Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1779
Views
0
Helpful
5
Replies

Sill can't ping VIP ip address

AndyGB5150
Level 1
Level 1

‎10-20-2010 05:25 AM

Afternoon All,

I hope anybody can help me.

at the moment from the load balancer

I can ping a vlan on a core switch

vlan 200 x.x.20.8

vlan 210 x.x.21.8

vlan 220 x.x.22.8

I also can ping a laptop in each range for example

x.x.20.28

x.x.21.28

x.x.22.28

an active domain controller x.x.11.10 and the default gateway of x.x.21.1

All of these are from the Cisco Ace.

But can't ping the virtual interfaces on the cisco 4710.

HELP

Below is my config and tests.

Thanks again.

###################################################################################################

SLB-P1/Admin# sh run
Generating configuration....


boot system image:c4710ace-mz.A3_2_0.bin

hostname SLB-P1
interface gigabitEthernet 1/1
  description Client
  speed 1000M
  duplex FULL
  switchport access vlan 210
  no shutdown
interface gigabitEthernet 1/2
  description No connection "Not Configured"
  no shutdown
interface gigabitEthernet 1/3
  description Server VLAN
  switchport access vlan 220
  no shutdown
interface gigabitEthernet 1/4
  description Management access for gui console
  switchport access vlan 200
  no shutdown


access-list ALL line 8 extended permit ip any any

parameter-map type connection was-test

rserver host WA-P1
  ip address 10.11.22.10
  conn-limit max 4000000 min 4000000
  inservice
rserver host WA-P3
  ip address 10.11.22.11
  conn-limit max 4000000 min 4000000
  inservice


serverfarm host WebApplicationServers
  description Server Farm for WA1 and WA2
  rserver WAS-P1
    conn-limit max 4000000 min 4000000
    inservice
  rserver WAS-P3
    conn-limit max 4000000 min 4000000
    inservice

class-map match-all VIPA
  2 match virtual-address 10.11.21.10 tcp eq www
class-map match-all VIPAA
  2 match virtual-address 10.11.21.10 tcp eq https
class-map match-all VIPB
  2 match virtual-address 10.11.21.11 tcp eq www
class-map match-all VIPBB
  2 match virtual-address 10.11.21.11 tcp eq https
class-map type management match-any remote_access
  201 match protocol xml-https any
  202 match protocol icmp any
  203 match protocol telnet any
  204 match protocol ssh any
  205 match protocol http any
  206 match protocol https any
  207 match protocol snmp any

policy-map type management first-match remote_mgmt_allow_policy
  class remote_access
    permit

policy-map type loadbalance first-match VIPA-l7slb
  class class-default
    serverfarm WebApplicationServers
policy-map type loadbalance first-match VIPAA-l7slb
  class class-default
    serverfarm WebApplicationServers
policy-map type loadbalance first-match VIPB-l7slb
  class class-default
    serverfarm WebApplicationServers
policy-map type loadbalance first-match VIPBB-l7slb
  class class-default
    serverfarm WebApplicationServers

policy-map multi-match int210
  class VIPA
    loadbalance vip inservice
    loadbalance policy VIPA-l7slb
    loadbalance vip icmp-reply
  class VIPB
    loadbalance vip inservice
    loadbalance policy VIPB-l7slb
    loadbalance vip icmp-reply
  class VIPAA
    loadbalance vip inservice
    loadbalance policy VIPAA-l7slb
    loadbalance vip icmp-reply active
  class VIPBB
    loadbalance vip inservice
    loadbalance policy VIPBB-l7slb
    loadbalance vip icmp-reply

interface vlan 200
  description "MGMT VLAN"
  ip address 10.11.20.2 255.255.255.0
  access-group input ALL
  service-policy input remote_mgmt_allow_policy
  no shutdown
interface vlan 210
  description "Client Front VLAN 210"
  ip address 10.11.21.2 255.255.255.0
  no icmp-guard
  access-group input ALL
  service-policy input int210
  service-policy input remote_mgmt_allow_policy
  no shutdown
interface vlan 220
  description "Server VLAN 220"
  ip address 10.11.22.2 255.255.255.0
  no icmp-guard
  access-group input ALL
  service-policy input remote_mgmt_allow_policy
  no shutdown

ip route 0.0.0.0 0.0.0.0 10.11.21.1
ip route 10.12.0.0 255.255.0.0 10.11.21.1

snmp-server contact "ANM"
snmp-server location "ANM"
snmp-server community ro group Network-Monitor
snmp-server community public group Network-Monitor

snmp-server trap-source vlan 200


username admin password 5 $1$rwILxGER$DivbGN5nc5orFToqoCLNk0  role Admin domain
default-domain
username www password 5 $1$UQ5GIBhQ$/AomBaMRgyFzieuHCvEQK/  role Admin domain de
fault-domain


################################################################################################################

Status     : ACTIVE
Description: -
-----------------------------------------
Interface: vlan 1 210
  service-policy: int210

    class: VIPBB
     VIP Address:    Protocol:  Port:
     10.11.21.11     tcp        eq    443 
      loadbalance:
        L7 loadbalance policy: VIPBB-l7slb
        VIP ICMP Reply       : ENABLED
        VIP state: OUTOFSERVICE
        Persistence Rebalance: DISABLED
        curr conns       : 0         , hit count        : 0        
        dropped conns    : 0        
        client pkt count : 0         , client byte count: 0                  
        server pkt count : 0         , server byte count: 0                  
        conn-rate-limit      : 0         , drop-count : 0        
        bandwidth-rate-limit : 0         , drop-count : 0        
        L7 Loadbalance policy : VIPBB-l7slb
          class/match : class-default
            LB action :
               primary serverfarm: WebApplicationServers
                    state: DOWN
                backup serverfarm : -
            hit count        : 0        
            dropped conns    : 0        
            compression      : off
      compression:
        bytes_in  : 0                  
        bytes_out : 0                  
        Compression ratio : 0.00%

###########################################################################################################

Context Admin
================================================================================
IP ADDRESS      MAC-ADDRESS        Interface  Type      Encap  NextArp(s) Status
================================================================================
10.11.20.2      00.23.8b.03.99.2e  vlan200   INTERFACE  LOCAL     _         up
10.11.20.28     00.0d.56.7d.84.e5  vlan200   LEARNED    4      12357 sec    up
10.11.21.1      00.24.dc.02.c5.09  vlan210   GATEWAY    7      40 sec       up
10.11.21.2      00.23.8b.03.99.2e  vlan210   INTERFACE  LOCAL     _         up
10.11.21.10     00.23.8b.03.99.2e  vlan210   VSERVER    LOCAL     _         up
10.11.21.11     00.23.8b.03.99.2e  vlan210   VSERVER    LOCAL     _         up
10.11.22.2      00.23.8b.03.99.2e  vlan220   INTERFACE  LOCAL     _         up
10.11.22.10     00.00.00.00.00.00  vlan220   RSERVER    -                   dn
10.11.22.11     00.00.00.00.00.00  vlan220   RSERVER    -                   dn
================================================================================

Labels:
0 Helpful
5 Replies 5

Daniel Arrondo Ostiz
Cisco Employee
Cisco Employee

‎10-20-2010 05:38 AM

Hi Andrew,

You cannot ping the VIP because it in "OUTOFSERVICE", and it's in that state because the serverfarm is down. The serverfarm is down because the ACE cannot get the ARP entry for any of the two real servers.

Please, review your configuration to make sure that these two servers have been properly connected to vlan 220. Once the ACE is able to get the ARP entry for them, the VIP status should change to "INSERVICE" and ping should start to work.

Regards

Daniel

0 Helpful

AndyGB5150
Level 1
Level 1
In response to Daniel Arrondo Ostiz

‎10-20-2010 05:48 AM

Thanks that's is the right answer.

I'm just awaiting one of the server chaps to turn up.

I'll let you know the outcome.

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee

‎10-20-2010 05:50 AM

10.11.22.10     00.00.00.00.00.00  vlan220   RSERVER     -                   dn
10.11.22.11     00.00.00.00.00.00  vlan220    RSERVER    -                   dn

Could you make sure you can ping the rserver.

It would make things easier if the Vip was active and not outofservice.

Also, could you get a 'show cfgmgr internal table icmp-vip'.

Just in case.

Thanks,

Gilles.

0 Helpful

AndyGB5150
Level 1
Level 1
In response to Gilles Dufour

‎10-20-2010 06:04 AM

Thanks again.

I

ndex       Ctx    addr              mask            IfID   flags
----------------------------------------------------------------
  651          0   10.11.21.99       255.255.255.255  4     VIP down, primary sf
down, icmp reply always

6510          0   10.11.21.98       255.255.255.255  2     VIP down, primary sf
down, icmp reply always

9180          0   127.1.0.193       255.255.255.0    2     VIP up, primary sf u
p

12313          0   10.11.21.99       255.255.255.255  2     VIP down, primary sf
down, icmp reply always

14363          0   10.11.21.98       255.255.255.255  4     VIP down, primary sf
down, icmp reply always

0 Helpful

AndyGB5150
Level 1
Level 1
In response to AndyGB5150

‎10-20-2010 07:24 AM

Thanks again for everybodys help.

The real server is now up and running.

Thanks again to everyone on the forum.

Until next time.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card