010 with ACE30

Hi.

We have an ACE30 (running A5(1.2)) and a couple of Exchange 2010 CAS.

We have little experience in load-balancing, but we found this guide from Cisco: http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/App_Networking/Exchange_VSphere_UCS_NetApp.html#wp345264

We have also tried to use the template for Exchange 2010 in ANM. The result seems to be the same:

If we go to the URL for OWA, nothing happens. If we go directly to a CAS (by editing the hosts-file on the client), the same URL is working perfectly.

Here's the config of the ACE-context:

access-list all line 10 extended permit ip any any
access-list all line 20 extended permit icmp any any


probe http http-probe
  interval 60
  passdetect count 2
  request method get url /exchweb/bin/auth/owalogon.asp
  expect status 400 404
probe https https-probe
  interval 60
  passdetect count 2
  ssl version all
  request method get url /owa/auth/login.aspx
  expect status 400 404


rserver host CAS1
  ip address 10.10.10.1
  probe http-probe
  probe https-probe
  inservice
rserver host CAS2
  ip address 10.10.10.2
  probe http-probe
  probe https-probe
  inservice
rserver redirect SSLREDIRECT
  webhost-redirection https://www2.test.com/owa 302
  inservice

serverfarm host CAS-FARM
  predictor leastconns
  rserver CAS1
    inservice
  rserver CAS2
    inservice
serverfarm host CAS-FARM-80
  predictor leastconns
  rserver CAS1 80
    inservice
  rserver CAS2 80
    inservice
serverfarm redirect SSLREDIRECT
  rserver SSLREDIRECT
    inservice

sticky ip-netmask 255.255.255.255 address source CAS-IP
  replicate sticky
  serverfarm CAS-FARM
sticky http-cookie Cookie OWA-STICKY
  cookie insert browser-expire
  timeout 60
  replicate sticky
  serverfarm CAS-FARM-80
sticky http-header Authorization CAS-RPC-HTTP
  serverfarm CAS-FARM-80

ssl-proxy service OWA
  key www2.test.com.pfx
  cert www2.test.com.pfx

class-map match-any IMAPI-RPC
  2 match virtual-address 10.1.1.1 any
class-map match-all OWA-OUTLOOKANYWHERE-SSL
  2 match virtual-address 10.1.1.1 tcp eq https
class-map match-all OWAREDIRECT
  2 match virtual-address 10.1.1.1 tcp eq www

policy-map type management first-match mgmt-pm
  class class-default
    permit

policy-map type loadbalance first-match IMAPI-RPC
  class class-default
    sticky-serverfarm CAS-IP
policy-map type loadbalance first-match OWA-OUTLOOKANYWHERE
  match OUTLOOK_ANYWHERE http header User-Agent header-value "MSRPC"
    sticky-serverfarm CAS-RPC-HTTP
  class class-default
    sticky-serverfarm OWA-STICKY
policy-map type loadbalance http first-match SSLREDIRECT
  class class-default
    serverfarm SSLREDIRECT

policy-map multi-match int118
  class OWAREDIRECT
    loadbalance vip inservice
    loadbalance policy SSLREDIRECT
  class OWA-OUTLOOKANYWHERE-SSL
    loadbalance vip inservice
    loadbalance policy OWA-OUTLOOKANYWHERE
    loadbalance vip icmp-reply active
    nat dynamic 1 vlan 118
    ssl-proxy server OWA
  class IMAPI-RPC
    loadbalance vip inservice
    loadbalance policy IMAPI-RPC
    nat dynamic 1 vlan 118

interface vlan 118
  description to server-side vlan
  ip address 172.16.1.2 255.255.255.252

  access-group input all
  nat-pool 1 10.1.1.2 10.1.1.2 netmask 255.255.255.255 pat
  service-policy input int118
  service-policy input mgmt-pm
  no shutdown

ip route 0.0.0.0 0.0.0.0 172.16.1.1


Are there any obvious mistakes in this config?

Everyone's tags (4)
1 REPLY
New Member

Re: Trying to load-balance Exchange 2010 with ACE30

crypto chaingroup www2.test.com
  cert digicert_intermediate

access-list all line 10 extended permit ip any any
access-list all line 20 extended permit icmp any any


probe http http-probe
  interval 10
  faildetect 2
  passdetect interval 10
  passdetect count 2
  request method get url /iisstart.htm
  expect status 200 200


rserver host CAS1
  ip address 10.10.10.1
  probe http-probe
  inservice
rserver host CAS2
  ip address 10.10.10.2
  probe http-probe
  inservice
rserver redirect SSLREDIRECT
  webhost-redirection https://%h%p 301
  inservice

serverfarm host CAS-FARM
  predictor leastconns
  rserver CAS1
    inservice
  rserver CAS2
    inservice
serverfarm host CAS-FARM-80
  predictor leastconns
  rserver CAS1 80
    inservice
  rserver CAS2 80
    inservice
serverfarm redirect SSLREDIRECT
  rserver SSLREDIRECT
    inservice

sticky ip-netmask 255.255.255.255 address source CAS-IP
  replicate sticky
  serverfarm CAS-FARM-80
sticky http-cookie Cookie OWA-STICKY
  cookie insert browser-expire
  timeout 60
  replicate sticky
  serverfarm CAS-FARM-80
sticky http-header Authorization CAS-RPC-HTTP
  serverfarm CAS-FARM-80

ssl-proxy service OWA
  key www2.test.com.pfx
  cert www2.test.com.pfx
  chaingroup www2.test.com

class-map match-any IMAPI-RPC
  2 match virtual-address 10.1.1.1 any
class-map match-all OWA-OUTLOOKANYWHERE-SSL
  2 match virtual-address 10.1.1.1 tcp eq https
class-map match-all OWAREDIRECT
  2 match virtual-address 10.1.1.1 tcp eq www

policy-map type loadbalance first-match IMAPI-RPC
  class class-default
    sticky-serverfarm CAS-IP


policy-map type loadbalance first-match OWA-OUTLOOKANYWHERE
  match OUTLOOK_ANYWHERE http header User-Agent header-value "MSRPC"
    sticky-serverfarm CAS-RPC-HTTP
  class class-default
    sticky-serverfarm OWA-STICKY
policy-map type loadbalance http first-match SSLREDIRECT
  class class-default
    serverfarm SSLREDIRECT

policy-map multi-match int118
  class OWAREDIRECT
    loadbalance vip inservice
    loadbalance policy SSLREDIRECT
  class OWA-OUTLOOKANYWHERE-SSL
    loadbalance vip inservice
    loadbalance policy OWA-OUTLOOKANYWHERE
    nat dynamic 1 vlan 118
    ssl-proxy server OWA
  class IMAPI-RPC
    loadbalance vip inservice
    loadbalance policy IMAPI-RPC
    loadbalance vip icmp-reply active
    nat dynamic 1 vlan 118

interface vlan 118
  description to server-side vlan
  ip address 172.16.1.2 255.255.255.252
  access-group input all
  nat-pool 1 10.1.1.1 10.1.1.1 netmask 255.255.255.255 pat
  service-policy input int118
  no shutdown

ip route 0.0.0.0 0.0.0.0 172.16.1.1

snmp-server community IntiliReaD group Network-Monitor


We finally got it working. Above is the config as it is right now. The main difference is the URL for redirection. With Cisco's example, we got caught in a redirection loop.

2385
Views
0
Helpful
1
Replies