CSM 4.1.2 - predictor forward, TCP not working

shamilton-wilkes · ‎11-15-2004

ICMP and UDP still work outbound from the real servers, but TCP doesn't. Did something change? Should I go back to 4.1.1?

TIA

Simon

shamilton-wilkes · ‎11-15-2004

It was an asymetric routing issue, don't know why it hadn't happened under 4.1.1

Adding a load of specific routes on the right VLAN fixed it.

kimt · ‎11-29-2004

I have got the same problem.

So, I have found that solution.And,I see your comment in this forum.

But,I don't fix it.

Let me know the how and why of it.

Thank you.

shamilton-wilkes · ‎11-29-2004

Do you have a 'predictor forward' serverfarm / vserver?

Is the real server included in a server farm already?

Can you post you config?

kimt · ‎11-29-2004

Hi,

At First,Thank for your reply.

And, Your questions is YES.

I think that Our Config is OK.

The following is config.

module ContentSwitchingModule 6

vlan 10 server

ip address 192.168.16.223 255.255.255.128

alias 192.168.16.224 255.255.255.128

!

vlan 482 client

ip address 192.168.16.223 255.255.255.128

gateway 192.168.16.129

!

probe TEST-SERVICE http

request method head url /index.html

expect status 200

interval 20

retries 2

failed 30

!

serverfarm TEST-220

nat server

no nat client

failaction reassign

real 192.168.16.195

inservice

real 192.168.16.196

inservice

health retries 20 failed 120

!

serverfarm TEST-221

nat server

no nat client

failaction reassign

real 192.168.16.177

inservice

real 192.168.16.181

inservice

health retries 20 failed 120

!

serverfarm SERVER_DIRECT

nat server

no nat client

predictor forward

!

sticky 220 netmask 255.255.255.255 timeout 60

!

sticky 221 netmask 255.255.255.255 timeout 60

!

vserver DIRECT_ACCESS

virtual 192.168.16.128 255.255.255.128 any

serverfarm SERVER_DIRECT

persistent rebalance

inservice

!

vserver TEST-220-11000

virtual 192.168.16.220 tcp 11000

serverfarm TEST-220

sticky 60 group 220

persistent rebalance

inservice

!

vserver TEST-220-12001

virtual 192.168.16.220 udp 12001

serverfarm TEST-220

sticky 60 group 220

persistent rebalance

inservice

!

vserver TEST-221-11000

virtual 192.168.16.221 tcp 11000

serverfarm TEST-221

sticky 60 group 221

persistent rebalance

inservice

!

vserver TEST-221-12001

virtual 192.168.16.221 udp 12001

serverfarm TEST-221

sticky 60 group 221

persistent rebalance

inservice

!

diagnostic cns publish cisco.cns.device.diag_results

diagnostic cns subscribe cisco.cns.device.diag_commands

!

redundancy

mode rpr-plus

main-cpu

auto-sync running-config

auto-sync standard

!

vlan internal allocation policy ascending

!

vlan 10,20

!

vlan 50

name client

!

vlan 462,482

!

interface GigabitEthernet1/1

no ip address

speed 100

duplex full

switchport

switchport access vlan 10

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/2

no ip address

speed 100

duplex full

switchport

switchport access vlan 10

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/3

no ip address

speed 100

duplex full

switchport

switchport access vlan 10

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/4

no ip address

speed 100

duplex full

switchport

switchport access vlan 10

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/5

no ip address

speed 100

duplex full

switchport

switchport access vlan 482

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/6

no ip address

speed 100

duplex full

switchport

switchport access vlan 482

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet5/1

no ip address

switchport

switchport access vlan 462

switchport mode access

!

interface GigabitEthernet5/2

no ip address

switchport

switchport access vlan 482

switchport mode access

!

interface Vlan1

no ip address

!

interface Vlan462

ip address 172.6.46.254 255.255.255.252

!

interface Vlan482

ip address 192.168.16.129 255.255.255.128

ip route-cache flow

!

ip classless

ip route 0.0.0.0 0.0.0.0 172.6.46.253

no ip http server

!

jfoerster · ‎11-29-2004

HI,

the config looks more or less fine. please remove the NAT Server statement in the serverfarm SERVER_DIRECT. Normaly it shouldn't be a problem as there is no real mentioned where the CSM has to do the NATing for but I experienced strange things in the lab havig configured the server nat. They went away after I removed that command.

Could you do me the favour and take a sniffer trace in VLAN 482 and VLAN 10 when trying to connect to the servers directly and post them here?

Kind Regards,

Joerg

kimt · ‎11-29-2004

I had already removed the nat server in serverfarm SERVER_DIRECT.(no nat server)

But,couldn't solve it.

I had monitored my problem through EtherPeekNX.

So, I have captured file.

I'll attacted it.

This file was captured on port-channel262(the mux interface of CSM).

My problem is the following

Form client to virtual and real server.

I get OK on service including ICMP,UDP & TCP.

From real server to client.

OK on service including ICMP,UDP.

But,I cann't establish TCP connection because of TCP repeated Connect attempt.

shamilton-wilkes · ‎02-28-2005

Is there a way to control which client VLAN traffic sourced from a real will exit the CSM through? Other than static routed that is?

kimt · ‎03-07-2005

I don't have any config relating to question.

But,I had solved my problem.

After delete the following Config on CSM.

serverfarm SERVER_DIRECT

nat server

no nat client

predictor forward

!

vserver DIRECT_ACCESS

virtual 192.168.16.128 255.255.255.128 any

serverfarm SERVER_DIRECT

persistent rebalance

inservice

I think that don't need 'predictor foward' in bridged-mode.

jfoerster · ‎03-08-2005

You are right, in bridged mode no predictor forward is needed.