03-12-2011 03:58 PM
Hello all,
I have deployed the following configuration for Exchange 2010, if all services are up on the two servers it functions good but if a service goes down on one server (especially outlook) some clients are disconnected (stickiness) ...
Stickiness is needed for all services by ip source sticky and by coockies for OWA.
Because all services are on the same server (ip address) the configured sticky causes problems !!! when a service is down the ACE usually forwards requests to it !!!! Any help please.
Configuration :
XXXXX-ACE1/CTXT-EXCHANGE(config)# do sh run
Generating configuration....
access-list BPDU-Allow ethertype permit bpdu
access-list EXCH-LB line 10 extended permit ip any any
probe http HTTP-GET
interval 10
passdetect interval 10
request method get url /iisstart.htm
expect status 200 202
probe icmp PING
interval 3
probe tcp abport
port 7575
interval 2
faildetect 2
passdetect interval 10
passdetect count 1
connection term forced
probe tcp epmap
port 135
interval 2
faildetect 2
passdetect interval 10
passdetect count 1
connection term forced
probe tcp http
interval 2
passdetect interval 2
passdetect count 1
connection term forced
probe http http-probe
interval 60
passdetect interval 60
passdetect count 2
request method get url /exchweb/bin/auth/owalogon.asp
expect status 400 404
probe tcp https
port 443
interval 2
passdetect interval 2
passdetect count 1
connection term forced
probe http https-probe
interval 60
passdetect interval 60
passdetect count 2
request method get url /owa/auth/login.aspx
expect status 400 404
probe tcp imap
port 143
interval 2
passdetect interval 2
passdetect count 1
connection term forced
probe tcp imaps
port 993
interval 2
passdetect interval 2
passdetect count 1
connection term forced
probe udp ipsec
port 500
interval 2
passdetect interval 2
passdetect count 1
probe icmp ping
interval 2
passdetect interval 2
passdetect count 1
probe tcp pop3
port 110
interval 2
passdetect interval 2
passdetect count 1
connection term forced
probe tcp pop3s
port 995
interval 2
passdetect interval 2
passdetect count 1
connection term forced
probe tcp rpcport
port 7576
interval 2
faildetect 2
passdetect interval 10
passdetect count 5
connection term forced
probe tcp smtp
port 25
interval 2
passdetect interval 2
passdetect count 1
connection term forced
rserver host CAS1
ip address 172.22.101.74
inservice
rserver host CAS2
ip address 172.22.101.76
inservice
rserver host HUB1
ip address 172.22.101.75
inservice
rserver host HUB2
ip address 172.22.101.77
inservice
rserver redirect RPC-REDIRECT
rserver redirect SSLREDIRECT
webhost-redirection https://mail.tunisiana.com/owa 302
inservice
serverfarm host CAS-Outlook
probe PING
probe abport
probe epmap
probe rpcport
fail-on-all
rserver CAS1 135
inservice
rserver CAS1 7575
inservice
rserver CAS1 7576
inservice
rserver CAS2 135
inservice
rserver CAS2 7575
inservice
rserver CAS2 7576
inservice
serverfarm host CAS-http
probe HTTP-GET
probe PING
rserver CAS1 80
inservice
rserver CAS2 80
inservice
serverfarm host CAS-https
probe https
probe ping
rserver CAS1 443
inservice
rserver CAS2 443
inservice
serverfarm host CAS-imap
probe PING
probe imap
rserver CAS1 143
inservice
rserver CAS2 143
inservice
serverfarm host CAS-imaps
probe imaps
probe ping
rserver CAS1 993
inservice
rserver CAS2 993
inservice
serverfarm host CAS-ipsec
probe ipsec
probe ping
rserver CAS1
inservice
rserver CAS2
inservice
serverfarm host CAS-pop3
probe ping
probe pop3
rserver CAS1 110
inservice
rserver CAS2 110
inservice
serverfarm host CAS-pop3s
probe ping
probe pop3s
rserver CAS1 995
inservice
rserver CAS2 995
inservice
serverfarm host CAS-smtp
probe ping
probe smtp
fail-on-all
rserver CAS1 25
inservice
rserver CAS2 25
inservice
serverfarm host HUB
probe ping
probe smtp
rserver HUB1
inservice
rserver HUB2
inservice
serverfarm redirect RPC-REDIRECT
serverfarm redirect SSLREDIRECT
rserver SSLREDIRECT
inservice
parameter-map type http STICKY
persistence-rebalance
parameter-map type connection TCP_IDLE_30min
set timeout inactivity 1800
sticky ip-netmask 255.255.255.255 address source HUB-ST
timeout 30
replicate sticky
serverfarm HUB
sticky ip-netmask 255.255.255.255 address source CAS-http-ST
timeout 30
replicate sticky
serverfarm CAS-http
sticky ip-netmask 255.255.255.255 address source CAS-https-ST
timeout 30
replicate sticky
serverfarm CAS-https
sticky ip-netmask 255.255.255.255 address source CAS-imap-ST
timeout 30
replicate sticky
serverfarm CAS-imap
sticky ip-netmask 255.255.255.255 address source CAS-imaps-ST
timeout 30
replicate sticky
serverfarm CAS-imaps
sticky ip-netmask 255.255.255.255 address source CAS-smtp-ST
timeout 30
replicate sticky
serverfarm CAS-smtp
sticky ip-netmask 255.255.255.255 address source CAS-pop3-ST
timeout 30
replicate sticky
serverfarm CAS-pop3
sticky ip-netmask 255.255.255.255 address source CAS-pop3s-ST
timeout 30
replicate sticky
serverfarm CAS-pop3s
sticky ip-netmask 255.255.255.255 address source CAS-ipsec-ST
timeout 30
replicate sticky
serverfarm CAS-ipsec
sticky ip-netmask 255.255.255.255 address source CAS-Outlook-ST
timeout 30
replicate sticky
serverfarm CAS-Outlook
sticky http-cookie sessionid exchange-sticky-sessionid-grp
timeout 20
serverfarm CAS-http
sticky http-cookie cookie OWA-STICKY
cookie insert browser-expire
timeout 60
replicate sticky
serverfarm CAS-http
sticky http-header Authorization CAS-RPC-HTTP
serverfarm CAS-http
class-map match-any CAS-OUTL-MAPI-VIP
2 match virtual-address 172.22.101.69 tcp any
class-map match-any CAS-Outlook-VIP
2 match virtual-address 172.22.101.69 tcp eq 135
3 match virtual-address 172.22.101.69 tcp eq 7575
4 match virtual-address 172.22.101.69 tcp eq 7576
class-map match-any CAS-http-VIP
2 match virtual-address 172.22.101.69 tcp eq www
class-map match-any CAS-https-VIP
2 match virtual-address 172.22.101.69 tcp eq https
class-map match-any CAS-imap-VIP
2 match virtual-address 172.22.101.69 tcp eq 143
class-map match-any CAS-imaps-VIP
2 match virtual-address 172.22.101.69 tcp eq 993
class-map match-any CAS-ipsec-VIP
2 match virtual-address 172.22.101.69 udp eq 500
class-map match-any CAS-pop3-VIP
2 match virtual-address 172.22.101.69 tcp eq pop3
class-map match-any CAS-pop3s-VIP
2 match virtual-address 172.22.101.69 tcp eq 995
class-map match-any CAS-smtp-VIP
2 match virtual-address 172.22.101.69 tcp eq smtp
class-map match-all CAS_SERVERS
2 match source-address 172.22.101.64 255.255.255.192
class-map match-any HUB-VIP
2 match virtual-address 172.22.101.80 any
class-map match-all HUB_SERVERS
2 match source-address 172.22.101.64 255.255.255.192
class-map match-all OWA-OUTLOOKANYWHERE-SSL
2 match virtual-address 172.22.101.69 tcp eq https
class-map match-all OWA-SSL-CM
2 match virtual-address 172.22.101.69 tcp eq https
class-map match-all OWAREDIRECT
2 match virtual-address 172.22.101.69 tcp eq www
class-map type management match-any REMOTE-MGT
201 match protocol snmp any
202 match protocol http any
203 match protocol https any
204 match protocol icmp any
205 match protocol ssh any
206 match protocol telnet any
policy-map type management first-match REMOTE-MGT
class REMOTE-MGT
permit
policy-map type loadbalance first-match CAS-Outlook-policy
class class-default
sticky-serverfarm CAS-Outlook-ST
policy-map type loadbalance first-match CAS-http-policy
class class-default
sticky-serverfarm CAS-http-ST
policy-map type loadbalance first-match CAS-https-policy
class class-default
sticky-serverfarm CAS-https-ST
policy-map type loadbalance first-match CAS-imap-policy
class class-default
sticky-serverfarm CAS-imap-ST
policy-map type loadbalance first-match CAS-imaps-policy
class class-default
sticky-serverfarm CAS-imaps-ST
policy-map type loadbalance first-match CAS-ipsec-policy
class class-default
serverfarm CAS-ipsec
policy-map type loadbalance first-match CAS-pop3-policy
class class-default
sticky-serverfarm CAS-pop3-ST
policy-map type loadbalance first-match CAS-pop3s-policy
class class-default
sticky-serverfarm CAS-pop3s-ST
policy-map type loadbalance first-match CAS-smtp-policy
class class-default
serverfarm CAS-smtp
policy-map type loadbalance first-match HUB-policy
class class-default
serverfarm HUB
policy-map type loadbalance first-match OWA-OUTLOOKANYWHERE
match OUTLOOK_ANYWHERE http header User-Agent header-value "MSRPC"
policy-map type loadbalance first-match OWA-SSL-PM
class class-default
sticky-serverfarm OWA-STICKY
policy-map type loadbalance http first-match SSLREDIRECT
class class-default
serverfarm SSLREDIRECT
policy-map multi-match CAS-Outlook-POLICY-MAP
class CAS-Outlook-VIP
loadbalance vip inservice
loadbalance policy CAS-Outlook-policy
loadbalance vip icmp-reply
connection advanced-options TCP_IDLE_30min
policy-map multi-match CAS-http-POLICY-MAP
class CAS-http-VIP
loadbalance vip inservice
loadbalance policy CAS-http-policy
loadbalance vip icmp-reply
connection advanced-options TCP_IDLE_30min
policy-map multi-match CAS-https-POLICY-MAP
class CAS-https-VIP
loadbalance vip inservice
loadbalance policy CAS-https-policy
loadbalance vip icmp-reply
connection advanced-options TCP_IDLE_30min
policy-map multi-match CAS-imap-POLICY-MAP
class CAS-imap-VIP
loadbalance vip inservice
loadbalance policy CAS-imap-policy
loadbalance vip icmp-reply
connection advanced-options TCP_IDLE_30min
policy-map multi-match CAS-imaps-POLICY-MAP
class CAS-imaps-VIP
loadbalance vip inservice
loadbalance policy CAS-imaps-policy
loadbalance vip icmp-reply
connection advanced-options TCP_IDLE_30min
policy-map multi-match CAS-ipsec-POLICY-MAP
class CAS-ipsec-VIP
loadbalance vip inservice
loadbalance policy CAS-ipsec-policy
loadbalance vip icmp-reply
policy-map multi-match CAS-pop3-POLICY-MAP
class CAS-pop3-VIP
loadbalance vip inservice
loadbalance policy CAS-pop3-policy
loadbalance vip icmp-reply
connection advanced-options TCP_IDLE_30min
policy-map multi-match CAS-pop3s-POLICY-MAP
class CAS-pop3s-VIP
loadbalance vip inservice
loadbalance policy CAS-pop3s-policy
loadbalance vip icmp-reply
connection advanced-options TCP_IDLE_30min
policy-map multi-match CAS-smtp-POLICY-MAP
class CAS-smtp-VIP
loadbalance vip inservice
loadbalance policy CAS-smtp-policy
loadbalance vip icmp-reply
connection advanced-options TCP_IDLE_30min
policy-map multi-match EXCH-POLICY
class CAS-imap-VIP
loadbalance vip inservice
loadbalance policy CAS-imap-policy
loadbalance vip icmp-reply
connection advanced-options TCP_IDLE_30min
class CAS-imaps-VIP
loadbalance vip inservice
loadbalance policy CAS-imaps-policy
loadbalance vip icmp-reply
connection advanced-options TCP_IDLE_30min
class CAS-pop3-VIP
loadbalance vip inservice
loadbalance policy CAS-pop3-policy
loadbalance vip icmp-reply
connection advanced-options TCP_IDLE_30min
class CAS-pop3s-VIP
loadbalance vip inservice
loadbalance policy CAS-pop3s-policy
loadbalance vip icmp-reply
connection advanced-options TCP_IDLE_30min
class CAS-smtp-VIP
loadbalance vip inservice
loadbalance policy CAS-smtp-policy
loadbalance vip icmp-reply
connection advanced-options TCP_IDLE_30min
class CAS-http-VIP
loadbalance vip inservice
loadbalance policy CAS-http-policy
loadbalance vip icmp-reply
connection advanced-options TCP_IDLE_30min
class CAS-https-VIP
loadbalance vip inservice
loadbalance policy CAS-https-policy
loadbalance vip icmp-reply
connection advanced-options TCP_IDLE_30min
class CAS-OUTL-MAPI-VIP
loadbalance vip inservice
loadbalance policy CAS-Outlook-policy
loadbalance vip icmp-reply
connection advanced-options TCP_IDLE_30min
policy-map multi-match HUB-POLICY-MAP
class HUB-VIP
loadbalance vip inservice
loadbalance policy HUB-policy
loadbalance vip icmp-reply
connection advanced-options TCP_IDLE_30min
interface vlan 52
description #### vlan client side EXCHANGE ####
bridge-group 1
access-group input BPDU-Allow
access-group input EXCH-LB
service-policy input REMOTE-MGT
service-policy input HUB-POLICY-MAP
service-policy input EXCH-POLICY
no shutdown
interface vlan 54
description #### vlan client side ACE_EXCHANGE ####
bridge-group 1
access-group input BPDU-Allow
access-group input EXCH-LB
service-policy input REMOTE-MGT
service-policy input HUB-POLICY-MAP
service-policy input EXCH-POLICY
no shutdown
interface bvi 1
ip address 172.22.101.123 255.255.255.192
peer ip address 172.22.101.122 255.255.255.192
description EXCHANGE-Bridged-vlans
no shutdown
ip route 0.0.0.0 0.0.0.0 172.22.101.126
Best Regards
03-18-2011 05:59 PM
Hi All,
Any help about the configuration provided !!
The problem that Outlook especially desn't work because of stikiness .
has anyone tested this solution "ACE Module for Loadbalancing Microsoft 2010 and LYNC or OCS" !!!
Best Regards
03-19-2011 01:25 AM
Have you checked in the sticky database if the dead server still appears ? If yes check the status of the probe, if everything is normal I would open a case.
03-19-2011 01:26 AM
Hi Surya,
When we shutdown a service on one node, the probe comes down (working fine) but in the sticky database it's still there !!!!
that's why Clients have problems (especially Outlook which has three services) !!!
A case is openend with the TAC .
Regards
03-21-2011 07:37 AM
As Chris wrote in an answer (different thread) several minutes ago, you can configure a failaction on your serverfarm.
03-21-2011 07:55 AM
Thank you for your email. I am out of the office until March 25th, I will have limited access to my e-mail during this period.
In my absence, please feel free to contact Mr Akram Allani : aallani@3s.com.tn
Thank you for your understanding.
Best regards,
Youssef Boukari
--
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide