cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
461
Views
0
Helpful
3
Replies

Multiple rserver ports, with L7 policies and stickiness

Paul Pinto
Level 1
Level 1

Hi,

1. We would like to achieve having port 80 traffic load balanced to a single server in a server farm to multiple ports on the reservers.

2. To have the traffic sent to the variuos ports on the servers ports based on the url/site they are accessing.

3. have stickiness

This is inline/routed mode, so servers default gateway is the alais on VLAN 12 (Server facing VLAN) on ACE and ACE default gateway is HSRP address on MSFC on VLAN 20 (User facing VLAN).

Vlan 12 has .1 as HSRP on MSFC and .2 and .3 on the SVI's. Vlan 20 has the same.

The ACE config is below:

access-list any line 1 extended permit icmp any any

access-list any line 2 extended permit ip any any

probe http MYWEBA_WEB_SERVER

interval 10

passdetect interval 15

passdetect count 2

request method get url /CACSAFsit/GL_FrameSet.jsp

expect status 200 200

probe http MYWEBB_SERVER

interval 10

passdetect interval 15

passdetect count 2

request method get url /CACSweb/GL_FrameSet.jsp

expect status 200 200

probe http WEB_SERVER

interval 10

passdetect interval 15

passdetect count 2

request method get url /index.html

expect status 200 200

rserver host nsitcred

ip address 10.10.10.233

inservice

serverfarm host MYWEBB_WEBFARM

failaction purge

probe MYWEBB_WEB_SERVER

rserver nsitcred 85

inservice

rserver nsitcred 86

inservice

serverfarm host MYWEBA_WEBFARM

failaction purge

probe MYWEBA_WEB_SERVER

rserver nsitcred 82

inservice

rserver nsitcred 83

inservice

rserver nsitcred 84

inservice

serverfarm host WEBFARM

failaction purge

probe WEB_SERVER

rserver nsitcred

inservice

sticky ip-netmask 255.255.255.255 address source WEBFARM-STICKY

timeout 30

replicate sticky

serverfarm WEBFARM

sticky ip-netmask 255.255.255.255 address source MYWEBA_WEBFARM-STICKY

timeout 30

replicate sticky

serverfarm MYWEBA_WEBFARM

sticky ip-netmask 255.255.255.255 address source MYWEBB_WEBFARM-STICKY

timeout 30

replicate sticky

serverfarm MYWEBB_WEBFARM

class-map match-all L4VIPCLASS

2 match virtual-address 10.10.20.7 tcp eq www

class-map type http loadbalance match-any L7CLASS_MYWEBA_WEB

3 match http header Host header-value "myweba.mysite.com"

class-map type http loadbalance match-any L7CLASS_MYWEBB_WEB

2 match http header Host header-value "mywebb.mysite.com"

class-map type management match-any REMOTE_ACCESS

2 match protocol ssh any

3 match protocol telnet any

4 match protocol icmp any

5 match protocol snmp any

6 match protocol http any

policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY

class REMOTE_ACCESS

permit

policy-map type loadbalance first-match WEB_L7_POLICY

class L7CLASS_MYWEBA_WEB

sticky-serverfarm MYWEBA_WEBFARM-STICKY

class L7CLASS_WYWEBB_WEB

sticky-serverfarm MYWEBB_WEBFARM-STICKY

class class-default

sticky-serverfarm WEBFARM-STICKY

policy-map multi-match CLIENT-VIPs

class L4VIPCLASS

loadbalance vip inservice

loadbalance policy WEB_L7_POLICY

loadbalance vip icmp-reply active

loadbalance vip advertise active

interface vlan 12

ip address 10.10.10.100 255.255.255.0

alias 10.10.10.102 255.255.255.0

peer ip address 10.10.10.101 255.255.255.0

no normalization

no icmp-guard

access-group input any

access-group output any

service-policy input REMOTE_MGMT_ALLOW_POLICY

arp 10.10.10.233 00.14.4f.eb.54.44

no shutdown

interface vlan 20

ip address 10.10.20.4 255.255.255.224

alias 10.10.20.6 255.255.255.224

peer ip address 10.10.20.5 255.255.255.224

no normalization

no icmp-guard

access-group input any

access-group output any

service-policy input REMOTE_MGMT_ALLOW_POLICY

service-policy input CLIENT-VIPs

no shutdown

ip route 0.0.0.0 0.0.0.0 10.10.20.1

Any confirmation of guidance would be appreciated.

Thanks.

3 Replies 3

Gilles Dufour
Cisco Employee
Cisco Employee

looks good to me.

Nothing much to add.

G.

Hi Gilles,

Many thanks for the response, once again.

One question..

A strange situation..

Solaris OS, multiple Zones where the server is running.

So, the real address is an address on a zone...

The default router has to be chaged on the Gloabal Zone on Solaris (versi0n 10).

All other zones appear to be fine using the ACE as the default gateway (default router in solaris terms).

Connectivity to the Zone we are Load Balncing too is intermitant (when we drop packets we see the MAC change from - 0014.4feb.5444 to 00.00.0c.07.ac.00 which shows up on the MSFC's as the HSRP MAC for VLAN 12 and 20 and on the ACE as gateway for VLAN 20.

Once the static ARP entry on ACE was added stability was restored.

Again, only this address on this Zone appears to be affected (six other addresses on this single server).

Any idea's? Running version 3.0.0_A1_6_3b on ACE's and can't find anything obvious in release notes. Upgrade?

Thanks again.

P

Is it possible to use several "class L4VIPCLASS" inside the "policy-map multi-match VIPs" in order to have several VIPs to load-balance services for several serverfarms?

Something like this:

class-map match-all L4VIPCLASS-1

2 match virtual-address 172.16.1.1 tcp eq www

class-map match-all L4VIPCLASS-2

2 match virtual-address 172.16.1.2 tcp eq www

class-map match-all L4VIPCLASS-3

2 match virtual-address 172.16.1.3 tcp eq 8081

policy-map type loadbalance http first-match WEB_POLICY-1

class class-default

serverfarm-1

policy-map type loadbalance http first-match WEB_POLICY-2

class class-default

serverfarm-2

policy-map type loadbalance http first-match WEB_POLICY-3

class class-default

serverfarm-3

policy-map multi-match VIPs

class L4VIPCLASS-1

loadbalance vip inservice

loadbalance policy WEB_POLICY-1

loadbalance vip icmp-reply active

loadbalance vip advertise active

nat dynamic 1 vlan 11

class L4VIPCLASS-2

loadbalance vip inservice

loadbalance policy WEB_POLICY-2

loadbalance vip icmp-reply active

loadbalance vip advertise active

nat dynamic 2 vlan 22

class L4VIPCLASS-3

loadbalance vip inservice

loadbalance policy WEB_POLICY-3

loadbalance vip icmp-reply active

loadbalance vip advertise active

nat dynamic 3 vlan 33

interface vlan XX

service-policy input VIPs

Many thanks for your support.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: