Solved: Re: ACE: a class-map with multiple ports... what about the probe

GIULIO FAINI · ‎11-23-2009

Hello Gilles,

One question about something I was not able to find in the documentation.

Lets say I have one class-map which includes 2 ports (in this case https and 5061).

Can I associate this class-map to just 1 generic serverfarm and probe for both ports or I have to specify 2 serverfarms/rservers/probes?

So, by not specifying the ports on the rserver, if a request is received on port 443 (or 5061), it is sent to the same respective port on the rserver?

The same way is valid for the generic probe. ACE module is able to probe both ports based on the class-map?

Thanks and have a great day!!

Giulio.

!

probe tcp PROBE_GENERIC_TCP
description This probe works for all TCP services by inheriting the VIP port.
interval 15
faildetect 2
passdetect interval 15
passdetect count 2
open 2

!

rserver host SERVER1_ACCESS
ip address <1AC>
inservice
rserver host SERVER2_ACCESS
ip address <2AC>
inservice

!
serverfarm host ACCESS-SFARM
probe PROBE_GENERIC_TCP
rserver SERVER1_ACCESS
inservice
rserver SERVER2_ACCESS
inservice

!
class-map match-any OCS_L4ACCESS
2 match virtual-address x.x.x.176 tcp eq https
2 match virtual-address x.x.x.176 tcp eq 5061
!
policy-map type loadbalance first-match OCS_L4ACCESS
class class-default
sticky-serverfarm ACCESS_STICKY

!

policy-map multi-match POLICY
...
class OCS_L4ACCESS
loadbalance vip inservice
loadbalance policy OCS_L4ACCESS
loadbalance vip icmp-reply active
connection advanced-options OCS_VIPTIMEOUT
nat dynamic XXX vlan 503

Gilles Dufour · ‎11-23-2009

port inheritance is not yet available on the module.

So, you will need to define 2 probes...one for each port and assign the 2 probes to the serverfarm.

You can however use the same serverfarm with your class-map.

If not port is specified for the rserver, we will reuse the one used by the client to connect to the vip.

Gilles.

View solution in original post

Gilles Dufour · ‎11-23-2009

port inheritance is not yet available on the module.

So, you will need to define 2 probes...one for each port and assign the 2 probes to the serverfarm.

You can however use the same serverfarm with your class-map.

If not port is specified for the rserver, we will reuse the one used by the client to connect to the vip.

Gilles.

GIULIO FAINI · ‎12-29-2009

ACE 4710 has probe port inheritance as of A3.1.0.

This is on the roadmap for ACE module.

Peter Koltl · ‎01-09-2010

Even if you use the 4710 appliance or expect the inheritance in the module software, it's worth considering if this is really what you want. If you keep multiple ports in the L3/L4 class-map you can't handle the services independently. You will have a common serverfarm for both https and 5061. If https service stops on one rserver, the ACE will place that rserver (and not that service) in out-of-operation state and it won't receive any 5061 traffic either. (You have the fail-on-all probe option but I wouldn't say it's a better choice. In that case, https traffic would be sent to the rserver even if https port is closed as long as there is at least one working service on it.) That's why I prefer a separate class-map and separate serverfarm for each service. (They can contain the same rservers, no need to duplicate.) BUT if the software supports probe port inheritance, you can benefit from it even in this scenario: serverfarm-443 and serverfarm-5061 can both use your PROBE_GENERIC_TCP.

ACE: a class-map with multiple ports... what about the probe/serverfarm?