Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
957
Views
0
Helpful
2
Replies

fail existing TCP sessions to another real server?

Go to solution
David Williams
Level 1
Level 1

‎11-28-2012 06:28 AM

I'm hoping there are some load balancing experts out there that can point me in the right direction here.  Basically what we would like to do is, in the event of a realserver failure,  rebalance all sessions to another realserver.  My understanding is that by default the ACE will do nothing with those sessions and they will simply have to timeout.  Using the failaction purge command we can instruct the ACE to reset all connections associated with a particular real server if it fails.

I'm not sure if persistance-rebalance or tcp reuse can help here but neither seem to be a good fit.  I do understand that the application will need to be aware of state information but I'm not the application guy.  I can get additional information about server capability from him if need be.

Thanks,

Dave

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
chrhiggi
Level 3
Level 3

‎11-28-2012 10:42 AM

Dave-

Simple answer, what you are asking is not available.

ACE can do 3 things to connections on an rserver when its probe fails.

Default: ACE no longer sends new connections to it, but leaves the existing connections on it.  The idea here is we don't know if the server missed a probe because it was overloaded, so we don't want to kill off all the connections by default.

Failaction purge:  This is a configuration done under the serverfarm.  When the probe fails, ACE sends a reset to both the client and the server for each connection. 

Failaction reassign: This is a configuration done under the serverfarm.  When the probe fails, re-assign the back end of the connection to another Rserver.  This is only viable for L2 flows, and for devices like firewalls which share connection state between eachother.  We simply remap the connection, there is no new TCP handshake on the backend.  In that manner, the next packet a client sends to the vip for an existing moved conneciton would be send to the new rserver.  Hence, if the packet went to an rserver that was not previously aware of this connection, it would simply send a reset.  There are actually quite a few limitations, you can find them in the guide for creating a failaction under a serverfarm.

The reason we don't offer creating new backend sessions is that there are too many possible issues that crop up.

Every connection moved would be handled in software to setup the 3 way handshake on the backend, hence, high cpu for a bit to set them up.

  What if the probe is flapping and we have to keep reassigning connections? That will cause issues for both CPU and servers.

Servers are not accustom to taking a large burst all at once (say the rserver that failed had 50k live connections, and you only had 3 rservers. When the probe failed, ACE would have to open 25k connections to each of the other servers instantly. Most servers don't handle that sort of burst well.)

Regards,

Chris Higgins

View solution in original post

0 Helpful
2 Replies 2

Go to solution
chrhiggi
Level 3
Level 3

‎11-28-2012 10:42 AM

Dave-

Simple answer, what you are asking is not available.

ACE can do 3 things to connections on an rserver when its probe fails.

Default: ACE no longer sends new connections to it, but leaves the existing connections on it.  The idea here is we don't know if the server missed a probe because it was overloaded, so we don't want to kill off all the connections by default.

Failaction purge:  This is a configuration done under the serverfarm.  When the probe fails, ACE sends a reset to both the client and the server for each connection. 

Failaction reassign: This is a configuration done under the serverfarm.  When the probe fails, re-assign the back end of the connection to another Rserver.  This is only viable for L2 flows, and for devices like firewalls which share connection state between eachother.  We simply remap the connection, there is no new TCP handshake on the backend.  In that manner, the next packet a client sends to the vip for an existing moved conneciton would be send to the new rserver.  Hence, if the packet went to an rserver that was not previously aware of this connection, it would simply send a reset.  There are actually quite a few limitations, you can find them in the guide for creating a failaction under a serverfarm.

The reason we don't offer creating new backend sessions is that there are too many possible issues that crop up.

Every connection moved would be handled in software to setup the 3 way handshake on the backend, hence, high cpu for a bit to set them up.

  What if the probe is flapping and we have to keep reassigning connections? That will cause issues for both CPU and servers.

Servers are not accustom to taking a large burst all at once (say the rserver that failed had 50k live connections, and you only had 3 rservers. When the probe failed, ACE would have to open 25k connections to each of the other servers instantly. Most servers don't handle that sort of burst well.)

Regards,

Chris Higgins

0 Helpful

Go to solution
David Williams
Level 1
Level 1
In response to chrhiggi

‎11-28-2012 12:40 PM

Excellent explanation Chris!  That confirms my suspicions and helps me understand why!  I always like knowing why in addition to knowing whether it will work or not. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents