10-23-2011 08:07 PM
I am unable to acess the VIP ,getting an error message as page cannot be displayed.
Configured a serverfarm to LB between 2 servers ,and doing a source nat.
I am able to ping the vip from the network ,but unable to access the application using the VIP.
ace01# sh service-policy POLICY class-map QA_CLASS detail
Status : ACTIVE
Description: -----------------------------------------
Interface: vlan 1 10 15 25 31 50 168 172 200
service-policy: POLICY
class: was7dev_CLASS
nat:
nat dynamic 2 vlan 31
curr conns : 0 , hit count : 0
dropped conns : 0
client pkt count : 0 , client byte count: 0
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
VIP Address: Protocol: Port:
10.12.16.24 tcp eq 80
loadbalance:
L7 loadbalance policy: QA_POLICY
VIP ICMP Reply : ENABLED-WHEN-ACTIVE
VIP State: INSERVICE
VIP DWS state: DWS_DISABLED
Persistence Rebalance: ENABLED
curr conns : 0 , hit count : 5544
dropped conns : 5535
client pkt count : 10353 , client byte count: 634498
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
L7 Loadbalance policy : QA_POLICY
class/match : class-default
LB action: :
sticky group: QA_STICKY
primary serverfarm: QA
state:UP
backup serverfarm : -
hit count : 4905
dropped conns : 26
compression : off
compression:
bytes_in : 0 bytes_out : 0
Compression ratio : 0.00%
Gzip: 0 Deflate: 0
compression errors:
User-Agent : 0 Accept-Encoding : 0
Content size: 0 Content type : 0
Not HTTP 1.1: 0 HTTP response error: 0
Others : 0
Parameter-map(s):
CASE_PARAM
interface vlan 31
ip address 10.12.16.2 255.255.255.128
peer ip address 10.12.16.3 255.255.255.128
mtu 1500
access-group input ALL
nat-pool 2 10.129.16.245 10.12.16.24 netmask 255.255.255.255 pat
service-policy input POLICY
service-policy input remote_mgmt_allow_policy
no shutdown
And also have a default route configured on the ACE for this subnet ,
10-24-2011 12:34 AM
Hello!
I would guess for direct-server-return, but it is just a guess. Maybe you should attach some more parts of your config to be sure. And one question, the ip-addresses in the nat-pool are just a typo?
M.
10-24-2011 11:05 AM
Can you share the complete config ?
Abijith
11-07-2011 07:18 PM
Able to ping the VIP ,but unable to access the application using the VIP,Please help me on this as currently in the middle of the change
rserver host qa1
ip address 10.12.16.17
inservice
rserver host qa2
ip address 10.12.16.18
inservice
serverfarm host QA
predictor leastconns
probe PROBE_TCP_HTTP
rserver qa1
inservice
rserver qa2
inservice
sticky ip-netmask 255.255.255.255 address source QA_STICKY
replicate sticky
serverfarm QA
class-map match-all QA_CLASS
2 match virtual-address 10.12.16.24 tcp any
policy-map type loadbalance first-match QA_POLICY
class class-default
sticky-serverfarm QA_STICKY
policy-map multimatch POLICY
class QA_CLASS
loadbalance vip inservice
loadbalance policy QA_POLICY
loadbalance vip icmp-reply active
nat dynamic 2 vlan 31
11-08-2011 12:08 AM
Where does your clients come from? 10.12.16.xx?
In your nat-pool your configured 10.129.16.245. Is this a typo?
Do you use an ACE appliance or ACE module?
Some versions dont allow to use the same address for SNAT and VIP. Answers can be found here in CSC too.
11-08-2011 11:08 AM
Marko
Clients come from internal 10.12.x.x network and from the internet.
10.12.16.24 is the nat pool ,its a typo.
we are using ACE applicance A4710.,and we have most of the applications which are using SNAT and VIP as the same address and they are working fine.
when this application is configured on CSS its working fine ,when migrating to ACE ,the VIP is not accessible.
Both ACEs and CSS are connected to 6509 switch ,,not sure why it is not working when moved to ACE.
11-09-2011 12:43 AM
I see you have a lot of drops there
dropped conns : 5535
Is it increasing? What is your logging saying?
Just a try! Can you turn off ip-normalization there?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide