Can ACE support TCP/UDP Port range per ServerFarm/VIP

RAMAN AZIZIAN · ‎05-02-2013

Hello All,

I would like to find out if the ACE module/appliance can support a range command for TCP/UDP per Serverfarm/VIP.

Example:

My customer has an application which utilizes various range of TCP/UDP ports for servers to provide SLB. The real servers will be listening to range of TCP/UDP ports.

Most of the SLB I have provided tradtionally uses a specific TCP port (ie. 80, 443).

I have included a high-level sketch depicting the request.

be glad to provide any additional information needed.

Thanks,

raman azizian

Jorge Bejarano · ‎05-02-2013

Raman,

Then are you saying your customer will hit the VIP 10.10.10.10 in port 80 and then the ACE should load balance the traffic to any of the rservers behind it but taking into account that each server will be hearing on a different port, is that correct?

Then, for example port 5000 is used for a specific site, then 5001 is used for another side and so on right? or Do they provide the same website content?

Hummm, well the problem which I see with this setup ,is that for example we have a Client A which needs to access to the website hearing on port 5000 which is handled by rserver A but let's say the ACE load balanced his request to rserver B which hears on port 5001 and provides a different content, then the Client A will receive something else that he was looking for.

Also, under the serverfarm you can specific a different port for each rserver but eventually you may suffer the same behavior which I mentioned above.

For an scenario like this, it is better to have a VIP for each service which you want to provide ( per port), then for example:

If user A wants to go to server A, he can go to 10.10.10.10 and then to be sent to server A hearing on port 5002

User B wants to go to server B, he can go to 10.10.10.11 and then to be sent to server B hearing on port 5001

...

etc

Now, if they are the same application but you just use want to use several ports for whatever requirement you have then of course you should be able to do it since the ACE does not really care, it just receives the request and load balance it to the backend servers.

Hope this helps!

Jorge

ajayku2 · ‎05-03-2013

Hi Raman,

You have option to define port range per vip something as below:

class-map match-any test-vip-tcp-udp

2 match virtual-address 10.10.10.20 tcp range 5000 5010

3 match virtual-address 10.10.10.20 udp range 5000 5010

If you do not specify any port or port range then VIP listen to all ports TCP or UDP.

Hope that clarify it a bit.

regards,

Ajay Kumar

Jorge Bejarano · ‎05-03-2013

Raman,

How do your clients access the aplications? on port 80 or/and 443?

Jorge

RAMAN AZIZIAN · ‎05-03-2013

Hi Jorge/Ajay,

Thanks for taking the time to read my inquiry.

I am still in the early stage of gathering info from our customer, but I believe here's the flow of the traffic and what they would like to have load balanced.

The traffic will be coming from external sites, (TCP 443), and get load-balanced to multiple Real servers within the server farm binded to specific VIP.

The application I believe uses multiple TCP/UDP port range.

Ports: TCP:443 (STUN-in/out); UDP:3478 (STUN-in/out); UDP/TCP:50,000-59,999 (RTP-in/out)

I should have more information by next week if what I provided is not sufficient.

Thanks,

raman

ajayku2 · ‎05-03-2013

Hi Raman,

Based on your requirement I would suggest to use just plain VIP without specifying the port.

That should take care of all.

Something like below:

class-map match-any test-vip

2 match virtual-address 10.10.10.20

Hope that helps,

Ajay Kumar