05-14-2009 09:56 AM
Hello,
I have a question on how to setup load balancing on my CSMs located in my Data Center Distribution Layer, which consists of 6509s running Hybrid with CSMs running 4.2(5).
I need to load balance an application that is always sourced from (2) Citrix servers. So all client requests originate from 1 of these servers. Does anyone know how to load balance traffic to a couple of reals but is sourced from the same server? Also the sessions must be sticky.
I know I can setup (2) policies on the vIP with each policy tied to an access-list permitting traffic from (1) of the Citrix servers only to goto one serverfarm with (1) real (app server-1). And another policy permitting traffic from the 2nd Citrix server to goto a 2nd serverfarm with a 2nd real (app server-2). My concern is what happens if either app server goes down. I end up black-holing traffic from that Citrix server.
Is there another way to do this? Or possibly a better way??
Load balance all traffic originating from (2) Citrix servers to (2) App Reals and be sticky.
Thanks in advance for your help,
Tony
05-14-2009 12:35 PM
I think you have not configured keepalives.
Keepalives are the methods used for checking the servers health before considered thenm eligile for load balancing.
Without keepalives CSM will not come to know if the servers whom to load balance are answering or not.
On CSM keepalives are called probes
Here is sample configuration:
probe FTP ftp
interval 5
failed 10
port 21
probe HTTPS tcp
interval 5
failed 5
port 443
probe DNS-UDP udp
interval 5
failed 10
port 53
probe SSH tcp
interval 5
failed 10
port 22
serverfarm A
real 192.168.1.100 23004
health probe FTP
no inservice
real 192.168.1.101 23004
health probe HTTPS
no inservice
real 192.168.1.102 10004
health probe DNS_UDP
inservice
real 192.168.1.103 10004
health probe SSh
inservice
Hope it will work for you. Plz inform if it works or not.
Kind regards.
Sachn Garg
05-14-2009 01:39 PM
Sachn,
Thank you for your response.
Sorry, I neglected to show or say that I am using probes. Probes are setup for TCP 81.
So my corrected question is what happens when the reals are in a probe failed state and are down? Will the policies under the vserver still attempt to forward traffic? Or will they stop and allow all traffic to the default serverfarm??
Here's my config:
access-list 10 permit 10.10.10.50
access-list 10 remark Citrix-Server1
access-list 20 permit 10.10.10.60
access-list 20 remark Citrix-Server2
vserver VIP-V
virtual 10.10.10.1 tcp 0
serverfarm SF3
persistent rebalance
replicate csrp sticky
replicate csrp connection
slb-policy BOUNCE-1
slb-policy BOUNCE-2
inservice
serverfarm SF1
nat server
no nat client
predictor leastconns
real SERVER-1
inservice
health retries 45 failed 300
probe TCP-81
serverfarm SF2
nat server
no nat client
predictor leastconns
real SERVER-2
inservice
health retries 45 failed 300
probe TCP-81
serverfarm SF3
nat server
no nat client
predictor leastconns
real SERVER-1
inservice
real SERVER-2
inservice
health retries 45 failed 300
probe TCP-81
real SERVER-1
address 10.10.10.10
inservice
real SERVER-2
address 10.10.10.20
inservice
Probe TCP-81
interval 10
retries 2
failed 120
port 81
sticky 1 netmask 255.255.255.255 address both timeout 20
sticky 2 netmask 255.255.255.255 address both timeout 20
policy BOUNCE-1
client-group 10
sticky-group 1
serverfarm SF1
policy BOUNCE-2
client-group 20
sticky-group 2
serverfarm SF2
What I am trying to do by having (3) serverfarms which consist of only a total of (2) servers is to always allow traffic to a server as long as a server is up. If both servers are up, then I want traffic sourced from (1) Citrix-Server to specifically load balance to real-1 and traffic sourced from the other Citrix-Server to the other real-2. All of this needs to be sticky too.
So if (1) real goes probed failed will the policy stop processing and allow traffic to the default serverfarm?
Do you know of another way to load balance from a single source?
Thanks again for your help,
Tony
05-14-2009 02:00 PM
HI Tony,
As you have not added serverfarm SF1 and SF2 to any VSERVER means these are not in use,
as in the config shown above only serverfarm SF3 is added to the vserver VIP-V so only this one is in use , rest 2 serverfarms config are there but they are not in use my dear.
As per your configuration I tassume your Citrix servers are 10.10.10.50 and 10.10.10.60 , when they try to connect to 10.10.10.1 on port 0 their traffic will reach the VSERVER VIP-V. Then this will go the the serverfarm SF3 in this VSERVER. So it will get two real servrs as destiantion Server-1 10.10.10.10 and Server-2 10.10.10.20 .
For your case you need two Vserver , first vserver VIP for the 1st citrix to 1st real and 2nd vservers VIP for 2nd citrix to 2nd real .
This is not load balancing. This is then only sticky . If I am not wrong.
As in your config send above some serverfarm SF1 and SF2 there is only one rserver means no laod balancing, means if this rserver is down then no traffic will be forwarded .
In some serverfarm i.e SF3 you are having more then 1 rserver. so out of these if any rserver fails or down due to any reason then the CSM will load-balance/forward the traffic to the remaining rserver according to the predictor as in your case it is leastconn so the CSM will always prefer to forward the traffic to that rserver which having least connections at that point of time.
As you are having sticky option also configured so once an entry is made into the sticky table for the client machine to the particular rserver then the next coming connections will also be forwarded to the same rserver insted of using the predictor leastconns.
One thing I would like to bring it into your knowledge that you always have to worry about destinations, as destinations are load balanced as rserver not the source machines. For source machine if you want your traffic to be forwarded to a particular rserver then sticky option is used for that thing.
Kind Regards,
Plz revert with your inputs on this.
Sachin Garg
05-14-2009 02:52 PM
Kindly find some sample configuration example below:
and
Cisco Content Switching Module
http://www.cisco.com/en/US/products/hw/modules/ps2706/prod_configuration_examples_list.html
Hope these will be good for your understanding.
If Possible Plz rate.
Kind Regards,
Sachin Garg
05-15-2009 05:17 AM
Sachin,
Thank you for taking the time to look at my request.
PLease refrain from calling me your dear. It is not appropriate.
SF1 and SF2 are very much part of this VIP through the policies (bounce1 and Bounce2) applied to the VIP.
Citrix servers are on same subnet as the load balanced reals indicates that this environment is configured to operate in bridged mode. The info you provided is for routed mode.
The VIP is at IP address 10.10.10.1 TCP 0, port 0 means that the VIP will accept connections on all TCP ports.
My load balance configuration works quite well. I just wasn't sure how to prevent the black-holing of traffic from the applied policies. The policies have only a single real tied to them, should the real go probe-failed, traffic will drop. I now know to add a backup serverfarm to each policy (advice from Giles on another thread) to fix this. Everything is working and designed properly.
If you want me to rate this your post, then I will however; I must be honest in doing so.
Again thank you for your time.
Tony
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide