Solved: Cisco 11503 & Ping issue for one Virtual host

sandeep.menon · ‎04-28-2013

Dears

I have a single cisco 11503 load balancer.

There is a single Banner student information system which is load balanced on it with Virtual ip 10.3.20.101 which is working fine without any issues .

I am now trying to add an Oracle ERP application with virtual IP 10.3.20.230 and physical ips 10.3.19.22 and 10.3.19.23 all on port 8003.

When I just make the group ERP-Apps-Grp active , the vitual ip address 10.3.20.230 is pingable , but when I make the the content Erp_IAT active it stops pinging.

Appreciate if you give me any insight . I am not much well versed with load balancer, but I tried making the configuration seeing the working ip 10.3.20.101 Please find the problem configuration below highlighted in bold

ip route 0.0.0.0 0.0.0.0 10.3.20.254 1

!************************* INTERFACE *************************

interface 1/2

bridge vlan 10

!************************** CIRCUIT **************************

circuit VLAN1

ip address 10.3.20.100 255.255.255.0

circuit VLAN10

ip address 10.3.19.1 255.255.255.0

!************************** SERVICE **************************

service Banner-Apps-1a

ip address 10.3.19.11

keepalive type http

port 7777

active

service Banner-Apps-1b

ip address 10.3.19.15

keepalive type http

port 7777

active

service Banner-Apps-1c

port 14021

ip address 10.3.19.15

keepalive type tcp

active

service Banner-Apps-1d

protocol udp

port 14021

keepalive type http

ip address 10.3.19.15

active

service Banner-Apps-1e

ip address 10.3.19.11

keepalive type tcp

port 14021

active

service Banner-Apps-2b

ip address 10.3.19.16

keepalive type http

port 7777

active

service Banner-Apps-2c

ip address 10.3.19.16

keepalive type http

port 14021

active

service Banner-Apps-2d

ip address 10.3.19.16

protocol udp

port 14021

keepalive type http

active

service Erpa_11

ip address 10.3.19.22

keepalive type http

port 8003

active

service Erpaa_22

ip address 10.3.19.23

keepalive type http

port 8003

active

!*************************** OWNER ***************************

owner IAT

content Banner-Apps1

vip address 10.3.20.101

add service Banner-Apps-1a

port 7777

protocol tcp

advanced-balance sticky-srcip-dstport

active

content Banner-Apps2

vip address 10.3.20.101

add service Banner-Apps-1b

add service Banner-Apps-2b

port 7777

protocol tcp

url "/*"

advanced-balance sticky-srcip-dstport

active

content Erp_IAT

vip address 10.3.20.230

add service Erpa_11

add service Erpaa_22

port 8003

protocol tcp

url "/*"

advanced-balance sticky-srcip-dstport

active

!*************************** GROUP ***************************

group Banner-Apps-Grp

add service Banner-Apps-1b

add service Banner-Apps-2b

vip address 10.3.20.101

add service Banner-Apps-1a

active

group ERP-Apps-Grp

add service Erpa_11

add service Erpaa_22

vip address 10.3.20.230

active

Any Help is much Appreciated

Thanks

Sandeep

Kanwaljeet Singh · ‎05-07-2013

Hi Sandeep,

Please go through this link and let me know if you have any questions. It explains beautifully about configuring HTTP keepalives.

http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_example09186a008009452c.shtml

Regards,

Kanwal

View solution in original post

Kanwaljeet Singh · ‎05-06-2013

Hi Sandeep,

You have configured a group for these services (oracle) but do you really need it? This is needed for server originating connections which will be natted with the VIP. Secondly you have configured URL "/" in content rule which makes it a L5 rule which means that CSS will open a different connection at the backend since it needs to examine the HTTP GET REQUEST.

Are you able to ping the services from CSS itself when your VIP is not pingable? What is the status of services in CSS during the problem? From where are pinging the VIP? Is client in same as server subnet?

Configuration looks fine but we need to check what is exactly being done.

Regards,

Kanwal

sandeep.menon · ‎05-07-2013

Hi Kanwal

Thank you for the reply.

I agree with you that group doesnt need to be created as i dont think there will be any connections origination from server. It will all be client requests from load balancer ip .

I was not sure about url .. but as you pointed out, i can ping physical ip address of the actual hosts when the virtual ip is not pingable.. but i cannot telnet to port 8003 on the physical hosts .

When i change keepalive to icmp , the virtual ip 10.3.20.230 is pingable , but when i keep it as http, the virtual ip stops pinging.

As you pointed , it seems that it is http configuration that seems the issue with keealive.

I will get the application guy to make the services up in the phyiscal hosts and then ask him to provide me with url for http .

One question , lets says he gives me the url http:erpmycompany.abc.ae:8003, how should i configure the service with this url for http.

Thanks

Sandeep

Kanwaljeet Singh · ‎05-07-2013

Hi Sandeep,

Do you mean to ask how should you configure keepalive for that URL? You will have to use HTTP keepalive.

Regards,

Kanwal

sandeep.menon · ‎05-07-2013

Hi Kanwal

Should i just mention like before keepalive type http or can i explicitly mention the url in the keepalive type http command. the syntax i mean.

Thanks

Sandeep

Kanwaljeet Singh · ‎05-07-2013

Hi Sandeep,

Please go through this link and let me know if you have any questions. It explains beautifully about configuring HTTP keepalives.

http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_example09186a008009452c.shtml

Regards,

Kanwal

sandeep.menon · ‎05-07-2013

Hi Kanwal

Thank you for your kind assistance.

I will review the document. I am sure it will helpful.

Thank you again for your valuable time .

Regards

Sandeep