Probe fail on Standby ACE in One-armed mode

kilsoo.choi · ‎08-22-2013

Hi there

I'm Kilsoo.

I made One-armed mode using ACE.

Real servers are in away Vlan from ACE.

So, I configured the PBR with ACE alias ip address for the next-hop on the real server's gateway interface.

And, the probe from active ACE works well.

But, the probe from standby ACE was fail.

At this point, my first question

Is it normal situation that the probe fail from standby ACE????

So, I made the route-map for PBR like below for temporary solution.

route-map deny PBR 5

match ip address Probe_ACL

route-map permit PBR 10

match ip address L4_ACL

set ip next-hop <Alias IP address>

ip access-list extended Probe_ACL

pemit ip any <Standby ACE's IP address>

ip access-list extended L4_ACL

permit tcp <Real server's IP address> eq 80 any

Second question...

Do you have any other good solutions???

Thanks

Cesar Roque · ‎08-30-2013

HI Kilsoo,

Each ACE will uses the VLAN IP address to send the probes, not the alias.

But only the Active ACE is "owner" of the Alias IP while FT is running.

---------------------
Cesar R
ANS Team

--------------------- Cesar R ANS Team

kilsoo.choi · ‎09-02-2013

Hi Cesar

Thanks for your reply.

But I think I was confuse when I wrote the message.

I used both ace's vlan ip address for next-hop ip address like your advice.

Do you know the standby ace can't check probe without route-map in one-armed mode like below diagram???

Backbone Router

|

Supervisor --------------------ACE(vserver: 172.19.100.100)

| (vlan 200)

|

|(vlan 110)

|

Real servers

(172.19.110.111)