04-17-2012 11:35 PM
Hi Expert,
Now I'm facing some tough issue. I'm implementing and found out some issues are unresolvable on ACE4710. So, I need your help, would you be so kind.
This network have been running on a server without LB. Now the second server comes up. We choosed to implement with Routed Mode.
This network Peak @ 300Mbps.
Now on we're doing the first context which is function as content web-farm. In near future, 2nd context which takes care of indexing web-farm when they buy more server.
From following diagrams.
I browsed from internet into this service. "show service-policy" shown as '0' (counter was not running). I guessed that there is something wrong in FW configuration. So I isolated out FW.
Then I plugged-in my PC into network 30 (192.168.30.X) in front of this LB, then browsed into LB's VIP (192.168.30.1). LB "show service-policy" came up BUT there is nothing return to my PC (client). "show conn" on LB as "SYNSEEN". What's SYNSEEN?! Some meaningful.
Then I tried to figure out with a PC running 'apache' and took the place of real server. "It works!" returned from LB/Server. "show conn" became 'Establish'
Programmer guy said if I browse into web-farm (i.e. content web-farm) directly pkt will be redirected to indexing server. But they said it will be L7 redirection. Not LB/Network level. I'm afraid it will have problem with this redirection.
Would you pls recommend the solution or what to test more. Some command or some general troubleshooting steps.
Anyway I enclosed my related configure such LB running-config.
Thank you in advance.
04-18-2012 12:13 AM
Hi,
The web-server's gateway is the ACE or are you using NAT for the clients ? I thnik that you are using it without nat. Please confirm.
SYNSEEN - is very meaningfull , the ACE has seen only the seen , but no SYN ACK from the server. In my opinion the packet gets to the server but the server is replying to the client though the firewall.
Later edit : Also in your drawing regarding the VLAN30 , the ACE has .242 address , but on config is .1 , also the firewall in the drawing is .254 and in the ACE's config the default gw is .242. Could you clear this ?
Dan
04-18-2012 11:02 PM
Hi Dan, Thanks mate,
Sorry, I was attached the wrong version, the right version of LB (AUPT context config) is
interface vlan 30
description Client Side
ip address 192.168.30.242 255.255.255.0
access-group input EVERYONE
service-policy input int30
service-policy input mgmt-pm
no shutdown
interface vlan 50
description Server Side
ip address 192.168.50.242 255.255.255.0
service-policy input mgmt-pm
no shutdown
ip route 0.0.0.0 0.0.0.0 192.168.50.254
---
Yep, Im using web-server's gateway as ACE (192.168.50.242). Packet need to pass through LB before return out FW right?
In face, I do dst-NATed at FW for incoming traffic to 192.168.30.1 (VIP)
What's the point of using NAT, Do you mean of src-NAT of incoming pkt?
Nipat.p
04-18-2012 11:12 PM
Hi ,
sNAT (client nat) is not your case, because you are using ACE as a default gw for your server. If you didn't use ACE as gateway you had to make samehow as the returing traffic to be through ACE. This is the point of SNAT ( client nat ). But once again not your case.
Could you paste the routing table of the server , please
Dan
04-18-2012 11:21 PM
Please also paste you current config.
From your initial config I can see that you have 2 * ACE in HA , am I correct ?
peer hostname lopsdr471002
hostname aupt4700
shared-vlan-hostid 2
peer shared-vlan-hostid 3
Dan
04-18-2012 11:57 PM
Hi Dan,
You r correct ! This box was picked from another project to PoC in this porject before real box delivery. So, some config left. But those config are not affect.
By the way, we rolled back to the last working config i.e. FW, Server and put LB out.
I will reproduce this for you by next week and I will restore factory defualt before retrying.
Thanks for yr kindness, I will repond you soon.
Nipat
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide