Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
923
Views
0
Helpful
4
Replies

ACE source IP based predictor

thedinuka
Level 1
Level 1

‎12-03-2008 10:38 PM

Hi

I know that if we use source IP based predictors, the ACE would use a hash of the source IP to load balance the traffic. Is there is capability to make this process deterministic. In other words, I have tthree client subnets accessing the web servers on the same VIP. I want the traffic from subnet 1 to go to server 1 and traffic from subnets 2 and 3 to be loadbalanced to the rest of the servers

any idea on how to get this done ?

Labels:
0 Helpful
4 Replies 4

sachinga.hcl
Level 4
Level 4

‎12-04-2008 12:00 AM

HI Dinuka,

Session persistence (stickiness) based on client source IP address or HTTP cookies are recommended to be configured on the Cisco ACE for this flow.

IP Address Stickiness

You can use the source IP address, the destination IP address, or both to uniquely identify individual clients and their requests for stickiness purposes based on their IP netmask. However, if an enterprise or a service provider uses a megaproxy to establish client connections to the Internet, the source IP address no longer is a reliable indicator of the true source of the request. In this case, you can use cookies or one of the other sticky methods to ensure session persistence.

Here can be the sample configuration:

resource-class websrv

limit-resource all minimum 0.00 maximum unlimited

limit-resource sticky minimum 20.00 maximum equal-to-min

rserver host webserver1

ip address 10.10.10.1

inservice

rserver host webserver2

ip address 10.10.10.2

inservice

rserver host webserver3

ip address 10.10.10.3

inservice

serverfarm host werbsrv1only

probe websrv

rserver webserver1 1000

inservice

serverfarm host werbsrv123

probe websrv

rserver webserver1 1000

inservice

rserver webserver2 1000

inservice

rserver webserver3 1000

inservice

ACE receives requests to the VIP on port 80 and translates them to port 1000 using the server farm configuration shown above.

The link to the websrv home page is http://websrv:1000/index.html. A probe to this link is configured on ACE as follows:

probe http websrv

port 1000

interval 2

faildetect 2

passdetect interval 2

request method get url /index.html

expect status 200 200

Session persistence can be established by tying the session to an IP address, that uniquely identifies the client.

Create a sticky-group

sticky ip-netmask 255.255.255.255 address source Client_subnet_1

timeout 10

serverfarm werbsrv1only

Change the server farm to the sticky-group:

policy-map type loadbalance first-match basic-slb

class class-default

sticky-serverfarm werbsrv1only

sticky ip-netmask 255.255.255.255 address source Client_subnet_2

timeout 10

serverfarm werbsrv123

sticky ip-netmask 255.255.255.255 address source Client_subnet_3

timeout 10

serverfarm werbsrv123

Here you can find the details in the below url :

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/sticky.html#wp1004411

I have also attached a jpeg for your reference.

Hope you will get the idea how to use the sticky based on IP address.

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/sticky.html#wp1004411

Here you can find sample config of similar type:

http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps6906/prod_white_paper0900aecd804edab0.html

Thanks and regards,

Sachin Garg

Senior Specialist Security

HCL Comnet Ltd.

http://www.hclcomnet.co.in

A-10, Sector 3, Noida- 201301

INDIA

Mob: +91-9911757733

Email: sachinga@hcl.in

Preview file
42 KB
0 Helpful

thedinuka
Level 1
Level 1
In response to sachinga.hcl

‎12-04-2008 12:54 AM

Hi Sachin

Thanks for the detailed response. Still a small detail is not clear to me. hope you wouldn't mind me asking another question.

I see that the server farms are defined with sticky configurations based on source ip and the netmask. But with this do i have specific control over to which serverfarm a specific clients request would go to.

For example, i need client subnet 192.168.1.0/24 to go to rserver1 and client subnet 192.168.2.0 to be load balanced to rserver2 and rserver3. clients in both subnets are sending packets to the same destination VIP

hope this is clear

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to thedinuka

‎12-04-2008 01:07 AM

you will need to create 2 serverfarms.

1 with rservers to be used by clients from subnet 192.168.1.0/24 and the other serverfarm with rserver2 and rserver3 to be used by other clients.

You then need to create class-map to match on src ip ie:

class-map type http loadbalance match-all ClientX

2 match source-address 192.168.1.0 255.255.255.0

Finally, in your policy-match, you assign the src class-map with the appropriate serverfarm

ie:

policy type loadbalance first-match MyPolicy

class ClientX

serverfarm1

class class-default

serverfarm2

If you need stickyness, you can replace the serverfarm with a sticky-serverfarm.

You can also configure serverfarm2 as a backup-serverfarm for serverfarm1.

Gilles.

0 Helpful

sachinga.hcl
Level 4
Level 4
In response to Gilles Dufour

‎12-04-2008 01:37 AM

HI here is the syntax for :

Sticky IP configuration mode commands allow you to create a sticky group for IP address stickiness. To

create a sticky group and access sticky IP configuration mode, use the sticky ip-netmask command. The

prompt changes to (config-sticky-ip). Use the no form of this command to remove the sticky group from

the configuration.

sticky ip-netmask netmask address {source | destination | both} name

no sticky ip-netmask netmask address {source | destination | both} name

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card