06-04-2012 04:09 AM
Hi,
I am in the process of configuring load balancing on ACE module but struggling to configure virtual IP address for ACE module.
I'm working on ACE30 module and using software version A5 (1.2). ACE module is in slot of Catalyst 6504 switch.
Can anybody please post the steps/commands to perform this activity? An early response would be appreciated.
Regards,
Rachit.
06-04-2012 12:47 PM
Hi Rachit,
Here is a basic configuration example:
access-list Allow_Access line 10 extended permit ip any any
rserver host test
ip address 10.198.16.98
inservice
rserver host test2
ip address 10.198.16.93
inservice
serverfarm host test
rserver test 80
inservice
rserver test2 80
inservice
sticky http-cookie test group2
cookie insert
serverfarm test
class-map match-all VIP
2 match virtual-address 10.198.16.122 tcp eq www
policy-map type loadbalance first-match test
class class-default
sticky-serverfarm group1
policy-map multi-match clients
class VIP
loadbalance vip inservice
loadbalance policy test
loadbalance vip icmp-reply active
nat dynamic 1 vlan 112
interface vlan 112
ip address 10.198.16.91 255.255.255.192
access-group input Allow_Access
nat-pool 1 10.198.16.122 10.198.16.122 netmask 255.255.255.192 pat
service-policy input NSS_MGMT
service-policy input clients
no shutdown
ip route 0.0.0.0 0.0.0.0 10.198.16.65
Here is the configuration guide:
http://tools.cisco.com/squish/101AD
----------------------------------------
Cesar R
06-04-2012 11:08 PM
Hi Cesar,
Many thanks for your reply.
I did the configuration and it is working (may be parially) now. I still have few questions so if you can help please.
1) I did not have aby Virtual IP configured for ACE30 module on which i am working on. Is following command responsible for creating/configuring Virtual IP address for ACE module?
nat-pool 1 10.198.16.122 10.198.16.122 netmask 255.255.255.192 pat
If not, what this command exactly does?
2) I have configured round robin predictor for my configuration that contains 4 rservers, each with equal weight value. The configuration is for http loadbalancing. What i was expecting is that when i open browser 4 times, every time it will go to new server. But, instead of that, it follows random pattern like it goes to one server couple of times and then goes to another server and so on. Also, if i just refresh in the same browser, it stays on the same server. Is it expected behavior? Is it something which need to do in my http cookie settings or some other setting in my browser which opens http connections?
Regards,
Rachit.
06-05-2012 10:46 AM
Hi Rachit,
About your first question, this is the line that define the VIP address:
class-map match-all VIP
2 match virtual-address 10.198.16.122 tcp eq www
This line is for natting purpose, it could be to NAT the source address of the clients:
nat-pool 1 10.198.16.122 10.198.16.122 netmask 255.255.255.192 pat
About your second question, yes the behavior you mentioned is normal. If you refresh the page in the same browser the client will go to the same server because is using the same session.
-----------------------------------
Cesar R
06-05-2012 06:49 PM
Hi Cesar,
Thanks.
Is NAT really mandatory for this configuration to work?
I removed "nat-pool 1 10.198.16.122 10.198.16.122 netmask 255.255.255.192 pat" configuration from interface and removed "nat dynamic 1 vlan 112" from policy-map but then loadbalancing configuration didn't work.
Regards,
Rachit.
06-08-2012 09:47 AM
Hi Rachit,
Is not mandatory because there are other ways to make it work. The problem basically is that if you don't use the nat, the servers can see the real client IP address, so when the server sends the response back if there is a L3 device between the ACE and the servers it will try to send the traffic directly to the client bypassing the ACE. Meaning an assymetric flow.
When you use the nat the source IP address will be the nat-pool, so the server will send the response back to the ACE and then the ACE will send it back to the client.
There are other topologies where the nat is not needed like Route Mode or One-Armed mode where there is only a L2 devices between the ACE and the servers, that way the traffic has to come back to the ACE because is the only path
--------------------------------
Cesar R
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide