Ok great this is what I have so far. Where do I get the IP's from for VIP and the VLAN's ? do I pull from my company IP scheme? Also when I am complete what is the best way to test that loadbalancing is taking place?

access-list ANYONE line 10 extended permit ip any any

rserver host JAG-PLM9APP-02
  ip address 172.28.9.81
  inservice
rserver host JAG-PLM9WEB-02
  ip address 172.28.9.87
  inservice

serverfarm host PLM9-WEB-SF
  rserver JAG-PLM9APP-02
    inservice
  rserver JAG-PLM9WEB-02
    inservice

class-map match-all VS_Classmap
  2 match virtual-address 172.28.8.81 255.255.0.0 tcp any

policy-map type loadbalance first-match Policy-MAP_LB
  class class-default
    serverfarm PLM9-WEB-SF

policy-map multi-match PM_MULTI_MATCH
  class VS_Classmap
    loadbalance vip inservice
    loadbalance policy Policy-MAP_LB

interface vlan 400
interface vlan 401
  service-policy input PM_MULTI_MATCH

Hi,

Normally you should have 1 ip as VIP and not a complete subnet. Also, if your server's default GW is not ACE, you need to do source natting as well. 

Otherwise the configuration looks fine.You can start by executing following commands:

Show serverfarm detail--->Ensure that servers show operational.

Show service-policy summary---->Ensure than VIP is IN-SRVC.

After this you can send the traffic from client to VIP and execute "show conn" to see to which server the request was forwarded. Use multiple clients and you should see traffic getting forwarded to both the real servers.

Let me know if you have any questions.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

Yes but do I make up any IP address for the VIP or do I pull an address from my Company IP scope? For example the IP that I have in place now I completely made up myself off the top of my head. Would that work since it is virtual? I am trying to ping the VIP 172.28.8.81 but am receiving no response? do I need to change the IP? if so to what? BTW you have been a HUGE help and I thank you!!!

Hi,

It depends upon you:) Yes, VIP can be any IP , but you would need proper routing on peripheral devices so that traffic destined for the VIP reaches it. 

Regards,

Kanwal

Note: Please mark answers if they are helpful.

I see. Ok another question. In your opinion would it be best to choose round robin predictor or least conn?

Hi,

It again depends upon your choice or deployment requirement. Least conn predictor would send the traffic to server serving least amount of connections where as round-robin will not care about it and send the traffic to the server in round-robin manner.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

I am able to ping the VIP 172.28.18.81 but when I try to show connections I get nothing. What am I doing wrong that I am not able to create traffic so I may check if loadbalancing is taking place? here is my config

bri-200n-ace1/PLM9-TEST# sho run
Generating configuration....

access-list ANYONE line 10 extended permit ip any any

rserver host JAG-PLM9APP-02
  ip address 172.28.9.81
  inservice
rserver host JAG-PLM9WEB-02
  ip address 172.28.9.87
  inservice

serverfarm host PLM9-WEB-SF
  rserver JAG-PLM9APP-02
    inservice
  rserver JAG-PLM9WEB-02
    inservice

class-map type management match-any PM_MULTI_MATCH
  201 match protocol snmp any
  202 match protocol http any
  203 match protocol https any
  204 match protocol icmp any
  205 match protocol ssh any
  206 match protocol telnet any
  207 match protocol xml-https any
class-map match-all VS_Classmap
  2 match virtual-address 172.28.18.81 tcp any

policy-map type loadbalance first-match Policy-MAP_LB
  class class-default
    serverfarm PLM9-WEB-SF

policy-map multi-match PM_MULTI_MATCH
  class VS_Classmap
    loadbalance vip inservice
    loadbalance policy Policy-MAP_LB
    loadbalance vip icmp-reply active

interface vlan 18
  description Client Vlan
  ip address 172.28.18.124 255.255.255.128
  service-policy input PM_MULTI_MATCH
  no shutdown
interface vlan 109
  description Servers Vlan
  ip address 1.1.1.1 255.255.255.128
  no shutdown

ip route 0.0.0.0 0.0.0.0 172.28.18.1

snmp-server contact "ANM"
snmp-server location "ANM"

snmp-server trap-source vlan 18

bri-200n-ace1/PLM9-TEST# ^C
bri-200n-ace1/PLM9-TEST# sho conn

total current connections : 0

conn-id    np dir proto vlan source                destination           state
----------+--+---+-----+----+---------------------+---------------------+------+
bri-200n-ace1/PLM9-TEST#

Hi,

Your servers are in subnet : 172.28.9.81/X, i assume they are not local to the ACE.  When the server reply, the traffic should come back to LB. I would suggest doing source NAT for the same. 

Regards,

Kanwal

Note: Please mark answers if they are helpful.

I cant telnet to the VIP. it fails. it shows failures on each server and 10 dropped conns...what am I doing wrong?

What is the best way to configure that? do you have a sample config?

You are awesome! Thank you so much for all of your help!!!

Hello Kanwal,

I am trying to access http://172.28.18.81/tc/webclient  (VIP)  but I cant. I am not getting any response. My config looks correct so I don't know what I am missing. Can you take a look and see if you notice anything I meet be missing in order to get this to load balance and be able to access via browser? Thank you!!

bri-200n-ace1/PLM9-TEST# sho run
Generating configuration....

access-list ANYONE line 10 extended permit ip any any

probe icmp PING-PROBE
  interval 10
  faildetect 2
  passdetect interval 30
  passdetect count 2
  receive 4
probe http PLM9-HTTP-PROBE-7010
  port 7010
  interval 10
  faildetect 2
  passdetect interval 15
  passdetect count 2
  request method get url /HealthMonitor/probe.jsp
  expect status 200 200
  open 1
probe http PLM9-HTTP-PROBE-7011
  port 7011
  interval 10
  faildetect 2
  passdetect interval 15
  passdetect count 2
  request method get url /HealthMonitor/probe.jsp
  expect status 200 200
  open 1

rserver host JAG-PLM9APP-02
  ip address 172.28.9.81
  inservice
rserver host JAG-PLM9W
  inservice
rserver host JAG-PLM9WEB-02
  ip address 172.28.9.87
  inservice

serverfarm host PLM9-WEB-SF
  predictor leastconns
  rserver JAG-PLM9APP-02
    probe PLM9-HTTP-PROBE-7010
    fail-on-all
    inservice
  rserver JAG-PLM9WEB-02
    probe PLM9-HTTP-PROBE-7011
    fail-on-all
    inservice

class-map type management match-any PM_MULTI_MATCH
  201 match protocol snmp any
  202 match protocol xml-https any
  203 match protocol telnet any
  204 match protocol ssh any
  205 match protocol icmp any
  206 match protocol https any
  207 match protocol http any
class-map match-all VS_Classmap
  2 match virtual-address 172.28.18.81 tcp any

policy-map type management first-match management
  class PM_MULTI_MATCH
    permit

policy-map type loadbalance first-match Policy-MAP_LB
  class class-default
    serverfarm PLM9-WEB-SF

policy-map multi-match PM_MULTI_MATCH
  class VS_Classmap
    loadbalance vip inservice
    loadbalance policy Policy-MAP_LB
    loadbalance vip icmp-reply active
    nat dynamic 1 vlan 18

interface vlan 18
  description Client Vlan
  ip address 172.28.18.124 255.255.255.128
  access-group input ANYONE
  service-policy input PM_MULTI_MATCH
  no shutdown
interface vlan 109
  description Servers Vlan
  ip address 1.1.1.1 255.255.255.128
  access-group input ANYONE
  nat-pool 1 1.1.1.2 1.1.1.3 netmask 255.255.255.0 pat
  service-policy input PM_MULTI_MATCH
  no shutdown

ip route 0.0.0.0 0.0.0.0 172.28.18.1

snmp-server contact "ANM"
snmp-server location "ANM"

snmp-server trap-source vlan 18