“Datacenter troubleshooting guide” – a blog by Gilles Dufour.
Day 2 – Basic Loadbalancing
Now, let’s focus on basic loadbalancing.Since you have read the previous post (“Day 1 – Start with the basic” ) you already did preliminary work by checking connectivity between client – ACE and ACE – server.Everything is good and you can confirm traffic from client does it the ACE device.
Still, your loadbalancing solution does not work.
The next step is to check if ACE does count the client request against the appropriate VIP.For that you will use the command show service-policy <policy_name>.
Check if the“client pkt count” counter is increasing.Also check the “server pkt count”. If you do not see the server packet counter incrementing, it is often indication of asymmetric routing.You can quickly confirm this by configuring client nat.If that solves the problem, it does confirm that you have asymmetric routing.You then need to either fix the server routing table or keep client nat.
If your client packet counter does not increment and the “hit count” counter also stays unchanged, the traffic does not match this rule or it is not getting to the ACE device.
A quick way to check the traffic hits the correct rule is to call the following command :
show np 1 access-list trace vlan <inbound vlan> in pro <protocol> source <src ip> <src port> destination <dst ip> <dst port>
You can usually ignore the first part of the output from this command.It begins to be interesting from the “version+aceid”.
In our case the client ip address is 192.168.20.45. The source port is unknown so I use the value "0". The virtual ip address is 192.168.20.122 on port 80. Vlan 20 is the interface on which client traffic is coming into my ACE.
switch/Admin# show np 1 access-list trace vlan 20 in pro 6 source 192.168.20.45 0 des 192.168.20.122 80
What you want to look at first is the vserver id.In our example, the id is 0x51 or 81 in decimal.
You can then check if it corresponds to your policy-map and class-map by checking the config manager tables.
switch/Admin# show cfgmgr internal table l3-rule | i 81
81 135 104 0 0 DATA_VALID,
This command gives us a line matching our rule 81 and this rule is from policy-map 135 and class-map 104.
Again we can check the internal tables to identify those objects.
switch/Admin# show cfgmgr internal table policy-map | i 135 135 SLB 0 DATA_VALID, switch/Admin# show cfgmgr internal table class-map | i 104 104 VIP-122-80 0 DATA_VALID, switch/Admin#
As you can see object 135 is policy-map “SLB” and object 104 is class-map “VIP-122-80”.In my case, it does match the show service-policy command I initially typed.
If it does not match the rule you expected, it means ACE found a matching rule before the one you are testing.Check your configuration and try to re-order the rules.
Don’t forget ACE looks into service policies sequentially and it stops when it finds a match.So, it might not be the best match.Try to order your rules accordingly.
If the rule is correct, but hit count is not incrementing, the traffic is probably dropped before it gets to the ACE device.I will recommend reading the first post for troubleshooting connectivity issues.
Next time, I will focus on the other info contained in the show access-list trace command.
Anyone can help me to resolve this issue below are the logs on my l3(CAT9K_IOSXE) Logs:-May 26 23:17:29: %SW_MATM-4-MACFLAP_NOTIF: Host 0015.5d97.f616 in vlan 10 is fl apping between port Te1/0/19 and port Te1/0/24May 26 23:17:40: %SW_MATM-4-MACFLAP_...
hi guys, I have to choose server farm switch but i dont have enough experince for that. My environment : 10 servers in VCenter cluster, brocade SAN switch for storage Tech spec:- 10G- standart L3 switch- non stoping Upgrade- may be MPLS for...
I need to reboot a HX nodes for a new config to take effect. the thing is each memory of the nodes is almost full when you check each host in the vcenter (let's say 90% of the memory of each host is used) The question is if I reboot the nodes 1 by 1;...
We have a N3K-C3524P-XL with 24 port enable by default; And we need additional 24 port license recently.How do we apply the license? using command install license xxx is ok? and do we need reboot the box, or do we need downtime?
in Cisco UCS C240 M5 L server windows 2016 OS installation PCI NIC's are not appearing , Please can some one help me , How to configure it , Also please share the drivers link to installation with compatible to OS.We tried to install firmware with windows...