Solved: ACE - peer probes

achrich · ‎02-07-2012

Hi,

We have a scenario where we PBR certain certain source IP`s back into the ACE to perform server NAT`ing. This is routed into the ACE via a alias IP.

Problem we have is this breaks probes on the back up ACE as we health check the same IP`s for a inbound VIP ( when the FT pairs are flipped the problem is reversed ) as I assume the Alias interface has no record of the flow and bins the traffic ( as it originated from the backup ACE interface not the alias )

So my quick question would be is their any way a backup peers probes can be disabled as it creates a lot of half open connections on the servers ?

I dont want to change the PBR to use real IP`s as could break some failover scenarios and adding a more complex ACL to the PBR creates issues with the NAT we`re doing

Thanks

cpomeroy · ‎02-10-2012

The short answer is no the back up probes cannot be disabled. In fact you want the probes to be working in the case of a failover. I am not sure how you have your pbr working, but the probes are sourced from the interface ip addresss on the vlan (not the alias). The ACTIVE and the STANDBY have unique ip addresses, so as long as you account for this in your pbr you should be fine.

Chris

View solution in original post

cpomeroy · ‎02-10-2012

The short answer is no the back up probes cannot be disabled. In fact you want the probes to be working in the case of a failover. I am not sure how you have your pbr working, but the probes are sourced from the interface ip addresss on the vlan (not the alias). The ACTIVE and the STANDBY have unique ip addresses, so as long as you account for this in your pbr you should be fine.

Chris

achrich · ‎02-10-2012

Thanks - in the end I had to add a specific ACL`s for the probes in the PBR to use default forwarding vs into the Alias.