Solved: Unable to ping VIP and VIP not in ARP

taylor_jeff · ‎10-14-2010

I am trying to configure an ACE 4710 appliance. The ace is connected to a 4500 switch and the client and server connections are on the same subnet.

I am not able to ping the VIP or connect via HTTP. The VIP doesn't appear when in the ARP cache when I issue the show arp command.

From the ACE I am able to ping addresses on the 4500 switch and addresses beyond the switch. I can also ssh into servers beyond the 4500 switch from the ACE.

The config is attached.

Hoping someone can point me in the right direction.

Thanks,

Jeff

Pablo · ‎10-17-2010

Jeff,

Your VIP should be a /32 mask IP and that's the default on the ACE, try to rewrite your VIP without a network mask.

class-map match-all EAS_SAND
  2 match virtual-address 161.80.201.199 tcp eq www

Let us know if this helps.
__ __
Pablo

View solution in original post

andrels · ‎10-14-2010

I wonder if you try to add the http probe on the serverfarm it would make the rserver alive and therefore the VIP active?

Thanks,

Pablo · ‎10-14-2010

Hi Jeff,

Seems like you didn't apply the ACL to permit the traffic to flow through the ACE, the ping from ACE to 4500 because is traffic originated on the appliance.

Try this:

interface vlan 196
  ip address 161.80.201.254 255.255.255.0
  service-policy input int196   
   access-group input EAS_ACL
   no shutdown

Also if your clients and servers are on the same subnet you might need source NAT to avoid asymmetric routing.

HTH.

__ __

Pablo

taylor_jeff · ‎10-14-2010

I added the input ACL and still get the same result.

I also added an http probe to the real server, but no luck.

Thanks for the suggestions.

Pablo · ‎10-14-2010

Jeff,

Can you get a full show running from the Admin context (showing interface config), also get the output of

show serverfarm EAS det

show arp

show service-policy int196

Regards.

__ __

Pablo

Gilles Dufour · ‎10-14-2010

you will also need the management policy on interface 196.

So add "service-policy input EAS".

Gilles.

taylor_jeff · ‎10-15-2010

I am attaching the outputs from

show serverfarm EAS det

show arp

show service-policy int196

and the full running config from the admin context

Thanks,

Jeff

Gilles Dufour · ‎10-15-2010

Jeff,

allocate resource for the context.

Assign 10% min to all resources and unlimited max.

resource-class Basic
limit-resource all minimum 10.00 maximum unlimited

context EAS

member Basic

After that, it still does not work, try to reboot the box.

Gilles.

taylor_jeff · ‎10-17-2010

Gille,

I tried allocating the resources to it, but still no luck. I have tried rebooting the ACE with no luck.

I was running software A3.26 and tried going back to A3.20 with no luck.

For whatever reason I can't get the VIP to appear in the ARP cache.

Thanks,

Jeff

Pablo · ‎10-17-2010

Jeff,

Your VIP should be a /32 mask IP and that's the default on the ACE, try to rewrite your VIP without a network mask.

class-map match-all EAS_SAND
  2 match virtual-address 161.80.201.199 tcp eq www

Let us know if this helps.
__ __
Pablo

Gilles Dufour · ‎10-18-2010

Pablo,

that's a good catch... well done.

Gilles.

taylor_jeff · ‎10-18-2010

Pablo,

That worked. Thanks

I am now able to ping the VIP and it appears in the APR cache.

Pablo · ‎10-18-2010

Sweeet!

Glad to help =)

__ __

Pablo