Configuring ACE 4710 for Load Balancing Speech servers - Page 2

rdancy123 · ‎09-19-2012

Hello, I'm configuring ACE 4710's for the first time and I want to load balance my Nuance speech servers on port 554. Here's my configuration on ACE01:

hostname ace471001

interface gigabitEthernet 1/1

switchport access vlan 1000

no shutdown

interface gigabitEthernet 1/2

shutdown

interface gigabitEthernet 1/3

shutdown

interface gigabitEthernet 1/4

shutdown

access-list ALL line 8 extended permit ip any any

rserver host nss01

class-map type management match-any remote_access

2 match protocol xml-https any

3 match protocol icmp any

4 match protocol telnet any

5 match protocol ssh any

6 match protocol http any

7 match protocol https any

8 match protocol snmp any

policy-map type management first-match remote_mgmt_allow_policy

class remote_access

permit

interface vlan 1000

ip address 10.20.17.21 255.255.248.0

access-group input ALL

service-policy input remote_mgmt_allow_policy

no shutdown

How would I configure my speech server to isten on 554?

Thanks in advance

rdancy123 · ‎09-26-2012

Hi Cesar,

I made my changes except VIP, still a confused about it, sorry. My network admin gave my range of addresses to use in the 10.2.4.0 range. Should I use one that is available for VIP? Thanks in advance

probe rtsp probe01

rserver host nss01

ip address 10.2.4.70

inservice

serverfarm host Nuance_Lab

rserver nss01 554

inservice

class-map type rtsp loadbalance match-all L7SLBCLASS

10 match rtsp url /synthesizer

class-map match-all VIP

2 match virtual-address 10.2.4.21 tcp eq rtsp

class-map type management match-any remote_access

2 match protocol xml-https any

3 match protocol icmp any

4 match protocol telnet any

5 match protocol ssh any

6 match protocol http any

7 match protocol https any

8 match protocol snmp any

policy-map type management first-match remote_mgmt_allow_policy

class remote_access

permit

policy-map type loadbalance rtsp first-match RTSP_L7_POLICY

class L7SLBCLASS

serverfarm Nuance_Lab

policy-map multi-match clients

interface vlan 1000

ip address 10.2.4.21 255.255.248.0

access-group input ALL

service-policy input remote_mgmt_allow_policy

service-policy input clients

no shutdown

Cesar Roque · ‎09-26-2012

Hi Reginald,

Yes, for example

class-map match-all VIP

2 match virtual-address 10.2.4.21 tcp eq rtsp

interface vlan 1000

ip address 10.2.4.22 255.255.248.0

access-group input ALL

service-policy input remote_mgmt_allow_policy

service-policy input clients

no shutdown

---------------------
Cesar R
ANS Team

--------------------- Cesar R ANS Team

rdancy123 · ‎09-26-2012

Hi Cesar,

10.2.4.22 just so happens to be the IP of my other ACE 4710. This is what I have:

2 Cisco 3945 routers with Sip proxy

1 Cisco 3750-e catalyst switch

2 Cisco Ace 4710

2 NSS servers (plus CVP, UCCX, CUPS)

That said, I do have 10.2.4.23, available.

Thanks for your help, this is my first experience with Ace.

rdancy123 · ‎09-27-2012

Hi Cesar,

I modified VIP so I think I'm good now:

probe rtsp probe01

rserver host nss01

ip address 10.2.4.70

inservice

serverfarm host Nuance_Lab

rserver nss01 554

inservice

class-map type rtsp loadbalance match-all L7SLBCLASS

10 match rtsp url /synthesizer

class-map match-all VIP

2 match virtual-address 10.2.4.23 tcp eq rtsp

class-map type management match-any remote_access

2 match protocol xml-https any

3 match protocol icmp any

4 match protocol telnet any

5 match protocol ssh any

6 match protocol http any

7 match protocol https any

8 match protocol snmp any

policy-map type management first-match remote_mgmt_allow_policy

class remote_access

permit

policy-map type loadbalance rtsp first-match RTSP_L7_POLICY

class L7SLBCLASS

serverfarm Nuance_Lab

policy-map multi-match clients

interface vlan 1000

ip address 10.2.4.21 255.255.248.0

access-group input ALL

service-policy input remote_mgmt_allow_policy

service-policy input clients

no shutdown

ip route 0.0.0.0 0.0.0.0 10.20.16.1

Thanks again for all your help!!

Reginald

Cesar Roque · ‎09-28-2012

Hi Reginald,

You will need to configure a nat-pool to avoid assymetric flows. In addition you need to add this:

policy-map multi-match clients

class VIP

loadbalance vip inservice

loadbalance policy L7SLBCLASS

nat dynamic 1 vlan 1000

interface vlan 1000

ip address 10.2.4.21 255.255.248.0

access-group input ALL

service-policy input remote_mgmt_allow_policy

service-policy input clients

nat-pool 1 10.2.4.23 10.2.4.23 netmask 255.255.248.0 pat ====add this line

no shutdow

With this it should work properly.

---------------------
Cesar R
ANS Team

--------------------- Cesar R ANS Team

rdancy123 · ‎09-28-2012

Hey Cesar,

Thanks for your response, I made the changes. All that's left now to test it.

Once again I appreciate your help:

probe rtsp probe01

rserver host nss01

ip address 10.2.4.70

inservice

serverfarm host Nuance_Lab

rserver nss01 554

inservice

class-map type rtsp loadbalance match-all L7SLBCLASS

10 match rtsp url /synthesizer

class-map match-all VIP

2 match virtual-address 10.2.4.23 tcp eq rtsp

class-map type management match-any remote_access

2 match protocol xml-https any

3 match protocol icmp any

4 match protocol telnet any

5 match protocol ssh any

6 match protocol http any

7 match protocol https any

8 match protocol snmp any

policy-map type management first-match remote_mgmt_allow_policy

class remote_access

permit

policy-map type loadbalance rtsp first-match RTSP_L7_POLICY

class L7SLBCLASS

serverfarm Nuance_Lab

policy-map multi-match clients

class VIP

nat dynamic 1 vlan 1000

interface vlan 1000

ip address 10.2.4.21 255.255.248.0

access-group input ALL

nat-pool 1 10.2.4.23 10.2.4.23 netmask 255.255.248.0 pat

service-policy input remote_mgmt_allow_policy

service-policy input clients

no shutdown

ip route 0.0.0.0 0.0.0.0 10.20.16.1

Many thanks!

Reginald

Cesar Roque · ‎09-28-2012

Hi Reginald,

You still are missing the rest of the configuration in the policy-map multi-match.

It should look like this:

policy-map multi-match clients

class VIP

loadbalance vip inservice

loadbalance policy L7SLBCLASS

nat dynamic 1 vlan 1000

---------------------
Cesar R
ANS Team

--------------------- Cesar R ANS Team

rdancy123 · ‎09-28-2012

This should do it:

probe rtsp probe01

rserver host nss01

ip address 10.2.4.70

inservice

serverfarm host Nuance_Lab

rserver nss01 554

inservice

class-map type rtsp loadbalance match-all L7SLBCLASS

10 match rtsp url /synthesizer

class-map match-all VIP

2 match virtual-address 10.2.4.23 tcp eq rtsp

class-map type management match-any remote_access

2 match protocol xml-https any

3 match protocol icmp any

4 match protocol telnet any

5 match protocol ssh any

6 match protocol http any

7 match protocol https any

8 match protocol snmp any

policy-map type management first-match remote_mgmt_allow_policy

class remote_access

permit

policy-map type loadbalance rtsp first-match RTSP_L7_POLICY

class L7SLBCLASS

serverfarm Nuance_Lab

policy-map multi-match clients

class VIP

loadbalance vip inservice

loadbalance policy RTSP_L7_POLICY

nat dynamic 1 vlan 1000

interface vlan 1000

ip address 10.2.4.21 255.255.248.0

access-group input ALL

nat-pool 1 10.2.4.23 10.2.4.23 netmask 255.255.248.0 pat

service-policy input remote_mgmt_allow_policy

service-policy input clients

no shutdown

ip route 0.0.0.0 0.0.0.0 10.20.16.1

Reginald

Cesar Roque · ‎09-30-2012

Hi Reginald,

Yes, that configuration should work.

---------------------
Cesar R
ANS Team

--------------------- Cesar R ANS Team