ā03-29-2012 04:11 PM
Configured a vip to LB between 2 servers ,and also specified to balance urls ,and it is absolutely working on port 11090 ,and this all http traffic
http://10.12.12.34:11090 ( this vip is working)
serverfarm host vip-1
probe PROBE_TCP_11090
rserver s0adcmmapps1
inservice
rserver s0adcmmapps2
inservice
sticky ip-netmask 255.255.255.255 address source vip-1_STICKY
timeout 30
replicate sticky
serverfarm vip-1
class-map match-all vip-1_CLASS
2 match virtual-address 10.12.12.34 tcp any
class-map type http loadbalance match-any vip_CLASSURL
2 match http url /jmx-console/*
3 match http url /web-console/*
4 match http url /mediamanager/*
5 match http url /teams/*
6 match http url /teamswebservices/*
7 match http url /artesia-ws/*
8 match http url /artesia/*
9 match http url /brs/*
10 match http url /content/*
11 match http url /OTMedia/*
12 match http url .*
13 match http url /mediamanager
14 match http url /teams
policy-map type loadbalance first-match vip-1_POLICY
class vip_CLASSURL
sticky-serverfarm vip-1_STICKY
policy-map multimatch POLICY
class vip-1_CLASS
loadbalance vip inservice
loadbalance policy vip-1_POLICY
loadbalance vip icmp-reply active
nat dynamic 2 vlan 2
appl-parameter http advanced-options CASE_PARAM
interface vlan 2
ip address 10.12.13.217 255.255.252.0
peer ip address 10.12.13.216 255.255.252.0
mtu 1500
no normalization
no icmp-guard
access-group input ALL
nat-pool 2 10.12.12.34 10.12.12.34 netmask 255.255.255.255 pat
service-policy input remote_mgmt_allow_policy
service-policy input POLICY
no shutdown
The same servers ,but this need work on port 11443 and its all https traffic,this past is not working
serverfarm host vip-https,
probe PROBE_TCP_11443
rserver s0adcmmapps1
inservice
rserver s0adcmmapps2
inservice
sticky ip-netmask 255.255.255.255 address source vip-https_STICKY
timeout 30
replicate sticky
serverfarm vip-https
class-map match-all vip-https_CLASS
2 match virtual-address 10.12.12.34 tcp eq 11443
policy-map type loadbalance first-match vip-https_POLICY
class class-default
sticky-serverfarm vip-https_STICKY
policy-map multimatch POLICY
class vip-https_CLASS
loadbalance vip inservice
loadbalance policy vip-https_POLICY
loadbalance vip icmp-reply active
nat dynamic 2 vlan 2
interface vlan 2
ip address 10.12.13.217 255.255.252.0
peer ip address 10.12.13.216 255.255.252.0
mtu 1500
no normalization
no icmp-guard
access-group input ALL
nat-pool 2 10.12.12.34 10.12.12.34 netmask 255.255.255.255 pat
service-policy input remote_mgmt_allow_policy
service-policy input POLICY
no shutdown
Thi is not working as application team is trying to access https://10.12.12.34:11443 ,this not working
when they bypass the vip and access the servers directly https://10.12.12.160:11443 its working fine.Please advise on this
ā03-29-2012 06:32 PM
Hi,
you can start with checking the status of serverfarm "vip-https" and also check the position of class map "vip-https_CLASS" in polic map "POLICY". Ideally it should be before the class map "vip_1-CLASS" as the later one is hitting port any, and earlier one is designated for TCP port 11443. So if position of class map matching VIP any is above the "VIP 11443", you will never get HIT on this VIP.
hope you got my point...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide