Thanks

Please take into account that traffic will be load balance between both rservers with different ports

Jorge

To migrate this config; configure two VIPs (two class-maps); two serverfarm (each being associated to one "service" aka port)

I totally agreed with what Surya said.

Mixing ports might trigger expected behaviors

Connections can go to the correct port sometimes however also they can go to the other port configured as well.

Jorge

Just so I am clear, on the old CSS, the above config only used 1 VIP and worked fine..But I cant do this correctly on the ACE without burning 2 VIPS ? I would be better off have each backend web server on their own server that is sharing ports.

Cheers

Dave

It's one IP address, but you'll have to define two class maps; one listening on port 22 and the other on port 25.

The vocabulary isn't clear sometimes.

A vip is an ip address; but sometimes people say "VIP" for virtual servers (IP / port).

Technically you have to define two virtual servers on one VIP.

Hi Dave,

Basically, you may need to have either 1 vip (virtual address) to hear on any port like this:

policy-map multi-match client-vips

  class slb-vip

    loadbalance vip inservice

    loadbalance policy slb

class-map match-all slb-vip

  2 match virtual-address 172.16.1.100 any

policy-map type loadbalance http first-match slb

  class class-default

    serverfarm web

serverfarm host web

  rserver server1

    inservice

  rserver server2

    inservice

Based on the configuration above the ACE will receive the traffic on any port, then servers will be responsible to hear on any port which you require( in your case 8001/8002), if not, the the ACE might eventually loadbalance the traffic to a server which does not hear on the "correct" port and the connection will fail . As you may know the ACE will keep the port which the connection started with until it reaches the servers, then for example: if you hit 172.16.1.100 on port 8002, ACE will keep port 8002 until the servers when it will load balance between the serverfarm which it has configured, so if both servers hear on both ports then any of them can handle the request

Second option:

You can have the same VIP but listening on different ports like this:

policy-map multi-match client-vips

  class slb-vip-8081

    loadbalance vip inservice

    loadbalance policy slb-8081

  class slb-vip-8082

    loadbalance vip inservice

    loadbalance policy slb-8082

class-map match-all slb-vip-8081

  2 match virtual-address 172.16.1.100 tcp eq 8081

policy-map type loadbalance http first-match slb-8081

  class class-default

    serverfarm web

serverfarm host web-8081

  rserver server1

    inservice

class-map match-all slb-vip-8082

  2 match virtual-address 172.16.1.100 tcp eq 8082

policy-map type loadbalance http first-match slb-8082

  class class-default

    serverfarm web-8082

serverfarm host web-8082

  rserver server2

    inservice

Hope this helps!!!

------------------------------

Jorge

Hi Jorge,

I've been a CLI engineer for years, but when it comes to configuration on ACE4710s, (I've done around 10 this year) I've found the GUI to be terrific.

You can literally configure real servers, VIPs, and serverfarms within minutes.

Looking at the configs after the GUI has finished, it uses the same technique as your second option in your last post,

i.e.  - multiple VIP class-maps, using the same IP address but on different ports

Long complex load balancing is almost too tricky using the CLI, the GUI makes life much easier, especially once multiple context are used as well !

Regards Tony

I followed the setup jobejara but I found the following error when applying to police at the interface: 

" Error: vip address duplicates an existing interface with ip address "

Hi Max,

From the error it looks like you are defining a IP as VIP which is already assigned to an interface. This will cause problems in network of duplicate IP address.

I haven't gone through the complete conversation here but you can share your configuration here and i can have a look at it.

I would suggest to open a new thread for it as well for tracking different errors and issues.

Let me know if you have any questions.

Regards,

Kanwal

Hi Tony,

Yes, that's correct. it may be easier perhaps with the GUI but basically the idea is the same, no matter you use the CLI or GUI. Keep your configuration separated is better and more recommended.

Jorge