Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
899
Views
0
Helpful
6
Replies

Unable to access the vip

12pratham
Level 1
Level 1

‎10-23-2011 08:07 PM

I am unable to acess the VIP ,getting an error message as page cannot be displayed.

Configured a serverfarm to LB between 2 servers ,and doing a source nat.

I am able to ping the vip from the network ,but unable to access the application using the VIP.

ace01# sh service-policy POLICY class-map QA_CLASS detail

Status     : ACTIVE

Description: -----------------------------------------

Interface: vlan 1 10 15 25 31 50 168 172  200

  service-policy: POLICY

    class: was7dev_CLASS

      nat:

        nat dynamic 2 vlan 31

        curr conns       : 0         , hit count        : 0        

        dropped conns    : 0        

        client pkt count : 0         , client byte count: 0                  

        server pkt count : 0         , server byte count: 0                  

        conn-rate-limit      : 0         , drop-count : 0        

        bandwidth-rate-limit : 0         , drop-count : 0        

     VIP Address:                              Protocol:  Port:    

     10.12.16.24                             tcp    eq   80       

      loadbalance:

        L7 loadbalance policy: QA_POLICY

        VIP ICMP Reply       : ENABLED-WHEN-ACTIVE

        VIP State: INSERVICE

        VIP DWS state: DWS_DISABLED

        Persistence Rebalance: ENABLED

        curr conns       : 0         , hit count        : 5544     

        dropped conns    : 5535     

        client pkt count : 10353     , client byte count: 634498             

        server pkt count : 0         , server byte count: 0                  

        conn-rate-limit      : 0         , drop-count : 0        

        bandwidth-rate-limit : 0         , drop-count : 0        

        L7 Loadbalance policy : QA_POLICY

          class/match : class-default

            LB action: :

               sticky group: QA_STICKY

                  primary serverfarm: QA

                    state:UP

                  backup serverfarm : -

            hit count        : 4905     

            dropped conns    : 26       

            compression      : off

      compression:

        bytes_in  : 0                          bytes_out : 0                  

        Compression ratio : 0.00%

                Gzip: 0               Deflate: 0        

      compression errors:

        User-Agent  : 0               Accept-Encoding    : 0        

        Content size: 0               Content type       : 0        

        Not HTTP 1.1: 0               HTTP response error: 0        

        Others      : 0        

        Parameter-map(s):

          CASE_PARAM

interface vlan 31

  ip address 10.12.16.2 255.255.255.128

  peer ip address 10.12.16.3 255.255.255.128

  mtu 1500

  access-group input ALL

  nat-pool 2 10.129.16.245 10.12.16.24 netmask 255.255.255.255 pat

service-policy input POLICY

  service-policy input remote_mgmt_allow_policy

  no shutdown

And also have a default route configured on the ACE for this subnet  ,

Labels:
0 Helpful
6 Replies 6

Marko Leopold
Level 1
Level 1

‎10-24-2011 12:34 AM

Hello!

I would guess for direct-server-return, but it is just a guess. Maybe you should attach some more parts of your config to be sure. And one question, the ip-addresses in the nat-pool are just a typo?

M.

0 Helpful

asharmav
Level 1
Level 1
In response to Marko Leopold

‎10-24-2011 11:05 AM

Can you share the complete config ?

Abijith

0 Helpful

12pratham
Level 1
Level 1
In response to asharmav

‎11-07-2011 07:18 PM

Able to ping the VIP ,but unable to access the application using the VIP,Please help me on this as currently in the middle of the change

rserver host qa1

  ip address 10.12.16.17

  inservice

rserver host qa2

  ip address 10.12.16.18

  inservice

serverfarm host QA

  predictor leastconns

  probe PROBE_TCP_HTTP

  rserver qa1

    inservice

  rserver qa2

    inservice

sticky ip-netmask 255.255.255.255 address source QA_STICKY

  replicate sticky

  serverfarm QA

class-map match-all QA_CLASS

  2 match virtual-address 10.12.16.24 tcp any

policy-map type loadbalance first-match QA_POLICY

  class class-default

    sticky-serverfarm QA_STICKY

policy-map multimatch POLICY

class QA_CLASS

    loadbalance vip inservice

    loadbalance policy QA_POLICY

    loadbalance vip icmp-reply active

    nat dynamic 2 vlan 31

0 Helpful

Marko Leopold
Level 1
Level 1
In response to 12pratham

‎11-08-2011 12:08 AM

Where does your clients come from? 10.12.16.xx?

In your nat-pool your configured 10.129.16.245. Is this a typo?

Do you use an ACE appliance or ACE module?

Some versions dont allow to use the same address for SNAT and VIP. Answers can be found here in CSC too.

0 Helpful

12pratham
Level 1
Level 1
In response to Marko Leopold

‎11-08-2011 11:08 AM

Marko

Clients come from internal 10.12.x.x network and from the internet.

10.12.16.24 is the nat pool ,its a typo.

we are using ACE applicance A4710.,and we have most of the applications which are using SNAT and VIP as the same address and they are working fine.

when this application is configured on CSS its working fine ,when migrating to ACE ,the VIP is not accessible.

Both ACEs and CSS are connected to 6509 switch ,,not sure why it is not working when moved to ACE.

0 Helpful

Marko Leopold
Level 1
Level 1
In response to 12pratham

‎11-09-2011 12:43 AM

I see you have a lot of drops there

    dropped conns    : 5535

Is it increasing? What is your logging saying?

Just a try! Can you turn off ip-normalization there?

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card