cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1548
Views
0
Helpful
8
Replies

VIP is not responding When pinging from ace

usman ali dar
Level 1
Level 1

hey i have a very strange type of error. everything was working fine untill it just stopped. i have two vips both were mounted and working fine and then one of the vip just stopped working you can ping and get reply from my pc but not from ace. they are connected directly with nexus 5k and was working fine. now you can have reply from for other vips and servers and all other thing but not that single vip. when you ping it on nexus you get DUP; Packets which is not understood by me there is all commands like no ip redirects are been given but i dont know wats rong.

can some1 have any idea and help ?

8 Replies 8

Kanwaljeet Singh
Cisco Employee
Cisco Employee

Hi Usman,

Can you try to take vip out of service and put inservice again? Do you see arp entry for VIP in switch?

Please provide "show service-policy detail/summary" output. Not able to ping VIP from ACE itself seems to be normal. Are you able to ping other VIP's from ACE itself?

Regards,

Kanwal

Hey,

thank you very much for your response, well i from ace its normal i can ping all the servers and other things from ace they are hot standby, from my pc i can ping to both of the vips easly but when i send the request one of the vip is somehow dont responsed to the requests.

both of them are directly connected to nexus 55xx and they were fine untill last week somthing just broked and now i am in trouble.

i ll get the output and will past it here for your review, yes there is an entry of an arp in nexus i varified it..

regards

Hi,

So you can ping VIP's but one of them is not responding to requests which i assume is http request. Is that right?

Please do mention VIP IP's and send configuration as well.

Regards,
Kanwal

Sent from Cisco Technical Support iPhone App

The user requests fall on ssl termination on https ace and the real servers are on simple http traffic. its inside ip cant be accessed by out side not in production.

Hi,

Can you take capture on ace or at least client to see what is going on?

Can you also please send me the configuration as well to look at as well as below outputs

Show serverfarm < name> detail
Show service-policy summary/detail

Regards,
Kanwal


Sent from Cisco Technical Support iPhone App

Hey,

the ace take requests on https 443 and on backend it is working on 8888 and 7778. the ace was working fine the day before i lauch this help support. i did not change anything on ace when it was working and the next mornning its just stopped.

ace 1 is connected to nexus 1 and ace 2 is connected to nexus 2 and they both connected to core of the network, one more thing when i tried to ping the vips on nexus i got dup packets i checked the no ip redirects and peer gateway commonds are there but still get those dup packets for vips.

Hi Usman,

Not sure about DUP packets that you see on nexus but from ACE's perspective we need to see what is wrong and for that i would need to look at your configuration and other outputs. Do you see that your client's request is reaching the ACE VIP ? You can check using "show conn address " and see if you see a corresponding backend connection or not. Do you see any handshake failures or any other counters increasing under "show stats crypto server" command? We need to have more information for us to look at to tell you what is going on at least from ACE's viewpoint.

Regards,

Kanwal

hey,

ssl is fine i have looked at it all the handshakes are properly workedout no issues, regarding the conn i can see udp traffic coming in and out on the VIP address with 24 bit netmask, all the serverfarms and servers are kewl

regards

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: