09-15-2014 06:25 AM
Hello, I have a somewhat complicated setup in order to allow one particular VIP to answer for the same serverfarm on two different ports (this was a previous question here.) Here is the scrubbed config below. The setup works, but the issue is that the VIP does not reply to pings. We use both the servers and the vip for monitoring internally. It is still operational on the ports it is balancing, but no setting for ping seems to work (Active, Primary, or Always.) What am I doing wrong here? The other sites I use stickys with respond for their VIPs. I'm assuming this one does not due to the more complicated policy map.
probe http HTML-Site-Up_200
description This probe is to verify HTTP operation via site-up.html check
port 80
interval 5
faildetect 2
passdetect interval 10
request method get url /site-up.html
expect status 200 200
open 2
probe icmp ICMP-Ping
interval 5
faildetect 2
passdetect interval 10
probe tcp RAW-TCP-81
port 81
interval 10
faildetect 2
passdetect interval 20
connection term forced
open 1
rserver host psc-us-EQUIPprd1
description EQUIP Prod, server 1
ip address 10.1.1.84
inservice
rserver host psc-us-EQUIPprd2
description EQUIP Prod, server 2
ip address 10.1.1.85
inservice
serverfarm host EQUIPPROD
description EQUIP Prod Server Pool
predictor leastconns
probe HTML-Site-Up_200
probe ICMP-Ping
probe RAW-TCP-81
rserver psc-us-EQUIPprd1
probe ICMP-Ping
probe HTML-Site-Up_200
probe RAW-TCP-81
inservice
rserver psc-us-EQUIPprd2
probe ICMP-Ping
probe HTML-Site-Up_200
probe RAW-TCP-81
inservice
serverfarm host EQUIPPROD-CUSTOMER-81
description EQUIP Customer Site Server Pool, port 81
predictor leastconns
probe RAW-TCP-81
rserver psc-us-EQUIPprd1 81
probe RAW-TCP-81
inservice
rserver psc-us-EQUIPprd2 81
probe RAW-TCP-81
inservice
sticky ip-netmask 255.255.255.255 address source Sticky_EQUIPPROD
timeout 180
replicate sticky
serverfarm EQUIPPROD
class-map type http loadbalance match-all EQUIP_81_Redirect
2 match http header Host header-value ".*equiponline.com"
class-map type http loadbalance match-all EQUIP_81_Redirect_Full
2 match http header Host header-value ".*www.equiponline.com"
class-map match-all VIP-EQUIPPROD
2 match virtual-address 10.1.1.97 any
policy-map type loadbalance first-match VIP-EQUIPPROD-l7slb
class EQUIP_81_Redirect
serverfarm EQUIPPROD-CUSTOMER-81
class EQUIP_81_Redirect_Full
serverfarm EQUIPPROD-CUSTOMER-81
class class-default
sticky-serverfarm Sticky_EQUIPPROD
policy-map multi-match global
class VIP-EQUIPPROD
loadbalance vip inservice
loadbalance policy VIP-EQUIPPROD-l7slb
loadbalance vip icmp-reply
nat dynamic 13 vlan 1000
interface vlan 1000
nat-pool 13 10.1.1.97 10.1.1.97 netmask 255.255.255.0 pat
09-15-2014 07:04 AM
Hi,
If you do "show service-policy global detail" and if you see VIP "INSERVICE", it should ping fine. You have "loadbalance vip icmp-reply" which means that ACE VIP will ping even though serverfarm is not operational. Are you able to ping the VIP from the ACE itself?
Regards,
Kanwal
Note: Please mark answers if they are helpful.
09-15-2014 07:58 AM
Output from that class from the show service-policy command. And no, it doesn't appear to be pingable from the ACE.
class: VIP-EQUIPPROD
nat:
nat dynamic 13 vlan 1000
curr conns : 361 , hit count : 116690
dropped conns : 5
client pkt count : 4815293 , client byte count: 739114009
server pkt count : 7281612 , server byte count: 8753101386
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
VIP Address: Protocol: Port:
10.1.1.97 any
loadbalance:
L7 loadbalance policy: VIP-EQUIPPROD-l7slb
Regex dnld status : SUCCESSFUL
VIP ICMP Reply : ENABLED
VIP State: INSERVICE
VIP DWS state: DWS_DISABLED
Persistence Rebalance: ENABLED
curr conns : 392 , hit count : 134300
dropped conns : 431
client pkt count : 4869950 , client byte count: 741545220
server pkt count : 7281612 , server byte count: 8753101386
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
L7 Loadbalance policy : VIP-EQUIPPROD-l7slb
class/match : EQUIP_81_Redirect
LB action :
primary serverfarm: EQUIPPROD-CUSTOMER-81
state: UP
backup serverfarm : -
hit count : 12602
dropped conns : 0
compression : off
class/match : EQUIP_81_Redirect_Full
LB action :
primary serverfarm: EQUIPPROD-CUSTOMER-81
state: UP
backup serverfarm : -
hit count : 0
dropped conns : 0
compression : off
class/match : class-default
LB action: :
sticky group: Sticky_EQUIPPROD
primary serverfarm: EQUIPPROD
state:UP
backup serverfarm : -
hit count : 107831
dropped conns : 5
compression : off
compression:
bytes_in : 0 bytes_out : 0
Compression ratio : 0.00%
Gzip: 0 Deflate: 0
compression errors:
User-Agent : 0 Accept-Encoding : 0
Content size: 0 Content type : 0
Not HTTP 1.1: 0 HTTP response error: 0
Others : 0
pscaceinside01/Prod# ping 10.1.1.97
Pinging 10.51.221.97 with timeout = 2, count = 5, size = 100 ....
No response received from 10.1.1.97 within last 2 sec
No response received from 10.1.1.97 within last 2 sec
No response received from 10.1.1.97 within last 2 sec
No response received from 10.1.1.97 within last 2 sec
No response received from 10.1.1.97 within last 2 sec
5 packet sent, 0 responses received, 100% packet loss
For what it's worth, none of my VIP's are pingable from the ACE. I think that has to do with me being in one-arm configuration, and using the NAT addresses per VIP. But all other VIPs are pingable from other sources on the subnet. With the exception of this VIP.
09-15-2014 08:09 AM
Hi,
Can you send me the show arp output as well as the show run complete output from the device?
Regards,
Kanwal
Note: Please mark answers if they are helpful.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide