HiI suggest you to check once

Sirajhussain · ‎08-25-2011

Hello,

I have trouble with new installation LB ACE 4710 for Oracle application load balance. Problem: Unable to PING VIP - 10.11.10.55 / 24

Below are the simple configuration parameters:

1. ACE 4710 is connected with Cisco 3560 Switch - L2 Trunk (Channel Group)

2. Cisco 3560 Switch is connected with Cisco 6500 Switch (Core) also L2 Trunk

3. There are 3 Vlans,(255, 310, and 370), Vlan 255 is management Vlan

4. Real Servers and Virtual IP are part of Vlan 310

- VIP - 10.11.10.55

- Real Server1 - 10.11.10.46

- Real Server2 - 10.11.10.47

5. Gateway is 10.11.10.1 (vlan 310), 10.11.70.1 (Vlan 370)

Sirajhussain · ‎08-25-2011

Hi,

I am able to Ping gateways and real servers from ACE device and VIP not even responding from ACE.

Thanks in advance.

regards

siraj

thomascollins · ‎08-25-2011

You need to enable ping for the VIP (the default is to not respond to ping). Via the GUI, edit the VIP in Advanced mode to see the various options for ICMP reply. Or via command line...

policy-map multi-match global

class ebstest.com

loadbalance vip inservice

loadbalance policy ebstest.com-l7slb

loadbalance vip icmp-reply active

Sirajhussain · ‎08-25-2011

Thanks Thomas,

I tried that option too, enabled PING (ICMP) via GUI, and set the option - Always instead of Default - none.

But still I am unable to PING the VIP.

Can you confirm, Is ACE coonfiguration correct? because I am configuring first time.

Appreciate your help.

Regards,

Siraj

pablo.nxh · ‎08-25-2011

Hi,

I don't see VLAN 310 configured as an SVI on your ACE, I suppose you configured static routes on your servers to get to that VIP (if working) but the ACE at this point doesn't know how to get there based on the configuration you provided.

I don't think the ACE supports the null0 option to use it on a static route to point it as a next-hop for that network, also this could cause a lot of routing issues.

Are you supposed to have a one-armed mode or routed mode configuration? Based on your IP addressing description this should be routed so you need to configure VLAN 310 as an SVI.

HTH

__ __

Pablo

Hidayat Khan · ‎07-13-2012

Hi Pablo/Gavin,

I have read all your communications and your help really worked for Siraj. I am having almost the same or slightly different issue, though I have posted the topic in discussion, but no reponse yet. I can't ping the VIP from other Vlan Servers, so for example in the config below, I want to ping VIP 10.203.202.200 from any server in Vlan 303 with the source 10.203.194.164 or 165, I can't ping.... though I can ping the real IP of servers. See config below, and your help will be really appreciated.

access-list INSMU remark ACL to open access for L-3 routing of non-LB flows

access-list INSMU line 10 extended permit ip any any

access-list PRODACL line 70 extended permit ip any any

parameter-map type connection TCP-TTLCITRIXAWD10

set timeout inactivity 43200

rserver host AWDPROD1

description AWD PROD IIS Server 1

ip address 10.203.193.120

probe GETPROBE1

probe PINGPROBE1

inservice

rserver host AWDPROD2

description AWD PROD IIS Server 2

ip address 10.203.193.121

probe GETPROBE1

probe PINGPROBE1

inservice

rserver host BIZTALKUAT1

description Biz Talk UATServer 1

ip address 10.203.194.139

probe GETPROBE1

probe PINGPROBE1

inservice

rserver host BIZTALKUAT2

description Biz Talk UATServer 2

ip address 10.203.194.140

probe GETPROBE1

probe PINGPROBE1

inservice

serverfarm host AWDPROD

description AWD Services PROD Server Farm

rserver AWDPROD1

inservice

rserver AWDPROD2

inservice

serverfarm host BIZTALKUAT

description Biz Talk UAT Server Farm

rserver BIZTALKUAT1

inservice

rserver BIZTALKUAT2

inservice

rserver BIZTALKUAT3

inservice

rserver BIZTALKUAT4

inservice

sticky ip-netmask 255.255.255.240 address source STKYINTRANET

timeout 20

replicate sticky

serverfarm INTRANET

class-map type management match-any HTTP

description Define Permitted HTTP Traffic

10 match protocol http source-address 10.203.114.0 255.255.255.0

20 match protocol http source-address 10.203.115.0 255.255.255.0

class-map type management match-any ICMP

description Define Permitted ICMP Traffic

10 match protocol icmp source-address 10.203.114.0 255.255.255.0

20 match protocol icmp source-address 10.203.115.0 255.255.255.0

30 match protocol icmp source-address 10.203.204.65 255.255.255.255

class-map match-any L3_AWDPROD

description Classify incoming AWD traffic for balancing to PROD AWD Servers

10 match virtual-address 10.203.202.200 tcp eq www

class-map match-any L3_AWDUAT

description Classify Incoming AWD trafficfor balancing to UAT AWD Servers

10 match virtual-address 10.203.202.199 tcp eq www

class-map type management match-any SERVERICMP

description Permitted ICMP traffic for server VLANs

10 match protocol icmp source-address 10.203.193.0 255.255.255.128

20 match protocol icmp source-address 10.203.194.0 255.255.255.128

30 match protocol icmp source-address 10.203.193.128 255.255.255.128

40 match protocol icmp source-address 10.203.194.128 255.255.255.128

class-map type management match-any SSH

description Define Permitted SSH Traffic

10 match protocol ssh source-address 10.203.114.0 255.255.255.0

20 match protocol ssh source-address 10.203.115.0 255.255.255.0

class-map match-all TCP-CITRIX

2 match port tcp any

class-map type management match-any TELNET

description Define Permitted Telnet Traffic

10 match protocol telnet source-address 10.203.114.0 255.255.255.0

20 match protocol telnet source-address 10.203.115.0 255.255.255.0

policy-map type management first-match SMUREMOTEMGMT

description Remote management Access Policy

class TELNET

permit

class SSH

permit

class HTTP

permit

class ICMP

permit

policy-map type management first-match SMUSVRPINGT

description Allowed Server Ping Traffic

class SERVERICMP

permit

policy-map type loadbalance first-match L7_AWDPROD

description Layer-7 Policy Map defining AWD Production Load Balancing Destination

class class-default

serverfarm AWDPROD

policy-map type loadbalance first-match L7_AWDUAT

description Layer-7 Policy Map defining AWD UAT Load Balancing Destination

class class-default

serverfarm AWDUAT

policy-map type loadbalance first-match L7_BIZTALKPROD

description Layer-7 Policy Map defining Load Balancing Destination

class class-default

sticky-serverfarm FEBIZTALKPROD

policy-map type loadbalance first-match L7_INTRANET

description Layer-7 Policy Map defining Intranet Load Balancing Destination

class class-default

sticky-serverfarm STKYINTRANET

policy-map type loadbalance first-match L7_WEBSVCSPROD

description Policy Map defining balancing of production Biz Talk traffic to Web services servers

class class-default

serverfarm WEBSVCSPROD

policy-map type loadbalance first-match L7_WEBSVCSUAT

description Policy Map defining balancing of UAT Biz Talk traffic to Web services servers

class class-default

serverfarm WEBSVCSUAT

policy-map multi-match L3_BIZPROD

description Load Balancing Policy For Production BizTalk Originated traffic to WebServices & WAS to BizTal

k

class TCP-CITRIX

connection advanced-options TCP-TTLCITRIXAWD10

class L3_BIZTALK2WEBPROD

loadbalance vip inservice

loadbalance policy L7_WEBSVCSPROD