cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1091
Views
0
Helpful
4
Replies

Bizarre ACE module behavior

Amadou TOURE
Level 1
Level 1

Hi,

I configured a new serverfarm with leastconns predictor for two servers on our ACE module Version A2(2.3). Probes (show probes XX detail) to the servers are successful and both servers are operational (show serverfarm APPLI detail) but connections are directed only to one server.

When I deactived the server which is receiving the connections (no inservice), the ACE start to direct connection to the second server.

There are several serverfarm, configured the same way, that are Loadbalancing traffic as correctly.

Here is a sample of my config

serverfarm host TEST_443

predictor leastconns

  probe TEST_443_PROBE01

  rserver TEST_RS01 443

    inservice

  rserver TEST_RS02 443

    inservice

sticky http-cookie TEST_HTTPS TEST_443_STKY

  cookie insert

  timeout 720

  replicate sticky

  serverfarm TEST_443

probe http TEST_443_PROBE01

  port 443

  interval 20

  passdetect interval 60

  passdetect count 5

  request method get url /test

  expect status 302 302

  connection term forced

policy-map type loadbalance first-match TEST_L7PLB_HTTPS

  class class-default

    sticky-serverfarm TEST_443_STKY_SF

    insert-http X-Forwarded-Proto header-value "https"

    insert-http X-Forwarded-For header-value "%is"

policy-map multi-match SLB-HTTP-POLICY

class TEST_L4VIP_HTTPS

    loadbalance vip inservice

    loadbalance policy TEST_L7PLB_HTTPS

    loadbalance vip icmp-reply active

    loadbalance vip advertise active

    nat dynamic 1 vlan 202

    appl-parameter http advanced-options PERSIST

    ssl-proxy server TEST_SSL_PROXY_SERVER

PS : ACE uptime is 291days, could that impact ACE behavior ?

Thanks for any troubleshooting hints

1 Accepted Solution

Accepted Solutions

Alex Rickard
Level 1
Level 1

Since you are using a  sticky serverfarm, the ACE will check the cookie (because cookie sticky is configured) and if it is still valid it will send it to the rserver that corresponds to the cookie. As long a the cookie is valid and the rserver is still up, the connection will be sent there. New connections without a cookie or a valid cookie will be sent to a rserver based upon the least connections algorithm.

-Alex

View solution in original post

4 Replies 4

Alex Rickard
Level 1
Level 1

Since you are using a  sticky serverfarm, the ACE will check the cookie (because cookie sticky is configured) and if it is still valid it will send it to the rserver that corresponds to the cookie. As long a the cookie is valid and the rserver is still up, the connection will be sent there. New connections without a cookie or a valid cookie will be sent to a rserver based upon the least connections algorithm.

-Alex

Agreed Richard,

the problem is that all connections are sent to one server only, new connections are not split between the two servers.

thank you

Thanks Alex and stephen for your replies.

The config is OK, so is the ACE module. The problem was related to the way the customer tested its applications...he was not indeed clearing his browser cache and cookies before each connection as he was supposed to do.

stephen.stack
Level 4
Level 4

Looking at this on my phone but it looks like you L7 policy is referencing a sticky server farm that does not exist.

ie TEST_443_STKY_SF is incorrect name for sticky

If that's not it. Then check that the first server actually has a number of conns on it when a new connection is established. Sometimes when both servers have 0 conns - new incoming conns will always go to the first server

Regards

Stephen
===============================
Free network configuration management software at www.rconfig.com

Sent from Cisco Technical Support iPhone App

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful

Review Cisco Networking for a $25 gift card