Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2021
Views
0
Helpful
3
Replies

ACE: RDP loadbalancing connection problem

Ralf Kleineisel
Level 1
Level 1

‎04-05-2011 03:57 AM

I have a problem setting up RDP loadbalancing.

My setup is a WS-C6509-E with IOS 12.2(33)SXI5 and a ACE20-MOD-K9 running
A2(3.3).

I have the ACE in two-arm-mode, I can connect to the real servers via RDP. The
real servers use a MS Terminal Server Session Broker with routing tokens.

The serverfarm is operational:

# show serverfarm FARM-TSFARM1 det
serverfarm     : FARM-TSFARM1, type: HOST
total rservers : 4
active rservers: 4
description    : srv-f1-tsX.mydomain.de
state          : ACTIVE
predictor      : ROUNDROBIN
failaction     : -
back-inservice    : 0
partial-threshold : 0
num times failover       : 0
num times back inservice : 1
total conn-dropcount : 0
---------------------------------
                                                ----------connections-----------
       real                  weight state        current    total      failures
   ---+---------------------+------+------------+----------+----------+---------
   rserver: RS-SRV-F1-TS1
       10.7.43.201:0         8      OPERATIONAL  0          1          0
         description          : -
         max-conns            : 500       , out-of-rotation count : 0
         min-conns            : 500      
         conn-rate-limit      : -         , out-of-rotation count : -
         bandwidth-rate-limit : -         , out-of-rotation count : -
         retcode out-of-rotation count : -
         load value           : 0        

   rserver: RS-SRV-F1-TS2
       10.7.43.202:0         8      OPERATIONAL  0          0          0
         description          : -
         max-conns            : 500       , out-of-rotation count : 0
         min-conns            : 500      
         conn-rate-limit      : -         , out-of-rotation count : -
         bandwidth-rate-limit : -         , out-of-rotation count : -
         retcode out-of-rotation count : -
         load value           : 0        

   rserver: RS-SRV-F1-TS3
       10.7.43.203:0         8      OPERATIONAL  0          0          0
         description          : -
         max-conns            : 500       , out-of-rotation count : 0
         min-conns            : 500      
         conn-rate-limit      : -         , out-of-rotation count : -
         bandwidth-rate-limit : -         , out-of-rotation count : -
         retcode out-of-rotation count : -
         load value           : 0        

   rserver: RS-SRV-F1-TS4
       10.7.43.204:0         8      OPERATIONAL  0          0          0
         description          : -
         max-conns            : 500       , out-of-rotation count : 0
         min-conns            : 500      
         conn-rate-limit      : -         , out-of-rotation count : -
         bandwidth-rate-limit : -         , out-of-rotation count : -
         retcode out-of-rotation count : -
         load value           : 0        

The service policy is active, it shows an increasing hit count for the VIP
connections (47 as shown below), no drop-count, no dropped connections, but
zero bytes server packets and no hit counts for the L7 policy:

# show service-policy VIP-TSFARM1 detail

Status     : ACTIVE
Description: -----------------------------------------
Interface: vlan 44
  service-policy: VIP-TSFARM1
    class: VIP-TSFARM1-RDP
     VIP Address:    Protocol:  Port:
     10.7.44.106     tcp        eq    3389
      loadbalance:
        L7 loadbalance policy: VIP-TSFARM1-RDP-l7slb
        VIP Route Metric     : 77
        VIP Route Advertise  : ENABLED-WHEN-ACTIVE
        VIP ICMP Reply       : ENABLED-WHEN-ACTIVE
        VIP State: INSERVICE
        curr conns       : 0         , hit count        : 47       
        dropped conns    : 0        
        client pkt count : 221       , client byte count: 10996              
        server pkt count : 0         , server byte count: 0                  
        conn-rate-limit      : 0         , drop-count : 0        
        bandwidth-rate-limit : 0         , drop-count : 0        
        L7 Loadbalance policy : VIP-TSFARM1-RDP-l7slb
          class/match : class-default
            LB action: :
               primary serverfarm: FARM-TSFARM1
                    state: UP
                  backup serverfarm : -
            hit count        : 0        
            dropped conns    : 0        

I never get a "Built TCP connection" syslog message.

When I make a VIP with "policy-map type loadbalance generic" instead of
"policy-map type loadbalance rdp" everything works as expected, apart from the
fact that users cannot be redirected to the correct server if they have an
active session on one of them.

Here is the config of the rdp setup:

rserver host RS-SRV-F1-TS1
  description srv-f1-ts1.mydomain.de
  ip address 10.7.43.201
  conn-limit max 500 min 500
  rate-limit connection 10000
  rate-limit bandwidth 12500000
  probe PING_PROBE
  inservice
rserver host RS-SRV-F1-TS2
  description srv-f1-ts2.mydomain.de
  ip address 10.7.43.202
  conn-limit max 500 min 500
  probe PING_PROBE
  inservice
rserver host RS-SRV-F1-TS3
  description srv-f1-ts3.mydomain.de
  ip address 10.7.43.203
  conn-limit max 500 min 500
  probe PING_PROBE
  inservice
rserver host RS-SRV-F1-TS4
  description srv-f1-ts4.mydomain.de
  ip address 10.7.43.204
  conn-limit max 500 min 500
  probe PING_PROBE
  inservice

serverfarm host FARM-TSFARM1
  description srv-f1-tsX.mydomain.de
  rserver RS-SRV-F1-TS1
    inservice
  rserver RS-SRV-F1-TS2
    inservice
  rserver RS-SRV-F1-TS3
    inservice
  rserver RS-SRV-F1-TS4
    inservice

class-map match-all VIP-TSFARM1-RDP
  2 match virtual-address 10.7.44.106 tcp eq 3389

policy-map type loadbalance rdp first-match VIP-TSFARM1-RDP-l7slb
  class class-default
    serverfarm FARM-TSFARM1

policy-map multi-match VIP-TSFARM1
  class VIP-TSFARM1-RDP
    loadbalance vip inservice
    loadbalance policy VIP-TSFARM1-RDP-l7slb
    loadbalance vip icmp-reply active
    loadbalance vip advertise active

interface vlan 44
  service-policy input VIP-TSFARM1


Any ideas?

Labels:
0 Helpful
3 Replies 3

jlamousn
Level 1
Level 1

‎04-05-2011 05:52 AM

Ralf,

You are running into the following defect:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtl63354

Workaround:

use a layer 4 loadbalance policy and configure source ip sticky.

Joel Lamousnery

Cisco TAC

Joel Lamousnery CCIE R&S - 36768 Engineer, Customer Support Technical Services
0 Helpful

Ralf Kleineisel
Level 1
Level 1
In response to jlamousn

‎04-05-2011 07:06 AM

Hi,

thank you for the quick reply.

The layer4 workaround doesn't help much, because clients will not get their running RDP sessions when logging in from a different IP.

The bug toolkit page says the bug is fixed in                      3.0(0)A2(3.3.28). On the ACE software download page I can't find this version. A2(3.3) is the latest available version. Where can I get 3.3.28?

0 Helpful

jlamousn
Level 1
Level 1
In response to Ralf Kleineisel

‎04-06-2011 05:38 AM

Ralf,

Go ahead and open a tac case for further assistance.  A2(3.4) is the next official release that will include a fix for this issue and that is tentatively several weeks away from beeing posted on CCO.  Tac can provide an interim image in the meantime.

Thanks

Joel Lamousnery

Cisco Tac

Joel Lamousnery CCIE R&S - 36768 Engineer, Customer Support Technical Services
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card