Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2943
Views
0
Helpful
1
Replies

Trying to load-balance Exchange 2010 with ACE30

ivarstrandberg
Level 1
Level 1

‎03-24-2012 06:23 AM

Hi.

We have an ACE30 (running A5(1.2)) and a couple of Exchange 2010 CAS.

We have little experience in load-balancing, but we found this guide from Cisco: http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/App_Networking/Exchange_VSphere_UCS_NetApp.html#wp345264

We have also tried to use the template for Exchange 2010 in ANM. The result seems to be the same:

If we go to the URL for OWA, nothing happens. If we go directly to a CAS (by editing the hosts-file on the client), the same URL is working perfectly.

Here's the config of the ACE-context:

access-list all line 10 extended permit ip any any 
access-list all line 20 extended permit icmp any any 

probe http http-probe
  interval 60
  passdetect count 2
  request method get url /exchweb/bin/auth/owalogon.asp
  expect status 400 404
probe https https-probe
  interval 60
  passdetect count 2
  ssl version all
  request method get url /owa/auth/login.aspx
  expect status 400 404

rserver host CAS1
  ip address 10.10.10.1
  probe http-probe
  probe https-probe
  inservice
rserver host CAS2
  ip address 10.10.10.2
  probe http-probe
  probe https-probe
  inservice
rserver redirect SSLREDIRECT
  webhost-redirection https://www2.test.com/owa 302
  inservice
serverfarm host CAS-FARM
  predictor leastconns
  rserver CAS1
    inservice
  rserver CAS2
    inservice
serverfarm host CAS-FARM-80
  predictor leastconns
  rserver CAS1 80
    inservice
  rserver CAS2 80
    inservice
serverfarm redirect SSLREDIRECT
  rserver SSLREDIRECT
    inservice
sticky ip-netmask 255.255.255.255 address source CAS-IP
  replicate sticky
  serverfarm CAS-FARM
sticky http-cookie Cookie OWA-STICKY
  cookie insert browser-expire
  timeout 60
  replicate sticky
  serverfarm CAS-FARM-80
sticky http-header Authorization CAS-RPC-HTTP
  serverfarm CAS-FARM-80
ssl-proxy service OWA
  key www2.test.com.pfx
  cert www2.test.com.pfx
class-map match-any IMAPI-RPC
  2 match virtual-address 10.1.1.1 any
class-map match-all OWA-OUTLOOKANYWHERE-SSL
  2 match virtual-address 10.1.1.1 tcp eq https
class-map match-all OWAREDIRECT
  2 match virtual-address 10.1.1.1 tcp eq www
policy-map type management first-match mgmt-pm
  class class-default
    permit
policy-map type loadbalance first-match IMAPI-RPC
  class class-default
    sticky-serverfarm CAS-IP
policy-map type loadbalance first-match OWA-OUTLOOKANYWHERE
  match OUTLOOK_ANYWHERE http header User-Agent header-value "MSRPC"
    sticky-serverfarm CAS-RPC-HTTP
  class class-default
    sticky-serverfarm OWA-STICKY
policy-map type loadbalance http first-match SSLREDIRECT
  class class-default
    serverfarm SSLREDIRECT
policy-map multi-match int118
  class OWAREDIRECT
    loadbalance vip inservice
    loadbalance policy SSLREDIRECT
  class OWA-OUTLOOKANYWHERE-SSL
    loadbalance vip inservice
    loadbalance policy OWA-OUTLOOKANYWHERE
    loadbalance vip icmp-reply active
    nat dynamic 1 vlan 118
    ssl-proxy server OWA
  class IMAPI-RPC
    loadbalance vip inservice
    loadbalance policy IMAPI-RPC
    nat dynamic 1 vlan 118
interface vlan 118
  description to server-side vlan
  ip address 172.16.1.2 255.255.255.252
  access-group input all
  nat-pool 1 10.1.1.2 10.1.1.2 netmask 255.255.255.255 pat
  service-policy input int118
  service-policy input mgmt-pm
  no shutdown
ip route 0.0.0.0 0.0.0.0 172.16.1.1


Are there any obvious mistakes in this config?

Labels:
0 Helpful
1 Reply 1

ivarstrandberg
Level 1
Level 1

‎04-03-2012 03:27 AM 

crypto chaingroup www2.test.com
  cert digicert_intermediate
access-list all line 10 extended permit ip any any 
access-list all line 20 extended permit icmp any any 

probe http http-probe
  interval 10
  faildetect 2
  passdetect interval 10
  passdetect count 2
  request method get url /iisstart.htm
  expect status 200 200

rserver host CAS1
  ip address 10.10.10.1
  probe http-probe
  inservice
rserver host CAS2
  ip address 10.10.10.2
  probe http-probe
  inservice
rserver redirect SSLREDIRECT
  webhost-redirection https://%h%p 301
  inservice
serverfarm host CAS-FARM
  predictor leastconns
  rserver CAS1
    inservice
  rserver CAS2
    inservice
serverfarm host CAS-FARM-80
  predictor leastconns
  rserver CAS1 80
    inservice
  rserver CAS2 80
    inservice
serverfarm redirect SSLREDIRECT
  rserver SSLREDIRECT
    inservice
sticky ip-netmask 255.255.255.255 address source CAS-IP
  replicate sticky
  serverfarm CAS-FARM-80
sticky http-cookie Cookie OWA-STICKY
  cookie insert browser-expire
  timeout 60
  replicate sticky
  serverfarm CAS-FARM-80
sticky http-header Authorization CAS-RPC-HTTP
  serverfarm CAS-FARM-80
ssl-proxy service OWA
  key www2.test.com.pfx
  cert www2.test.com.pfx
  chaingroup www2.test.com
class-map match-any IMAPI-RPC
  2 match virtual-address 10.1.1.1 any
class-map match-all OWA-OUTLOOKANYWHERE-SSL
  2 match virtual-address 10.1.1.1 tcp eq https
class-map match-all OWAREDIRECT
  2 match virtual-address 10.1.1.1 tcp eq www
policy-map type loadbalance first-match IMAPI-RPC
  class class-default
    sticky-serverfarm CAS-IP

policy-map type loadbalance first-match OWA-OUTLOOKANYWHERE
  match OUTLOOK_ANYWHERE http header User-Agent header-value "MSRPC"
    sticky-serverfarm CAS-RPC-HTTP
  class class-default
    sticky-serverfarm OWA-STICKY
policy-map type loadbalance http first-match SSLREDIRECT
  class class-default
    serverfarm SSLREDIRECT
policy-map multi-match int118
  class OWAREDIRECT
    loadbalance vip inservice
    loadbalance policy SSLREDIRECT
  class OWA-OUTLOOKANYWHERE-SSL
    loadbalance vip inservice
    loadbalance policy OWA-OUTLOOKANYWHERE
    nat dynamic 1 vlan 118
    ssl-proxy server OWA
  class IMAPI-RPC
    loadbalance vip inservice
    loadbalance policy IMAPI-RPC
    loadbalance vip icmp-reply active
    nat dynamic 1 vlan 118
interface vlan 118
  description to server-side vlan
  ip address 172.16.1.2 255.255.255.252
  access-group input all
  nat-pool 1 10.1.1.1 10.1.1.1 netmask 255.255.255.255 pat
  service-policy input int118
  no shutdown
ip route 0.0.0.0 0.0.0.0 172.16.1.1
snmp-server community IntiliReaD group Network-Monitor


We finally got it working. Above is the config as it is right now. The main difference is the URL for redirection. With Cisco's example, we got caught in a redirection loop.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents