Reuse of context in ACE module

pd.politiet.no · ‎01-31-2012

Hi all, just have a question about som reuse of resources in a ACE module context. I don't want to make a new context, and can reuse most of the existing configuration in one of my context. The config is not complex and difficult, but I'm not sure if I can do this.

The primary goal is to loadbalance 2 webservers with a new vip, new serverfarm, stickygroup, policy-map and different nat-pool.

Since I haven't decided the ip addresses to be used, they are just xx in the config below.

The changes I want to implement are in bold. Will this work for me?

probe http WEBGUI_D2

description Probe for http mot webgui

interval 10

passdetect interval 10

passdetect count 1

request method get url /D2/auth/login.aspx

expect status 200 302

header User-Agent header-value "IDENTITY"

rserver host cwi003

description content server logon

ip address 10.163.22.27

inservice

rserver host cwi004

description content server logon

ip address 10.163.22.28

inservice

rserver host cwi503

description content server logon 2

ip address 10.163.22.23

inservice

rserver host cwi504

description content server logon 2

ip address 10.163.22.24

inservice

serverfarm host SF_LOGON_D2

probe WEBGUI_D2

rserver cwi003 80

inservice

rserver cwi004 80

inservice

serverfarm host SF_LOGON2_D2

probe WEBGUI_D2

rserver cwi503 80

inservice

rserver cwi504 80

inservice

sticky ip-netmask 255.255.255.255 address source STICKYGROUP1

timeout 20

replicate sticky

serverfarm SF_LOGON_D2

serverfarm SF_LOGON2_D2

class-map match-all VS_LOGON_D2

3 match virtual-address 10.163.22.13 any

class-map match-all VS_LOGON2_D2

3 match virtual-address 10.163.22.xx any

policy-map type loadbalance first-match PM_ONE_ARM_LB

class class-default

sticky-serverfarm STICKYGROUP1

policy-map multi-match PM_ONE_ARM_MULTI_MATCH

class VS_LOGON_D2

loadbalance vip inservice

loadbalance policy PM_ONE_ARM_LB

nat dynamic 5 vlan 1240

class VS_LOGON2_D2

loadbalance vip inservice

loadbalance policy PM_ONE_ARM_LB

nat dynamic 6 vlan 1240

interface vlan 1240

description Client_server

ip address 10.163.22.11 255.255.255.0

peer ip address 10.163.22.12 255.255.255.0

access-group input INBOUND

nat-pool 5 10.163.22.14 10.163.22.17 netmask 255.255.255.192 pat

nat-pool 6 10.163.22.xx 10.163.22.xx netmask 255.255.255.192 pat

service-policy input PM_ONE_ARM_MULTI_MATCH

no shutdown

ip route 0.0.0.0 0.0.0.0 10.163.22.1

BR

Geir

Daniel Arrondo Ostiz · ‎02-01-2012

Hi Geir,

There is no problem in having multiple VIPs in one single context.

The configuration for it would more or less be the one you sent, except for one point. In a sticky group, you can only use one single serverfarm, so, you will need to create a second sticky group for the new VIP. This also implies that you will also need a second load-balance policy associated to the new sticky-serverfarm.

Regards

Daniel

pd.politiet.no · ‎02-06-2012

Thanks for your reply.

Hope I understand you correct. This sould be the config I need to paste into the existing context.

rserver host cwi503

description content server logon 2

ip address 10.163.22.23

inservice

rserver host cwi504

description content server logon 2

ip address 10.163.22.24

inservice

serverfarm host SF_LOGON2_D2

probe WEBGUI_D2

rserver cwi503 80

inservice

rserver cwi504 80

inservice

sticky ip-netmask 255.255.255.255 address source STICKYGROUP2

timeout 20

replicate sticky

serverfarm SF_LOGON2_D2

class-map match-all VS_LOGON2_D2

3 match virtual-address 10.163.22.xx any

policy-map type loadbalance first-match PM_ONE_ARM_LB2

class class-default

sticky-serverfarm STICKYGROUP2

policy-map multi-match PM_ONE_ARM_MULTI_MATCH

class VS_LOGON2_D2

loadbalance vip inservice

loadbalance policy PM_ONE_ARM_LB2

nat dynamic 6 vlan 1240

interface vlan 1240

nat-pool 6 10.163.22.xx 10.163.22.xx netmask 255.255.255.192 pat

Br

Geir

Daniel Arrondo Ostiz · ‎02-06-2012

Hi Geir,

Yes, this configuration should be fine.

Daniel

pd.politiet.no · ‎02-09-2012

Thanks! It works!

Br

Geir