Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

vip not responding on a specific port

Configured a vip to LB between 2 servers ,and also specified to balance urls ,and it is absolutely working on port 11090 ,and this all http traffic

http://10.12.12.34:11090    ( this vip is working)

serverfarm host vip-1
  probe PROBE_TCP_11090
  rserver s0adcmmapps1
    inservice
  rserver s0adcmmapps2
    inservice

sticky ip-netmask 255.255.255.255 address source vip-1_STICKY
  timeout 30
  replicate sticky
  serverfarm vip-1


class-map match-all vip-1_CLASS
  2 match virtual-address 10.12.12.34 tcp any

class-map type http loadbalance match-any vip_CLASSURL
  2 match http url /jmx-console/*
  3 match http url /web-console/*
  4 match http url /mediamanager/*
  5 match http url /teams/*
  6 match http url /teamswebservices/*
  7 match http url /artesia-ws/*
  8 match http url /artesia/*
  9 match http url /brs/*
  10 match http url /content/*
  11 match http url /OTMedia/*
  12 match http url .*
  13 match http url /mediamanager
  14 match http url /teams


policy-map type loadbalance first-match vip-1_POLICY
  class vip_CLASSURL
    sticky-serverfarm vip-1_STICKY

policy-map multimatch POLICY
class vip-1_CLASS
    loadbalance vip inservice
    loadbalance policy vip-1_POLICY
    loadbalance vip icmp-reply active
    nat dynamic 2 vlan 2
    appl-parameter http advanced-options CASE_PARAM

interface vlan 2

  ip address 10.12.13.217 255.255.252.0

  peer ip address 10.12.13.216 255.255.252.0

  mtu 1500

  no normalization

  no icmp-guard

  access-group input ALL

  nat-pool 2 10.12.12.34 10.12.12.34 netmask 255.255.255.255 pat

  service-policy input remote_mgmt_allow_policy

  service-policy input POLICY

  no shutdown

The same servers ,but this need work on port 11443 and its all https traffic,this past is not working

serverfarm host vip-https,
  probe PROBE_TCP_11443
  rserver s0adcmmapps1
   inservice
  rserver s0adcmmapps2
    inservice

sticky ip-netmask 255.255.255.255 address source vip-https_STICKY
  timeout 30
  replicate sticky
  serverfarm vip-https 
class-map match-all vip-https_CLASS
  2 match virtual-address 10.12.12.34 tcp eq 11443


policy-map type loadbalance first-match vip-https_POLICY
  class class-default
sticky-serverfarm vip-https_STICKY

policy-map multimatch POLICY 
    class vip-https_CLASS
    loadbalance vip inservice
    loadbalance policy vip-https_POLICY
    loadbalance vip icmp-reply active
    nat dynamic 2 vlan 2


interface vlan 2
  ip address 10.12.13.217 255.255.252.0
  peer ip address 10.12.13.216 255.255.252.0
  mtu 1500
  no normalization
  no icmp-guard
  access-group input ALL
  nat-pool 2 10.12.12.34 10.12.12.34 netmask 255.255.255.255 pat
  service-policy input remote_mgmt_allow_policy
  service-policy input POLICY
  no shutdown

Thi is not working as application team is trying to access https://10.12.12.34:11443  ,this not working

when they bypass the vip and access the servers directly https://10.12.12.160:11443 its working fine.Please advise on this

1 REPLY
Bronze

vip not responding on a specific port

Hi,

you can start with checking the status of serverfarm "vip-https" and also check the position of class map "vip-https_CLASS" in polic map "POLICY". Ideally it should be before the  class map "vip_1-CLASS" as the later one is hitting port any, and earlier one is designated for TCP port 11443. So if position of class map matching VIP any is above the "VIP 11443", you will never get HIT on this VIP.

hope you got my point...

286
Views
0
Helpful
1
Replies
CreatePlease to create content