cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
868
Views
0
Helpful
4
Replies

Reuse of context in ACE module

pd.politiet.no
Level 1
Level 1

Hi all, just have a question about som reuse of resources in a ACE module context.  I don't want to make a new context, and can reuse most of the existing configuration in one of my context.  The config is not complex and difficult, but I'm not sure if I can do this.

The primary goal is to loadbalance 2 webservers with a new vip, new serverfarm, stickygroup, policy-map and different nat-pool.

Since I haven't decided the ip addresses to be used, they are just xx in the config below.

The changes I want to implement are in bold.  Will this work for me?

probe http WEBGUI_D2

description Probe for http mot webgui

interval 10

passdetect interval 10

passdetect count 1

request method get url /D2/auth/login.aspx

expect status 200 302

header User-Agent header-value "IDENTITY"

rserver host cwi003

description content server logon

ip address 10.163.22.27

inservice

rserver host cwi004

description content server logon

ip address 10.163.22.28

inservice

rserver host cwi503

description content server logon 2

ip address 10.163.22.23

inservice

rserver host cwi504

description content server logon 2

ip address 10.163.22.24

inservice

serverfarm host SF_LOGON_D2

probe WEBGUI_D2

rserver cwi003 80

   inservice

rserver cwi004 80

   inservice

serverfarm host SF_LOGON2_D2

probe WEBGUI_D2

rserver cwi503 80

   inservice

rserver cwi504 80

   inservice

sticky ip-netmask 255.255.255.255 address source STICKYGROUP1

timeout 20

replicate sticky

serverfarm SF_LOGON_D2

serverfarm SF_LOGON2_D2

class-map match-all VS_LOGON_D2

3 match virtual-address 10.163.22.13 any

class-map match-all VS_LOGON2_D2

3 match virtual-address 10.163.22.xx any

policy-map type loadbalance first-match PM_ONE_ARM_LB

class class-default

   sticky-serverfarm STICKYGROUP1

policy-map multi-match PM_ONE_ARM_MULTI_MATCH

class VS_LOGON_D2

   loadbalance vip inservice

   loadbalance policy PM_ONE_ARM_LB

   nat dynamic 5 vlan 1240

class VS_LOGON2_D2

   loadbalance vip inservice

   loadbalance policy PM_ONE_ARM_LB

   nat dynamic 6 vlan 1240

interface vlan 1240

description Client_server

ip address 10.163.22.11 255.255.255.0

peer ip address 10.163.22.12 255.255.255.0

access-group input INBOUND

nat-pool 5 10.163.22.14 10.163.22.17 netmask 255.255.255.192 pat

nat-pool 6 10.163.22.xx 10.163.22.xx netmask 255.255.255.192 pat

service-policy input PM_ONE_ARM_MULTI_MATCH

no shutdown

ip route 0.0.0.0 0.0.0.0 10.163.22.1

BR

Geir

4 Replies 4

Daniel Arrondo Ostiz
Cisco Employee
Cisco Employee

Hi Geir,

There is no problem in having multiple VIPs in one single context.

The configuration for it would more or less be the one you sent, except for one point. In a sticky group, you can only use one single serverfarm, so, you will need to create a second sticky group for the new VIP.  This also implies that you will also need a second load-balance policy associated to the new sticky-serverfarm.

Regards

Daniel

Thanks for your reply.

Hope I understand you correct.  This sould be the config I need to paste into the existing context.

rserver host cwi503

  description content server logon 2

  ip address 10.163.22.23

  inservice

rserver host cwi504

  description content server logon 2

  ip address 10.163.22.24

  inservice

serverfarm host SF_LOGON2_D2

  probe WEBGUI_D2

  rserver cwi503 80

    inservice

  rserver cwi504 80

    inservice

sticky ip-netmask 255.255.255.255 address source STICKYGROUP2

   timeout 20

   replicate sticky

   serverfarm SF_LOGON2_D2

class-map match-all VS_LOGON2_D2

   3 match virtual-address 10.163.22.xx any

policy-map type loadbalance first-match PM_ONE_ARM_LB2

  class class-default

    sticky-serverfarm STICKYGROUP2

policy-map multi-match PM_ONE_ARM_MULTI_MATCH

  class VS_LOGON2_D2

    loadbalance vip inservice

    loadbalance policy PM_ONE_ARM_LB2

    nat dynamic 6 vlan 1240

interface vlan 1240

  nat-pool 6 10.163.22.xx 10.163.22.xx netmask 255.255.255.192 pat

Br

Geir

Hi Geir,

Yes, this configuration should be fine.

Daniel

Thanks!  It works!

Br

Geir

Review Cisco Networking for a $25 gift card