Reboot fixed the problem so I can enter the context. Thanks. Will start to do some logging....

And Yes I have assigned resource class to the context.

But now I experience a problem regaring configuring the context.  I have 4 ACE modules in 2 different sites.  2 in one site and 2 in the other.  At the moment site1 have the 2 ACE modules (in each of the two 6509 at the site).  The context for loadbalancing traffic to 2 different webservers is working fine.  The ft also works fine.

But when I enter the context at site2 the site1 drops "dead".  I loose connection to the vip address at site1 when ethering the config for the context at site2.

I use vlan 1240 at both sites, 1240 is configured at both sites and also trunked between them  as the distance between them is very short.  I use different ip adresses for each of the 2 context's at site1 and site2.  Why am I loosing connection to site1 when configuring context at site2?

Here is the configs for the context's at site 1 and site 2:

Site1:

-------

access-list INBOUND line 8 extended permit ip any any

probe http WEBGUI_D2
  description Probe for http mot webgui
  interval 10
  passdetect interval 10
  passdetect count 1
  request method get url /D2/auth/login.aspx
  expect status 200 302
  header User-Agent header-value "IDENTITY"

rserver host cwi501
  description content server logon SITE1
  ip address 10.163.22.21
  inservice
rserver host cwi502
  description content server logon SITE1
  ip address 10.163.22.22
  inservice

serverfarm host SF_LOGON_D2_SITE1
  probe WEBGUI_D2
  rserver cwi501 80
    inservice
  rserver cwi502 80
    inservice

sticky ip-netmask 255.255.255.255 address source STICKYGROUP1
  timeout 20
  replicate sticky
  serverfarm SF_LOGON_D2_SITE1

class-map match-all VS_LOGON_D2__SITE1
  3 match virtual-address 10.163.22.10 any

policy-map type loadbalance first-match PM_ONE_ARM_LB
  class class-default
    sticky-serverfarm STICKYGROUP1

policy-map multi-match PM_ONE_ARM_MULTI_MATCH
  class VS_LOGON_D2__SITE1
    loadbalance vip inservice
    loadbalance policy PM_ONE_ARM_LB
    nat dynamic 5 vlan 1240

interface vlan 1240
  description Client_server
  ip address 10.163.22.5 255.255.255.0
  peer ip address 10.163.22.4 255.255.255.0
  access-group input INBOUND
  nat-pool 5 10.163.22.6 10.163.22.9 netmask 255.255.255.192 pat
  service-policy input PM_ONE_ARM_MULTI_MATCH
  no shutdown

ip route 0.0.0.0 0.0.0.0 10.163.22.1

Site2:

-------

access-list INBOUND line 8 extended permit ip any any

probe http WEBGUI_D2
  description Probe for http mot webgui
  interval 10
  passdetect interval 10
  passdetect count 1
  request method get url /D2/auth/login.aspx
  expect status 200 302
  header User-Agent header-value "IDENTITY"

rserver host cwi001
  description content server logon SITE2
  ip address 10.163.22.25
  inservice
rserver host cwi002
  description content server logon SITE2
  ip address 10.163.22.26
  inservice

serverfarm host SF_LOGON_D2_SITE2
  probe WEBGUI_D2
  rserver cwi001 80
    inservice
  rserver cwi002 80
    inservice

sticky ip-netmask 255.255.255.255 address source STICKYGROUP1
  timeout 20
  replicate sticky
  serverfarm SF_LOGON_D2_SITE2

class-map match-all VS_LOGON_D2_SITE2
  3 match virtual-address 10.163.22.13 any

policy-map type loadbalance first-match PM_ONE_ARM_LB
  class class-default
    sticky-serverfarm STICKYGROUP1

policy-map multi-match PM_ONE_ARM_MULTI_MATCH
  class VS_LOGON_D2_SITE2
    loadbalance vip inservice
    loadbalance policy PM_ONE_ARM_LB
    nat dynamic 5 vlan 1240

interface vlan 1240
  description Client_server
  ip address 10.163.22.11 255.255.255.0
  peer ip address 10.163.22.12 255.255.255.0
  access-group input INBOUND
  nat-pool 5 10.163.22.14 10.163.22.17 netmask 255.255.255.192 pat
  service-policy input PM_ONE_ARM_MULTI_MATCH
  no shutdown

ip route 0.0.0.0 0.0.0.0 10.163.22.1

BR
Geir

Can you show the admin context for both pairs ?

As the vlan 1240 is shared, have you assigned 4 different pools of mac addresses for your 4 ace modules ?

>4 different pools of mac addresses for your 4 ace modules

No, have not used 4 different mac addresses for the 4 ace modules. Yes there could be something here, as I saw that the ace modules uses the same mac addresses in the arp table. The sh ip arp command on one of the 6509 shows that the ACE module have the same mac address. How do I use 4 different mac addresses? And configuring this on the fly, will this have any impact og downtime? If yes, I guess just for a minute og 2 as long as the mac address stays in the mac table.

The Admin context is as follows:

Site1:

hostname ACE-SITE1-1
boot system image:c6ace-t1k9-mz.A2_1.bin

resource-class RC_DATABASE
  limit-resource all minimum 0.00 maximum unlimited
  limit-resource sticky minimum 2.00 maximum equal-to-min
resource-class RESGRPSITE1
  limit-resource all minimum 0.00 maximum unlimited
  limit-resource sticky minimum 2.00 maximum equal-to-min
resource-class RES_CLASS_Tjenester
  limit-resource all minimum 0.00 maximum unlimited
  limit-resource sticky minimum 2.00 maximum equal-to-min

clock timezone standard CEST
access-list BPDU ethertype permit bpdu

access-list anyone line 10 extended permit ip any any
access-list anyone line 18 extended permit icmp any any

class-map type management match-any REMOTE_ACCESS
  description Remote access traffic match
  2 match protocol telnet any
  3 match protocol ssh any
  4 match protocol icmp any
  5 match protocol https any
  6 match protocol http any

policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
  class REMOTE_ACCESS
    permit

interface vlan 700
  description management connectivity on VLAN 700 and query interface VLAN
  ip address 10.1749.88 255.255.255.0
  alias 10.1749.90 255.255.255.0
  peer ip address 10.1749.89 255.255.255.0
  service-policy input REMOTE_MGMT_ALLOW_POLICY
  no shutdown

ft interface vlan 98
  ip address 192.168.13.1 255.255.255.0
  peer ip address 192.168.13.15 255.255.255.0
  no shutdown

ft peer 1
  heartbeat interval 200
  heartbeat count 20
  ft-interface vlan 98
  query-interface vlan 700

ip route 0.0.0.0 0.0.0.0 10.1749.1

context Logon-D2-SITE1
  description Logonservere i D2 som lastblanseres
  allocate-interface vlan 1240
  member RESGRPSITE1
context Tjenester-D2-SITE1
  description "LB av tjenester ved SITE1"
  allocate-interface vlan 5
  member RES_CLASS_Tjenester

ft group 1
  peer 1
  associate-context Logon-D2-SITE1
  inservice
ft group 2
  peer 1
  associate-context Tjenester-D2-SITE1
  inservice

Site2:

hostname ACE-SITE2-1
boot system image:c6ace-t1k9-mz.A2_1.bin

resource-class RC_DATABASE
  limit-resource all minimum 0.00 maximum unlimited
  limit-resource sticky minimum 2.00 maximum equal-to-min
resource-class RESGRPSITE2
  limit-resource all minimum 0.00 maximum unlimited
  limit-resource sticky minimum 2.00 maximum equal-to-min
resource-class RES_CLASS_Tjenester
  limit-resource all minimum 0.00 maximum unlimited
  limit-resource sticky minimum 2.00 maximum equal-to-min

clock timezone standard CET

class-map type management match-any REMOTE_ACCESS
  description Remote access traffic match
  2 match protocol telnet any
  3 match protocol ssh any
  4 match protocol icmp any
  5 match protocol https any
  6 match protocol http any

policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
  class REMOTE_ACCESS
    permit

interface vlan 600
  description management connectivity on VLAN 600 and query interface VLAN
  ip address 10.174.12.88 255.255.255.0
  alias 10.174.12.90 255.255.255.0
  peer ip address 10.174.12.89 255.255.255.0
  service-policy input REMOTE_MGMT_ALLOW_POLICY
  no shutdown

ft interface vlan 99
  ip address 192.168.12.1 255.255.255.0
  peer ip address 192.168.12.15 255.255.255.0
  no shutdown

ft peer 1
  heartbeat interval 200
  heartbeat count 20
  ft-interface vlan 99
  query-interface vlan 600

ip route 0.0.0.0 0.0.0.0 10.174.12.1

context Logon-D2-SITE2
  description Logonservere i D2 som lastblanseres
  allocate-interface vlan 1240
  member RESGRPSITE2
context Tjenester-D2-SITE2
  description "LB av tjenester ved SITE2"
  allocate-interface vlan 5
  member RES_CLASS_Tjenester
context VC_DATABASE
  description "LB av database-tjenester"
  allocate-interface vlan 640
  member RC_DATABASE

ft group 1
  peer 1
  associate-context Logon-D2-SITE2
  inservice
ft group 2
  peer 1
  peer priority 200
  associate-context VC_DATABASE
  inservice
ft group 3
  peer 1
  peer priority 200
  associate-context Tjenester-D2-SITE2
  inservice

Br

Geir

I guess this is where I need looking into: Specifying the MAC Address Banks for a Shared VLAN

And I need to use:

shared-vlan-hostid number

peer shared-vlan-hostid number

As I have written above, the 4 ace modules will be paired, 2 ace modules in site1 will be paired, and the same i site2.

I will be using shared vlans, and also differnet vlans.

The ace module has standard licens, so for the moment I can only use 5 context.

So how wil the shared-vlan be used for acemodules in ft configuration, and between the ft-ace modules at each site?

Br

Geir

I guess you refer to the first pair  as the 2 ace modules in site 1 and the second pair as the 2 ace modules in site 2.

I did  what you suggested, I entered the commands as follows:

Ace modules in site1, the admin contexts (same on both ace'es):

shared-vlan-hostid 1

peer shared-vlan-hostid 2

Ace modules in site2, the admin contexts (same on both ace'es):

shared-vlan-hostid 11

er shared-vlan-hostid 12

When entering the new context that shares vlan 1240, I now still have the connection to vip in site1.

But the ace context in site 2, after entering it, VIP doesn't reply to my ping.  The probe says success.

Not sure why yet, but sh ip arp at the 6509 switch shows the same mac address for both the ace pairs.

Br Geir

Thanks!

That did the work! Now I have both pairs up and running for the Logon-context.

I guess I need to do some "cleanup" in the config, but now I understand the consept of this shared vlans.

Thanks Again.

Br Geir