Solved: Re: ACE 4710 - Access through Https Web App is very slow

leonardo.bittioli · ‎06-23-2010

Hello,

We have a farm with 3 servers configured in ace , when the user tries to access the https application via browser is too slow,
when the user is connected directly to the server has no problem. below is the configuration.

serverfarm host portaltest-farm
predictor leastconns slowstart 2
probe PING
rserver portal-sjkag01
    inservice
rserver portal-sjkag02
    inservice
rserver portal-sjkag03
    inservice

sticky http-content EMB-portaltest
timeout 60
serverfarm portaltest-farm

class-map match-all portaltest
2 match virtual-address 10.11.12.218 any

policy-map type loadbalance http first-match portaltest
class class-default
sticky-serverfarm EMB-portaltest

class portaltest
    loadbalance vip inservice
    loadbalance policy portaltest
    loadbalance vip icmp-reply active
    nat dynamic 3 vlan 1107

I made some testes today and another doubt came out about the MTU,the ACE hasn´t been accepting ping higher than 1470 bytes.

I appreciate any help, thanks!
Leonardo Bittioli

UHansen1976 · ‎06-24-2010

Hi Leonardo,

You could try and configure a connection parameter map to allow mss-exceeds.

parameter-map type connection parmmap-name

exceed-mss allow

... and the add to your multimatch policy/class

class portaltest
    loadbalance vip inservice
    loadbalance policy portaltest
    loadbalance vip icmp-reply active
    nat dynamic 3 vlan 1107

connection advanced-options parmmap-name

hth

/Ulrich

View solution in original post

UHansen1976 · ‎07-06-2010

Hi Leonardo

Well, at this point I'd recommend that you run a trace. In my experience, this gives you by far the best insight into the traffic flow and the best prerequisite for solving the problem. I believe you can run a trace on the ACE itself (this is an option on the servicemodule, not sure about the appliance), but I've never used this myself.

hth

/Ulrich

View solution in original post

UHansen1976 · ‎06-24-2010

Hi Leonardo,

You could try and configure a connection parameter map to allow mss-exceeds.

parameter-map type connection parmmap-name

exceed-mss allow

... and the add to your multimatch policy/class

class portaltest
    loadbalance vip inservice
    loadbalance policy portaltest
    loadbalance vip icmp-reply active
    nat dynamic 3 vlan 1107

connection advanced-options parmmap-name

hth

/Ulrich

leonardo.bittioli · ‎07-06-2010

Hi UHansen,

Thanks for your suggestion!

After the parameter map was applied to the portaltest class the access to the farm was better, but this procedures didn’t solve the problem completely.

have any additional configuration?

Can i enable logging in the ace to monitor traffic?

Thanks.

Leonardo Bittioli

UHansen1976 · ‎07-06-2010

Hi Leonardo

Well, at this point I'd recommend that you run a trace. In my experience, this gives you by far the best insight into the traffic flow and the best prerequisite for solving the problem. I believe you can run a trace on the ACE itself (this is an option on the servicemodule, not sure about the appliance), but I've never used this myself.

hth

/Ulrich

leonardo.bittioli · ‎07-08-2010

Hi UHansen,

I changed the sticky configuration to:

sticky ip-netmask 255.255.255.255 address source EMB-portaltest

timeout 30

serverfarm portaltest-farm

Now with the mss parameters and ip source sticky config ....access is fast.

Thank you for your help!

Leonardo Bittioli