cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
626
Views
0
Helpful
1
Replies

ACE-4710 java applet not loading when accessing via VIP

shibi.ravindran
Level 1
Level 1

Hello,

We have installed an ACE appilance in one of the client place. It is a simple requirement to load balance two physical servers with the VIP.Now customer is facing problem with their application as mentioned below

Java applet not loading while accessing via VIP, but same will work when access via real IP address. I know  ACE has nothing much to do on this , Still appreciate if some one could guide me to come to a conclusion on the root cause . Below are the configurations from the ACE context.

access-list ACL-IN line 8 extended permit ip any any

probe icmp RT-ICMP
  interval 30
  faildetect 2
  passdetect interval 30
  passdetect count 2

rserver host REGERP1
  ip address 10.1.0.197
  probe RT-ICMP
  inservice
rserver host REGERP2
  ip address 10.0.3.20
  probe RT-ICMP
  inservice
rserver host RTTPOS1
  ip address 10.0.0.17
  probe RT-ICMP
  inservice
rserver host RTTPOS2
  ip address 10.0.0.11
  probe RT-ICMP
  inservice


serverfarm host REGERP
  failaction purge
  rserver REGERP1
    probe RT-ICMP
    inservice
  rserver REGERP2
    probe RT-ICMP
    inservice
serverfarm host RTTPOS
  failaction purge
  rserver RTTPOS1
    probe RT-ICMP
    inservice
  rserver RTTPOS2
    probe RT-ICMP
    inservice

class-map match-all REGERP-VIP
  2 match virtual-address 10.0.0.99 any
class-map type management match-any REMOTE-ACCESS
  2 match protocol icmp any
  3 match protocol telnet any
  4 match protocol ssh any
class-map match-all RTTPOS-VIP
  2 match virtual-address 10.0.0.77 any

policy-map type management first-match REMOTE-MGMT
  class REMOTE-ACCESS
    permit

policy-map type loadbalance first-match REGERP-LOADBALANCE
  class class-default
    serverfarm REGERP
policy-map type loadbalance first-match RTTPOS-LOADBALANCE
  class class-default
    serverfarm RTTPOS

policy-map multi-match SERVERFARM-POLICY
  class RTTPOS-VIP
    loadbalance vip inservice
    loadbalance policy RTTPOS-LOADBALANCE
    loadbalance vip icmp-reply
  class REGERP-VIP
    loadbalance vip inservice
    loadbalance policy REGERP-LOADBALANCE
    loadbalance vip icmp-reply

interface vlan 100
  description ---------SERVER SIDE INTERFACE--------
  bridge-group 101
  no normalization
  no icmp-guard
  access-group input ACL-IN
  no shutdown
interface vlan 101
  description ---------CLIENT SIDE INTERFACE---------
  bridge-group 101
  no normalization
  no icmp-guard
  access-group input ACL-IN
  service-policy input SERVERFARM-POLICY
  no shutdown

interface bvi 101
  ip address 10.0.0.235 255.0.0.0
  peer ip address 10.0.0.236 255.0.0.0
  no shutdown
 
ft track interface VLAN_100
  track-interface vlan 100
  peer track-interface vlan 100
  priority 100
  peer priority 110
ft track interface VLAN_101
  track-interface vlan 101
  peer track-interface vlan 101
  priority 100
  peer priority 110

ip route 0.0.0.0 0.0.0.0 10.0.0.222

regards

1 Reply 1

Daniel Arrondo Ostiz
Cisco Employee
Cisco Employee

Hi Shibi,

According to your configuration, you are just doing L4 load-balancing, so the ACE should not have any impact on the contents of the traffic.

I would recommend you to open a TAC service request to have this investigated further. The data that will be requested is the one below, so, it would be good if you could already gather it upfront

  • A showtech from the Admin context of the ACE
  • A showtech from the affected context
  • Simultaneous traffic captures on both sides of the ACE showing a failed connection.

With this data, we should be able to tell you what the issue is.

Regards

Daniel

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: