01-05-2012 11:00 AM
client is unable to establish a connection to the backend servers via the vip on port 389 ,636 configured that servers are listening on these ports .
even the probe is successful on port 389
but not getting any response back from the servers
below is the config and output of service-policy
probe scripted PROBE_LDAP_389
description This is a scripted Probe for LDAP
interval 60
passdetect interval 60
receive 20
script LDAP_PROBE
serverfarm host S1
probe PROBE_LDAP_389
rserver s01
inservice
rserver s02
inservice
sticky ip-netmask 255.255.255.255 address source S1_STICKY
replicate sticky
serverfarm S1
class-map match-all S1_CLASS
2 match virtual-address 10.12.44.27 tcp any
policy-map type loadbalance first-match S1_POLICY
class class-default
sticky-serverfarm S1_STICKY
policy-map multi-match POLICY
class S1_CLASS
loadbalance vip inservice
loadbalance policy S1_POLICY
loadbalance vip icmp-reply active
production# sh service-policy POLICY class-map S1_CLASS detail
service-policy: POLICY
class: S1_CLASS
VIP Address: Protocol: Port:
10.12.44.27 tcp any
loadbalance:
L7 loadbalance policy: S1_POLICY
VIP ICMP Reply : ENABLED-WHEN-ACTIVE
VIP State: INSERVICE
VIP DWS state: DWS_DISABLED
Persistence Rebalance: DISABLED
curr conns : 1 , hit count : 12
dropped conns : 0
client pkt count : 33 , client byte count: 1728
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
L7 Loadbalance policy : S1_POLICY
class/match : class-default
LB action: :
sticky group: S1_STICKY
primary serverfarm: S1
state:UP
backup serverfarm : -
hit count : 12
dropped conns : 0
compression : off
compression:
bytes_in : 0 bytes_out : 0
Compression ratio : 0.00%
Gzip: 0 Deflate: 0
compression errors:
User-Agent : 0 Accept-Encoding : 0
Content size: 0 Content type : 0
Not HTTP 1.1: 0 HTTP response error: 0
Others : 0
01-05-2012 09:15 PM
Hello,
Based on the output, it seems the traffic is reaching the ACE but the communications between the servers and the ACE is not properly done. Then we should make sure about some details here:
Do you have any device in between of the ace and servers?
What type of design do you have?(bridge mode, routed mode, one arm mode)
what is the default gateway of the servers?
Could you show us the configuration of the interface where you have configured service-policy input POLICY?
Could you show #show probe PROBE_LDAP_389 detail?
Jorge
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide