Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2042
Views
0
Helpful
5
Replies

ACE20 Module with Exchange 2010 Configuration

b.youssef
Level 1
Level 1

‎03-12-2011 03:58 PM

Hello all,

I have deployed the following configuration for Exchange 2010, if all services are up on the two servers it functions good but if a service goes down on one server (especially outlook) some clients are disconnected (stickiness) ...

Stickiness is needed for all services by ip source sticky and by coockies for OWA.

Because all services are on the same server (ip address) the configured sticky causes problems !!! when a service is down the ACE usually forwards  requests to it !!!! Any help please.

Configuration :


XXXXX-ACE1/CTXT-EXCHANGE(config)# do sh run

Generating configuration....


access-list BPDU-Allow ethertype permit bpdu

access-list EXCH-LB line 10 extended permit ip any any


probe http HTTP-GET

  interval 10

  passdetect interval 10

  request method get url /iisstart.htm

  expect status 200 202

probe icmp PING

  interval 3

probe tcp abport

  port 7575

  interval 2

  faildetect 2

  passdetect interval 10

  passdetect count 1

  connection term forced

probe tcp epmap

  port 135

  interval 2

  faildetect 2

  passdetect interval 10

  passdetect count 1

  connection term forced

probe tcp http

  interval 2

  passdetect interval 2

  passdetect count 1

  connection term forced

probe http http-probe

  interval 60

  passdetect interval 60

  passdetect count 2

  request method get url /exchweb/bin/auth/owalogon.asp

  expect status 400 404

probe tcp https

  port 443

  interval 2

  passdetect interval 2

  passdetect count 1

  connection term forced

probe http https-probe

  interval 60

  passdetect interval 60

  passdetect count 2

  request method get url /owa/auth/login.aspx

  expect status 400 404

probe tcp imap

  port 143

  interval 2

  passdetect interval 2

  passdetect count 1

  connection term forced

probe tcp imaps

  port 993

  interval 2

  passdetect interval 2

  passdetect count 1

  connection term forced

probe udp ipsec

  port 500

  interval 2

  passdetect interval 2

  passdetect count 1

probe icmp ping

  interval 2

  passdetect interval 2

  passdetect count 1

probe tcp pop3

  port 110

  interval 2

  passdetect interval 2

  passdetect count 1

  connection term forced

probe tcp pop3s

  port 995

  interval 2

  passdetect interval 2

  passdetect count 1

  connection term forced

probe tcp rpcport

  port 7576

  interval 2

  faildetect 2

  passdetect interval 10

  passdetect count 5

  connection term forced

probe tcp smtp

  port 25

  interval 2

  passdetect interval 2

  passdetect count 1

  connection term forced



rserver host CAS1

  ip address 172.22.101.74

  inservice

rserver host CAS2

  ip address 172.22.101.76

  inservice

rserver host HUB1

  ip address 172.22.101.75

  inservice

rserver host HUB2

  ip address 172.22.101.77

  inservice

rserver redirect RPC-REDIRECT

rserver redirect SSLREDIRECT

  webhost-redirection https://mail.tunisiana.com/owa 302

  inservice


serverfarm host CAS-Outlook

  probe PING

  probe abport

  probe epmap

  probe rpcport

  fail-on-all

  rserver CAS1 135

    inservice

  rserver CAS1 7575

    inservice

  rserver CAS1 7576

    inservice

  rserver CAS2 135

    inservice

  rserver CAS2 7575

    inservice

  rserver CAS2 7576

    inservice

serverfarm host CAS-http

  probe HTTP-GET

  probe PING

  rserver CAS1 80

    inservice

  rserver CAS2 80

    inservice

serverfarm host CAS-https

  probe https

  probe ping

  rserver CAS1 443

    inservice

  rserver CAS2 443

    inservice

serverfarm host CAS-imap

  probe PING

  probe imap

  rserver CAS1 143

    inservice

  rserver CAS2 143

    inservice

serverfarm host CAS-imaps

  probe imaps

  probe ping

  rserver CAS1 993

    inservice

  rserver CAS2 993

    inservice

serverfarm host CAS-ipsec

  probe ipsec

  probe ping

  rserver CAS1

    inservice

  rserver CAS2

    inservice

serverfarm host CAS-pop3

  probe ping

  probe pop3

  rserver CAS1 110

    inservice

  rserver CAS2 110

    inservice

serverfarm host CAS-pop3s

  probe ping

  probe pop3s

  rserver CAS1 995

    inservice

  rserver CAS2 995

    inservice

serverfarm host CAS-smtp

  probe ping

  probe smtp

  fail-on-all

  rserver CAS1 25

    inservice

  rserver CAS2 25

    inservice

serverfarm host HUB

  probe ping

  probe smtp

  rserver HUB1

    inservice

  rserver HUB2

    inservice

serverfarm redirect RPC-REDIRECT

serverfarm redirect SSLREDIRECT

  rserver SSLREDIRECT

    inservice


parameter-map type http STICKY

  persistence-rebalance

parameter-map type connection TCP_IDLE_30min

  set timeout inactivity 1800


sticky ip-netmask 255.255.255.255 address source HUB-ST

  timeout 30

  replicate sticky

  serverfarm HUB

sticky ip-netmask 255.255.255.255 address source CAS-http-ST

  timeout 30

  replicate sticky

  serverfarm CAS-http

sticky ip-netmask 255.255.255.255 address source CAS-https-ST

  timeout 30

  replicate sticky

  serverfarm CAS-https

sticky ip-netmask 255.255.255.255 address source CAS-imap-ST

  timeout 30

  replicate sticky

  serverfarm CAS-imap

sticky ip-netmask 255.255.255.255 address source CAS-imaps-ST

  timeout 30

  replicate sticky

  serverfarm CAS-imaps

sticky ip-netmask 255.255.255.255 address source CAS-smtp-ST

  timeout 30

  replicate sticky

  serverfarm CAS-smtp

sticky ip-netmask 255.255.255.255 address source CAS-pop3-ST

  timeout 30

  replicate sticky

  serverfarm CAS-pop3

sticky ip-netmask 255.255.255.255 address source CAS-pop3s-ST

  timeout 30

  replicate sticky

  serverfarm CAS-pop3s

sticky ip-netmask 255.255.255.255 address source CAS-ipsec-ST

  timeout 30

  replicate sticky

  serverfarm CAS-ipsec

sticky ip-netmask 255.255.255.255 address source CAS-Outlook-ST

  timeout 30

  replicate sticky

  serverfarm CAS-Outlook

sticky http-cookie sessionid exchange-sticky-sessionid-grp

  timeout 20

  serverfarm CAS-http

sticky http-cookie cookie OWA-STICKY

  cookie insert browser-expire

  timeout 60

  replicate sticky

  serverfarm CAS-http

sticky http-header Authorization CAS-RPC-HTTP

  serverfarm CAS-http


class-map match-any CAS-OUTL-MAPI-VIP

  2 match virtual-address 172.22.101.69 tcp any

class-map match-any CAS-Outlook-VIP

  2 match virtual-address 172.22.101.69 tcp eq 135

  3 match virtual-address 172.22.101.69 tcp eq 7575

  4 match virtual-address 172.22.101.69 tcp eq 7576

class-map match-any CAS-http-VIP

  2 match virtual-address 172.22.101.69 tcp eq www

class-map match-any CAS-https-VIP

  2 match virtual-address 172.22.101.69 tcp eq https

class-map match-any CAS-imap-VIP

  2 match virtual-address 172.22.101.69 tcp eq 143

class-map match-any CAS-imaps-VIP

  2 match virtual-address 172.22.101.69 tcp eq 993

class-map match-any CAS-ipsec-VIP

  2 match virtual-address 172.22.101.69 udp eq 500

class-map match-any CAS-pop3-VIP

  2 match virtual-address 172.22.101.69 tcp eq pop3

class-map match-any CAS-pop3s-VIP

  2 match virtual-address 172.22.101.69 tcp eq 995

class-map match-any CAS-smtp-VIP

  2 match virtual-address 172.22.101.69 tcp eq smtp

class-map match-all CAS_SERVERS

  2 match source-address 172.22.101.64 255.255.255.192

class-map match-any HUB-VIP

  2 match virtual-address 172.22.101.80 any

class-map match-all HUB_SERVERS

  2 match source-address 172.22.101.64 255.255.255.192

class-map match-all OWA-OUTLOOKANYWHERE-SSL

  2 match virtual-address 172.22.101.69 tcp eq https

class-map match-all OWA-SSL-CM

  2 match virtual-address 172.22.101.69 tcp eq https

class-map match-all OWAREDIRECT

  2 match virtual-address 172.22.101.69 tcp eq www

class-map type management match-any REMOTE-MGT

  201 match protocol snmp any

  202 match protocol http any

  203 match protocol https any

  204 match protocol icmp any

  205 match protocol ssh any

  206 match protocol telnet any


policy-map type management first-match REMOTE-MGT

  class REMOTE-MGT

    permit


policy-map type loadbalance first-match CAS-Outlook-policy

  class class-default

    sticky-serverfarm CAS-Outlook-ST

policy-map type loadbalance first-match CAS-http-policy

  class class-default

    sticky-serverfarm CAS-http-ST

policy-map type loadbalance first-match CAS-https-policy

  class class-default

    sticky-serverfarm CAS-https-ST

policy-map type loadbalance first-match CAS-imap-policy

  class class-default

    sticky-serverfarm CAS-imap-ST

policy-map type loadbalance first-match CAS-imaps-policy

  class class-default

    sticky-serverfarm CAS-imaps-ST

policy-map type loadbalance first-match CAS-ipsec-policy

  class class-default

    serverfarm CAS-ipsec

policy-map type loadbalance first-match CAS-pop3-policy

  class class-default

    sticky-serverfarm CAS-pop3-ST

policy-map type loadbalance first-match CAS-pop3s-policy

  class class-default

    sticky-serverfarm CAS-pop3s-ST

policy-map type loadbalance first-match CAS-smtp-policy

  class class-default

    serverfarm CAS-smtp

policy-map type loadbalance first-match HUB-policy

  class class-default

    serverfarm HUB

policy-map type loadbalance first-match OWA-OUTLOOKANYWHERE

  match OUTLOOK_ANYWHERE http header User-Agent header-value "MSRPC"

policy-map type loadbalance first-match OWA-SSL-PM

  class class-default

    sticky-serverfarm OWA-STICKY

policy-map type loadbalance http first-match SSLREDIRECT

  class class-default

    serverfarm SSLREDIRECT


policy-map multi-match CAS-Outlook-POLICY-MAP

  class CAS-Outlook-VIP

    loadbalance vip inservice

    loadbalance policy CAS-Outlook-policy

    loadbalance vip icmp-reply

    connection advanced-options TCP_IDLE_30min

policy-map multi-match CAS-http-POLICY-MAP

  class CAS-http-VIP

    loadbalance vip inservice

    loadbalance policy CAS-http-policy

    loadbalance vip icmp-reply

    connection advanced-options TCP_IDLE_30min

policy-map multi-match CAS-https-POLICY-MAP

  class CAS-https-VIP

    loadbalance vip inservice

    loadbalance policy CAS-https-policy

    loadbalance vip icmp-reply

    connection advanced-options TCP_IDLE_30min

policy-map multi-match CAS-imap-POLICY-MAP

  class CAS-imap-VIP

    loadbalance vip inservice

    loadbalance policy CAS-imap-policy

    loadbalance vip icmp-reply

    connection advanced-options TCP_IDLE_30min

policy-map multi-match CAS-imaps-POLICY-MAP

  class CAS-imaps-VIP

    loadbalance vip inservice

    loadbalance policy CAS-imaps-policy

    loadbalance vip icmp-reply

    connection advanced-options TCP_IDLE_30min

policy-map multi-match CAS-ipsec-POLICY-MAP

  class CAS-ipsec-VIP

    loadbalance vip inservice

    loadbalance policy CAS-ipsec-policy

    loadbalance vip icmp-reply

policy-map multi-match CAS-pop3-POLICY-MAP

  class CAS-pop3-VIP

    loadbalance vip inservice

    loadbalance policy CAS-pop3-policy

    loadbalance vip icmp-reply

    connection advanced-options TCP_IDLE_30min

policy-map multi-match CAS-pop3s-POLICY-MAP

  class CAS-pop3s-VIP

    loadbalance vip inservice

    loadbalance policy CAS-pop3s-policy

    loadbalance vip icmp-reply

    connection advanced-options TCP_IDLE_30min

policy-map multi-match CAS-smtp-POLICY-MAP

  class CAS-smtp-VIP

    loadbalance vip inservice

    loadbalance policy CAS-smtp-policy

    loadbalance vip icmp-reply

    connection advanced-options TCP_IDLE_30min

policy-map multi-match EXCH-POLICY

  class CAS-imap-VIP

    loadbalance vip inservice

    loadbalance policy CAS-imap-policy

    loadbalance vip icmp-reply

    connection advanced-options TCP_IDLE_30min

  class CAS-imaps-VIP

    loadbalance vip inservice

    loadbalance policy CAS-imaps-policy

    loadbalance vip icmp-reply

    connection advanced-options TCP_IDLE_30min

  class CAS-pop3-VIP

    loadbalance vip inservice

    loadbalance policy CAS-pop3-policy

    loadbalance vip icmp-reply

    connection advanced-options TCP_IDLE_30min

  class CAS-pop3s-VIP

    loadbalance vip inservice

    loadbalance policy CAS-pop3s-policy

    loadbalance vip icmp-reply

    connection advanced-options TCP_IDLE_30min

  class CAS-smtp-VIP

    loadbalance vip inservice

    loadbalance policy CAS-smtp-policy

    loadbalance vip icmp-reply

    connection advanced-options TCP_IDLE_30min

  class CAS-http-VIP

    loadbalance vip inservice

    loadbalance policy CAS-http-policy

    loadbalance vip icmp-reply

    connection advanced-options TCP_IDLE_30min

  class CAS-https-VIP

    loadbalance vip inservice

    loadbalance policy CAS-https-policy

    loadbalance vip icmp-reply

    connection advanced-options TCP_IDLE_30min

  class CAS-OUTL-MAPI-VIP

    loadbalance vip inservice

    loadbalance policy CAS-Outlook-policy

    loadbalance vip icmp-reply

    connection advanced-options TCP_IDLE_30min

policy-map multi-match HUB-POLICY-MAP

  class HUB-VIP

    loadbalance vip inservice

    loadbalance policy HUB-policy

    loadbalance vip icmp-reply

    connection advanced-options TCP_IDLE_30min


interface vlan 52

  description #### vlan client side EXCHANGE ####

  bridge-group 1

  access-group input BPDU-Allow

  access-group input EXCH-LB

  service-policy input REMOTE-MGT

  service-policy input HUB-POLICY-MAP

  service-policy input EXCH-POLICY

  no shutdown

interface vlan 54

  description #### vlan client side ACE_EXCHANGE ####

  bridge-group 1

  access-group input BPDU-Allow

  access-group input EXCH-LB

  service-policy input REMOTE-MGT

  service-policy input HUB-POLICY-MAP

  service-policy input EXCH-POLICY

  no shutdown


interface bvi 1

  ip address 172.22.101.123 255.255.255.192

  peer ip address 172.22.101.122 255.255.255.192

  description EXCHANGE-Bridged-vlans

  no shutdown


ip route 0.0.0.0 0.0.0.0 172.22.101.126

Best Regards

Labels:
0 Helpful
5 Replies 5

b.youssef
Level 1
Level 1

‎03-18-2011 05:59 PM

Hi All,

Any help about the configuration provided !!

The problem that Outlook especially desn't work because of stikiness .

has anyone tested this solution "ACE Module for Loadbalancing Microsoft 2010 and LYNC or OCS" !!!

Best Regards

0 Helpful

Surya ARBY
Level 4
Level 4
In response to b.youssef

‎03-19-2011 01:25 AM

Have you checked in the sticky database if the dead server still appears ? If yes check the status of the probe, if everything is normal I would open a case.

0 Helpful

b.youssef
Level 1
Level 1
In response to Surya ARBY

‎03-19-2011 01:26 AM

Hi Surya,

When we shutdown a service on one node, the probe comes down (working fine) but in the sticky database it's still there !!!!

that's why Clients have problems (especially Outlook  which has three services) !!!

A case is openend with the TAC .

Regards

0 Helpful

Marko Leopold
Level 1
Level 1
In response to b.youssef

‎03-21-2011 07:37 AM

As Chris wrote in an answer (different thread) several minutes ago, you can configure a failaction on your serverfarm.

0 Helpful

b.youssef
Level 1
Level 1
In response to Marko Leopold

‎03-21-2011 07:55 AM

Thank you for your email. I am out of the office until March 25th, I will have limited access to my e-mail during this period.

In my absence, please feel free to contact Mr Akram Allani : aallani@3s.com.tn

Thank you for your understanding.

Best regards,

Youssef Boukari

--

0 Helpful
Customers Also Viewed These Support Documents