09-10-2008 09:13 PM
Hello
I've got a question re: the ACE module.
Lets say I have 2 web rservers and I have a probe interval for checking them from the ACE of 10 seconds.
Lets say a probe just passed and it is 10 seconds before the next one. The ACE will think the rserver is ok. Then say the rserver httpd service is stopped at 3 seconds after the last successful probe, therefore leaving 7 seconds before the ACE is going to send another probe. The ACE will think it is still 'up' before the next probe is sent.
Given the above, what happens to a) existing connections to the newly failed rserver and b) new connections if the failure occurs between probes?
How does the ACE handle this situation?
Are there any differences between how the ACE handles this between A1 and A2 versions of software?
Thanks
Cameron
Solved! Go to Solution.
09-11-2008 12:16 AM
Existing connections will be unaffected by what happens to a rserver by default.
You can configure a 'failaction' under the serverfarm to force a disconnect or a reassign.
New connections will still be forwarded to a server that has not yet been detected as down.
Ace will just send the SYN.
Your client will retransmit and ACE will again forward the SYN.
This will go on until the client gives up or the server is detected as dead and the connection will then by forwarded to a different rserver.
Gilles.
09-11-2008 12:16 AM
Existing connections will be unaffected by what happens to a rserver by default.
You can configure a 'failaction' under the serverfarm to force a disconnect or a reassign.
New connections will still be forwarded to a server that has not yet been detected as down.
Ace will just send the SYN.
Your client will retransmit and ACE will again forward the SYN.
This will go on until the client gives up or the server is detected as dead and the connection will then by forwarded to a different rserver.
Gilles.
09-16-2008 06:19 AM
Hi there,
For me it doesnt seems to be working as you said...i have configured sticky with ip-netmask of /24 and probe of port 8080 for an online trading server...sticky feature is working fine but the problem is that when i shut one of the servers...probing is showing that one server failed..but the whole connection goes....down....no one after that will be able to connect to any of the servers in that server farm.....
09-16-2008 09:35 AM
That's a big problem.
What version do you run ?
Can we see the config and a 'show service detail' and a 'show rserver detail' when the server is detected as down.
Gilles.
09-16-2008 11:06 AM
First of all thank you for your quick reply....i really appreciate it...
show serverfarm detail`
serverfarm : SERVERFARM-1, type: HOST
total rservers : 5
active rservers: 2
description : -
state : ACTIVE
predictor : ROUNDROBIN
failaction : -
back-inservice : 0
partial-threshold : 0
num times failover : 2
num times back inservice : 5
total conn-dropcount : 0
Probe(s) :
INVESTOR_PROBE_1, type = TCP
INVESTOR_PROBE_2, type = TCP
here i have pasted the output as you had asked...i guess the problem is failaction : -
i had one more prob with ssl redirection
here i am attaching the config...
here what we want to acheive is that whenever we typer "investor.nice360.com" it should be redirected to "https://investor.nice360.com", but here i doing the ssl termination on ace...and server listens on the port 8080
can you suggest me what i should do with the config....
i am really confused with url rewrite feature...
if there are some flaws in my config please point out those things so that i can correct that....
Thanks and Best Regards
Joe
09-16-2008 05:32 PM
URL rewrite only comes into play when REAL Server (Rserver )sends a clear text redirect. Such as 302 for http://investor.nice360.com. If client recieves this 302 it will attempt the next request using HTTP.With Url rewrite feature we configure ACE to change these redirects from Http tp HTTPS.
What you are looking for is a simple redirection of client request from port 80 to port 443. This can be achieved using redirect server farm and redirect rserver.
You will need to create two sets of configs (class-maps, rserver, sfarm,policy map) for port 80 & port 443 traffic. Port 80 policy will simply redirect the port 80 request to port 443.
Following example will give you some idea
rserver redirect HTTP2HTTPS
webhost-redirection https://%h%p 301
inservice
serverfarm redirect HTTP2HTTP-SF
rserver HTTP2HTTPS
inservice
class-map match-all WEB-HTTP
2 match virtual-address 172.25.250.245 tcp eq http
class-map match-all WEB-HTTPS
2 match virtual-address 172.25.250.245 tcp eq 443
policy-map type loadbalance first-match HTTP2HTTPS-POLICY
class class-default
serverfarm HTTP2HTTPS-SF
policy-map type loadbalance first-match L7-POLICY
class class-default
sticky-serverfarm STICKY_IP
policy-map multi-match L4-POLICY
class WEB-HTTP
loadbalance vip inservice
loadbalance policy HTTP2HTTPS-POLICY
loadbalance vip icmp-reply
class WEB-HTTPS
loadbalance vip inservice
loadbalance policy L7-POLICY
loadbalance vip icmp-reply
ssl-proxy server INVESTOR-CLIENT
Syed
09-17-2008 04:32 AM
Thanks for your great help....it is working great.....i am really greatful for your help...
Thanks & Best Regards
Joe
10-07-2008 11:23 AM
Hi there,
i had posted a request for http redirection into https,i got the reply for that and it is working fine.....now i am into one more issue....my client bought a certificate for a portal called "www.nice360.com" and this was the link that i redirected to "https://www.nice360.com"....but when some one types just "nice360.com" it should get redirected to "https://www.nice360.com"
i did this by the following configuration...
10-07-2008 11:27 AM
Hi there,
i had posted a request for http redirection into https,i got the reply for that and it is working fine.....now i am into one more issue....my client bought a certificate for a portal called "www.nice360.com" and this was the link that i redirected to "https://www.nice360.com"....but when some one types just "nice360.com" it should get redirected to "https://www.nice360.com"
i did this by the following configuration...
but after the configuration "www.nice360.com" is being redirected to "www.www.nice360.com"
becuase i have matched the vip which listens on the port 80....please suggest me a solution so that when a user types "nice360.com" it should be redirected to "https://www.nice360.com" and also when a person types "www.nice360.com" it should also be redirected to "https://www.nice360.com"
Thanks & Best Regards
Joe
10-07-2008 12:53 PM
Simplest (relevant) config to achieve what you are looking for would be
rserver redirect HTTP2HTTPS
webhost-redirection https://www.nice360.com/%p 301
inservice
serverfarm redirect HTTP2HTTPS-SF
failaction reassign
rserver HTTP2HTTPS
inservice
class-map type http loadbalance match-any WEB-HTTP
2 match http header Host header-value "nice360.com"
4 match http header Host header-value "www.nice360.com"
policy-map type loadbalance first-match HTTP2HTTPS-POLICY
class class-default
serverfarm HTTP2HTTPS-SF
policy-map multi-match L4-POLICY
class WEB-HTTP
loadbalance vip inservice
loadbalance policy HTTP2HTTPS-POLICY
loadbalance vip icmp-reply
class WEB-HTTPS
loadbalance vip inservice
loadbalance policy L7-POLICY
loadbalance vip icmp-reply
ssl-proxy server PORTAL
Remember http://www.nice360.com or nice360.com is not url, its Hostname.
Syed Iftekhar Ahmed
10-13-2008 09:21 PM
Hi there,
Thanks for your reply, the config that you gave me which you can see above contains some issue....you have configured WEB-HTTP class as type http loadbalance.....this type of config i had tried before i posted this problem.....the WEB-HTTP class can be called under a policy-map of type load balance and not anywhere else....anyway i had solve this issue with the following config...
instead of telling
rserver redirect HTTP2HTTPS
webhost-redirection https://www.nice360.com/%p 301
inservice
i gave
rserver redirect HTTP2HTTPS
webhost-redirection https://www.nice360.com/%p 301
inservice
but i matched the vip for my address instead of that class loadbalance.
so what ever that hits on the virtual ip will be redirected to https://www.nice360.com/%p
Thanks,
Joe
10-23-2008 02:25 AM
I have the following scenario.
In addition to functionality configured on ACE, I would like to have URL forwarding based on Time (I.e. from 7:00 AM to 3:00:00 PM Arabic URL should be primary and from 3:00:01 PM till 6:59:59 English URL to be Primary) to see website.
I believe is should be possible using some other method using ACE .I could see we can configure URL Redirect but could not see any time based configuration or how it is done.
Please do not hesitate if you need any more information. Appreciate an early reply.
Thanks
Joe
10-23-2008 11:05 AM
There are no time based policies available in ACE.
Syed Iftekhar Ahmed
10-25-2008 10:42 AM
Thank you.....very much...you have helped me out before also....thank you....syed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide