Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1011
Views
0
Helpful
0
Replies

ACE30 don't work properly

r.debernardini
Level 1
Level 1

‎03-16-2020 04:28 AM

Platform detail
Router Cisco 7600 release 15.2.S4
service module Cisco ACE30 release A5.2.1E

Balancing configuration details:
We have 2 Rserver, each of which assigned to 2 socket-based serverfarms.
The predictor used is leastconn with default weigth.

 

serverfarm : SF-ACCT-POP, type: HOST
total rservers : 4
state : ACTIVE
DWS state : DISABLED
--------------------------------- ----------connections-----------
real weight state current total failures
---+---------------------+------+------------+----------+----------+---------
rserver: RAD-FE-POP01
172.16.5.13:1813 8 OPERATIONAL 59 1326733 0
172.16.5.13:11813 8 OPERATIONAL 102 2042096 0
rserver: RAD-FE-POP02
172.16.5.14:1813 8 OPERATIONAL 103 2026518 0
172.16.5.14:11813 8 OPERATIONAL 103 1954955 0

 

Balancing does not work properly.

  • I need to have some informations about balancing procedure, such us:
     balancing rserver-based or serverfarm-based/socket-based?
  • are there variables that affect the balancing method (i.e.server response delays)?
  • How I can improve the balancer between the Rserver or Serverfarm?


***** Here below the ACE configuration: *****


access-list 2 line 10 extended permit udp host 172.16.5.11 any eq 1645
access-list 2 line 20 extended permit udp host 172.16.5.11 any eq 1646
access-list 2 line 30 extended permit udp host 172.16.5.11 any eq radius
access-list 2 line 40 extended permit udp host 172.16.5.11 any eq radius-acct
access-list 2 line 50 extended permit udp host 172.16.5.11 any eq 1818
access-list 2 line 60 extended permit udp host 172.16.5.11 any eq 1819
access-list 2 line 70 extended permit udp host 172.16.5.11 any eq 3799
access-list 2 line 80 extended permit udp host 172.16.5.10 any eq 1645
access-list 2 line 90 extended permit udp host 172.16.5.10 any eq 1646
access-list 2 line 100 extended permit udp host 172.16.5.10 any eq radius
access-list 2 line 110 extended permit udp host 172.16.5.10 any eq radius-acct
access-list 2 line 120 extended permit udp host 172.16.5.10 any eq 1818
access-list 2 line 130 extended permit udp host 172.16.5.10 any eq 1819
access-list 2 line 140 extended permit udp host 172.16.5.10 any eq 3799
access-list 3 line 10 extended permit udp host 172.16.5.12 any eq 1645
access-list 3 line 20 extended permit udp host 172.16.5.12 any eq 1646
access-list 3 line 30 extended permit udp host 172.16.5.12 any eq radius
access-list 3 line 40 extended permit udp host 172.16.5.12 any eq radius-acct
access-list 3 line 50 extended permit udp host 172.16.5.12 any eq 1818
access-list 3 line 60 extended permit udp host 172.16.5.12 any eq 1819
access-list 3 line 70 extended permit udp host 172.16.5.12 any eq 3799
access-list 4 line 10 extended permit udp host 172.16.5.13 any eq 1645
access-list 4 line 20 extended permit udp host 172.16.5.13 any eq 1646
access-list 4 line 30 extended permit udp host 172.16.5.13 any eq radius
access-list 4 line 40 extended permit udp host 172.16.5.13 any eq radius-acct
access-list 4 line 50 extended permit udp host 172.16.5.13 any eq 1818
access-list 4 line 60 extended permit udp host 172.16.5.13 any eq 1819
access-list 4 line 70 extended permit udp host 172.16.5.13 any eq 3799
access-list 4 line 80 extended permit udp host 172.16.5.14 any eq 1645
access-list 4 line 90 extended permit udp host 172.16.5.14 any eq 1646
access-list 4 line 100 extended permit udp host 172.16.5.14 any eq radius
access-list 4 line 110 extended permit udp host 172.16.5.14 any eq radius-acct
access-list 4 line 120 extended permit udp host 172.16.5.14 any eq 1818
access-list 4 line 130 extended permit udp host 172.16.5.14 any eq 1819
access-list 4 line 140 extended permit udp host 172.16.5.14 any eq 3799
access-list ACL1 line 5 extended permit ip any any

 

sticky ip-netmask 255.255.255.255 address source STICKY-ACCT-POP
serverfarm SF-ACCT-POP
timeout 15
timeout activeconns
replicate sticky

policy-map type loadbalance generic first-match L7-LOADB-POLICY-MAP-ACCT-POP
class class-default
sticky-serverfarm STICKY-ACCT-POP

sticky ip-netmask 255.255.255.255 address source STICKY-ACCT-POP
serverfarm SF-ACCT-POP
timeout 15
timeout activeconns
replicate sticky

policy-map multi-match L4-POLICY-MAP-MULTI-POP
class L4-CLASS-MAP-MI68-1813
loadbalance vip inservice
loadbalance policy L7-LOADB-POLICY-MAP-ACCT-POP
loadbalance vip icmp-reply active

policy-map multi-match PM-SNAT
class CM-SNAT-2
nat dynamic 2 vlan 684
class CM-SNAT-3
nat dynamic 3 vlan 684
class CM-SNAT-4
nat dynamic 4 vlan 684
access-group input ACL1


interface vlan 600
ip address 172.16.5.2 255.255.255.192
alias 172.16.5.1 255.255.255.192
peer ip address 172.16.5.3 255.255.255.192
no normalization
no icmp-guard
service-policy input PM-SNAT
no shutdown


interface vlan 684
description 7600-ACE
ip address 172.16.6.65 255.255.255.240
alias 172.16.6.69 255.255.255.240
peer ip address 172.16.6.66 255.255.255.240
no normalization
no icmp-guard
nat-pool 2 10.16.63.70 10.16.63.70 netmask 255.255.255.255 pat
nat-pool 3 10.16.63.71 10.16.63.71 netmask 255.255.255.255 pat
nat-pool 4 10.16.63.68 10.16.63.68 netmask 255.255.255.255 pat
nat-pool 1 10.16.63.76 10.16.63.76 netmask 255.255.255.255 pat
nat-pool 5 10.16.63.69 10.16.63.69 netmask 255.255.255.255 pat
service-policy input L4-POLICY-MAP-MULTI-POP
no shutdown

access-list 2 line 10 extended permit udp host 172.16.5.11 any eq 1645
access-list 2 line 20 extended permit udp host 172.16.5.11 any eq 1646
access-list 2 line 30 extended permit udp host 172.16.5.11 any eq radius
access-list 2 line 40 extended permit udp host 172.16.5.11 any eq radius-acct
access-list 2 line 50 extended permit udp host 172.16.5.11 any eq 1818
access-list 2 line 60 extended permit udp host 172.16.5.11 any eq 1819
access-list 2 line 70 extended permit udp host 172.16.5.11 any eq 3799
access-list 2 line 80 extended permit udp host 172.16.5.10 any eq 1645
access-list 2 line 90 extended permit udp host 172.16.5.10 any eq 1646
access-list 2 line 100 extended permit udp host 172.16.5.10 any eq radius
access-list 2 line 110 extended permit udp host 172.16.5.10 any eq radius-acct
access-list 2 line 120 extended permit udp host 172.16.5.10 any eq 1818
access-list 2 line 130 extended permit udp host 172.16.5.10 any eq 1819
access-list 2 line 140 extended permit udp host 172.16.5.10 any eq 3799
access-list 3 line 10 extended permit udp host 172.16.5.12 any eq 1645
access-list 3 line 20 extended permit udp host 172.16.5.12 any eq 1646
access-list 3 line 30 extended permit udp host 172.16.5.12 any eq radius
access-list 3 line 40 extended permit udp host 172.16.5.12 any eq radius-acct
access-list 3 line 50 extended permit udp host 172.16.5.12 any eq 1818
access-list 3 line 60 extended permit udp host 172.16.5.12 any eq 1819
access-list 3 line 70 extended permit udp host 172.16.5.12 any eq 3799
access-list 4 line 10 extended permit udp host 172.16.5.13 any eq 1645
access-list 4 line 20 extended permit udp host 172.16.5.13 any eq 1646
access-list 4 line 30 extended permit udp host 172.16.5.13 any eq radius
access-list 4 line 40 extended permit udp host 172.16.5.13 any eq radius-acct
access-list 4 line 50 extended permit udp host 172.16.5.13 any eq 1818
access-list 4 line 60 extended permit udp host 172.16.5.13 any eq 1819
access-list 4 line 70 extended permit udp host 172.16.5.13 any eq 3799
access-list 4 line 80 extended permit udp host 172.16.5.14 any eq 1645
access-list 4 line 90 extended permit udp host 172.16.5.14 any eq 1646
access-list 4 line 100 extended permit udp host 172.16.5.14 any eq radius
access-list 4 line 110 extended permit udp host 172.16.5.14 any eq radius-acct
access-list 4 line 120 extended permit udp host 172.16.5.14 any eq 1818
access-list 4 line 130 extended permit udp host 172.16.5.14 any eq 1819
access-list 4 line 140 extended permit udp host 172.16.5.14 any eq 3799
access-list ACL1 line 5 extended permit ip any any


probe icmp PING
interval 5
passdetect interval 5
passdetect count 1
probe radius RAD-ACCT
port 1813
interval 10
passdetect interval 3
passdetect count 2
credentials balancer@balancer-pop balancer secret mypassword
probe radius RAD-ACCT2
port 11813
interval 10
passdetect interval 3
passdetect count 2
credentials balancer@balancer-pop balancer secret mypassword
probe radius RAD-AUTH
port 1812
interval 10
passdetect interval 3
passdetect count 2
credentials balancer@balancer-pop balancer secret mypassword
probe radius RAD-AUTH2
port 11812
interval 10
passdetect interval 3
passdetect count 2
credentials balancer@balancer-pop balancer secret mypassword

 

rserver host RAD-FE-POP01
ip address 172.16.5.13
inservice
rserver host RAD-FE-POP02
ip address 172.16.5.14
inservice



serverfarm host SF-ACCT-POP
failaction purge
predictor leastconns
rserver RAD-FE-POP01 1813
probe RAD-ACCT
inservice
rserver RAD-FE-POP01 11813
probe RAD-ACCT2
inservice
rserver RAD-FE-POP02 1813
probe RAD-ACCT
inservice
rserver RAD-FE-POP02 11813
probe RAD-ACCT2
inservice

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents