cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
870
Views
0
Helpful
3
Replies

ACE 4710 VIP not pingable even with "always" selected.

kpruett
Level 1
Level 1

Hello, I have a somewhat complicated setup in order to allow one particular VIP to answer for the same serverfarm on two different ports (this was a previous question here.) Here is the scrubbed config below. The setup works, but the issue is that the VIP does not reply to pings. We use both the servers and the vip for monitoring internally. It is still operational on the ports it is balancing, but no setting for ping seems to work (Active, Primary, or Always.) What am I doing wrong here? The other sites I use stickys with respond for their VIPs. I'm assuming this one does not due to the more complicated policy map.

 

probe http HTML-Site-Up_200
  description This probe is to verify HTTP operation via site-up.html check
  port 80
  interval 5
  faildetect 2
  passdetect interval 10
  request method get url /site-up.html
  expect status 200 200
  open 2
probe icmp ICMP-Ping
  interval 5
  faildetect 2
  passdetect interval 10
probe tcp RAW-TCP-81
  port 81
  interval 10
  faildetect 2
  passdetect interval 20
  connection term forced
  open 1


rserver host psc-us-EQUIPprd1
  description EQUIP Prod, server 1
  ip address 10.1.1.84
  inservice
rserver host psc-us-EQUIPprd2
  description EQUIP Prod, server 2
  ip address 10.1.1.85
  inservice

 

serverfarm host EQUIPPROD
  description EQUIP Prod Server Pool
  predictor leastconns
  probe HTML-Site-Up_200
  probe ICMP-Ping
  probe RAW-TCP-81
  rserver psc-us-EQUIPprd1
    probe ICMP-Ping
    probe HTML-Site-Up_200
    probe RAW-TCP-81
    inservice
  rserver psc-us-EQUIPprd2
    probe ICMP-Ping
    probe HTML-Site-Up_200
    probe RAW-TCP-81
    inservice
serverfarm host EQUIPPROD-CUSTOMER-81
  description EQUIP Customer Site Server Pool, port 81
  predictor leastconns
  probe RAW-TCP-81
  rserver psc-us-EQUIPprd1 81
    probe RAW-TCP-81
    inservice
  rserver psc-us-EQUIPprd2 81
    probe RAW-TCP-81
    inservice

 

sticky ip-netmask 255.255.255.255 address source Sticky_EQUIPPROD
  timeout 180
  replicate sticky
  serverfarm EQUIPPROD

 

class-map type http loadbalance match-all EQUIP_81_Redirect
  2 match http header Host header-value ".*equiponline.com"
class-map type http loadbalance match-all EQUIP_81_Redirect_Full
  2 match http header Host header-value ".*www.equiponline.com"
class-map match-all VIP-EQUIPPROD
  2 match virtual-address 10.1.1.97 any

policy-map type loadbalance first-match VIP-EQUIPPROD-l7slb
  class EQUIP_81_Redirect
    serverfarm EQUIPPROD-CUSTOMER-81
  class EQUIP_81_Redirect_Full
    serverfarm EQUIPPROD-CUSTOMER-81
  class class-default
    sticky-serverfarm Sticky_EQUIPPROD

policy-map multi-match global
  class VIP-EQUIPPROD
    loadbalance vip inservice
    loadbalance policy VIP-EQUIPPROD-l7slb
    loadbalance vip icmp-reply
    nat dynamic 13 vlan 1000

 

interface vlan 1000
  nat-pool 13 10.1.1.97 10.1.1.97 netmask 255.255.255.0 pat

 

3 Replies 3

Kanwaljeet Singh
Cisco Employee
Cisco Employee

Hi,

If you do "show service-policy global detail" and if you see VIP "INSERVICE", it should ping fine. You have "loadbalance vip icmp-reply" which means that ACE VIP will ping even though serverfarm is not operational. Are you able to ping the VIP from  the ACE itself?

Regards,

Kanwal

Note: Please mark answers if they are helpful.

Output from that class from the show service-policy command. And no, it doesn't appear to be pingable from the ACE.

    class: VIP-EQUIPPROD

      nat:
        nat dynamic 13 vlan 1000
        curr conns       : 361       , hit count        : 116690    
        dropped conns    : 5         
        client pkt count : 4815293   , client byte count: 739114009           
        server pkt count : 7281612   , server byte count: 8753101386          
        conn-rate-limit      : 0         , drop-count : 0         
        bandwidth-rate-limit : 0         , drop-count : 0         
     VIP Address:    Protocol:  Port:
     10.1.1.97    any
      loadbalance:
        L7 loadbalance policy: VIP-EQUIPPROD-l7slb
        Regex dnld status    : SUCCESSFUL
        VIP ICMP Reply       : ENABLED
        VIP State: INSERVICE
        VIP DWS state: DWS_DISABLED
        Persistence Rebalance: ENABLED
        curr conns       : 392       , hit count        : 134300    
        dropped conns    : 431       
        client pkt count : 4869950   , client byte count: 741545220           
        server pkt count : 7281612   , server byte count: 8753101386          
        conn-rate-limit      : 0         , drop-count : 0         
        bandwidth-rate-limit : 0         , drop-count : 0         
        L7 Loadbalance policy : VIP-EQUIPPROD-l7slb
          class/match : EQUIP_81_Redirect
            LB action :
               primary serverfarm: EQUIPPROD-CUSTOMER-81
                    state: UP
                backup serverfarm : -
            hit count        : 12602     
            dropped conns    : 0         
            compression      : off
          class/match : EQUIP_81_Redirect_Full
            LB action :
               primary serverfarm: EQUIPPROD-CUSTOMER-81
                    state: UP
                backup serverfarm : -
            hit count        : 0         
            dropped conns    : 0         
            compression      : off
          class/match : class-default
            LB action: :
               sticky group: Sticky_EQUIPPROD
                  primary serverfarm: EQUIPPROD
                    state:UP
                  backup serverfarm : -
            hit count        : 107831    
            dropped conns    : 5         
            compression      : off
      compression:
        bytes_in  : 0                          bytes_out : 0                   
        Compression ratio : 0.00%
                Gzip: 0               Deflate: 0         
      compression errors:
        User-Agent  : 0               Accept-Encoding    : 0         
        Content size: 0               Content type       : 0         
        Not HTTP 1.1: 0               HTTP response error: 0         
        Others      : 0         


pscaceinside01/Prod# ping 10.1.1.97
 Pinging 10.51.221.97 with timeout = 2, count = 5, size = 100 ....

No response received from 10.1.1.97 within last 2 sec
No response received from 10.1.1.97 within last 2 sec
No response received from 10.1.1.97 within last 2 sec
No response received from 10.1.1.97 within last 2 sec
No response received from 10.1.1.97 within last 2 sec
5 packet sent, 0 responses received, 100% packet loss

 

For what it's worth, none of my VIP's are pingable from the ACE. I think that has to do with me being in one-arm configuration, and using the NAT addresses per VIP. But all other VIPs are pingable from other sources on the subnet. With the exception of this VIP.

 

Hi,

Can you send me the show arp output as well as the show run complete output from the device?

Regards,

Kanwal

Note: Please mark answers if they are helpful.

Review Cisco Networking for a $25 gift card